return 1;
}
-static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx)
+int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx)
{
int ref = 0;
return NULL;
}
if (parent != NULL) {
- if (!evp_rand_ctx_up_ref(parent)) {
+ if (!EVP_RAND_CTX_up_ref(parent)) {
ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
OPENSSL_free(ctx);
return rand;
}
+int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand)
+{
+ RAND_GLOBAL *dgbl = rand_get_global(ctx);
+ EVP_RAND_CTX *old;
+ int r;
+
+ if (dgbl == NULL)
+ return 0;
+ old = CRYPTO_THREAD_get_local(&dgbl->public);
+ if ((r = CRYPTO_THREAD_set_local(&dgbl->public, rand)) > 0)
+ EVP_RAND_CTX_free(old);
+ return r;
+}
+
+int RAND_set0_private(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand)
+{
+ RAND_GLOBAL *dgbl = rand_get_global(ctx);
+ EVP_RAND_CTX *old;
+ int r;
+
+ if (dgbl == NULL)
+ return 0;
+ old = CRYPTO_THREAD_get_local(&dgbl->private);
+ if ((r = CRYPTO_THREAD_set_local(&dgbl->private, rand)) > 0)
+ EVP_RAND_CTX_free(old);
+ return r;
+}
+
#ifndef FIPS_MODULE
static int random_set_string(char **p, const char *s)
{
=head1 NAME
EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX,
-EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate,
+EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_CTX_up_ref, EVP_RAND_instantiate,
EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce,
EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength,
EVP_RAND_get_state,
void EVP_RAND_free(EVP_RAND *rand);
EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent);
void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx);
+ int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx);
EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx);
int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]);
int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]);
EVP_RAND_CTX_free() does not return a value.
+EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error.
+
EVP_RAND_nonce() returns the length of the nonce.
EVP_RAND_get_strength() returns the strength of the random number generator
=head1 HISTORY
-This functionality was added to OpenSSL 3.0.
+EVP_RAND_CTX_up_ref() was added in OpenSSL 3.1.
+
+The remaining functions were added in OpenSSL 3.0.
=head1 COPYRIGHT
RAND_get0_primary,
RAND_get0_public,
-RAND_get0_private
+RAND_get0_private,
+RAND_set0_public,
+RAND_set0_private
- get access to the global EVP_RAND_CTX instances
=head1 SYNOPSIS
EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx);
EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx);
EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx);
+ int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand);
+ int RAND_set0_private(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand);
=head1 DESCRIPTION
The I<primary> DRBG is a global instance, which is not intended to be used
directly, but is used internally to reseed the other two instances.
-These functions here provide access to the shared DRBG instances.
+The three get functions provide access to the shared DRBG instances.
+
+The two set functions allow the public and private DRBG instances to be
+replaced by another random number generator.
=head1 RETURN VALUES
RAND_get0_private() returns a pointer to the I<private> DRBG instance
for the given OSSL_LIB_CTX B<ctx>.
-In all the above cases the B<ctx> parameter can
-be NULL in which case the default OSSL_LIB_CTX is used.
+RAND_set0_public() and RAND_set0_private() return 1 on success and 0
+on error.
=head1 NOTES
L<RAND_set_DRBG_type(3)> call before accessing the random number generation
infrastructure.
+The two set functions, operate on the the current thread. If you want to
+use the same random number generator across all threads, each thread
+must individually call the set functions.
+
=head1 SEE ALSO
L<EVP_RAND(3)>,
=head1 HISTORY
-These functions were added in OpenSSL 3.0.
+RAND_set0_public() and RAND_set0_private() were added in OpenSSL 3.1.
+
+The remaining functions were added in OpenSSL 3.0.
=head1 COPYRIGHT
int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]);
EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent);
+int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx);
void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx);
EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx);
int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]);
EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx);
EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx);
EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx);
+int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand);
+int RAND_set0_private(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand);
int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq,
const char *cipher, const char *digest);
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
+EVP_RAND_CTX_up_ref ? 3_1_0 EXIST::FUNCTION:
+RAND_set0_public ? 3_1_0 EXIST::FUNCTION:
+RAND_set0_private ? 3_1_0 EXIST::FUNCTION:
X509_PUBKEY_set0_public_key ? 3_2_0 EXIST::FUNCTION:
OSSL_STACK_OF_X509_free ? 3_2_0 EXIST::FUNCTION:
EVP_MD_CTX_dup ? 3_2_0 EXIST::FUNCTION:
projects / openssl.git / commitdiff