X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=crypto%2Frand%2Frand_lib.c;h=63fd231775507eb619368c4325caa8fe593b002a;hb=e5b2ea0ac3b4d752847d197117d58e0f6ad8e08e;hp=4aa6486c8102c9e07d64cfd29ca57c76db0ba9ff;hpb=ef643cc7bdb24fbff4740192a7fc1fc768fb7693;p=openssl.git diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 4aa6486c81..63fd231775 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,25 +1,24 @@ -/* crypto/rand/rand_lib.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +33,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +48,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -58,215 +57,120 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" +#include #include #ifndef OPENSSL_NO_ENGINE -#include +# include #endif #ifdef OPENSSL_FIPS -#include -#include +# include +# include #endif #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -static ENGINE *funct_ref =NULL; +static ENGINE *funct_ref = NULL; #endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) - { +{ #ifndef OPENSSL_NO_ENGINE - if(funct_ref) - { - ENGINE_finish(funct_ref); - funct_ref = NULL; - } + ENGINE_finish(funct_ref); + funct_ref = NULL; #endif - default_RAND_meth = meth; - return 1; - } + default_RAND_meth = meth; + return 1; +} const RAND_METHOD *RAND_get_rand_method(void) - { - if (!default_RAND_meth) - { +{ + if (!default_RAND_meth) { #ifndef OPENSSL_NO_ENGINE - ENGINE *e = ENGINE_get_default_RAND(); - if(e) - { - default_RAND_meth = ENGINE_get_RAND(e); - if(!default_RAND_meth) - { - ENGINE_finish(e); - e = NULL; - } - } - if(e) - funct_ref = e; - else + ENGINE *e = ENGINE_get_default_RAND(); + if (e) { + default_RAND_meth = ENGINE_get_RAND(e); + if (default_RAND_meth == NULL) { + ENGINE_finish(e); + e = NULL; + } + } + if (e) + funct_ref = e; + else #endif - default_RAND_meth = RAND_SSLeay(); - } - return default_RAND_meth; - } + default_RAND_meth = RAND_OpenSSL(); + } + return default_RAND_meth; +} #ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) - { - const RAND_METHOD *tmp_meth = NULL; - if(engine) - { - if(!ENGINE_init(engine)) - return 0; - tmp_meth = ENGINE_get_RAND(engine); - if(!tmp_meth) - { - ENGINE_finish(engine); - return 0; - } - } - /* This function releases any prior ENGINE so call it first */ - RAND_set_rand_method(tmp_meth); - funct_ref = engine; - return 1; - } +{ + const RAND_METHOD *tmp_meth = NULL; + if (engine) { + if (!ENGINE_init(engine)) + return 0; + tmp_meth = ENGINE_get_RAND(engine); + if (tmp_meth == NULL) { + ENGINE_finish(engine); + return 0; + } + } + /* This function releases any prior ENGINE so call it first */ + RAND_set_rand_method(tmp_meth); + funct_ref = engine; + return 1; +} #endif void RAND_cleanup(void) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->cleanup) - meth->cleanup(); - RAND_set_rand_method(NULL); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->cleanup) + meth->cleanup(); + RAND_set_rand_method(NULL); +} void RAND_seed(const void *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->seed) - meth->seed(buf,num); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->seed) + meth->seed(buf, num); +} void RAND_add(const void *buf, int num, double entropy) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->add) - meth->add(buf,num,entropy); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->add) + meth->add(buf, num, entropy); +} int RAND_bytes(unsigned char *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->bytes) - return meth->bytes(buf,num); - return(-1); - } - +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->bytes) + return meth->bytes(buf, num); + return (-1); +} + +#if OPENSSL_API_COMPAT < 0x10100000L int RAND_pseudo_bytes(unsigned char *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->pseudorand) - return meth->pseudorand(buf,num); - return(-1); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->pseudorand) + return meth->pseudorand(buf, num); + return (-1); +} +#endif int RAND_status(void) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->status) - return meth->status(); - return 0; - } - -#ifdef OPENSSL_FIPS - -/* FIPS DRBG initialisation code. This sets up the DRBG for use by the - * rest of OpenSSL. - */ - -/* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather - * entropy internally through RAND_poll(). - */ - -static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, - int entropy, size_t min_len, size_t max_len) - { - /* Round up request to multiple of block size */ - min_len = ((min_len + 19) / 20) * 20; - *pout = OPENSSL_malloc(min_len); - if (!*pout) - return 0; - if (RAND_SSLeay()->bytes(*pout, min_len) <= 0) - { - OPENSSL_free(*pout); - *pout = NULL; - return 0; - } - return min_len; - } - -static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) - { - if (out) - { - OPENSSL_cleanse(out, olen); - OPENSSL_free(out); - } - } - -/* Set "additional input" when generating random data. This uses the - * current PID, a time value and a counter. - */ - -static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) - { - /* Use of static variables is OK as this happens under a lock */ - static unsigned char buf[16]; - static unsigned long counter; - FIPS_get_timevec(buf, &counter); - rand_hw_xor(buf, sizeof(buf)); - *pout = buf; - return sizeof(buf); - } - -/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is - * correctly seeded by RAND_poll(). - */ - -static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, - double entropy) - { - return RAND_SSLeay()->add(in, inlen, entropy); - } - -static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) - { - return RAND_SSLeay()->seed(in, inlen); - } - -int RAND_init_fips(void) - { - DRBG_CTX *dctx; - size_t plen; - unsigned char pers[32], *p; - dctx = FIPS_get_default_drbg(); - FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); - FIPS_drbg_set_callbacks(dctx, - drbg_get_entropy, drbg_free_entropy, 20, - drbg_get_entropy, drbg_free_entropy); - FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, - drbg_rand_seed, drbg_rand_add); - /* Personalisation string: a string followed by date time vector */ - strcpy((char *)pers, "OpenSSL DRBG2.0"); - plen = drbg_get_adin(dctx, &p); - memcpy(pers + 16, p, plen); - - FIPS_drbg_instantiate(dctx, pers, sizeof(pers)); - FIPS_rand_set_method(FIPS_drbg_method()); - return 1; - } - -#endif +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->status) + return meth->status(); + return 0; +}