Start to overhaul RAND API Remove unused rand_hw_xor, MD/EVP indirection Make rand_pseudo same as rand. Cleanup formatting and ifdef control Rename some things: - rand_meth to openssl_rand_meth; make it global - source file - lock/init functions, start per-thread state - ossl_meth_init to ossl_rand_init Put state into RAND_STATE structure And put OSSL_RAND_STATE into ossl_typ.h Use "randomness" instead of "entropy" Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3758)
Clean up references to FIPS This removes the fips configure option. This option is broken as the required FIPS code is not available. FIPS_mode() and FIPS_mode_set() are retained for compatibility, but FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to turn FIPS mode off. Reviewed-by: Stephen Henson <steve@openssl.org>
Make rand_add predictable when fuzzing Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2182
Make the predictable numbers start from 1 There is code that retries calling RAND_bytes() until it gets something other than 0, which just hangs if we always return 0. Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2041
Make the random number generator predictable when fuzzing. Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023
Fix mem leaks during auto-deinit Certain functions are automatically called during auto-deinit in order to deallocate resources. However, if we have never entered a function which marks lib crypto as inited then they never get called. This can happen if the user only ever makes use of a small sub-set of functions that don't hit the auto-init code. This commit ensures all such resources deallocated by these functions also init libcrypto when they are initially allocated. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Laurie <ben@openssl.org>
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead That way, we have a way to check if the init function was successful or not. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Fix: dummy definition of rand_hw_seed() should also return int Reviewed-by: Stephen Henson <steve@openssl.org>
check return values for EVP_Digest*() APIs Reviewed-by: Richard Levitte <levitte@openssl.org>
Fix some RAND bugs RT2630 -- segfault for int overlow RT2877 -- check return values in apps/rand Update CHANGES file for previous "windows rand" changes. Reviewed-by: Richard Levitte <levitte@openssl.org>
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
Fold threads.h into crypto.h making API public Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
Convert rand code to new threading API Replace the CRYPTO_LOCK_RAND and CRYPTO_LOCK_RAND2 locks with new thread API style locks. Reviewed-by: Rich Salz <rsalz@openssl.org>
Remove outdated DEBUG flags. Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: Richard Levitte <levitte@openssl.org>
md_rand: FAQ URL to use https and follow a redirect Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
GH601: Various spelling fixes. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Don't use RDRAND if told not to Ensure we respect OPENSSL_NO_RDRAND Reviewed-by: Rich Salz <rsalz@openssl.org>
Always DPURIFY The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>