Use RAND_METHOD for implementing RAND_status.

[openssl.git] / crypto / rand / md_rand.c

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index ce901759db14bd376ce604cc9a2ac74e67b6138b..1a366ae5c84c93ddce906f985b05034cb550dc04 100644 (file)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -130,6 +130,10 @@
 
 #include <openssl/rand.h>
 
+#ifdef BN_DEBUG
+# define PREDICT
+#endif
+
 /* #define NORAND      1 */
 /* #define PREDICT     1 */
 
@@ -141,6 +145,10 @@ static long md_count[2]={0,0};
 static double entropy=0;
 static int initialized=0;
 
+#ifdef PREDICT
+int rand_predictable=0;
+#endif
+
 const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
 
 static void ssleay_rand_cleanup(void);
@@ -148,6 +156,7 @@ static void ssleay_rand_seed(const void *buf, int num);
 static void ssleay_rand_add(const void *buf, int num, double add_entropy);
 static int ssleay_rand_bytes(unsigned char *buf, int num);
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_status(void);
 
 RAND_METHOD rand_ssleay_meth={
        ssleay_rand_seed,
@@ -155,6 +164,7 @@ RAND_METHOD rand_ssleay_meth={
        ssleay_rand_cleanup,
        ssleay_rand_add,
        ssleay_rand_pseudo_bytes,
+       ssleay_rand_status
        }; 
 
 RAND_METHOD *RAND_SSLeay(void)
@@ -282,13 +292,13 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                {
                md[k] ^= local_md[k];
                }
+       if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+           entropy += add;
        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
        
 #ifndef THREADS        
        assert(md_c[1] == md_count[1]);
 #endif
-       if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
-           entropy += add;
        }
 
 static void ssleay_rand_seed(const void *buf, int num)
@@ -306,6 +316,10 @@ static void ssleay_rand_initialize(void)
        FILE *fh;
 #endif
 
+#ifdef NORAND
+       return;
+#endif
+
        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
        /* put in some default random data, we need more than just this */
 #ifndef GETPID_IS_MEANINGLESS
@@ -318,8 +332,8 @@ static void ssleay_rand_initialize(void)
        RAND_add(&l,sizeof(l),0);
 
 #ifdef DEVRANDOM
-       /* Use a random entropy pool device. Linux and FreeBSD have
-        * this. Use /dev/urandom if you can as /dev/random will block
+       /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+        * have this. Use /dev/urandom if you can as /dev/random may block
         * if it runs out of random entries.  */
 
        if ((fh = fopen(DEVRANDOM, "r")) != NULL)
@@ -354,13 +368,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
 
 #ifdef PREDICT
-       {
-       static unsigned char val=0;
+       if (rand_predictable)
+               {
+               static unsigned char val=0;
 
-       for (i=0; i<num; i++)
-               buf[i]=val++;
-       return(1);
-       }
+               for (i=0; i<num; i++)
+                       buf[i]=val++;
+               return(1);
+               }
 #endif
 
        /*
@@ -388,6 +403,19 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
                ssleay_rand_initialize();
 
        ok = (entropy >= ENTROPY_NEEDED);
+       if (!ok)
+               {
+               /* If the PRNG state is not yet unpredictable, then seeing
+                * the PRNG output may help attackers to determine the new
+                * state; thus we have to decrease the entropy estimate.
+                * Once we've had enough initial seeding we don't bother to
+                * adjust the entropy count, though, because we're not ambitious
+                * to provide *information-theoretic* randomness.
+                */
+               entropy -= num;
+               if (entropy < 0)
+                       entropy = 0;
+               }
 
        st_idx=state_index;
        st_num=state_num;
@@ -476,7 +504,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
        return (ret);
        }
 
-int RAND_status(void)
+static int ssleay_rand_status(void)
        {
        if (!initialized)
                ssleay_rand_initialize();