Don't use RDRAND if told not to

[openssl.git] / crypto / rand / md_rand.c

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index ec42fc29f07d90043c66741fd44960ba79745511..9b6b0b56f9c47095febc2dbb7082e719cb449760 100644 (file)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -1,4 +1,3 @@
-/* crypto/rand/md_rand.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -128,6 +127,7 @@
 # include <time.h>
 #endif
 
+#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/async.h>
@@ -172,7 +172,7 @@ static int rand_seed(const void *buf, int num);
 static int rand_add(const void *buf, int num, double add_entropy);
 static int rand_bytes(unsigned char *buf, int num, int pseudo);
 static int rand_nopseudo_bytes(unsigned char *buf, int num);
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
 static int rand_pseudo_bytes(unsigned char *buf, int num);
 #endif
 static int rand_status(void);
@@ -182,7 +182,7 @@ static RAND_METHOD rand_meth = {
     rand_nopseudo_bytes,
     rand_cleanup,
     rand_add,
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
     rand_pseudo_bytes,
 #else
     NULL,
@@ -234,7 +234,7 @@ static int rand_add(const void *buf, int num, double add)
      * hash function.
      */
 
-    m = EVP_MD_CTX_create();
+    m = EVP_MD_CTX_new();
     if (m == NULL)
         goto err;
 
@@ -355,7 +355,7 @@ static int rand_add(const void *buf, int num, double add)
 #endif
     rv = 1;
  err:
-    EVP_MD_CTX_destroy(m);
+    EVP_MD_CTX_free(m);
     return rv;
 }
 
@@ -412,7 +412,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
     if (num <= 0)
         return 1;
 
-    m = EVP_MD_CTX_create();
+    m = EVP_MD_CTX_new();
     if (m == NULL)
         goto err_mem;
 
@@ -551,18 +551,6 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
         if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
             goto err;
 
-#ifndef PURIFY                  /* purify complains */
-        /*
-         * The following line uses the supplied buffer as a small source of
-         * entropy: since this buffer is often uninitialised it may cause
-         * programs such as purify or valgrind to complain. So for those
-         * builds it is not used: the removal of such a small source of
-         * entropy has negligible impact on security.
-         */
-        if (!MD_Update(m, buf, j))
-            goto err;
-#endif
-
         k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
         if (k > 0) {
             if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
@@ -600,7 +588,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
     ASYNC_unblock_pause();
     CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
-    EVP_MD_CTX_destroy(m);
+    EVP_MD_CTX_free(m);
     if (ok)
         return (1);
     else if (pseudo)
@@ -613,11 +601,11 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
     }
  err:
     RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB);
-    EVP_MD_CTX_destroy(m);
+    EVP_MD_CTX_free(m);
     return 0;
  err_mem:
     RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE);
-    EVP_MD_CTX_destroy(m);
+    EVP_MD_CTX_free(m);
     return 0;
 
 }
@@ -627,7 +615,7 @@ static int rand_nopseudo_bytes(unsigned char *buf, int num)
     return rand_bytes(buf, num, 0);
 }
 
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
 /*
  * pseudo-random bytes that are guaranteed to be unique but not unpredictable
  */
@@ -698,7 +686,8 @@ static int rand_status(void)
 
 #if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
      defined(__x86_64) || defined(__x86_64__) || \
-     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
+     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \
+     && !defined(OPENSSL_NO_RDRAND)
 
 # define RDRAND_CALLS    4