+
+err:
+ RAND_POOL_free(pool);
+ return ret;
+}
+
+/*
+ * The 'random pool' acts as a dumb container for collecting random
+ * input from various entropy sources. The pool has no knowledge about
+ * whether its randomness is fed into a legacy RAND_METHOD via RAND_add()
+ * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the
+ * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
+ * 4) cleanup the random pool again.
+ *
+ * The random pool contains no locking mechanism because its scope and
+ * lifetime is intended to be restricted to a single stack frame.
+ */
+struct rand_pool_st {
+ unsigned char *buffer; /* points to the beginning of the random pool */
+ size_t len; /* current number of random bytes contained in the pool */
+
+ size_t min_len; /* minimum number of random bytes requested */
+ size_t max_len; /* maximum number of random bytes (allocated buffer size) */
+ size_t entropy; /* current entropy count in bits */
+ size_t requested_entropy; /* requested entropy count in bits */
+};
+
+/*
+ * Allocate memory and initialize a new random pool
+ */
+
+RAND_POOL *RAND_POOL_new(int entropy, size_t min_len, size_t max_len)
+{
+ RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+ if (pool == NULL) {
+ RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pool->min_len = min_len;
+ pool->max_len = max_len;
+
+ pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+ if (pool->buffer == NULL) {
+ RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pool->requested_entropy = entropy;
+
+ return pool;
+
+err:
+ OPENSSL_free(pool);
+ return NULL;
+}
+
+/*
+ * Free |pool|, securely erasing its buffer.
+ */
+void RAND_POOL_free(RAND_POOL *pool)
+{
+ if (pool == NULL)
+ return;
+
+ OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+ OPENSSL_free(pool);
+}
+
+/*
+ * Return the |pool|'s buffer to the caller (readonly).
+ */
+const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
+{
+ return pool->buffer;
+}
+
+/*
+ * Return the |pool|'s entropy to the caller.
+ */
+size_t RAND_POOL_entropy(RAND_POOL *pool)
+{
+ return pool->entropy;
+}
+
+/*
+ * Return the |pool|'s buffer length to the caller.
+ */
+size_t RAND_POOL_length(RAND_POOL *pool)
+{
+ return pool->len;
+}
+
+/*
+ * Detach the |pool| buffer and return it to the caller.
+ * It's the responsibility of the caller to free the buffer
+ * using OPENSSL_secure_clear_free().
+ */
+unsigned char *RAND_POOL_detach(RAND_POOL *pool)
+{
+ unsigned char *ret = pool->buffer;
+ pool->buffer = NULL;
+ return ret;
+}
+
+
+/*
+ * If every byte of the input contains |entropy_per_bytes| bits of entropy,
+ * how many bytes does one need to obtain at least |bits| bits of entropy?
+ */
+#define ENTROPY_TO_BYTES(bits, entropy_per_bytes) \
+ (((bits) + ((entropy_per_bytes) - 1))/(entropy_per_bytes))
+
+
+/*
+ * Checks whether the |pool|'s entropy is available to the caller.
+ * This is the case when entropy count and buffer length are high enough.
+ * Returns
+ *
+ * |entropy| if the entropy count and buffer size is large enough
+ * 0 otherwise
+ */
+size_t RAND_POOL_entropy_available(RAND_POOL *pool)
+{
+ if (pool->entropy < pool->requested_entropy)
+ return 0;
+
+ if (pool->len < pool->min_len)
+ return 0;
+
+ return pool->entropy;
+}
+
+/*
+ * Returns the (remaining) amount of entropy needed to fill
+ * the random pool.
+ */
+
+size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
+{
+ if (pool->entropy < pool->requested_entropy)
+ return pool->requested_entropy - pool->entropy;
+
+ return 0;
+}
+
+/*
+ * Returns the number of bytes needed to fill the pool, assuming
+ * the input has 'entropy_per_byte' entropy bits per byte.
+ * In case of an error, 0 is returned.
+ */
+
+size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
+{
+ size_t bytes_needed;
+ size_t entropy_needed = RAND_POOL_entropy_needed(pool);
+
+ if (entropy_per_byte < 1 || entropy_per_byte > 8) {
+ RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
+ return 0;
+ }
+
+ bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_per_byte);
+
+ if (bytes_needed > pool->max_len - pool->len) {
+ /* not enough space left */
+ RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW);
+ return 0;
+ }
+
+ if (pool->len < pool->min_len &&
+ bytes_needed < pool->min_len - pool->len)
+ /* to meet the min_len requirement */
+ bytes_needed = pool->min_len - pool->len;
+
+ return bytes_needed;
+}
+
+/* Returns the remaining number of bytes available */
+size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
+{
+ return pool->max_len - pool->len;
+}
+
+/*
+ * Add random bytes to the random pool.
+ *
+ * It is expected that the |buffer| contains |len| bytes of
+ * random input which contains at least |entropy| bits of
+ * randomness.
+ *
+ * Return available amount of entropy after this operation.
+ * (see RAND_POOL_entropy_available(pool))
+ */
+size_t RAND_POOL_add(RAND_POOL *pool,
+ const unsigned char *buffer, size_t len, size_t entropy)
+{
+ if (len > pool->max_len - pool->len) {
+ RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG);
+ return 0;
+ }
+
+ if (len > 0) {
+ memcpy(pool->buffer + pool->len, buffer, len);
+ pool->len += len;
+ pool->entropy += entropy;
+ }
+
+ return RAND_POOL_entropy_available(pool);
+}
+
+/*
+ * Start to add random bytes to the random pool in-place.
+ *
+ * Reserves the next |len| bytes for adding random bytes in-place
+ * and returns a pointer to the buffer.
+ * The caller is allowed to copy up to |len| bytes into the buffer.
+ * If |len| == 0 this is considered a no-op and a NULL pointer
+ * is returned without producing an error message.
+ *
+ * After updating the buffer, RAND_POOL_add_end() needs to be called
+ * to finish the udpate operation (see next comment).
+ */
+unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
+{
+ if (len == 0)
+ return NULL;
+
+ if (len > pool->max_len - pool->len) {
+ RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW);
+ return NULL;
+ }
+
+ return pool->buffer + pool->len;
+}
+
+/*
+ * Finish to add random bytes to the random pool in-place.
+ *
+ * Finishes an in-place update of the random pool started by
+ * RAND_POOL_add_begin() (see previous comment).
+ * It is expected that |len| bytes of random input have been added
+ * to the buffer which contain at least |entropy| bits of randomness.
+ * It is allowed to add less bytes than originally reserved.
+ */
+size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+{
+ if (len > pool->max_len - pool->len) {
+ RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
+ return 0;
+ }
+
+ if (len > 0) {
+ pool->len += len;
+ pool->entropy += entropy;
+ }
+
+ return RAND_POOL_entropy_available(pool);
+}
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+{
+ if (!RUN_ONCE(&rand_init, do_rand_init))
+ return 0;
+
+ CRYPTO_THREAD_write_lock(rand_meth_lock);
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_finish(funct_ref);
+ funct_ref = NULL;