/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
static CRYPTO_RWLOCK *rand_nonce_lock;
static int rand_nonce_count;
-static int rand_cleaning_up = 0;
+static int rand_inited = 0;
#ifdef OPENSSL_RAND_SEED_RDTSC
/*
size_t entropy_available = 0;
RAND_POOL *pool;
- if (drbg->parent && drbg->strength > drbg->parent->strength) {
+ if (drbg->parent != NULL && drbg->strength > drbg->parent->strength) {
/*
* We currently don't support the algorithm from NIST SP 800-90C
* 10.1.2 to use a weaker DRBG as source
return 0;
}
- if (drbg->pool != NULL) {
- pool = drbg->pool;
+ if (drbg->seed_pool != NULL) {
+ pool = drbg->seed_pool;
pool->entropy_requested = entropy;
} else {
pool = rand_pool_new(entropy, min_len, max_len);
return 0;
}
- if (drbg->parent) {
+ if (drbg->parent != NULL) {
size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
prediction_resistance,
NULL, 0) != 0)
bytes = bytes_needed;
+ drbg->reseed_next_counter
+ = tsan_load(&drbg->parent->reseed_prop_counter);
rand_drbg_unlock(drbg->parent);
rand_pool_add_end(pool, bytes, 8 * bytes);
}
} else {
- if (prediction_resistance) {
- /*
- * We don't have any entropy sources that comply with the NIST
- * standard to provide prediction resistance (see NIST SP 800-90C,
- * Section 5.4).
- */
- RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY,
- RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED);
- goto err;
- }
-
/* Get entropy by polling system entropy sources. */
entropy_available = rand_pool_acquire_entropy(pool);
}
*pout = rand_pool_detach(pool);
}
- err:
- /* we need to reset drbg->pool in the error case */
- if (ret == 0 && drbg->pool != NULL)
- drbg->pool = NULL;
-
- rand_pool_free(pool);
+ if (drbg->seed_pool == NULL)
+ rand_pool_free(pool);
return ret;
}
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- if (drbg->pool == NULL)
+ if (drbg->seed_pool == NULL)
OPENSSL_secure_clear_free(out, outlen);
- else
- drbg->pool = NULL;
}
struct {
void * instance;
int count;
- } data = { 0 };
+ } data;
+ memset(&data, 0, sizeof(data));
pool = rand_pool_new(0, min_len, max_len);
if (pool == NULL)
return 0;
* On success it allocates a buffer at |*pout| and returns the length of
* the data. The buffer should get freed using OPENSSL_secure_clear_free().
*/
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout)
{
size_t ret = 0;
- RAND_POOL *pool;
-
- pool = rand_pool_new(0, 0, max_len);
- if (pool == NULL)
- return 0;
if (rand_pool_add_additional_data(pool) == 0)
goto err;
*pout = rand_pool_detach(pool);
err:
- rand_pool_free(pool);
-
return ret;
}
-void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen)
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
{
- OPENSSL_secure_clear_free(out, outlen);
+ rand_pool_reattach(pool, out);
}
void rand_fork(void)
if (rand_nonce_lock == NULL)
goto err2;
- if (!rand_cleaning_up && !rand_pool_init())
+ if (!rand_pool_init())
goto err3;
+ rand_inited = 1;
return 1;
err3:
- rand_pool_cleanup();
+ CRYPTO_THREAD_lock_free(rand_nonce_lock);
+ rand_nonce_lock = NULL;
err2:
CRYPTO_THREAD_lock_free(rand_meth_lock);
rand_meth_lock = NULL;
{
const RAND_METHOD *meth = default_RAND_meth;
- rand_cleaning_up = 1;
+ if (!rand_inited)
+ return;
if (meth != NULL && meth->cleanup != NULL)
meth->cleanup();
rand_meth_lock = NULL;
CRYPTO_THREAD_lock_free(rand_nonce_lock);
rand_nonce_lock = NULL;
+ rand_inited = 0;
}
/*
*/
void RAND_keep_random_devices_open(int keep)
{
- rand_pool_keep_random_devices_open(keep);
+ if (RUN_ONCE(&rand_init, do_rand_init))
+ rand_pool_keep_random_devices_open(keep);
}
/*
} else {
/* fill random pool and seed the current legacy RNG */
pool = rand_pool_new(RAND_DRBG_STRENGTH,
- RAND_DRBG_STRENGTH / 8,
+ (RAND_DRBG_STRENGTH + 7) / 8,
RAND_POOL_MAX_LENGTH);
if (pool == NULL)
return 0;
/*
* Detach the |pool| buffer and return it to the caller.
* It's the responsibility of the caller to free the buffer
- * using OPENSSL_secure_clear_free().
+ * using OPENSSL_secure_clear_free() or to re-attach it
+ * again to the pool using rand_pool_reattach().
*/
unsigned char *rand_pool_detach(RAND_POOL *pool)
{
unsigned char *ret = pool->buffer;
pool->buffer = NULL;
+ pool->entropy = 0;
return ret;
}
+/*
+ * Re-attach the |pool| buffer. It is only allowed to pass
+ * the |buffer| which was previously detached from the same pool.
+ */
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
+{
+ pool->buffer = buffer;
+ OPENSSL_cleanse(pool->buffer, pool->len);
+ pool->len = 0;
+}
/*
* If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
return 0;
}
+ if (pool->buffer == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
if (len > 0) {
memcpy(pool->buffer + pool->len, buffer, len);
pool->len += len;
return NULL;
}
+ if (pool->buffer == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
return pool->buffer + pool->len;
}
return -1;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();