Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+ has a return value which indicated the quality of the random data
+ (1 = ok, 0 = not seeded).
+ [Ulf Möller]
+
*) Do more iterations of Rabin-Miller probable prime test (specifically,
3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
instead of only 2 for all lengths; see BN_prime_checks definition
BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
{
/* make a random number and set the top and bottom bits */
time(&tim);
- RAND_seed(&tim,sizeof(tim));
+ RAND_add(&tim,sizeof(tim),0);
- RAND_bytes(buf,(int)bytes);
+ if (RAND_bytes(buf,(int)bytes) <= 0)
+ goto err;
if (top)
{
if (bit == 0)
{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"},
{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"},
{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"},
+{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"},
{0,NULL},
};
#define ERR_LIB_PKCS7 33
#define ERR_LIB_X509V3 34
#define ERR_LIB_PKCS12 35
+#define ERR_LIB_RAND 36
#define ERR_LIB_USER 128
#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__)
#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
+#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
ERR_load_CRYPTO_strings();
ERR_load_PKCS7_strings();
ERR_load_PKCS12_strings();
+ ERR_load_RAND_strings();
#endif
}
L RSAREF rsaref/rsaref.h rsaref/rsar_err.c
L SSL ssl/ssl.h ssl/ssl_err.c
L COMP crypto/comp/comp.h crypto/comp/comp_err.c
+L RAND crypto/rand/rand.h crypto/rand/rand_err.c
F RSAREF_F_RSA_BN2BIN
return NULL;
}
p8->pkey->type = V_ASN1_OCTET_STRING;
- RAND_seed (p8->pkey->value.octet_string->data,
- p8->pkey->value.octet_string->length);
+ RAND_add(p8->pkey->value.octet_string->data,
+ p8->pkey->value.octet_string->length, 0);
return p8;
}
int i;
if (npubk <= 0) return(0);
- RAND_bytes(key,EVP_MAX_KEY_LENGTH);
+ if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) == -1) return(0);
if (type->iv_len > 0)
RAND_bytes(iv,type->iv_len);
#endif
kstr=(unsigned char *)buf;
}
- RAND_seed(data,i);/* put in the RSA key. */
+ RAND_add(data,i,0);/* put in the RSA key. */
RAND_bytes(iv,8); /* Generate a salt */
/* The 'iv' is used as the iv and as a salt. It is
* NOT taken from the BytesToKey function */
BIO_get_cipher_ctx(btmp, &ctx);
keylen=EVP_CIPHER_key_length(evp_cipher);
ivlen=EVP_CIPHER_iv_length(evp_cipher);
- RAND_bytes(key,keylen);
+ if (RAND_bytes(key,keylen) <= 0)
+ goto err;
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0) RAND_bytes(iv,ivlen);
EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o
SRC= $(LIBSRC)
* [including the GNU Public Licence.]
*/
+#define ENTROPY_NEEDED 32 /* require 128 bits of randomness */
+
#ifndef MD_RAND_DEBUG
# ifndef NDEBUG
# define NDEBUG
#include "openssl/e_os.h"
#include <openssl/crypto.h>
+#include <openssl/err.h>
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
#if !defined(NO_SHA) && !defined(NO_SHA1)
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
+static int entropy=0;
const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
static void ssleay_rand_cleanup(void);
static void ssleay_rand_seed(const void *buf, int num);
-static void ssleay_rand_bytes(unsigned char *buf, int num);
+static void ssleay_rand_add(const void *buf, int num, int entropy);
+static int ssleay_rand_bytes(unsigned char *buf, int num);
RAND_METHOD rand_ssleay_meth={
ssleay_rand_seed,
ssleay_rand_bytes,
ssleay_rand_cleanup,
+ ssleay_rand_add,
};
RAND_METHOD *RAND_SSLeay(void)
memset(md,0,MD_DIGEST_LENGTH);
md_count[0]=0;
md_count[1]=0;
+ entropy=0;
}
-static void ssleay_rand_seed(const void *buf, int num)
+static void ssleay_rand_add(const void *buf, int num, int add)
{
int i,j,k,st_idx;
long md_c[2];
#ifndef THREADS
assert(md_c[1] == md_count[1]);
#endif
+ entropy += add;
+ }
+
+static void ssleay_rand_seed(const void *buf, int num)
+ {
+ ssleay_rand_add(buf, num, num);
}
-static void ssleay_rand_bytes(unsigned char *buf, int num)
+static int ssleay_rand_bytes(unsigned char *buf, int num)
{
int i,j,k,st_num,st_idx;
+ int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
MD_CTX m;
for (i=0; i<num; i++)
buf[i]=val++;
- return;
+ return(1);
}
#endif
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
/* put in some default random data, we need more than
* just this */
- RAND_seed(&m,sizeof(m));
+ RAND_add(&m,sizeof(m),0);
#ifndef GETPID_IS_MEANINGLESS
l=curr_pid;
- RAND_seed(&l,sizeof(l));
+ RAND_add(&l,sizeof(l),0);
l=getuid();
- RAND_seed(&l,sizeof(l));
+ RAND_add(&l,sizeof(l),0);
#endif
l=time(NULL);
- RAND_seed(&l,sizeof(l));
+ RAND_add(&l,sizeof(l),0);
#ifdef DEVRANDOM
/*
init=0;
}
+ ok = (entropy >= ENTROPY_NEEDED);
+
st_idx=state_index;
st_num=state_num;
md_c[0] = md_count[0];
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
memset(&m,0,sizeof(m));
+ if (ok)
+ return(1);
+ else
+ {
+ RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
+ return(0);
+ }
}
#ifdef WINDOWS
typedef struct rand_meth_st
{
void (*seed)(const void *buf, int num);
- void (*bytes)(unsigned char *buf, int num);
+ int (*bytes)(unsigned char *buf, int num);
void (*cleanup)(void);
+ void (*add)(const void *buf, int num, int entropy);
} RAND_METHOD;
void RAND_set_rand_method(RAND_METHOD *meth);
RAND_METHOD *RAND_get_rand_method(void );
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void );
-void RAND_bytes(unsigned char *buf,int num);
+int RAND_bytes(unsigned char *buf,int num);
void RAND_seed(const void *buf,int num);
+void RAND_add(const void *buf,int num,int entropy);
int RAND_load_file(const char *file,long max_bytes);
int RAND_write_file(const char *file);
char *RAND_file_name(char *file,int num);
#ifdef WINDOWS
void RAND_screen(void);
#endif
+void ERR_load_RAND_strings(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the RAND functions. */
+
+/* Function codes. */
+#define RAND_F_SSLEAY_RAND_BYTES 100
+
+/* Reason codes. */
+#define RAND_R_PRNG_NOT_SEEDED 100
+
#ifdef __cplusplus
}
#endif
-
#endif
+
--- /dev/null
+/* crypto/rand/rand_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA RAND_str_functs[]=
+ {
+{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "ssleay_rand_bytes"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA RAND_str_reasons[]=
+ {
+{RAND_R_PRNG_NOT_SEEDED ,"prng not seeded"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_RAND_strings(void)
+ {
+ static int init=1;
+
+ if (init)
+ {
+ init=0;
+#ifndef NO_ERR
+ ERR_load_strings(ERR_LIB_RAND,RAND_str_functs);
+ ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons);
+#endif
+
+ }
+ }
rand_meth->seed(buf,num);
}
-void RAND_bytes(unsigned char *buf, int num)
+void RAND_add(const void *buf, int num, int entropy)
{
if (rand_meth != NULL)
- rand_meth->bytes(buf,num);
+ rand_meth->add(buf,num,entropy);
+ }
+
+int RAND_bytes(unsigned char *buf, int num)
+ {
+ if (rand_meth != NULL)
+ return rand_meth->bytes(buf,num);
+ return(-1);
}
i=stat(file,&sb);
/* If the state fails, put some crap in anyway */
- RAND_seed(&sb,sizeof(sb));
+ RAND_add(&sb,sizeof(sb),0);
ret+=sizeof(sb);
if (i < 0) return(0);
if (bytes <= 0) return(ret);
i=fread(buf,1,n,in);
if (i <= 0) break;
/* even if n != i, use the full array */
- RAND_seed(buf,n);
+ RAND_add(buf,n,i);
ret+=i;
bytes-=n;
if (bytes <= 0) break;
emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
- RAND_bytes(seed, SHA_DIGEST_LENGTH);
+ if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+ return (0);
#ifdef PKCS_TESTVECT
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
/* pad out with non-zero random data */
j=tlen-3-flen;
- RAND_bytes(p,j);
+ if (RAND_bytes(p,j) <= 0)
+ return(0);
for (i=0; i<j; i++)
{
if (*p == '\0')
do {
- RAND_bytes(p,1);
+ if (RAND_bytes(p,1) <= 0)
+ return(0);
} while (*p == '\0');
p++;
}
/* pad out with non-zero random data */
j=tlen-3-8-flen;
- RAND_bytes(p,j);
+ if (RAND_bytes(p,j) <= 0)
+ return(0);
for (i=0; i<j; i++)
{
if (*p == '\0')
do {
- RAND_bytes(p,1);
+ if (RAND_bytes(p,1) <= 0)
+ return(0);
} while (*p == '\0');
p++;
}
{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
{ERR_PACK(0,X509_F_X509_ATTRIBUTE_IGET_DATA,0), "X509_ATTRIBUTE_iget_data"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_ISET_DATA,0), "X509_ATTRIBUTE_iset_data"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_ISET_DATA,0), "X509_ATTRIBUTE_ISET_DATA"},
{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
int ret= -1;
int new_state,state;
- RAND_seed(&Time,sizeof(Time));
+ RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
int ret= -1;
int new_state,state;
- RAND_seed(&Time,sizeof(Time));
+ RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
void (*cb)()=NULL;
int new_state,state;
- RAND_seed(&l,sizeof(l));
+ RAND_add(&l,sizeof(l),0);
ERR_clear_error();
clear_sys_error();
void (*cb)()=NULL;
int new_state,state;
- RAND_seed(&l,sizeof(l));
+ RAND_add(&l,sizeof(l),0);
ERR_clear_error();
clear_sys_error();
int ret= -1;
int new_state,state,skip=0;;
- RAND_seed(&Time,sizeof(Time));
+ RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
int ret= -1;
int new_state,state,skip=0;
- RAND_seed(&Time,sizeof(Time));
+ RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
#define SSL_R_BAD_AUTHENTICATION_TYPE 102
#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
#define SSL_R_BAD_CHECKSUM 104
-#define SSL_R_BAD_HELLO_REQUEST 105
#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
#define SSL_R_BAD_DECOMPRESSION 107
#define SSL_R_BAD_DH_G_LENGTH 108
#define SSL_R_BAD_DH_P_LENGTH 110
#define SSL_R_BAD_DIGEST_LENGTH 111
#define SSL_R_BAD_DSA_SIGNATURE 112
+#define SSL_R_BAD_HELLO_REQUEST 105
#define SSL_R_BAD_LENGTH 271
#define SSL_R_BAD_MAC_DECODE 113
#define SSL_R_BAD_MESSAGE_TYPE 114
{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"},
{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"},
{SSL_R_BAD_CHECKSUM ,"bad checksum"},
-{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"},
{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"},
{SSL_R_BAD_DECOMPRESSION ,"bad decompression"},
{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"},
{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"},
{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"},
{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"},
+{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"},
{SSL_R_BAD_LENGTH ,"bad length"},
{SSL_R_BAD_MAC_DECODE ,"bad mac decode"},
{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"},
projects / openssl.git / commitdiff