Deprecate RAND_cleanup() and make it a no-op

RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/apps/speed.c b/apps/speed.c
index 68d6f0f58a382ac616a7c83d3cc471cbf3e8cfea..b2c247f68dff44613d31ac59a7cb3d9df5afe9db 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -313,7 +313,6 @@ static double ecdh_results[EC_NUM][1];
 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 static const char rnd_seed[] =
     "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
 #endif
 
 #ifdef SIGALRM
@@ -2448,7 +2447,6 @@ int speed_main(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
     if (RAND_status() != 1) {
         RAND_seed(rnd_seed, sizeof rnd_seed);
-        rnd_fake = 1;
     }
     for (testnum = 0; testnum < DSA_NUM; testnum++) {
         int st = 0;
@@ -2512,14 +2510,11 @@ int speed_main(int argc, char **argv)
                 dsa_doit[testnum] = 0;
         }
     }
-    if (rnd_fake)
-        RAND_cleanup();
 #endif
 
 #ifndef OPENSSL_NO_EC
     if (RAND_status() != 1) {
         RAND_seed(rnd_seed, sizeof rnd_seed);
-        rnd_fake = 1;
     }
     for (testnum = 0; testnum < EC_NUM; testnum++) {
         int st = 1;
@@ -2601,14 +2596,11 @@ int speed_main(int argc, char **argv)
             }
         }
     }
-    if (rnd_fake)
-        RAND_cleanup();
 #endif
 
 #ifndef OPENSSL_NO_EC
     if (RAND_status() != 1) {
         RAND_seed(rnd_seed, sizeof rnd_seed);
-        rnd_fake = 1;
     }
     for (testnum = 0; testnum < EC_NUM; testnum++) {
         if (!ecdh_doit[testnum])
@@ -2700,8 +2692,6 @@ int speed_main(int argc, char **argv)
                 ecdh_doit[testnum] = 0;
         }
     }
-    if (rnd_fake)
-        RAND_cleanup();
 #endif
 #ifndef NO_FORK
  show_res:

diff --git a/apps/testdsa.h b/apps/testdsa.h
index 6519948fe659c03278b4310e877d06deef2ffa8c..c72c71eccea30e916ad3b3f0ed0cd5e5a4c46517 100644 (file)
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -328,6 +328,3 @@ DSA *get_dsa2048()
     return NULL;
 }
 
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;

diff --git a/crypto/include/internal/rand.h b/crypto/include/internal/rand.h
new file mode 100644 (file)
index 0000000..f1a9389
--- /dev/null
+++ b/crypto/include/internal/rand.h
@@ -0,0 +1,11 @@
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/rand.h>
+
+void rand_cleanup_intern(void);

diff --git a/crypto/init.c b/crypto/init.c
index 3699145ac69af7a5508883f288eb043799fed218..d93f28281808e16848b81155b78c235e7aa8b8e7 100644 (file)
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -58,7 +58,7 @@
 #include <internal/threads.h>
 #include <internal/cryptlib_int.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
+#include <internal/rand.h>
 #include <openssl/evp.h>
 #include <internal/evp_int.h>
 #include <internal/conf.h>
@@ -453,7 +453,7 @@ void OPENSSL_cleanup(void)
 
 #ifdef OPENSSL_INIT_DEBUG
     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
-                    "RAND_cleanup()\n");
+                    "rand_cleanup_intern()\n");
     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
                     "CONF_modules_free()\n");
 #ifndef OPENSSL_NO_ENGINE
@@ -471,14 +471,14 @@ void OPENSSL_cleanup(void)
 #endif
     /*
      * Note that cleanup order is important:
-     * - RAND_cleanup could call an ENINGE's RAND cleanup function so must be
-     * called before ENGINE_cleanup()
+     * - rand_cleanup_intern could call an ENINGE's RAND cleanup function so
+     * must be called before ENGINE_cleanup()
      * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
      * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
      * - CONF_modules_free() can end up in ENGINE code so must be called before
      * ENGINE_cleanup()
      */
-    RAND_cleanup();
+    rand_cleanup_intern();
     CONF_modules_free();
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_cleanup();

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 36b41cda80c8a17d42ad464e8c4c3d6d9ebb8631..f5998f80aa49ce588089fb18418bd86f011c3fdf 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -59,7 +59,7 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
-#include <openssl/rand.h>
+#include "internal/rand.h"
 
 #include <openssl/engine.h>
 
@@ -125,7 +125,7 @@ int RAND_set_rand_engine(ENGINE *engine)
 }
 #endif
 
-void RAND_cleanup(void)
+void rand_cleanup_intern(void)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
     if (meth && meth->cleanup)

diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod
index 88efb9a0481cb45772b94a7dd92b05bffedf7726..b5c43eab36be63e8a0155a5a52a8ac98014f91d8 100644 (file)
--- a/doc/crypto/RAND_cleanup.pod
+++ b/doc/crypto/RAND_cleanup.pod
@@ -8,11 +8,15 @@ RAND_cleanup - erase the PRNG state
 
  #include <openssl/rand.h>
 
- void RAND_cleanup(void);
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ # define RAND_cleanup()
+ #endif
 
 =head1 DESCRIPTION
 
-RAND_cleanup() erases the memory used by the PRNG.
+Prior to OpenSSL 1.1.0 RAND_cleanup() erases the memory used by the PRNG. This
+function is deprecated and as of version 1.1.0 does nothing. No explicit
+initialisation or de-initialisation is necessary. See L<OPENSSL_init_crypto(3)>.
 
 =head1 RETURN VALUE
 
@@ -22,4 +26,8 @@ RAND_cleanup() returns no value.
 
 L<rand(3)>
 
+=head1 HISTORY
+
+RAND_cleanup() was deprecated in OpenSSL 1.1.0.
+
 =cut

diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod
index 533d577fa6e6f70af565200ba24145add2a390b8..01babe603683ea8d2da4d1eeede77603e79ab784 100644 (file)
--- a/doc/crypto/RAND_set_rand_method.pod
+++ b/doc/crypto/RAND_set_rand_method.pod
@@ -46,7 +46,7 @@ API is being used, so this function is no longer recommended.
  } RAND_METHOD;
 
 The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
+RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand()
 and RAND_status().
 Each component may be NULL if the function is not implemented.
 

diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
index 27a6787dbe7b630ba41f1d1b4add108e26b848a4..7d9605011ba38aa2ab58e7d405cd2f121582874c 100644 (file)
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@@ -27,12 +27,16 @@ rand - pseudo-random number generator
  const RAND_METHOD *RAND_get_rand_method(void);
  RAND_METHOD *RAND_OpenSSL(void);
 
- void RAND_cleanup(void);
-
  /* For Win32 only */
  void RAND_screen(void);
  int RAND_event(UINT, WPARAM, LPARAM);
 
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ # define RAND_cleanup()
+ #endif
+
 =head1 DESCRIPTION
 
 Since the introduction of the ENGINE API, the recommended way of controlling

diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 2a9a85c1f165754c10e0f2fdb2294c408aaaa849..75f7389ebd543da5f0599862aa152538f91b3220 100644 (file)
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -92,7 +92,9 @@ const RAND_METHOD *RAND_get_rand_method(void);
 int RAND_set_rand_engine(ENGINE *engine);
 # endif
 RAND_METHOD *RAND_OpenSSL(void);
-void RAND_cleanup(void);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define RAND_cleanup()
+#endif
 int RAND_bytes(unsigned char *buf, int num);
 DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
 void RAND_seed(const void *buf, int num);