openssl/crypto/rand/rand_lib.c

/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/opensslconf.h>
#include "internal/rand.h"

#include <openssl/engine.h>

#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
# include <openssl/fips_rand.h>
#endif

#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static ENGINE *funct_ref = NULL;
#endif
static const RAND_METHOD *default_RAND_meth = NULL;

int RAND_set_rand_method(const RAND_METHOD *meth)
{
#ifndef OPENSSL_NO_ENGINE
    ENGINE_finish(funct_ref);
    funct_ref = NULL;
#endif
    default_RAND_meth = meth;
    return 1;
}

const RAND_METHOD *RAND_get_rand_method(void)
{
    if (!default_RAND_meth) {
#ifndef OPENSSL_NO_ENGINE
        ENGINE *e = ENGINE_get_default_RAND();
        if (e) {
            default_RAND_meth = ENGINE_get_RAND(e);
            if (default_RAND_meth == NULL) {
                ENGINE_finish(e);
                e = NULL;
            }
        }
        if (e)
            funct_ref = e;
        else
#endif
            default_RAND_meth = RAND_OpenSSL();
    }
    return default_RAND_meth;
}

#ifndef OPENSSL_NO_ENGINE
int RAND_set_rand_engine(ENGINE *engine)
{
    const RAND_METHOD *tmp_meth = NULL;
    if (engine) {
        if (!ENGINE_init(engine))
            return 0;
        tmp_meth = ENGINE_get_RAND(engine);
        if (tmp_meth == NULL) {
            ENGINE_finish(engine);
            return 0;
        }
    }
    /* This function releases any prior ENGINE so call it first */
    RAND_set_rand_method(tmp_meth);
    funct_ref = engine;
    return 1;
}
#endif

void rand_cleanup_int(void)
{
    const RAND_METHOD *meth = RAND_get_rand_method();
    if (meth && meth->cleanup)
        meth->cleanup();
    RAND_set_rand_method(NULL);
}

void RAND_seed(const void *buf, int num)
{
    const RAND_METHOD *meth = RAND_get_rand_method();
    if (meth && meth->seed)
        meth->seed(buf, num);
}

void RAND_add(const void *buf, int num, double entropy)
{
    const RAND_METHOD *meth = RAND_get_rand_method();
    if (meth && meth->add)
        meth->add(buf, num, entropy);
}

int RAND_bytes(unsigned char *buf, int num)
{
    const RAND_METHOD *meth = RAND_get_rand_method();
    if (meth && meth->bytes)
        return meth->bytes(buf, num);
    return (-1);
}

#if OPENSSL_API_COMPAT < 0x10100000L
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
    const RAND_METHOD *meth = RAND_get_rand_method();
    if (meth && meth->pseudorand)
        return meth->pseudorand(buf, num);
    return (-1);
}
#endif

int RAND_status(void)
{
    const RAND_METHOD *meth = RAND_get_rand_method();
    if (meth && meth->status)
        return meth->status();
    return 0;
}
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-17 18:52:22 +00:00			`/*`
			`* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00			`*`
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-17 18:52:22 +00:00			`* Licensed under the OpenSSL license (the "License"). You may not use`
			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00			`*/`

			`#include <stdio.h>`
			`#include <time.h>`
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-05-14 14:56:48 +00:00			`#include "internal/cryptlib.h"`
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-01-05 04:00:33 +00:00			`#include <openssl/opensslconf.h>`
Deprecate RAND_cleanup() and make it a no-op RAND_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-04-06 10:19:55 +00:00			`#include "internal/rand.h"`
FIPS mode changes to make RNG compile (this will need updating later as we need a whole new PRNG for FIPS). 1. avoid use of ERR_peek(). 2. If compiling with FIPS use small FIPS EVP and disable ENGINE 2011-01-26 14:52:04 +00:00
Remove #error from include files. Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-03-18 18:30:20 +00:00			`#include <openssl/engine.h>`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Update OpenSSL DRBG support code. Use date time vector as additional data. Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD. 2011-04-06 23:40:22 +00:00			`#ifdef OPENSSL_FIPS`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`# include <openssl/fips.h>`
			`# include <openssl/fips_rand.h>`
Update OpenSSL DRBG support code. Use date time vector as additional data. Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD. 2011-04-06 23:40:22 +00:00			`#endif`

Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#ifndef OPENSSL_NO_ENGINE`
This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use both "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls. 2001-09-25 20:23:40 +00:00			`/* non-NULL if default_RAND_meth is ENGINE-provided */`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`static ENGINE *funct_ref = NULL;`
Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#endif`
This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use both "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls. 2001-09-25 20:23:40 +00:00			`static const RAND_METHOD *default_RAND_meth = NULL;`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use both "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls. 2001-09-25 20:23:40 +00:00			`int RAND_set_rand_method(const RAND_METHOD *meth)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#ifndef OPENSSL_NO_ENGINE`
GH715: ENGINE_finish can take NULL Simplifies calling code. Also fixed up any !ptr tests that were nearby, turning them into NULL tests. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-02-25 17:09:06 +00:00			`ENGINE_finish(funct_ref);`
			`funct_ref = NULL;`
Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#endif`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`default_RAND_meth = meth;`
			`return 1;`
			`}`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Some more tweaks from ENGINE code. Previously RAND_get_rand_method was returning a non-const pointer, but it should be const. As with all other such cases, METHOD pointers are stored and returned as "const". The only methods one should be able to alter are methods "local" to the relevant code, in which case a non-const handle to the methods should already exist. This change has been forced by the constifying of the ENGINE code (before which RAND_METHOD was the only method pointer in an ENGINE structure that was not constant). 2001-04-18 04:18:16 +00:00			`const RAND_METHOD *RAND_get_rand_method(void)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`if (!default_RAND_meth) {`
Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#ifndef OPENSSL_NO_ENGINE`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`ENGINE *e = ENGINE_get_default_RAND();`
			`if (e) {`
			`default_RAND_meth = ENGINE_get_RAND(e);`
GH715: ENGINE_finish can take NULL Simplifies calling code. Also fixed up any !ptr tests that were nearby, turning them into NULL tests. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-02-25 17:09:06 +00:00			`if (default_RAND_meth == NULL) {`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`ENGINE_finish(e);`
			`e = NULL;`
			`}`
			`}`
			`if (e)`
			`funct_ref = e;`
			`else`
Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#endif`
Replace "SSLeay" in API with OpenSSL All instances of SSLeay (any combination of case) were replaced with the case-equivalent OpenSSL. Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-10-27 19:11:48 +00:00			`default_RAND_meth = RAND_OpenSSL();`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`}`
			`return default_RAND_meth;`
			`}`
This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use both "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls. 2001-09-25 20:23:40 +00:00
Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#ifndef OPENSSL_NO_ENGINE`
This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use both "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls. 2001-09-25 20:23:40 +00:00			`int RAND_set_rand_engine(ENGINE *engine)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`const RAND_METHOD *tmp_meth = NULL;`
			`if (engine) {`
			`if (!ENGINE_init(engine))`
			`return 0;`
			`tmp_meth = ENGINE_get_RAND(engine);`
GH715: ENGINE_finish can take NULL Simplifies calling code. Also fixed up any !ptr tests that were nearby, turning them into NULL tests. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-02-25 17:09:06 +00:00			`if (tmp_meth == NULL) {`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`ENGINE_finish(engine);`
			`return 0;`
			`}`
			`}`
			`/* This function releases any prior ENGINE so call it first */`
			`RAND_set_rand_method(tmp_meth);`
			`funct_ref = engine;`
			`return 1;`
			`}`
Add the possibility to build without the ENGINE framework. PR: 287 2003-01-30 17:39:26 +00:00			`#endif`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Rename int_() functions to _int() There is a preference for suffixes to indicate that a function is internal rather than prefixes. Note: the suffix is only required to disambiguate internal functions and public symbols with the same name (but different case) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-04-12 11:20:16 +00:00			`void rand_cleanup_int(void)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`const RAND_METHOD *meth = RAND_get_rand_method();`
			`if (meth && meth->cleanup)`
			`meth->cleanup();`
			`RAND_set_rand_method(NULL);`
			`}`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD. 2008-11-12 03:58:08 +00:00			`void RAND_seed(const void *buf, int num)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`const RAND_METHOD *meth = RAND_get_rand_method();`
			`if (meth && meth->seed)`
			`meth->seed(buf, num);`
			`}`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD. 2008-11-12 03:58:08 +00:00			`void RAND_add(const void *buf, int num, double entropy)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`const RAND_METHOD *meth = RAND_get_rand_method();`
			`if (meth && meth->add)`
			`meth->add(buf, num, entropy);`
			`}`
Precautions against using the PRNG uninitialized: RAND_bytes() now returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument. 2000-01-13 20:59:17 +00:00
Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD. 2008-11-12 03:58:08 +00:00			`int RAND_bytes(unsigned char *buf, int num)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`const RAND_METHOD *meth = RAND_get_rand_method();`
			`if (meth && meth->bytes)`
			`return meth->bytes(buf, num);`
			`return (-1);`
			`}`
Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-01-05 04:00:33 +00:00			`#if OPENSSL_API_COMPAT < 0x10100000L`
Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD. 2008-11-12 03:58:08 +00:00			`int RAND_pseudo_bytes(unsigned char *buf, int num)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`const RAND_METHOD *meth = RAND_get_rand_method();`
			`if (meth && meth->pseudorand)`
			`return meth->pseudorand(buf, num);`
			`return (-1);`
			`}`
Deprecate RAND_pseudo_bytes The justification for RAND_pseudo_bytes is somewhat dubious, and the reality is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in the default implementation both end up calling ssleay_rand_bytes. Both may return -1 in an error condition. If there is insufficient entropy then both will return 0, but RAND_bytes will additionally add an error to the error queue. They both return 1 on success. Therefore the fundamental difference between the two is that one will add an error to the error queue with insufficient entory whilst the other will not. Frequently there are constructions of this form: if(RAND_pseudo_bytes(...) <= 1) goto err; In the above form insufficient entropy is treated as an error anyway, so RAND_bytes is probably the better form to use. This form is also seen: if(!RAND_pseudo_bytes(...)) goto err; This is technically not correct at all since a -1 return value is incorrectly handled - but this form will also treat insufficient entropy as an error. Within libssl it is required that you have correctly seeded your entropy pool and so there seems little benefit in using RAND_pseudo_bytes. Similarly in libcrypto many operations also require a correctly seeded entropy pool and so in most interesting cases you would be better off using RAND_bytes anyway. There is a significant risk of RAND_pseudo_bytes being incorrectly used in scenarios where security can be compromised by insufficient entropy. If you are not using the default implementation, then most engines use the same function to implement RAND_bytes and RAND_pseudo_bytes in any case. Given its misuse, limited benefit, and potential to compromise security, RAND_pseudo_bytes has been deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-02-26 13:52:30 +00:00			`#endif`
Use RAND_METHOD for implementing RAND_status. 2000-03-02 14:34:58 +00:00
			`int RAND_status(void)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 03:40:55 +00:00			`{`
			`const RAND_METHOD *meth = RAND_get_rand_method();`
			`if (meth && meth->status)`
			`return meth->status();`
			`return 0;`
			`}`