diff options
| author | Pauli <paul.dale@oracle.com> | 2020-07-22 12:55:31 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-08-07 14:16:47 +1000 |
| commit | 7d615e2178fbffa53f05a67f68e5741374340308 (patch) | |
| tree | 8e5cdbb8c39e24727e64af790831980b2a5d9e6a /crypto/rand/rand_meth.c | |
| parent | 4df0d37ff6cc399b93f9ef2524d087c2d67d41b5 (diff) | |
| download | openssl-7d615e2178fbffa53f05a67f68e5741374340308.zip openssl-7d615e2178fbffa53f05a67f68e5741374340308.tar.gz openssl-7d615e2178fbffa53f05a67f68e5741374340308.tar.bz2 | |
rand_drbg: remove RAND_DRBG.
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG
type changing mechanism (RAND_DRBG_set()).
Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.
Other related changes:
Use RNG instead of DRBG in EVP_RAND documentation. The documentation was
using DRBG in places where it should have been RNG or CSRNG.
Move the RAND_DRBG(7) documentation to EVP_RAND(7).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12509)
Diffstat (limited to 'crypto/rand/rand_meth.c')
| -rw-r--r-- | crypto/rand/rand_meth.c | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c new file mode 100644 index 0000000..e9237a4 --- /dev/null +++ b/crypto/rand/rand_meth.c @@ -0,0 +1,69 @@ +/* + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/evp.h> +#include <openssl/rand.h> +#include "rand_local.h" + +/* Implements the default OpenSSL RAND_add() method */ +static int drbg_add(const void *buf, int num, double randomness) +{ + EVP_RAND_CTX *drbg = RAND_get0_primary(NULL); + + if (drbg == NULL || num <= 0) + return 0; + + return EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); +} + +/* Implements the default OpenSSL RAND_seed() method */ +static int drbg_seed(const void *buf, int num) +{ + return drbg_add(buf, num, num); +} + +/* Implements the default OpenSSL RAND_status() method */ +static int drbg_status(void) +{ + EVP_RAND_CTX *drbg = RAND_get0_primary(NULL); + + if (drbg == NULL) + return 0; + + return EVP_RAND_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0; +} + +/* Implements the default OpenSSL RAND_bytes() method */ +static int drbg_bytes(unsigned char *out, int count) +{ + EVP_RAND_CTX *drbg = RAND_get0_public(NULL); + + if (drbg == NULL) + return 0; + + return EVP_RAND_generate(drbg, out, count, 0, 0, NULL, 0); +} + +RAND_METHOD rand_meth = { + drbg_seed, + drbg_bytes, + NULL, + drbg_add, + drbg_bytes, + drbg_status +}; + +RAND_METHOD *RAND_OpenSSL(void) +{ +#ifndef FIPS_MODULE + return &rand_meth; +#else + return NULL; +#endif +} |