]>
Commit | Line | Data |
---|---|---|
b1322259 | 1 | /* |
9d951a78 | 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. |
dfeab068 | 3 | * |
b1322259 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
dfeab068 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
dfeab068 | 11 | #include <time.h> |
b39fc560 | 12 | #include "internal/cryptlib.h" |
98186eb4 | 13 | #include <openssl/opensslconf.h> |
63f483e1 | 14 | #include "internal/rand_int.h" |
3c27208f | 15 | #include <openssl/engine.h> |
87975cfa | 16 | #include "internal/thread_once.h" |
da8fc25a | 17 | #include "rand_lcl.h" |
dfeab068 | 18 | |
0b13e9f0 | 19 | #ifndef OPENSSL_NO_ENGINE |
cb78486d | 20 | /* non-NULL if default_RAND_meth is ENGINE-provided */ |
da8fc25a RS |
21 | static ENGINE *funct_ref; |
22 | static CRYPTO_RWLOCK *rand_engine_lock; | |
0b13e9f0 | 23 | #endif |
da8fc25a RS |
24 | static CRYPTO_RWLOCK *rand_meth_lock; |
25 | static const RAND_METHOD *default_RAND_meth; | |
26 | static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; | |
c16de9d8 | 27 | |
a35f607c | 28 | int rand_fork_count; |
87975cfa | 29 | |
8389ec4b RS |
30 | #ifdef OPENSSL_RAND_SEED_RDTSC |
31 | /* | |
32 | * IMPORTANT NOTE: It is not currently possible to use this code | |
9ed79d8e RS |
33 | * because we are not sure about the amount of randomness it provides. |
34 | * Some SP900 tests have been run, but there is internal skepticism. | |
8389ec4b RS |
35 | * So for now this code is not used. |
36 | */ | |
37 | # error "RDTSC enabled? Should not be possible!" | |
38 | ||
39 | /* | |
c16de9d8 DMSP |
40 | * Acquire entropy from high-speed clock |
41 | * | |
8389ec4b | 42 | * Since we get some randomness from the low-order bits of the |
c16de9d8 DMSP |
43 | * high-speed clock, it can help. |
44 | * | |
45 | * Returns the total entropy count, if it exceeds the requested | |
46 | * entropy count. Otherwise, returns an entropy count of 0. | |
8389ec4b | 47 | */ |
c16de9d8 | 48 | size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool) |
8389ec4b RS |
49 | { |
50 | unsigned char c; | |
51 | int i; | |
52 | ||
9ed79d8e RS |
53 | if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) { |
54 | for (i = 0; i < TSC_READ_COUNT; i++) { | |
55 | c = (unsigned char)(OPENSSL_rdtsc() & 0xFF); | |
c16de9d8 | 56 | RAND_POOL_add(pool, &c, 1, 4); |
9ed79d8e | 57 | } |
8389ec4b | 58 | } |
c16de9d8 | 59 | return RAND_POOL_entropy_available(pool); |
8389ec4b RS |
60 | } |
61 | #endif | |
62 | ||
63 | #ifdef OPENSSL_RAND_SEED_RDCPU | |
c16de9d8 DMSP |
64 | size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); |
65 | size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); | |
8389ec4b RS |
66 | |
67 | extern unsigned int OPENSSL_ia32cap_P[]; | |
68 | ||
c16de9d8 DMSP |
69 | /* |
70 | * Acquire entropy using Intel-specific cpu instructions | |
71 | * | |
72 | * Uses the RDSEED instruction if available, otherwise uses | |
73 | * RDRAND if available. | |
74 | * | |
75 | * For the differences between RDSEED and RDRAND, and why RDSEED | |
76 | * is the preferred choice, see https://goo.gl/oK3KcN | |
77 | * | |
78 | * Returns the total entropy count, if it exceeds the requested | |
79 | * entropy count. Otherwise, returns an entropy count of 0. | |
80 | */ | |
81 | size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) | |
8389ec4b | 82 | { |
c16de9d8 DMSP |
83 | size_t bytes_needed; |
84 | unsigned char *buffer; | |
85 | ||
86 | bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); | |
87 | if (bytes_needed > 0) { | |
88 | buffer = RAND_POOL_add_begin(pool, bytes_needed); | |
89 | ||
90 | if (buffer != NULL) { | |
91 | ||
92 | /* If RDSEED is available, use that. */ | |
93 | if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) { | |
94 | if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed) | |
95 | == bytes_needed) | |
96 | return RAND_POOL_add_end(pool, | |
97 | bytes_needed, | |
98 | 8 * bytes_needed); | |
99 | } | |
100 | ||
101 | /* Second choice is RDRAND. */ | |
102 | if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) { | |
103 | if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed) | |
104 | == bytes_needed) | |
105 | return RAND_POOL_add_end(pool, | |
106 | bytes_needed, | |
107 | 8 * bytes_needed); | |
108 | } | |
109 | ||
110 | return RAND_POOL_add_end(pool, 0, 0); | |
9ed79d8e | 111 | } |
8389ec4b RS |
112 | } |
113 | ||
c16de9d8 | 114 | return RAND_POOL_entropy_available(pool); |
8389ec4b RS |
115 | } |
116 | #endif | |
da8fc25a | 117 | |
75e2c877 RS |
118 | |
119 | /* | |
c16de9d8 DMSP |
120 | * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks()) |
121 | * | |
122 | * If the DRBG has a parent, then the required amount of entropy input | |
123 | * is fetched using the parent's RAND_DRBG_generate(). | |
75e2c877 | 124 | * |
c16de9d8 DMSP |
125 | * Otherwise, the entropy is polled from the system entropy sources |
126 | * using RAND_POOL_acquire_entropy(). | |
127 | * | |
128 | * If a random pool has been added to the DRBG using RAND_add(), then | |
129 | * its entropy will be used up first. | |
75e2c877 | 130 | */ |
c16de9d8 DMSP |
131 | size_t rand_drbg_get_entropy(RAND_DRBG *drbg, |
132 | unsigned char **pout, | |
133 | int entropy, size_t min_len, size_t max_len) | |
75e2c877 | 134 | { |
c16de9d8 DMSP |
135 | size_t ret = 0; |
136 | size_t entropy_available = 0; | |
137 | RAND_POOL *pool = RAND_POOL_new(entropy, min_len, max_len); | |
75e2c877 | 138 | |
c16de9d8 DMSP |
139 | if (pool == NULL) |
140 | return 0; | |
141 | ||
142 | if (drbg->pool) { | |
143 | RAND_POOL_add(pool, | |
144 | RAND_POOL_buffer(drbg->pool), | |
145 | RAND_POOL_length(drbg->pool), | |
146 | RAND_POOL_entropy(drbg->pool)); | |
147 | RAND_POOL_free(drbg->pool); | |
148 | drbg->pool = NULL; | |
75e2c877 RS |
149 | } |
150 | ||
c16de9d8 DMSP |
151 | if (drbg->parent) { |
152 | size_t bytes_needed = RAND_POOL_bytes_needed(pool, 8); | |
153 | unsigned char *buffer = RAND_POOL_add_begin(pool, bytes_needed); | |
9d951a78 | 154 | |
c16de9d8 DMSP |
155 | if (buffer != NULL) { |
156 | size_t bytes = 0; | |
75e2c877 | 157 | |
c16de9d8 DMSP |
158 | /* Get entropy from parent, include our state as additional input */ |
159 | if (RAND_DRBG_generate(drbg->parent, | |
160 | buffer, bytes_needed, | |
161 | 0, | |
162 | (unsigned char *)drbg, sizeof(*drbg)) != 0) | |
163 | bytes = bytes_needed; | |
75e2c877 | 164 | |
c16de9d8 DMSP |
165 | entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); |
166 | } | |
0b14a5b7 | 167 | |
c16de9d8 DMSP |
168 | } else { |
169 | /* Get entropy by polling system entropy sources. */ | |
170 | entropy_available = RAND_POOL_acquire_entropy(pool); | |
75e2c877 RS |
171 | } |
172 | ||
c16de9d8 DMSP |
173 | if (entropy_available > 0) { |
174 | ret = RAND_POOL_length(pool); | |
175 | *pout = RAND_POOL_detach(pool); | |
6969a3f4 | 176 | } |
c16de9d8 DMSP |
177 | |
178 | RAND_POOL_free(pool); | |
179 | return ret; | |
75e2c877 RS |
180 | } |
181 | ||
c16de9d8 DMSP |
182 | |
183 | /* | |
184 | * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks()) | |
185 | * | |
186 | */ | |
187 | void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, | |
188 | unsigned char *out, size_t outlen) | |
75e2c877 | 189 | { |
c16de9d8 | 190 | OPENSSL_secure_clear_free(out, outlen); |
ddc6a5c8 RS |
191 | } |
192 | ||
a35f607c RS |
193 | void rand_fork() |
194 | { | |
195 | rand_fork_count++; | |
196 | } | |
197 | ||
da8fc25a | 198 | DEFINE_RUN_ONCE_STATIC(do_rand_init) |
87975cfa | 199 | { |
2f881d2d | 200 | int ret = 1; |
75e2c877 | 201 | |
87975cfa | 202 | #ifndef OPENSSL_NO_ENGINE |
ed6b2c79 | 203 | rand_engine_lock = CRYPTO_THREAD_glock_new("rand_engine"); |
2f881d2d | 204 | ret &= rand_engine_lock != NULL; |
87975cfa | 205 | #endif |
ed6b2c79 | 206 | rand_meth_lock = CRYPTO_THREAD_glock_new("rand_meth"); |
2f881d2d | 207 | ret &= rand_meth_lock != NULL; |
75e2c877 | 208 | |
2f881d2d | 209 | return ret; |
87975cfa | 210 | } |
dfeab068 | 211 | |
da8fc25a RS |
212 | void rand_cleanup_int(void) |
213 | { | |
214 | const RAND_METHOD *meth = default_RAND_meth; | |
215 | ||
216 | if (meth != NULL && meth->cleanup != NULL) | |
217 | meth->cleanup(); | |
218 | RAND_set_rand_method(NULL); | |
219 | #ifndef OPENSSL_NO_ENGINE | |
220 | CRYPTO_THREAD_lock_free(rand_engine_lock); | |
221 | #endif | |
222 | CRYPTO_THREAD_lock_free(rand_meth_lock); | |
75e2c877 RS |
223 | } |
224 | ||
225 | /* | |
c16de9d8 DMSP |
226 | * RAND_poll() reseeds the default RNG using random input |
227 | * | |
228 | * The random input is obtained from polling various entropy | |
229 | * sources which depend on the operating system and are | |
230 | * configurable via the --with-rand-seed configure option. | |
231 | */ | |
232 | int RAND_poll(void) | |
233 | { | |
234 | int ret = 0; | |
235 | ||
236 | RAND_POOL *pool = NULL; | |
237 | ||
238 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
239 | ||
240 | if (meth == RAND_OpenSSL()) { | |
241 | /* fill random pool and seed the default DRBG */ | |
242 | RAND_DRBG *drbg = RAND_DRBG_get0_global(); | |
243 | ||
244 | if (drbg == NULL) | |
245 | return 0; | |
246 | ||
247 | CRYPTO_THREAD_write_lock(drbg->lock); | |
248 | ret = rand_drbg_restart(drbg, NULL, 0, 0); | |
249 | CRYPTO_THREAD_unlock(drbg->lock); | |
250 | ||
251 | return ret; | |
252 | ||
253 | } else { | |
254 | /* fill random pool and seed the current legacy RNG */ | |
255 | pool = RAND_POOL_new(RAND_DRBG_STRENGTH, | |
256 | RAND_DRBG_STRENGTH / 8, | |
257 | DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8)); | |
258 | if (pool == NULL) | |
259 | return 0; | |
260 | ||
261 | if (RAND_POOL_acquire_entropy(pool) == 0) | |
262 | goto err; | |
263 | ||
264 | if (meth->add == NULL | |
265 | || meth->add(RAND_POOL_buffer(pool), | |
266 | RAND_POOL_length(pool), | |
267 | (RAND_POOL_entropy(pool) / 8.0)) == 0) | |
268 | goto err; | |
269 | ||
270 | ret = 1; | |
271 | } | |
272 | ||
273 | err: | |
274 | RAND_POOL_free(pool); | |
275 | return ret; | |
276 | } | |
277 | ||
278 | /* | |
279 | * The 'random pool' acts as a dumb container for collecting random | |
280 | * input from various entropy sources. The pool has no knowledge about | |
281 | * whether its randomness is fed into a legacy RAND_METHOD via RAND_add() | |
282 | * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the | |
283 | * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and | |
284 | * 4) cleanup the random pool again. | |
285 | * | |
286 | * The random pool contains no locking mechanism because its scope and | |
287 | * lifetime is intended to be restricted to a single stack frame. | |
75e2c877 | 288 | */ |
c16de9d8 DMSP |
289 | struct rand_pool_st { |
290 | unsigned char *buffer; /* points to the beginning of the random pool */ | |
291 | size_t len; /* current number of random bytes contained in the pool */ | |
292 | ||
293 | size_t min_len; /* minimum number of random bytes requested */ | |
294 | size_t max_len; /* maximum number of random bytes (allocated buffer size) */ | |
295 | size_t entropy; /* current entropy count in bits */ | |
296 | size_t requested_entropy; /* requested entropy count in bits */ | |
297 | }; | |
298 | ||
299 | /* | |
300 | * Allocate memory and initialize a new random pool | |
301 | */ | |
302 | ||
303 | RAND_POOL *RAND_POOL_new(int entropy, size_t min_len, size_t max_len) | |
75e2c877 | 304 | { |
c16de9d8 DMSP |
305 | RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); |
306 | ||
307 | if (pool == NULL) { | |
308 | RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); | |
309 | goto err; | |
310 | } | |
311 | ||
312 | pool->min_len = min_len; | |
313 | pool->max_len = max_len; | |
314 | ||
315 | pool->buffer = OPENSSL_secure_zalloc(pool->max_len); | |
316 | if (pool->buffer == NULL) { | |
317 | RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); | |
318 | goto err; | |
319 | } | |
320 | ||
321 | pool->requested_entropy = entropy; | |
322 | ||
323 | return pool; | |
324 | ||
325 | err: | |
326 | OPENSSL_free(pool); | |
327 | return NULL; | |
75e2c877 RS |
328 | } |
329 | ||
c16de9d8 DMSP |
330 | /* |
331 | * Free |pool|, securely erasing its buffer. | |
332 | */ | |
333 | void RAND_POOL_free(RAND_POOL *pool) | |
334 | { | |
335 | if (pool == NULL) | |
336 | return; | |
337 | ||
338 | OPENSSL_secure_clear_free(pool->buffer, pool->max_len); | |
339 | OPENSSL_free(pool); | |
340 | } | |
341 | ||
342 | /* | |
343 | * Return the |pool|'s buffer to the caller (readonly). | |
344 | */ | |
345 | const unsigned char *RAND_POOL_buffer(RAND_POOL *pool) | |
346 | { | |
347 | return pool->buffer; | |
348 | } | |
349 | ||
350 | /* | |
351 | * Return the |pool|'s entropy to the caller. | |
352 | */ | |
353 | size_t RAND_POOL_entropy(RAND_POOL *pool) | |
354 | { | |
355 | return pool->entropy; | |
356 | } | |
357 | ||
358 | /* | |
359 | * Return the |pool|'s buffer length to the caller. | |
360 | */ | |
361 | size_t RAND_POOL_length(RAND_POOL *pool) | |
362 | { | |
363 | return pool->len; | |
364 | } | |
365 | ||
366 | /* | |
367 | * Detach the |pool| buffer and return it to the caller. | |
368 | * It's the responsibility of the caller to free the buffer | |
369 | * using OPENSSL_secure_clear_free(). | |
370 | */ | |
371 | unsigned char *RAND_POOL_detach(RAND_POOL *pool) | |
372 | { | |
373 | unsigned char *ret = pool->buffer; | |
374 | pool->buffer = NULL; | |
375 | return ret; | |
376 | } | |
377 | ||
378 | ||
379 | /* | |
380 | * If every byte of the input contains |entropy_per_bytes| bits of entropy, | |
381 | * how many bytes does one need to obtain at least |bits| bits of entropy? | |
382 | */ | |
383 | #define ENTROPY_TO_BYTES(bits, entropy_per_bytes) \ | |
384 | (((bits) + ((entropy_per_bytes) - 1))/(entropy_per_bytes)) | |
385 | ||
386 | ||
387 | /* | |
388 | * Checks whether the |pool|'s entropy is available to the caller. | |
389 | * This is the case when entropy count and buffer length are high enough. | |
390 | * Returns | |
391 | * | |
392 | * |entropy| if the entropy count and buffer size is large enough | |
393 | * 0 otherwise | |
394 | */ | |
395 | size_t RAND_POOL_entropy_available(RAND_POOL *pool) | |
396 | { | |
397 | if (pool->entropy < pool->requested_entropy) | |
398 | return 0; | |
399 | ||
400 | if (pool->len < pool->min_len) | |
401 | return 0; | |
402 | ||
403 | return pool->entropy; | |
404 | } | |
405 | ||
406 | /* | |
407 | * Returns the (remaining) amount of entropy needed to fill | |
408 | * the random pool. | |
409 | */ | |
410 | ||
411 | size_t RAND_POOL_entropy_needed(RAND_POOL *pool) | |
412 | { | |
413 | if (pool->entropy < pool->requested_entropy) | |
414 | return pool->requested_entropy - pool->entropy; | |
415 | ||
416 | return 0; | |
417 | } | |
418 | ||
419 | /* | |
420 | * Returns the number of bytes needed to fill the pool, assuming | |
421 | * the input has 'entropy_per_byte' entropy bits per byte. | |
422 | * In case of an error, 0 is returned. | |
423 | */ | |
424 | ||
425 | size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte) | |
426 | { | |
427 | size_t bytes_needed; | |
428 | size_t entropy_needed = RAND_POOL_entropy_needed(pool); | |
429 | ||
430 | if (entropy_per_byte < 1 || entropy_per_byte > 8) { | |
431 | RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE); | |
432 | return 0; | |
433 | } | |
434 | ||
435 | bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_per_byte); | |
436 | ||
437 | if (bytes_needed > pool->max_len - pool->len) { | |
438 | /* not enough space left */ | |
439 | RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW); | |
440 | return 0; | |
441 | } | |
442 | ||
443 | if (pool->len < pool->min_len && | |
444 | bytes_needed < pool->min_len - pool->len) | |
445 | /* to meet the min_len requirement */ | |
446 | bytes_needed = pool->min_len - pool->len; | |
447 | ||
448 | return bytes_needed; | |
449 | } | |
450 | ||
451 | /* Returns the remaining number of bytes available */ | |
452 | size_t RAND_POOL_bytes_remaining(RAND_POOL *pool) | |
75e2c877 | 453 | { |
c16de9d8 DMSP |
454 | return pool->max_len - pool->len; |
455 | } | |
456 | ||
457 | /* | |
458 | * Add random bytes to the random pool. | |
459 | * | |
460 | * It is expected that the |buffer| contains |len| bytes of | |
461 | * random input which contains at least |entropy| bits of | |
462 | * randomness. | |
463 | * | |
464 | * Return available amount of entropy after this operation. | |
465 | * (see RAND_POOL_entropy_available(pool)) | |
466 | */ | |
467 | size_t RAND_POOL_add(RAND_POOL *pool, | |
468 | const unsigned char *buffer, size_t len, size_t entropy) | |
469 | { | |
470 | if (len > pool->max_len - pool->len) { | |
471 | RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG); | |
472 | return 0; | |
473 | } | |
474 | ||
475 | if (len > 0) { | |
476 | memcpy(pool->buffer + pool->len, buffer, len); | |
477 | pool->len += len; | |
478 | pool->entropy += entropy; | |
479 | } | |
480 | ||
481 | return RAND_POOL_entropy_available(pool); | |
482 | } | |
483 | ||
484 | /* | |
485 | * Start to add random bytes to the random pool in-place. | |
486 | * | |
487 | * Reserves the next |len| bytes for adding random bytes in-place | |
488 | * and returns a pointer to the buffer. | |
489 | * The caller is allowed to copy up to |len| bytes into the buffer. | |
490 | * If |len| == 0 this is considered a no-op and a NULL pointer | |
491 | * is returned without producing an error message. | |
492 | * | |
493 | * After updating the buffer, RAND_POOL_add_end() needs to be called | |
494 | * to finish the udpate operation (see next comment). | |
495 | */ | |
496 | unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len) | |
497 | { | |
498 | if (len == 0) | |
499 | return NULL; | |
500 | ||
501 | if (len > pool->max_len - pool->len) { | |
502 | RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW); | |
503 | return NULL; | |
504 | } | |
505 | ||
506 | return pool->buffer + pool->len; | |
507 | } | |
508 | ||
509 | /* | |
510 | * Finish to add random bytes to the random pool in-place. | |
511 | * | |
512 | * Finishes an in-place update of the random pool started by | |
513 | * RAND_POOL_add_begin() (see previous comment). | |
514 | * It is expected that |len| bytes of random input have been added | |
515 | * to the buffer which contain at least |entropy| bits of randomness. | |
516 | * It is allowed to add less bytes than originally reserved. | |
517 | */ | |
518 | size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy) | |
519 | { | |
520 | if (len > pool->max_len - pool->len) { | |
521 | RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); | |
522 | return 0; | |
523 | } | |
524 | ||
525 | if (len > 0) { | |
526 | pool->len += len; | |
527 | pool->entropy += entropy; | |
528 | } | |
529 | ||
530 | return RAND_POOL_entropy_available(pool); | |
da8fc25a RS |
531 | } |
532 | ||
cb78486d | 533 | int RAND_set_rand_method(const RAND_METHOD *meth) |
0f113f3e | 534 | { |
da8fc25a | 535 | if (!RUN_ONCE(&rand_init, do_rand_init)) |
87975cfa RL |
536 | return 0; |
537 | ||
538 | CRYPTO_THREAD_write_lock(rand_meth_lock); | |
0b13e9f0 | 539 | #ifndef OPENSSL_NO_ENGINE |
7c96dbcd RS |
540 | ENGINE_finish(funct_ref); |
541 | funct_ref = NULL; | |
0b13e9f0 | 542 | #endif |
0f113f3e | 543 | default_RAND_meth = meth; |
87975cfa | 544 | CRYPTO_THREAD_unlock(rand_meth_lock); |
0f113f3e MC |
545 | return 1; |
546 | } | |
dfeab068 | 547 | |
a4a9d97a | 548 | const RAND_METHOD *RAND_get_rand_method(void) |
0f113f3e | 549 | { |
87975cfa RL |
550 | const RAND_METHOD *tmp_meth = NULL; |
551 | ||
da8fc25a | 552 | if (!RUN_ONCE(&rand_init, do_rand_init)) |
87975cfa RL |
553 | return NULL; |
554 | ||
555 | CRYPTO_THREAD_write_lock(rand_meth_lock); | |
da8fc25a | 556 | if (default_RAND_meth == NULL) { |
0b13e9f0 | 557 | #ifndef OPENSSL_NO_ENGINE |
da8fc25a RS |
558 | ENGINE *e; |
559 | ||
560 | /* If we have an engine that can do RAND, use it. */ | |
561 | if ((e = ENGINE_get_default_RAND()) != NULL | |
562 | && (tmp_meth = ENGINE_get_RAND(e)) != NULL) { | |
0f113f3e | 563 | funct_ref = e; |
da8fc25a RS |
564 | default_RAND_meth = tmp_meth; |
565 | } else { | |
566 | ENGINE_finish(e); | |
75e2c877 | 567 | default_RAND_meth = &rand_meth; |
da8fc25a RS |
568 | } |
569 | #else | |
75e2c877 | 570 | default_RAND_meth = &rand_meth; |
0b13e9f0 | 571 | #endif |
0f113f3e | 572 | } |
87975cfa RL |
573 | tmp_meth = default_RAND_meth; |
574 | CRYPTO_THREAD_unlock(rand_meth_lock); | |
575 | return tmp_meth; | |
0f113f3e | 576 | } |
cb78486d | 577 | |
0b13e9f0 | 578 | #ifndef OPENSSL_NO_ENGINE |
cb78486d | 579 | int RAND_set_rand_engine(ENGINE *engine) |
0f113f3e MC |
580 | { |
581 | const RAND_METHOD *tmp_meth = NULL; | |
87975cfa | 582 | |
da8fc25a | 583 | if (!RUN_ONCE(&rand_init, do_rand_init)) |
87975cfa RL |
584 | return 0; |
585 | ||
da8fc25a | 586 | if (engine != NULL) { |
0f113f3e MC |
587 | if (!ENGINE_init(engine)) |
588 | return 0; | |
589 | tmp_meth = ENGINE_get_RAND(engine); | |
7c96dbcd | 590 | if (tmp_meth == NULL) { |
0f113f3e MC |
591 | ENGINE_finish(engine); |
592 | return 0; | |
593 | } | |
594 | } | |
87975cfa | 595 | CRYPTO_THREAD_write_lock(rand_engine_lock); |
0f113f3e MC |
596 | /* This function releases any prior ENGINE so call it first */ |
597 | RAND_set_rand_method(tmp_meth); | |
598 | funct_ref = engine; | |
87975cfa | 599 | CRYPTO_THREAD_unlock(rand_engine_lock); |
0f113f3e MC |
600 | return 1; |
601 | } | |
0b13e9f0 | 602 | #endif |
dfeab068 | 603 | |
6343829a | 604 | void RAND_seed(const void *buf, int num) |
0f113f3e MC |
605 | { |
606 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
da8fc25a RS |
607 | |
608 | if (meth->seed != NULL) | |
0f113f3e MC |
609 | meth->seed(buf, num); |
610 | } | |
dfeab068 | 611 | |
da8fc25a | 612 | void RAND_add(const void *buf, int num, double randomness) |
0f113f3e MC |
613 | { |
614 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
da8fc25a RS |
615 | |
616 | if (meth->add != NULL) | |
617 | meth->add(buf, num, randomness); | |
0f113f3e | 618 | } |
eb952088 | 619 | |
ddc6a5c8 RS |
620 | /* |
621 | * This function is not part of RAND_METHOD, so if we're not using | |
622 | * the default method, then just call RAND_bytes(). Otherwise make | |
623 | * sure we're instantiated and use the private DRBG. | |
624 | */ | |
625 | int RAND_priv_bytes(unsigned char *buf, int num) | |
626 | { | |
627 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
0b14a5b7 | 628 | RAND_DRBG *drbg; |
ddc6a5c8 RS |
629 | |
630 | if (meth != RAND_OpenSSL()) | |
631 | return RAND_bytes(buf, num); | |
632 | ||
0b14a5b7 KR |
633 | drbg = RAND_DRBG_get0_priv_global(); |
634 | if (drbg == NULL) | |
ddc6a5c8 | 635 | return 0; |
ddc6a5c8 | 636 | |
0b14a5b7 | 637 | return RAND_DRBG_generate(drbg, buf, num, 0, NULL, 0); |
ddc6a5c8 RS |
638 | } |
639 | ||
6343829a | 640 | int RAND_bytes(unsigned char *buf, int num) |
0f113f3e MC |
641 | { |
642 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
da8fc25a RS |
643 | |
644 | if (meth->bytes != NULL) | |
0f113f3e | 645 | return meth->bytes(buf, num); |
0ea155fc | 646 | RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); |
da8fc25a | 647 | return -1; |
0f113f3e | 648 | } |
dfeab068 | 649 | |
98186eb4 | 650 | #if OPENSSL_API_COMPAT < 0x10100000L |
6343829a | 651 | int RAND_pseudo_bytes(unsigned char *buf, int num) |
0f113f3e MC |
652 | { |
653 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
da8fc25a RS |
654 | |
655 | if (meth->pseudorand != NULL) | |
0f113f3e | 656 | return meth->pseudorand(buf, num); |
da8fc25a | 657 | return -1; |
0f113f3e | 658 | } |
302d38e3 | 659 | #endif |
5eb8ca4d BM |
660 | |
661 | int RAND_status(void) | |
0f113f3e MC |
662 | { |
663 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
da8fc25a RS |
664 | |
665 | if (meth->status != NULL) | |
0f113f3e MC |
666 | return meth->status(); |
667 | return 0; | |
668 | } |