From 786b13fa7786db8f198c46090816d9a3e4ae72fb Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 10 Dec 2020 12:05:11 +1000 Subject: [PATCH] RAND_METHOD deprecation: code changes Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) --- crypto/rand/build.info | 6 ++- crypto/rand/rand_lib.c | 110 +++++++++++++++++++++++++++++++++++------ include/openssl/rand.h | 14 +++--- util/libcrypto.num | 10 ++-- 4 files changed, 112 insertions(+), 28 deletions(-) diff --git a/crypto/rand/build.info b/crypto/rand/build.info index b9dc16a6c7..500667c332 100644 --- a/crypto/rand/build.info +++ b/crypto/rand/build.info @@ -1,12 +1,14 @@ LIBS=../../libcrypto -$COMMON=rand_lib.c rand_meth.c +$COMMON=rand_lib.c $CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c IF[{- !$disabled{'egd'} -}] $CRYPTO=$CRYPTO rand_egd.c ENDIF - +IF[{- !$disabled{'deprecated-3.0'} -}] + $COMMON=$COMMON rand_meth.c +ENDIF SOURCE[../../libcrypto]=$COMMON $CRYPTO SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 69afa9d2ea..2a4055f617 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -35,8 +35,10 @@ static ENGINE *funct_ref; static CRYPTO_RWLOCK *rand_engine_lock; # endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 static CRYPTO_RWLOCK *rand_meth_lock; static const RAND_METHOD *default_RAND_meth; +# endif static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; static int rand_inited = 0; @@ -49,9 +51,11 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) return 0; # endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 rand_meth_lock = CRYPTO_THREAD_lock_new(); if (rand_meth_lock == NULL) goto err; +# endif if (!rand_pool_init()) goto err; @@ -60,8 +64,10 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) return 1; err: +# ifndef OPENSSL_NO_DEPRECATED_3_0 CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; +# endif # ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); rand_engine_lock = NULL; @@ -71,6 +77,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) void rand_cleanup_int(void) { +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = default_RAND_meth; if (!rand_inited) @@ -79,13 +86,16 @@ void rand_cleanup_int(void) if (meth != NULL && meth->cleanup != NULL) meth->cleanup(); RAND_set_rand_method(NULL); +# endif rand_pool_cleanup(); # ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); rand_engine_lock = NULL; # endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; +# endif rand_inited = 0; } @@ -109,13 +119,13 @@ void RAND_keep_random_devices_open(int keep) */ int RAND_poll(void) { +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); int ret = meth == RAND_OpenSSL(); if (meth == NULL) return 0; -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!ret) { /* fill random pool and seed the current legacy RNG */ RAND_POOL *pool = rand_pool_new(RAND_DRBG_STRENGTH, 1, @@ -138,20 +148,26 @@ int RAND_poll(void) err: rand_pool_free(pool); } -#endif return ret; +# else + static const char salt[] = "polling"; + + RAND_seed(salt, sizeof(salt)); + return 1; +# endif } +# ifndef OPENSSL_NO_DEPRECATED_3_0 int RAND_set_rand_method(const RAND_METHOD *meth) { if (!RUN_ONCE(&rand_init, do_rand_init)) return 0; CRYPTO_THREAD_write_lock(rand_meth_lock); -# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_ENGINE ENGINE_finish(funct_ref); funct_ref = NULL; -# endif +# endif default_RAND_meth = meth; CRYPTO_THREAD_unlock(rand_meth_lock); return 1; @@ -166,7 +182,7 @@ const RAND_METHOD *RAND_get_rand_method(void) CRYPTO_THREAD_write_lock(rand_meth_lock); if (default_RAND_meth == NULL) { -# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_ENGINE ENGINE *e; /* If we have an engine that can do RAND, use it. */ @@ -178,16 +194,16 @@ const RAND_METHOD *RAND_get_rand_method(void) ENGINE_finish(e); default_RAND_meth = &rand_meth; } -# else +# else default_RAND_meth = &rand_meth; -# endif +# endif } tmp_meth = default_RAND_meth; CRYPTO_THREAD_unlock(rand_meth_lock); return tmp_meth; } -# if !defined(OPENSSL_NO_ENGINE) +# if !defined(OPENSSL_NO_ENGINE) int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -211,22 +227,40 @@ int RAND_set_rand_engine(ENGINE *engine) CRYPTO_THREAD_unlock(rand_engine_lock); return 1; } -# endif +# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ void RAND_seed(const void *buf, int num) { + EVP_RAND_CTX *drbg; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth != NULL && meth->seed != NULL) + if (meth != NULL && meth->seed != NULL) { meth->seed(buf, num); + return; + } +# endif + + drbg = RAND_get0_primary(NULL); + if (drbg != NULL && num > 0) + EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); } void RAND_add(const void *buf, int num, double randomness) { + EVP_RAND_CTX *drbg; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth != NULL && meth->add != NULL) + if (meth != NULL && meth->add != NULL) { meth->add(buf, num, randomness); + return; + } +# endif + drbg = RAND_get0_primary(NULL); + if (drbg != NULL && num > 0) + EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); } # if !defined(OPENSSL_NO_DEPRECATED_1_1_0) @@ -244,21 +278,25 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) int RAND_status(void) { EVP_RAND_CTX *rand; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) return meth->status != NULL ? meth->status() : 0; +# endif if ((rand = RAND_get0_primary(NULL)) == NULL) return 0; return EVP_RAND_state(rand) == EVP_RAND_STATE_READY; } -#else /* !FIPS_MODULE */ +# else /* !FIPS_MODULE */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *RAND_get_rand_method(void) { return NULL; } +# endif #endif /* !FIPS_MODULE */ /* @@ -269,6 +307,7 @@ const RAND_METHOD *RAND_get_rand_method(void) int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) { EVP_RAND_CTX *rand; +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { @@ -277,6 +316,7 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } +#endif rand = RAND_get0_private(ctx); if (rand != NULL) @@ -293,6 +333,7 @@ int RAND_priv_bytes(unsigned char *buf, int num) int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) { EVP_RAND_CTX *rand; +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { @@ -301,6 +342,7 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } +#endif rand = RAND_get0_public(ctx); if (rand != NULL) @@ -670,11 +712,14 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) #ifndef FIPS_MODULE static int random_set_string(char **p, const char *s) { - char *d = OPENSSL_strdup(s); + char *d = NULL; - if (d == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; + if (s != NULL) { + d = OPENSSL_strdup(s); + if (d == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + return 0; + } } OPENSSL_free(*p); *p = d; @@ -742,4 +787,37 @@ void ossl_random_add_conf_module(void) OSSL_TRACE(CONF, "Adding config module 'random'\n"); CONF_module_add("random", random_conf_init, random_conf_deinit); } + +int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq, + const char *cipher, const char *digest) +{ + RAND_GLOBAL *dgbl = rand_get_global(ctx); + + if (dgbl == NULL) + return 0; + if (dgbl->primary != NULL) { + ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); + return 0; + } + return random_set_string(&dgbl->rng_name, drbg) + && random_set_string(&dgbl->rng_propq, propq) + && random_set_string(&dgbl->rng_cipher, cipher) + && random_set_string(&dgbl->rng_digest, digest); +} + +int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, + const char *propq) +{ + RAND_GLOBAL *dgbl = rand_get_global(ctx); + + if (dgbl == NULL) + return 0; + if (dgbl->primary != NULL) { + ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); + return 0; + } + return random_set_string(&dgbl->seed_name, seed) + && random_set_string(&dgbl->seed_propq, propq); +} + #endif diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 2570b8463e..1b928a1ef4 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -36,6 +36,7 @@ extern "C" { */ # define RAND_DRBG_STRENGTH 256 +# ifndef OPENSSL_NO_DEPRECATED_3_0 struct rand_meth_st { int (*seed) (const void *buf, int num); int (*bytes) (unsigned char *buf, int num); @@ -45,13 +46,14 @@ struct rand_meth_st { int (*status) (void); }; -int RAND_set_rand_method(const RAND_METHOD *meth); -const RAND_METHOD *RAND_get_rand_method(void); -# ifndef OPENSSL_NO_ENGINE -int RAND_set_rand_engine(ENGINE *engine); -# endif +OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_engine(ENGINE *engine); +# endif -RAND_METHOD *RAND_OpenSSL(void); +OSSL_DEPRECATEDIN_3_0 RAND_METHOD *RAND_OpenSSL(void); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define RAND_cleanup() while(0) continue diff --git a/util/libcrypto.num b/util/libcrypto.num index a16b6e17eb..25d8619471 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -73,7 +73,7 @@ NETSCAPE_SPKI_print 74 3_0_0 EXIST::FUNCTION: X509_set_pubkey 75 3_0_0 EXIST::FUNCTION: ASN1_item_print 76 3_0_0 EXIST::FUNCTION: CONF_set_nconf 77 3_0_0 EXIST::FUNCTION: -RAND_set_rand_method 78 3_0_0 EXIST::FUNCTION: +RAND_set_rand_method 78 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 BN_GF2m_mod_mul 79 3_0_0 EXIST::FUNCTION:EC2M UI_add_input_boolean 80 3_0_0 EXIST::FUNCTION: ASN1_TIME_adj 81 3_0_0 EXIST::FUNCTION: @@ -167,7 +167,7 @@ EVP_MD_type 170 3_0_0 EXIST::FUNCTION: EVP_PKCS82PKEY 171 3_0_0 EXIST::FUNCTION: BN_generate_prime_ex 172 3_0_0 EXIST::FUNCTION: EVP_EncryptInit 173 3_0_0 EXIST::FUNCTION: -RAND_OpenSSL 174 3_0_0 EXIST::FUNCTION: +RAND_OpenSSL 174 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 BN_uadd 175 3_0_0 EXIST::FUNCTION: EVP_PKEY_derive_init 176 3_0_0 EXIST::FUNCTION: PEM_write_bio_ASN1_stream 177 3_0_0 EXIST::FUNCTION: @@ -1397,7 +1397,7 @@ OCSP_RESPBYTES_it 1429 3_0_0 EXIST::FUNCTION:OCSP EVP_aes_192_wrap 1430 3_0_0 EXIST::FUNCTION: OCSP_CERTID_it 1431 3_0_0 EXIST::FUNCTION:OCSP ENGINE_get_RSA 1432 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -RAND_get_rand_method 1433 3_0_0 EXIST::FUNCTION: +RAND_get_rand_method 1433 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_load_DSA_strings 1434 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA ASN1_check_infinite_end 1435 3_0_0 EXIST::FUNCTION: i2d_PKCS7_DIGEST 1436 3_0_0 EXIST::FUNCTION: @@ -1746,7 +1746,7 @@ NAME_CONSTRAINTS_check 1786 3_0_0 EXIST::FUNCTION: X509_CERT_AUX_it 1787 3_0_0 EXIST::FUNCTION: X509_get_X509_PUBKEY 1789 3_0_0 EXIST::FUNCTION: TXT_DB_create_index 1790 3_0_0 EXIST::FUNCTION: -RAND_set_rand_engine 1791 3_0_0 EXIST::FUNCTION:ENGINE +RAND_set_rand_engine 1791 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_set_serialNumber 1792 3_0_0 EXIST::FUNCTION: BN_mod_exp_mont_consttime 1793 3_0_0 EXIST::FUNCTION: X509V3_parse_list 1794 3_0_0 EXIST::FUNCTION: @@ -5301,3 +5301,5 @@ EVP_PKEY_fromdata_settable ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_param_check_quick ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_public_check_quick ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_is_a ? 3_0_0 EXIST::FUNCTION: +RAND_set_DRBG_type ? 3_0_0 EXIST::FUNCTION: +RAND_set_seed_source_type ? 3_0_0 EXIST::FUNCTION: -- 2.39.2