|
@@ -17,21 +17,20 @@
|
|
|
#include "rand_lcl.h"
|
|
|
#include "e_os.h"
|
|
|
|
|
|
-#ifndef OPENSSL_NO_ENGINE
|
|
|
+#ifndef FIPS_MODE
|
|
|
+# ifndef OPENSSL_NO_ENGINE
|
|
|
/* non-NULL if default_RAND_meth is ENGINE-provided */
|
|
|
static ENGINE *funct_ref;
|
|
|
static CRYPTO_RWLOCK *rand_engine_lock;
|
|
|
-#endif
|
|
|
+# endif
|
|
|
static CRYPTO_RWLOCK *rand_meth_lock;
|
|
|
static const RAND_METHOD *default_RAND_meth;
|
|
|
static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
|
|
|
|
|
|
-int rand_fork_count;
|
|
|
-
|
|
|
-static CRYPTO_RWLOCK *rand_nonce_lock;
|
|
|
-static int rand_nonce_count;
|
|
|
-
|
|
|
static int rand_inited = 0;
|
|
|
+#endif /* FIPS_MODE */
|
|
|
+
|
|
|
+int rand_fork_count;
|
|
|
|
|
|
#ifdef OPENSSL_RAND_SEED_RDTSC
|
|
|
/*
|
|
@@ -208,56 +207,6 @@ void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
|
|
|
OPENSSL_secure_clear_free(out, outlen);
|
|
|
}
|
|
|
|
|
|
-
|
|
|
-/*
|
|
|
- * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks())
|
|
|
- *
|
|
|
- */
|
|
|
-size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
|
|
|
- unsigned char **pout,
|
|
|
- int entropy, size_t min_len, size_t max_len)
|
|
|
-{
|
|
|
- size_t ret = 0;
|
|
|
- RAND_POOL *pool;
|
|
|
-
|
|
|
- struct {
|
|
|
- void * instance;
|
|
|
- int count;
|
|
|
- } data;
|
|
|
-
|
|
|
- memset(&data, 0, sizeof(data));
|
|
|
- pool = rand_pool_new(0, min_len, max_len);
|
|
|
- if (pool == NULL)
|
|
|
- return 0;
|
|
|
-
|
|
|
- if (rand_pool_add_nonce_data(pool) == 0)
|
|
|
- goto err;
|
|
|
-
|
|
|
- data.instance = drbg;
|
|
|
- CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock);
|
|
|
-
|
|
|
- if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)
|
|
|
- goto err;
|
|
|
-
|
|
|
- ret = rand_pool_length(pool);
|
|
|
- *pout = rand_pool_detach(pool);
|
|
|
-
|
|
|
- err:
|
|
|
- rand_pool_free(pool);
|
|
|
-
|
|
|
- return ret;
|
|
|
-}
|
|
|
-
|
|
|
-/*
|
|
|
- * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks())
|
|
|
- *
|
|
|
- */
|
|
|
-void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
|
|
|
- unsigned char *out, size_t outlen)
|
|
|
-{
|
|
|
- OPENSSL_secure_clear_free(out, outlen);
|
|
|
-}
|
|
|
-
|
|
|
/*
|
|
|
* Generate additional data that can be used for the drbg. The data does
|
|
|
* not need to contain entropy, but it's useful if it contains at least
|
|
@@ -292,39 +241,32 @@ void rand_fork(void)
|
|
|
rand_fork_count++;
|
|
|
}
|
|
|
|
|
|
+#ifndef FIPS_MODE
|
|
|
DEFINE_RUN_ONCE_STATIC(do_rand_init)
|
|
|
{
|
|
|
-#ifndef OPENSSL_NO_ENGINE
|
|
|
+# ifndef OPENSSL_NO_ENGINE
|
|
|
rand_engine_lock = CRYPTO_THREAD_lock_new();
|
|
|
if (rand_engine_lock == NULL)
|
|
|
return 0;
|
|
|
-#endif
|
|
|
+# endif
|
|
|
|
|
|
rand_meth_lock = CRYPTO_THREAD_lock_new();
|
|
|
if (rand_meth_lock == NULL)
|
|
|
- goto err1;
|
|
|
-
|
|
|
- rand_nonce_lock = CRYPTO_THREAD_lock_new();
|
|
|
- if (rand_nonce_lock == NULL)
|
|
|
- goto err2;
|
|
|
+ goto err;
|
|
|
|
|
|
if (!rand_pool_init())
|
|
|
- goto err3;
|
|
|
+ goto err;
|
|
|
|
|
|
rand_inited = 1;
|
|
|
return 1;
|
|
|
|
|
|
-err3:
|
|
|
- CRYPTO_THREAD_lock_free(rand_nonce_lock);
|
|
|
- rand_nonce_lock = NULL;
|
|
|
-err2:
|
|
|
+ err:
|
|
|
CRYPTO_THREAD_lock_free(rand_meth_lock);
|
|
|
rand_meth_lock = NULL;
|
|
|
-err1:
|
|
|
-#ifndef OPENSSL_NO_ENGINE
|
|
|
+# ifndef OPENSSL_NO_ENGINE
|
|
|
CRYPTO_THREAD_lock_free(rand_engine_lock);
|
|
|
rand_engine_lock = NULL;
|
|
|
-#endif
|
|
|
+# endif
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
@@ -339,17 +281,16 @@ void rand_cleanup_int(void)
|
|
|
meth->cleanup();
|
|
|
RAND_set_rand_method(NULL);
|
|
|
rand_pool_cleanup();
|
|
|
-#ifndef OPENSSL_NO_ENGINE
|
|
|
+# ifndef OPENSSL_NO_ENGINE
|
|
|
CRYPTO_THREAD_lock_free(rand_engine_lock);
|
|
|
rand_engine_lock = NULL;
|
|
|
-#endif
|
|
|
+# endif
|
|
|
CRYPTO_THREAD_lock_free(rand_meth_lock);
|
|
|
rand_meth_lock = NULL;
|
|
|
- CRYPTO_THREAD_lock_free(rand_nonce_lock);
|
|
|
- rand_nonce_lock = NULL;
|
|
|
rand_inited = 0;
|
|
|
}
|
|
|
|
|
|
+/* TODO(3.0): Do we need to handle this somehow in the FIPS module? */
|
|
|
/*
|
|
|
* RAND_close_seed_files() ensures that any seed file decriptors are
|
|
|
* closed after use.
|
|
@@ -371,8 +312,6 @@ int RAND_poll(void)
|
|
|
{
|
|
|
int ret = 0;
|
|
|
|
|
|
- RAND_POOL *pool = NULL;
|
|
|
-
|
|
|
const RAND_METHOD *meth = RAND_get_rand_method();
|
|
|
|
|
|
if (meth == RAND_OpenSSL()) {
|
|
@@ -389,6 +328,8 @@ int RAND_poll(void)
|
|
|
return ret;
|
|
|
|
|
|
} else {
|
|
|
+ RAND_POOL *pool = NULL;
|
|
|
+
|
|
|
/* fill random pool and seed the current legacy RNG */
|
|
|
pool = rand_pool_new(RAND_DRBG_STRENGTH,
|
|
|
(RAND_DRBG_STRENGTH + 7) / 8,
|
|
@@ -406,12 +347,14 @@ int RAND_poll(void)
|
|
|
goto err;
|
|
|
|
|
|
ret = 1;
|
|
|
+
|
|
|
+ err:
|
|
|
+ rand_pool_free(pool);
|
|
|
}
|
|
|
|
|
|
-err:
|
|
|
- rand_pool_free(pool);
|
|
|
return ret;
|
|
|
}
|
|
|
+#endif /* FIPS_MODE */
|
|
|
|
|
|
/*
|
|
|
* Allocate memory and initialize a new random pool
|
|
@@ -708,23 +651,28 @@ int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
|
|
|
return 1;
|
|
|
}
|
|
|
|
|
|
+#ifndef FIPS_MODE
|
|
|
int RAND_set_rand_method(const RAND_METHOD *meth)
|
|
|
{
|
|
|
if (!RUN_ONCE(&rand_init, do_rand_init))
|
|
|
return 0;
|
|
|
|
|
|
CRYPTO_THREAD_write_lock(rand_meth_lock);
|
|
|
-#ifndef OPENSSL_NO_ENGINE
|
|
|
+# ifndef OPENSSL_NO_ENGINE
|
|
|
ENGINE_finish(funct_ref);
|
|
|
funct_ref = NULL;
|
|
|
-#endif
|
|
|
+# endif
|
|
|
default_RAND_meth = meth;
|
|
|
CRYPTO_THREAD_unlock(rand_meth_lock);
|
|
|
return 1;
|
|
|
}
|
|
|
+#endif
|
|
|
|
|
|
const RAND_METHOD *RAND_get_rand_method(void)
|
|
|
{
|
|
|
+#ifdef FIPS_MODE
|
|
|
+ return NULL;
|
|
|
+#else
|
|
|
const RAND_METHOD *tmp_meth = NULL;
|
|
|
|
|
|
if (!RUN_ONCE(&rand_init, do_rand_init))
|
|
@@ -732,7 +680,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
|
|
|
|
|
|
CRYPTO_THREAD_write_lock(rand_meth_lock);
|
|
|
if (default_RAND_meth == NULL) {
|
|
|
-#ifndef OPENSSL_NO_ENGINE
|
|
|
+# ifndef OPENSSL_NO_ENGINE
|
|
|
ENGINE *e;
|
|
|
|
|
|
/* If we have an engine that can do RAND, use it. */
|
|
@@ -744,16 +692,17 @@ const RAND_METHOD *RAND_get_rand_method(void)
|
|
|
ENGINE_finish(e);
|
|
|
default_RAND_meth = &rand_meth;
|
|
|
}
|
|
|
-#else
|
|
|
+# else
|
|
|
default_RAND_meth = &rand_meth;
|
|
|
-#endif
|
|
|
+# endif
|
|
|
}
|
|
|
tmp_meth = default_RAND_meth;
|
|
|
CRYPTO_THREAD_unlock(rand_meth_lock);
|
|
|
return tmp_meth;
|
|
|
+#endif
|
|
|
}
|
|
|
|
|
|
-#ifndef OPENSSL_NO_ENGINE
|
|
|
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
|
|
|
int RAND_set_rand_engine(ENGINE *engine)
|
|
|
{
|
|
|
const RAND_METHOD *tmp_meth = NULL;
|
|
@@ -802,9 +751,9 @@ void RAND_add(const void *buf, int num, double randomness)
|
|
|
*/
|
|
|
int RAND_priv_bytes(unsigned char *buf, int num)
|
|
|
{
|
|
|
- const RAND_METHOD *meth = RAND_get_rand_method();
|
|
|
RAND_DRBG *drbg;
|
|
|
int ret;
|
|
|
+ const RAND_METHOD *meth = RAND_get_rand_method();
|
|
|
|
|
|
if (meth != RAND_OpenSSL())
|
|
|
return RAND_bytes(buf, num);
|
|
@@ -827,7 +776,7 @@ int RAND_bytes(unsigned char *buf, int num)
|
|
|
return -1;
|
|
|
}
|
|
|
|
|
|
-#if !OPENSSL_API_1_1_0
|
|
|
+#if !OPENSSL_API_1_1_0 && !defined(FIPS_MODE)
|
|
|
int RAND_pseudo_bytes(unsigned char *buf, int num)
|
|
|
{
|
|
|
const RAND_METHOD *meth = RAND_get_rand_method();
|