mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
7d615e2178
The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509)
70 lines
1.5 KiB
C
70 lines
1.5 KiB
C
/*
|
|
* Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rand.h>
|
|
#include "rand_local.h"
|
|
|
|
/* Implements the default OpenSSL RAND_add() method */
|
|
static int drbg_add(const void *buf, int num, double randomness)
|
|
{
|
|
EVP_RAND_CTX *drbg = RAND_get0_primary(NULL);
|
|
|
|
if (drbg == NULL || num <= 0)
|
|
return 0;
|
|
|
|
return EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
|
|
}
|
|
|
|
/* Implements the default OpenSSL RAND_seed() method */
|
|
static int drbg_seed(const void *buf, int num)
|
|
{
|
|
return drbg_add(buf, num, num);
|
|
}
|
|
|
|
/* Implements the default OpenSSL RAND_status() method */
|
|
static int drbg_status(void)
|
|
{
|
|
EVP_RAND_CTX *drbg = RAND_get0_primary(NULL);
|
|
|
|
if (drbg == NULL)
|
|
return 0;
|
|
|
|
return EVP_RAND_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0;
|
|
}
|
|
|
|
/* Implements the default OpenSSL RAND_bytes() method */
|
|
static int drbg_bytes(unsigned char *out, int count)
|
|
{
|
|
EVP_RAND_CTX *drbg = RAND_get0_public(NULL);
|
|
|
|
if (drbg == NULL)
|
|
return 0;
|
|
|
|
return EVP_RAND_generate(drbg, out, count, 0, 0, NULL, 0);
|
|
}
|
|
|
|
RAND_METHOD rand_meth = {
|
|
drbg_seed,
|
|
drbg_bytes,
|
|
NULL,
|
|
drbg_add,
|
|
drbg_bytes,
|
|
drbg_status
|
|
};
|
|
|
|
RAND_METHOD *RAND_OpenSSL(void)
|
|
{
|
|
#ifndef FIPS_MODULE
|
|
return &rand_meth;
|
|
#else
|
|
return NULL;
|
|
#endif
|
|
}
|