Publish the RAND_DRBG API
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Mon, 5 Mar 2018 22:45:44 +0000 (23:45 +0100)
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Thu, 15 Mar 2018 17:58:38 +0000 (18:58 +0100)
Fixes #4403

This commit moves the internal header file "internal/rand.h" to
<openssl/rand_drbg.h>, making the RAND_DRBG API public.
The RAND_POOL API remains private, its function prototypes were
moved to "internal/rand_int.h" and converted to lowercase.

Documentation for the new API is work in progress on GitHub #5461.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5462)

24 files changed:
crypto/err/openssl.txt
crypto/evp/e_aes.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
crypto/evp/e_aria.c
crypto/evp/e_des.c
crypto/evp/e_des3.c
crypto/evp/evp_enc.c
crypto/evp/p_seal.c
crypto/include/internal/rand_int.h
crypto/rand/drbg_ctr.c
crypto/rand/drbg_lib.c
crypto/rand/rand_err.c
crypto/rand/rand_lcl.h
crypto/rand/rand_lib.c
crypto/rand/rand_unix.c
crypto/rand/rand_vms.c
crypto/rand/rand_win.c
include/internal/rand.h [deleted file]
include/openssl/ossl_typ.h
include/openssl/rand_drbg.h [new file with mode: 0644]
ssl/ssl_lib.c
util/libcrypto.num
util/mkdef.pl

index 896c089da6a38c453b304682deeb76c5497b2b4b..176a82b156329ec8ef3a28614d071f60becddcde 100644 (file)
@@ -918,11 +918,11 @@ RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
 RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
 RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
 RAND_F_RAND_LOAD_FILE:111:RAND_load_file
-RAND_F_RAND_POOL_ADD:103:RAND_POOL_add
-RAND_F_RAND_POOL_ADD_BEGIN:113:RAND_POOL_add_begin
-RAND_F_RAND_POOL_ADD_END:114:RAND_POOL_add_end
-RAND_F_RAND_POOL_BYTES_NEEDED:115:RAND_POOL_bytes_needed
-RAND_F_RAND_POOL_NEW:116:RAND_POOL_new
+RAND_F_RAND_POOL_ADD:103:rand_pool_add
+RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
+RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
+RAND_F_RAND_POOL_NEW:116:rand_pool_new
 RAND_F_RAND_WRITE_FILE:112:RAND_write_file
 RSA_F_CHECK_PADDING_MD:140:check_padding_md
 RSA_F_ENCODE_PKCS1:146:encode_pkcs1
index bed9b2743ef01dc5b32c647d091f199cfe7cfcf4..2421385425ca3e7544f6fe089b8aba56a5256e2f 100644 (file)
@@ -17,7 +17,7 @@
 #include "internal/evp_int.h"
 #include "modes_lcl.h"
 #include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "evp_locl.h"
 
 typedef struct {
index 053189e6856997cdd82073da6656967a5bf64e59..ac564a20f8395a2b932af336aa09df3345bcd2cf 100644 (file)
@@ -17,7 +17,7 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "modes_lcl.h"
 #include "internal/evp_int.h"
 #include "internal/constant_time_locl.h"
index 215e02f131e25aa46f9d1fc2f1cc179e360829ba..e752d304b646da174e4dc63fdf19d1e88c56588a 100644 (file)
@@ -18,7 +18,7 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "modes_lcl.h"
 #include "internal/constant_time_locl.h"
 #include "internal/evp_int.h"
index 10525a84d9f6f30083473e43a386faf2c4595919..9c1036b4bdbab77d0a880671789875d410f4d8a1 100644 (file)
@@ -13,9 +13,9 @@
 # include <openssl/evp.h>
 # include <openssl/modes.h>
 # include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
 # include "internal/aria.h"
 # include "internal/evp_int.h"
-# include "internal/rand.h"
 # include "modes_lcl.h"
 # include "evp_locl.h"
 
index d8c4afa8860aa750ef3cd0bdf5a1d9a6d7250c4a..3b4b714e38e8d84e4dc8555e29948e5854152c9c 100644 (file)
@@ -15,7 +15,7 @@
 # include "internal/evp_int.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
 # include "evp_locl.h"
 
 typedef struct {
index 75e6ecf314c4151c400ebc1416fff9054d206985..b8fe42cb96521d58478cee90662fe4a4bc5844c8 100644 (file)
@@ -15,7 +15,7 @@
 # include "internal/evp_int.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
 # include "evp_locl.h"
 
 typedef struct {
index 3176c615383707ed2a979bcbf32d8960674663c0..9832e562b2da8a79427bba896c28201588e8d555 100644 (file)
@@ -13,9 +13,9 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
 #include <openssl/engine.h>
 #include "internal/evp_int.h"
-#include "internal/rand.h"
 #include "evp_locl.h"
 
 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
index 3b79dab8b869ab3365c32965ea7a458765fd6954..731879330b74d5ac3bc343fe2cd763be158dc79e 100644 (file)
@@ -14,7 +14,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "evp_locl.h"
 
 int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
index fc1abd97bc3fdb3d7a5173683c9402126f6de2ef..d90d9c5f639a93ec50338da62e882ea0471aa82b 100644 (file)
  * or in the file LICENSE in the source distribution.
  */
 
-#include <openssl/rand.h>
+#ifndef HEADER_RAND_INT_H
+# define HEADER_RAND_INT_H
+
+# include <openssl/rand.h>
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
 
 void rand_cleanup_int(void);
 void rand_drbg_cleanup_int(void);
 void rand_fork(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen);
+size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
+
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+size_t rand_pool_add(RAND_POOL *pool,
+                     const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+#endif
index 0496cb0ae1063a71a97623b7c23247458f41264b..84425dc4e099b3af464fda1a8246096fe35de831 100644 (file)
@@ -12,9 +12,9 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#include "rand_lcl.h"
 #include "internal/thread_once.h"
-
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
 /*
  * Implementation of NIST SP 800-90A CTR DRBG.
  */
index 12070d75710fdd42c4abd2d9ac7eb668e018d38e..93092c86a9526f76dd54fa9aadad84f8555b037d 100644 (file)
@@ -328,7 +328,7 @@ end:
                     RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
             drbg->state = DRBG_ERROR;
         }
-        RAND_POOL_free(drbg->pool);
+        rand_pool_free(drbg->pool);
         drbg->pool = NULL;
     }
     if (drbg->state == DRBG_READY)
@@ -446,7 +446,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
 
     if (drbg->pool != NULL) {
         RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
-        RAND_POOL_free(drbg->pool);
+        rand_pool_free(drbg->pool);
         drbg->pool = NULL;
     }
 
@@ -464,11 +464,11 @@ int rand_drbg_restart(RAND_DRBG *drbg,
             }
 
             /* will be picked up by the rand_drbg_get_entropy() callback */
-            drbg->pool = RAND_POOL_new(entropy, len, len);
+            drbg->pool = rand_pool_new(entropy, len, len);
             if (drbg->pool == NULL)
                 return 0;
 
-            RAND_POOL_add(drbg->pool, buffer, len, entropy);
+            rand_pool_add(drbg->pool, buffer, len, entropy);
         } else {
             if (drbg->max_adinlen < len) {
                 RANDerr(RAND_F_RAND_DRBG_RESTART,
@@ -516,7 +516,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
     if (drbg->pool != NULL) {
         drbg->state = DRBG_ERROR;
         RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
-        RAND_POOL_free(drbg->pool);
+        rand_pool_free(drbg->pool);
         drbg->pool = NULL;
         return 0;
     }
index 22467d83a175c749ec494068f4b40f65dc3d1341..542499f1a7d1f7924e182b04117fb5711ded5234 100644 (file)
@@ -34,13 +34,13 @@ static const ERR_STRING_DATA RAND_str_functs[] = {
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
      "RAND_DRBG_uninstantiate"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
-    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "RAND_POOL_add"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
-     "RAND_POOL_add_begin"},
-    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "RAND_POOL_add_end"},
+     "rand_pool_add_begin"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
-     "RAND_POOL_bytes_needed"},
-    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "RAND_POOL_new"},
+     "rand_pool_bytes_needed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
     {0, NULL}
 };
index ceba8bba3f6ad7ac04c74f53f2cf483b9b8d1cc5..2f1a52bb5903cc0a7da858cf26d80f999de2fd39 100644 (file)
@@ -15,7 +15,7 @@
 # include <openssl/sha.h>
 # include <openssl/hmac.h>
 # include <openssl/ec.h>
-# include "internal/rand.h"
+# include <openssl/rand_drbg.h>
 
 /* How many times to read the TSC as a randomness source. */
 # define TSC_READ_COUNT                 4
@@ -128,7 +128,7 @@ struct rand_drbg_st {
      * with respect to how randomness is added to the RNG during reseeding
      * (see PR #4328).
      */
-    RAND_POOL *pool;
+    struct rand_pool_st *pool;
 
     /*
      * The following parameters are setup by the per-type "init" function.
@@ -206,18 +206,6 @@ extern RAND_METHOD rand_meth;
 /* How often we've forked (only incremented in child). */
 extern int rand_fork_count;
 
-/* Hardware-based seeding functions. */
-size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
-size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
-
-/* DRBG entropy callbacks. */
-size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
-                             unsigned char **pout,
-                             int entropy, size_t min_len, size_t max_len);
-void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
-                               unsigned char *out, size_t outlen);
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
-
 /* DRBG helpers */
 int rand_drbg_restart(RAND_DRBG *drbg,
                       const unsigned char *buffer, size_t len, size_t entropy);
index d328935637807eb015d7152460659298bcfd67fd..76d5767ccd769ad80f3244740c34f9a43e6bf592 100644 (file)
@@ -95,10 +95,10 @@ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
     if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
         for (i = 0; i < TSC_READ_COUNT; i++) {
             c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
-            RAND_POOL_add(pool, &c, 1, 4);
+            rand_pool_add(pool, &c, 1, 4);
         }
     }
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 #endif
 
@@ -125,9 +125,9 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
     size_t bytes_needed;
     unsigned char *buffer;
 
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
     if (bytes_needed > 0) {
-        buffer = RAND_POOL_add_begin(pool, bytes_needed);
+        buffer = rand_pool_add_begin(pool, bytes_needed);
 
         if (buffer != NULL) {
 
@@ -135,7 +135,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
             if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
                 if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
                     == bytes_needed)
-                    return RAND_POOL_add_end(pool,
+                    return rand_pool_add_end(pool,
                                              bytes_needed,
                                              8 * bytes_needed);
             }
@@ -144,16 +144,16 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
             if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
                 if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
                     == bytes_needed)
-                    return RAND_POOL_add_end(pool,
+                    return rand_pool_add_end(pool,
                                              bytes_needed,
                                              8 * bytes_needed);
             }
 
-            return RAND_POOL_add_end(pool, 0, 0);
+            return rand_pool_add_end(pool, 0, 0);
         }
     }
 
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 #endif
 
@@ -165,7 +165,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
  * is fetched using the parent's RAND_DRBG_generate().
  *
  * Otherwise, the entropy is polled from the system entropy sources
- * using RAND_POOL_acquire_entropy().
+ * using rand_pool_acquire_entropy().
  *
  * If a random pool has been added to the DRBG using RAND_add(), then
  * its entropy will be used up first.
@@ -187,22 +187,22 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
         return 0;
     }
 
-    pool = RAND_POOL_new(entropy, min_len, max_len);
+    pool = rand_pool_new(entropy, min_len, max_len);
     if (pool == NULL)
         return 0;
 
     if (drbg->pool) {
-        RAND_POOL_add(pool,
-                      RAND_POOL_buffer(drbg->pool),
-                      RAND_POOL_length(drbg->pool),
-                      RAND_POOL_entropy(drbg->pool));
-        RAND_POOL_free(drbg->pool);
+        rand_pool_add(pool,
+                      rand_pool_buffer(drbg->pool),
+                      rand_pool_length(drbg->pool),
+                      rand_pool_entropy(drbg->pool));
+        rand_pool_free(drbg->pool);
         drbg->pool = NULL;
     }
 
     if (drbg->parent) {
-        size_t bytes_needed = RAND_POOL_bytes_needed(pool, 8);
-        unsigned char *buffer = RAND_POOL_add_begin(pool, bytes_needed);
+        size_t bytes_needed = rand_pool_bytes_needed(pool, 8);
+        unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
 
         if (buffer != NULL) {
             size_t bytes = 0;
@@ -221,20 +221,20 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
                 bytes = bytes_needed;
             rand_drbg_unlock(drbg->parent);
 
-            entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+            entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
         }
 
     } else {
         /* Get entropy by polling system entropy sources. */
-        entropy_available = RAND_POOL_acquire_entropy(pool);
+        entropy_available = rand_pool_acquire_entropy(pool);
     }
 
     if (entropy_available > 0) {
-        ret   = RAND_POOL_length(pool);
-        *pout = RAND_POOL_detach(pool);
+        ret   = rand_pool_length(pool);
+        *pout = rand_pool_detach(pool);
     }
 
-    RAND_POOL_free(pool);
+    rand_pool_free(pool);
     return ret;
 }
 
@@ -329,32 +329,32 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
 #endif
     uint64_t tbits;
 
-    pool = RAND_POOL_new(0, 0, max_len);
+    pool = rand_pool_new(0, 0, max_len);
     if (pool == NULL)
         return 0;
 
 #ifdef OPENSSL_SYS_UNIX
     pid = getpid();
-    RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+    rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
 #elif defined(OPENSSL_SYS_WIN32)
     pid = GetCurrentProcessId();
-    RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+    rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
 #endif
 
     thread_id = CRYPTO_THREAD_get_current_id();
     if (thread_id != 0)
-        RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
+        rand_pool_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
 
     tbits = get_timer_bits();
     if (tbits != 0)
-        RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
+        rand_pool_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
 
     /* TODO: Use RDSEED? */
 
-    len = RAND_POOL_length(pool);
+    len = rand_pool_length(pool);
     if (len != 0)
-        *pout = RAND_POOL_detach(pool);
-    RAND_POOL_free(pool);
+        *pout = rand_pool_detach(pool);
+    rand_pool_free(pool);
 
     return len;
 }
@@ -431,26 +431,26 @@ int RAND_poll(void)
 
     } else {
         /* fill random pool and seed the current legacy RNG */
-        pool = RAND_POOL_new(RAND_DRBG_STRENGTH,
+        pool = rand_pool_new(RAND_DRBG_STRENGTH,
                              RAND_DRBG_STRENGTH / 8,
                              DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
         if (pool == NULL)
             return 0;
 
-        if (RAND_POOL_acquire_entropy(pool) == 0)
+        if (rand_pool_acquire_entropy(pool) == 0)
             goto err;
 
         if (meth->add == NULL
-            || meth->add(RAND_POOL_buffer(pool),
-                         RAND_POOL_length(pool),
-                         (RAND_POOL_entropy(pool) / 8.0)) == 0)
+            || meth->add(rand_pool_buffer(pool),
+                         rand_pool_length(pool),
+                         (rand_pool_entropy(pool) / 8.0)) == 0)
             goto err;
 
         ret = 1;
     }
 
 err:
-    RAND_POOL_free(pool);
+    rand_pool_free(pool);
     return ret;
 }
 
@@ -479,7 +479,7 @@ struct rand_pool_st {
  * Allocate memory and initialize a new random pool
  */
 
-RAND_POOL *RAND_POOL_new(int entropy, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
 {
     RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
 
@@ -509,7 +509,7 @@ err:
 /*
  * Free |pool|, securely erasing its buffer.
  */
-void RAND_POOL_free(RAND_POOL *pool)
+void rand_pool_free(RAND_POOL *pool)
 {
     if (pool == NULL)
         return;
@@ -521,7 +521,7 @@ void RAND_POOL_free(RAND_POOL *pool)
 /*
  * Return the |pool|'s buffer to the caller (readonly).
  */
-const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
 {
     return pool->buffer;
 }
@@ -529,7 +529,7 @@ const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
 /*
  * Return the |pool|'s entropy to the caller.
  */
-size_t RAND_POOL_entropy(RAND_POOL *pool)
+size_t rand_pool_entropy(RAND_POOL *pool)
 {
     return pool->entropy;
 }
@@ -537,7 +537,7 @@ size_t RAND_POOL_entropy(RAND_POOL *pool)
 /*
  * Return the |pool|'s buffer length to the caller.
  */
-size_t RAND_POOL_length(RAND_POOL *pool)
+size_t rand_pool_length(RAND_POOL *pool)
 {
     return pool->len;
 }
@@ -547,7 +547,7 @@ size_t RAND_POOL_length(RAND_POOL *pool)
  * It's the responsibility of the caller to free the buffer
  * using OPENSSL_secure_clear_free().
  */
-unsigned char *RAND_POOL_detach(RAND_POOL *pool)
+unsigned char *rand_pool_detach(RAND_POOL *pool)
 {
     unsigned char *ret = pool->buffer;
     pool->buffer = NULL;
@@ -571,7 +571,7 @@ unsigned char *RAND_POOL_detach(RAND_POOL *pool)
  *  |entropy|  if the entropy count and buffer size is large enough
  *      0      otherwise
  */
-size_t RAND_POOL_entropy_available(RAND_POOL *pool)
+size_t rand_pool_entropy_available(RAND_POOL *pool)
 {
     if (pool->entropy < pool->requested_entropy)
         return 0;
@@ -587,7 +587,7 @@ size_t RAND_POOL_entropy_available(RAND_POOL *pool)
  * the random pool.
  */
 
-size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
 {
     if (pool->entropy < pool->requested_entropy)
         return pool->requested_entropy - pool->entropy;
@@ -601,10 +601,10 @@ size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
  * In case of an error, 0 is returned.
  */
 
-size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
 {
     size_t bytes_needed;
-    size_t entropy_needed = RAND_POOL_entropy_needed(pool);
+    size_t entropy_needed = rand_pool_entropy_needed(pool);
 
     if (entropy_per_byte < 1 || entropy_per_byte > 8) {
         RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
@@ -628,7 +628,7 @@ size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
 }
 
 /* Returns the remaining number of bytes available */
-size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
 {
     return pool->max_len - pool->len;
 }
@@ -641,9 +641,9 @@ size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
  * randomness.
  *
  * Return available amount of entropy after this operation.
- * (see RAND_POOL_entropy_available(pool))
+ * (see rand_pool_entropy_available(pool))
  */
-size_t RAND_POOL_add(RAND_POOL *pool,
+size_t rand_pool_add(RAND_POOL *pool,
                      const unsigned char *buffer, size_t len, size_t entropy)
 {
     if (len > pool->max_len - pool->len) {
@@ -657,7 +657,7 @@ size_t RAND_POOL_add(RAND_POOL *pool,
         pool->entropy += entropy;
     }
 
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 
 /*
@@ -669,10 +669,10 @@ size_t RAND_POOL_add(RAND_POOL *pool,
  * If |len| == 0 this is considered a no-op and a NULL pointer
  * is returned without producing an error message.
  *
- * After updating the buffer, RAND_POOL_add_end() needs to be called
+ * After updating the buffer, rand_pool_add_end() needs to be called
  * to finish the udpate operation (see next comment).
  */
-unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
 {
     if (len == 0)
         return NULL;
@@ -689,12 +689,12 @@ unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
  * Finish to add random bytes to the random pool in-place.
  *
  * Finishes an in-place update of the random pool started by
- * RAND_POOL_add_begin() (see previous comment).
+ * rand_pool_add_begin() (see previous comment).
  * It is expected that |len| bytes of random input have been added
  * to the buffer which contain at least |entropy| bits of randomness.
  * It is allowed to add less bytes than originally reserved.
  */
-size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
 {
     if (len > pool->max_len - pool->len) {
         RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
@@ -706,7 +706,7 @@ size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
         pool->entropy += entropy;
     }
 
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 
 int RAND_set_rand_method(const RAND_METHOD *meth)
index 74c828239b0483bee083033cf4358ed682d31cc0..b86f94ab7283ef7ef49008a698a3c537f27beb76 100644 (file)
@@ -12,6 +12,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
+#include "internal/rand_int.h"
 #include <stdio.h>
 
 #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
@@ -50,7 +51,7 @@
  *
  * As a precaution, we assume only 2 bits of entropy per byte.
  */
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
     short int code;
     gid_t curr_gid;
@@ -73,13 +74,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
      * different processes.
      */
     curr_gid = getgid();
-    RAND_POOL_add(pool, &curr_gid, sizeof(curr_gid), 0);
+    rand_pool_add(pool, &curr_gid, sizeof(curr_gid), 0);
     curr_pid = getpid();
-    RAND_POOL_add(pool, &curr_pid, sizeof(curr_pid), 0);
+    rand_pool_add(pool, &curr_pid, sizeof(curr_pid), 0);
     curr_uid = getuid();
-    RAND_POOL_add(pool, &curr_uid, sizeof(curr_uid), 0);
+    rand_pool_add(pool, &curr_uid, sizeof(curr_uid), 0);
 
-    bytes_needed = RAND_POOL_bytes_needed(pool, 2 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 2 /*entropy_per_byte*/);
 
     for (i = 0; i < bytes_needed; i++) {
         /*
@@ -102,9 +103,9 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
         /* Get wall clock time, take 8 bits. */
         clock_gettime(CLOCK_REALTIME, &ts);
         v = (unsigned char)(ts.tv_nsec & 0xFF);
-        RAND_POOL_add(pool, arg, &v, sizeof(v) , 2);
+        rand_pool_add(pool, arg, &v, sizeof(v) , 2);
     }
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 
 # else
@@ -155,25 +156,25 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
  * of input from the different entropy sources (trust, quality,
  * possibility of blocking).
  */
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
 #  ifdef OPENSSL_RAND_SEED_NONE
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 #  else
     size_t bytes_needed;
     size_t entropy_available = 0;
     unsigned char *buffer;
 
 #   ifdef OPENSSL_RAND_SEED_GETRANDOM
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
     if (buffer != NULL) {
         size_t bytes = 0;
 
         if (getrandom(buffer, bytes_needed, 0) == (int)bytes_needed)
             bytes = bytes_needed;
 
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
     }
     if (entropy_available > 0)
         return entropy_available;
@@ -186,7 +187,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 #   endif
 
 #   ifdef OPENSSL_RAND_SEED_DEVRANDOM
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
     if (bytes_needed > 0) {
         static const char *paths[] = { DEVRANDOM, NULL };
         FILE *fp;
@@ -196,19 +197,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
             if ((fp = fopen(paths[i], "rb")) == NULL)
                 continue;
             setbuf(fp, NULL);
-            buffer = RAND_POOL_add_begin(pool, bytes_needed);
+            buffer = rand_pool_add_begin(pool, bytes_needed);
             if (buffer != NULL) {
                 size_t bytes = 0;
                 if (fread(buffer, 1, bytes_needed, fp) == bytes_needed)
                     bytes = bytes_needed;
 
-                entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+                entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
             }
             fclose(fp);
             if (entropy_available > 0)
                 return entropy_available;
 
-            bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+            bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
         }
     }
 #   endif
@@ -226,13 +227,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 #   endif
 
 #   ifdef OPENSSL_RAND_SEED_EGD
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
     if (bytes_needed > 0) {
         static const char *paths[] = { DEVRANDOM_EGD, NULL };
         int i;
 
         for (i = 0; paths[i] != NULL; i++) {
-            buffer = RAND_POOL_add_begin(pool, bytes_needed);
+            buffer = rand_pool_add_begin(pool, bytes_needed);
             if (buffer != NULL) {
                 size_t bytes = 0;
                 int num = RAND_query_egd_bytes(paths[i],
@@ -240,7 +241,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
                 if (num == (int)bytes_needed)
                     bytes = bytes_needed;
 
-                entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+                entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
             }
             if (entropy_available > 0)
                 return entropy_available;
@@ -248,7 +249,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
     }
 #   endif
 
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 #  endif
 }
 # endif
index 4ec4b35bd4a4e65b1c67199a1e0b017777d275b4..eb68c8a4562c85e208e5169d0d29599d16d65a4c 100644 (file)
@@ -54,7 +54,7 @@ static struct items_data_st {
     {0, 0}
 };
 
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
     /* determine the number of items in the JPI array */
     struct items_data_st item_entry;
@@ -117,7 +117,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
      * was that it contains 4 bits of entropy per byte. This makes a total
      * amount of total_length*16 bits (256bits).
      */
-    return RAND_POOL_add(pool,
+    return rand_pool_add(pool,
                          (PTR_T)data_buffer, total_length * 4,
                          total_length * 16);
 }
index 9eff319bc8d58360d1a9be0703a1bc1ef36d42b3..7f341881078b14eb926613d3f779634b1a933b10 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,6 +10,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
+#include "internal/rand_int.h"
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 
 # ifndef OPENSSL_RAND_SEED_OS
@@ -38,7 +39,7 @@
 #  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
 # endif
 
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
 # ifndef USE_BCRYPTGENRANDOM
     HCRYPTPROV hProvider;
@@ -61,21 +62,21 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 # endif
 
 # ifdef USE_BCRYPTGENRANDOM
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
     if (buffer != NULL) {
         size_t bytes = 0;
         if (BCryptGenRandom(NULL, buffer, bytes_needed,
             BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
             bytes = bytes_needed;
 
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
     }
     if (entropy_available > 0)
         return entropy_available;
 # else
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
     if (buffer != NULL) {
         size_t bytes = 0;
         /* poll the CryptoAPI PRNG */
@@ -87,13 +88,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
             CryptReleaseContext(hProvider, 0);
         }
 
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
     }
     if (entropy_available > 0)
         return entropy_available;
 
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
     if (buffer != NULL) {
         size_t bytes = 0;
         /* poll the Pentium PRG with CryptoAPI */
@@ -105,13 +106,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 
             CryptReleaseContext(hProvider, 0);
         }
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
     }
     if (entropy_available > 0)
         return entropy_available;
 # endif
 
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 
 # if OPENSSL_API_COMPAT < 0x10100000L
diff --git a/include/internal/rand.h b/include/internal/rand.h
deleted file mode 100644 (file)
index 9f6b1ab..0000000
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_DRBG_RAND_H
-# define HEADER_DRBG_RAND_H
-
-/* In CTR mode, disable derivation function ctr_df */
-#define RAND_DRBG_FLAG_CTR_NO_DF            0x1
-
-/*
- * Default security strength (in the sense of [NIST SP 800-90Ar1])
- *
- * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
- * of the cipher by collecting less entropy. The current DRBG implemantion does
- * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
- * to that of the cipher.
- *
- * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
- * implementation.
- *
- * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
- * NID_aes_256_ctr
- *
- * TODO(DRBG): would be nice to have the NID and strength configurable
- */
-# define RAND_DRBG_STRENGTH             256
-# define RAND_DRBG_NID                  NID_aes_256_ctr
-
-/*
- * Object lifetime functions.
- */
-RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
-RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
-int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
-int RAND_DRBG_instantiate(RAND_DRBG *drbg,
-                          const unsigned char *pers, size_t perslen);
-int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
-void RAND_DRBG_free(RAND_DRBG *drbg);
-
-/*
- * Object "use" functions.
- */
-int RAND_DRBG_reseed(RAND_DRBG *drbg,
-                     const unsigned char *adin, size_t adinlen);
-int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
-                       int prediction_resistance,
-                       const unsigned char *adin, size_t adinlen);
-int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
-
-int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
-int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
-
-int RAND_DRBG_set_reseed_defaults(
-                                  unsigned int master_reseed_interval,
-                                  unsigned int slave_reseed_interval,
-                                  time_t master_reseed_time_interval,
-                                  time_t slave_reseed_time_interval
-                                  );
-
-RAND_DRBG *RAND_DRBG_get0_master(void);
-RAND_DRBG *RAND_DRBG_get0_public(void);
-RAND_DRBG *RAND_DRBG_get0_private(void);
-
-/*
- * EXDATA
- */
-#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
-    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
-int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg);
-void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx);
-
-/*
- * Callback functions.  See comments in drbg_lib.c
- */
-typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
-                                           unsigned char **pout,
-                                           int entropy, size_t min_len,
-                                           size_t max_len);
-typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
-                                             unsigned char *out, size_t outlen);
-typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout,
-                                         int entropy, size_t min_len,
-                                         size_t max_len);
-typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx,
-                                           unsigned char *out, size_t outlen);
-
-int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
-                            RAND_DRBG_get_entropy_fn get_entropy,
-                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
-                            RAND_DRBG_get_nonce_fn get_nonce,
-                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
-
-/*
- * RAND_POOL functions
- */
-RAND_POOL *RAND_POOL_new(int entropy_requested, size_t min_len, size_t max_len);
-void RAND_POOL_free(RAND_POOL *pool);
-
-const unsigned char *RAND_POOL_buffer(RAND_POOL *pool);
-unsigned char *RAND_POOL_detach(RAND_POOL *pool);
-
-size_t RAND_POOL_entropy(RAND_POOL *pool);
-size_t RAND_POOL_length(RAND_POOL *pool);
-
-size_t RAND_POOL_entropy_available(RAND_POOL *pool);
-size_t RAND_POOL_entropy_needed(RAND_POOL *pool);
-size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
-size_t RAND_POOL_bytes_remaining(RAND_POOL *pool);
-
-size_t RAND_POOL_add(RAND_POOL *pool,
-                     const unsigned char *buffer, size_t len, size_t entropy);
-unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len);
-size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy);
-
-
-/*
- * Add random bytes to the pool to acquire requested amount of entropy
- *
- * This function is platform specific and tries to acquire the requested
- * amount of entropy by polling platform specific entropy sources.
- *
- * If the function succeeds in acquiring at least |entropy_requested| bits
- * of entropy, the total entropy count is returned. If it fails, it returns
- * an entropy count of 0.
- */
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool);
-#endif
index 165878ea1d43985b8cd73de4d04eceb1f44ff98f..7993ca28f3da5ce5d53f198806bd032a740479be 100644 (file)
@@ -115,7 +115,6 @@ typedef struct ec_key_method_st EC_KEY_METHOD;
 
 typedef struct rand_meth_st RAND_METHOD;
 typedef struct rand_drbg_st RAND_DRBG;
-typedef struct rand_pool_st RAND_POOL;
 
 typedef struct ssl_dane_st SSL_DANE;
 typedef struct x509_st X509;
diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h
new file mode 100644 (file)
index 0000000..667a8ab
--- /dev/null
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DRBG_RAND_H
+# define HEADER_DRBG_RAND_H
+
+# include <time.h>
+# include <openssl/ossl_typ.h>
+
+
+/* In CTR mode, disable derivation function ctr_df */
+# define RAND_DRBG_FLAG_CTR_NO_DF            0x1
+
+/*
+ * Default security strength (in the sense of [NIST SP 800-90Ar1])
+ *
+ * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
+ * of the cipher by collecting less entropy. The current DRBG implemantion does
+ * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
+ * to that of the cipher.
+ *
+ * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
+ * implementation.
+ *
+ * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
+ * NID_aes_256_ctr
+ *
+ * TODO(DRBG): would be nice to have the NID and strength configurable
+ */
+# define RAND_DRBG_STRENGTH             256
+# define RAND_DRBG_NID                  NID_aes_256_ctr
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * Object lifetime functions.
+ */
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen);
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
+void RAND_DRBG_free(RAND_DRBG *drbg);
+
+/*
+ * Object "use" functions.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen);
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen);
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int master_reseed_interval,
+                                  unsigned int slave_reseed_interval,
+                                  time_t master_reseed_time_interval,
+                                  time_t slave_reseed_time_interval
+                                  );
+
+RAND_DRBG *RAND_DRBG_get0_master(void);
+RAND_DRBG *RAND_DRBG_get0_public(void);
+RAND_DRBG *RAND_DRBG_get0_private(void);
+
+/*
+ * EXDATA
+ */
+# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
+int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg);
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx);
+
+/*
+ * Callback function typedefs
+ */
+typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
+                                           unsigned char **pout,
+                                           int entropy, size_t min_len,
+                                           size_t max_len);
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
+                                             unsigned char *out, size_t outlen);
+typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout,
+                                         int entropy, size_t min_len,
+                                         size_t max_len);
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx,
+                                           unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
index d5c5918d167149475daea3e09956d28fe1677964..298588cd3d455a8d3005ed5849551f91afc0a723 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
 #include <openssl/ocsp.h>
 #include <openssl/dh.h>
 #include <openssl/engine.h>
 #include <openssl/async.h>
 #include <openssl/ct.h>
 #include "internal/cryptlib.h"
-#include "internal/rand.h"
 #include "internal/refcount.h"
 
 const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
index a965bb54ef570e23fc53790850ca81e1b883e39e..38c902c9c0f79e801912f32c0cb333419a9c93c6 100644 (file)
@@ -4402,128 +4402,114 @@ EVP_PKEY_set1_engine                    4347  1_1_0g  EXIST::FUNCTION:ENGINE
 DH_new_by_nid                           4348   1_1_1   EXIST::FUNCTION:DH
 DH_get_nid                              4349   1_1_1   EXIST::FUNCTION:DH
 CRYPTO_get_alloc_counts                 4350   1_1_1   EXIST::FUNCTION:CRYPTO_MDEBUG
-RAND_POOL_new                           4351   1_1_1   EXIST::FUNCTION:
-RAND_POOL_free                          4352   1_1_1   EXIST::FUNCTION:
-RAND_POOL_buffer                        4353   1_1_1   EXIST::FUNCTION:
-RAND_POOL_detach                        4354   1_1_1   EXIST::FUNCTION:
-RAND_POOL_entropy                       4355   1_1_1   EXIST::FUNCTION:
-RAND_POOL_length                        4356   1_1_1   EXIST::FUNCTION:
-RAND_POOL_entropy_available             4357   1_1_1   EXIST::FUNCTION:
-RAND_POOL_entropy_needed                4358   1_1_1   EXIST::FUNCTION:
-RAND_POOL_bytes_needed                  4359   1_1_1   EXIST::FUNCTION:
-RAND_POOL_bytes_remaining               4360   1_1_1   EXIST::FUNCTION:
-RAND_POOL_add                           4361   1_1_1   EXIST::FUNCTION:
-RAND_POOL_add_begin                     4362   1_1_1   EXIST::FUNCTION:
-RAND_POOL_add_end                       4363   1_1_1   EXIST::FUNCTION:
-RAND_POOL_acquire_entropy               4364   1_1_1   EXIST::FUNCTION:
-OPENSSL_sk_new_reserve                  4365   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_asn1_set_check                 4366   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_asn1_set_siginf                4367   1_1_1   EXIST::FUNCTION:
-EVP_sm4_ctr                             4368   1_1_1   EXIST::FUNCTION:SM4
-EVP_sm4_cbc                             4369   1_1_1   EXIST::FUNCTION:SM4
-EVP_sm4_ofb                             4370   1_1_1   EXIST::FUNCTION:SM4
-EVP_sm4_ecb                             4371   1_1_1   EXIST::FUNCTION:SM4
-EVP_sm4_cfb128                          4372   1_1_1   EXIST::FUNCTION:SM4
-EVP_sm3                                 4373   1_1_1   EXIST::FUNCTION:SM3
-OCSP_resp_get0_signer                   4374   1_1_0h  EXIST::FUNCTION:OCSP
-EVP_PKEY_public_check                   4375   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_param_check                    4376   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_meth_set_public_check          4377   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_meth_set_param_check           4378   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_meth_get_public_check          4379   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_meth_get_param_check           4380   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_asn1_set_public_check          4381   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_asn1_set_param_check           4382   1_1_1   EXIST::FUNCTION:
-DH_check_ex                             4383   1_1_1   EXIST::FUNCTION:DH
-DH_check_pub_key_ex                     4384   1_1_1   EXIST::FUNCTION:DH
-DH_check_params_ex                      4385   1_1_1   EXIST::FUNCTION:DH
-RSA_generate_multi_prime_key            4386   1_1_1   EXIST::FUNCTION:RSA
-RSA_get_multi_prime_extra_count         4387   1_1_1   EXIST::FUNCTION:RSA
-RSA_get0_multi_prime_factors            4388   1_1_1   EXIST::FUNCTION:RSA
-RSA_get0_multi_prime_crt_params         4389   1_1_1   EXIST::FUNCTION:RSA
-RSA_set0_multi_prime_params             4390   1_1_1   EXIST::FUNCTION:RSA
-RSA_get_version                         4391   1_1_1   EXIST::FUNCTION:RSA
-RSA_meth_get_multi_prime_keygen         4392   1_1_1   EXIST::FUNCTION:RSA
-RSA_meth_set_multi_prime_keygen         4393   1_1_1   EXIST::FUNCTION:RSA
-RAND_DRBG_get0_master                   4394   1_1_1   EXIST::FUNCTION:
-RAND_DRBG_set_reseed_time_interval      4395   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_get0_addProfessionInfo  4396   1_1_1   EXIST::FUNCTION:
-ADMISSION_SYNTAX_free                   4397   1_1_1   EXIST::FUNCTION:
-d2i_ADMISSION_SYNTAX                    4398   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityId       4399   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityURL      4400   1_1_1   EXIST::FUNCTION:
-d2i_PROFESSION_INFO                     4401   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_it                     4402   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAMING_AUTHORITY_it                     4402   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ADMISSION_SYNTAX_get0_contentsOfAdmissions 4403        1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_set0_professionItems    4404   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_new                    4405   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityURL      4406   1_1_1   EXIST::FUNCTION:
-ADMISSION_SYNTAX_get0_admissionAuthority 4407  1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_new                     4408   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_new                          4409   1_1_1   EXIST::FUNCTION:
-ADMISSION_SYNTAX_set0_admissionAuthority 4410  1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_get0_professionOIDs     4411   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_it                      4412   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROFESSION_INFO_it                      4412   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_PROFESSION_INFO                     4413   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_set0_professionInfos         4414   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_get0_namingAuthority    4415   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_free                    4416   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_set0_addProfessionInfo  4417   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_set0_registrationNumber 4418   1_1_1   EXIST::FUNCTION:
-ADMISSION_SYNTAX_set0_contentsOfAdmissions 4419        1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityId       4420   1_1_1   EXIST::FUNCTION:
-ADMISSION_SYNTAX_it                     4421   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ADMISSION_SYNTAX_it                     4421   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_ADMISSION_SYNTAX                    4422   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityText     4423   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_set0_namingAuthority    4424   1_1_1   EXIST::FUNCTION:
-i2d_NAMING_AUTHORITY                    4425   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_free                   4426   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_set0_admissionAuthority      4427   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_free                         4428   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_get0_registrationNumber 4429   1_1_1   EXIST::FUNCTION:
-d2i_ADMISSIONS                          4430   1_1_1   EXIST::FUNCTION:
-i2d_ADMISSIONS                          4431   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_get0_professionItems    4432   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_get0_admissionAuthority      4433   1_1_1   EXIST::FUNCTION:
-PROFESSION_INFO_set0_professionOIDs     4434   1_1_1   EXIST::FUNCTION:
-d2i_NAMING_AUTHORITY                    4435   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_it                           4436   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ADMISSIONS_it                           4436   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ADMISSIONS_get0_namingAuthority         4437   1_1_1   EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityText     4438   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_set0_namingAuthority         4439   1_1_1   EXIST::FUNCTION:
-ADMISSIONS_get0_professionInfos         4440   1_1_1   EXIST::FUNCTION:
-ADMISSION_SYNTAX_new                    4441   1_1_1   EXIST::FUNCTION:
-EVP_sha512_256                          4442   1_1_1   EXIST::FUNCTION:
-EVP_sha512_224                          4443   1_1_1   EXIST::FUNCTION:
-OCSP_basic_sign_ctx                     4444   1_1_1   EXIST::FUNCTION:OCSP
-RAND_DRBG_bytes                         4445   1_1_1   EXIST::FUNCTION:
-RAND_DRBG_secure_new                    4446   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_vctrl                        4447   1_1_1   EXIST::FUNCTION:
-X509_get0_authority_key_id              4448   1_1_0h  EXIST::FUNCTION:
-BIO_bind                                4449   1_1_1   EXIST::FUNCTION:SOCK
-OSSL_STORE_LOADER_set_expect            4450   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_expect                       4451   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_key_fingerprint    4452   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_serial           4453   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_name               4454   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_supports_search              4455   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_find                         4456   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get_type              4457   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_bytes            4458   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_string           4459   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_issuer_serial      4460   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_name             4461   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_alias              4462   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_find              4463   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_free                  4464   1_1_1   EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_digest           4465   1_1_1   EXIST::FUNCTION:
-RAND_DRBG_set_reseed_defaults           4466   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_new_raw_private_key            4467   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_new_raw_public_key             4468   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_new_CMAC_key                   4469   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_asn1_set_set_priv_key          4470   1_1_1   EXIST::FUNCTION:
-EVP_PKEY_asn1_set_set_pub_key           4471   1_1_1   EXIST::FUNCTION:
+OPENSSL_sk_new_reserve                  4351   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_asn1_set_check                 4352   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_asn1_set_siginf                4353   1_1_1   EXIST::FUNCTION:
+EVP_sm4_ctr                             4354   1_1_1   EXIST::FUNCTION:SM4
+EVP_sm4_cbc                             4355   1_1_1   EXIST::FUNCTION:SM4
+EVP_sm4_ofb                             4356   1_1_1   EXIST::FUNCTION:SM4
+EVP_sm4_ecb                             4357   1_1_1   EXIST::FUNCTION:SM4
+EVP_sm4_cfb128                          4358   1_1_1   EXIST::FUNCTION:SM4
+EVP_sm3                                 4359   1_1_1   EXIST::FUNCTION:SM3
+OCSP_resp_get0_signer                   4360   1_1_0h  EXIST::FUNCTION:OCSP
+EVP_PKEY_public_check                   4361   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_param_check                    4362   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_meth_set_public_check          4363   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_meth_set_param_check           4364   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_meth_get_public_check          4365   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_meth_get_param_check           4366   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public_check          4367   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_asn1_set_param_check           4368   1_1_1   EXIST::FUNCTION:
+DH_check_ex                             4369   1_1_1   EXIST::FUNCTION:DH
+DH_check_pub_key_ex                     4370   1_1_1   EXIST::FUNCTION:DH
+DH_check_params_ex                      4371   1_1_1   EXIST::FUNCTION:DH
+RSA_generate_multi_prime_key            4372   1_1_1   EXIST::FUNCTION:RSA
+RSA_get_multi_prime_extra_count         4373   1_1_1   EXIST::FUNCTION:RSA
+RSA_get0_multi_prime_factors            4374   1_1_1   EXIST::FUNCTION:RSA
+RSA_get0_multi_prime_crt_params         4375   1_1_1   EXIST::FUNCTION:RSA
+RSA_set0_multi_prime_params             4376   1_1_1   EXIST::FUNCTION:RSA
+RSA_get_version                         4377   1_1_1   EXIST::FUNCTION:RSA
+RSA_meth_get_multi_prime_keygen         4378   1_1_1   EXIST::FUNCTION:RSA
+RSA_meth_set_multi_prime_keygen         4379   1_1_1   EXIST::FUNCTION:RSA
+RAND_DRBG_get0_master                   4380   1_1_1   EXIST::FUNCTION:
+RAND_DRBG_set_reseed_time_interval      4381   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_get0_addProfessionInfo  4382   1_1_1   EXIST::FUNCTION:
+ADMISSION_SYNTAX_free                   4383   1_1_1   EXIST::FUNCTION:
+d2i_ADMISSION_SYNTAX                    4384   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityId       4385   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityURL      4386   1_1_1   EXIST::FUNCTION:
+d2i_PROFESSION_INFO                     4387   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_it                     4388   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAMING_AUTHORITY_it                     4388   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ADMISSION_SYNTAX_get0_contentsOfAdmissions 4389        1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_set0_professionItems    4390   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_new                    4391   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityURL      4392   1_1_1   EXIST::FUNCTION:
+ADMISSION_SYNTAX_get0_admissionAuthority 4393  1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_new                     4394   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_new                          4395   1_1_1   EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_admissionAuthority 4396  1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionOIDs     4397   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_it                      4398   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROFESSION_INFO_it                      4398   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PROFESSION_INFO                     4399   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_set0_professionInfos         4400   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_get0_namingAuthority    4401   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_free                    4402   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_set0_addProfessionInfo  4403   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_set0_registrationNumber 4404   1_1_1   EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_contentsOfAdmissions 4405        1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityId       4406   1_1_1   EXIST::FUNCTION:
+ADMISSION_SYNTAX_it                     4407   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ADMISSION_SYNTAX_it                     4407   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_ADMISSION_SYNTAX                    4408   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityText     4409   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_set0_namingAuthority    4410   1_1_1   EXIST::FUNCTION:
+i2d_NAMING_AUTHORITY                    4411   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_free                   4412   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_set0_admissionAuthority      4413   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_free                         4414   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_get0_registrationNumber 4415   1_1_1   EXIST::FUNCTION:
+d2i_ADMISSIONS                          4416   1_1_1   EXIST::FUNCTION:
+i2d_ADMISSIONS                          4417   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionItems    4418   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_get0_admissionAuthority      4419   1_1_1   EXIST::FUNCTION:
+PROFESSION_INFO_set0_professionOIDs     4420   1_1_1   EXIST::FUNCTION:
+d2i_NAMING_AUTHORITY                    4421   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_it                           4422   1_1_1   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ADMISSIONS_it                           4422   1_1_1   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ADMISSIONS_get0_namingAuthority         4423   1_1_1   EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityText     4424   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_set0_namingAuthority         4425   1_1_1   EXIST::FUNCTION:
+ADMISSIONS_get0_professionInfos         4426   1_1_1   EXIST::FUNCTION:
+ADMISSION_SYNTAX_new                    4427   1_1_1   EXIST::FUNCTION:
+EVP_sha512_256                          4428   1_1_1   EXIST::FUNCTION:
+EVP_sha512_224                          4429   1_1_1   EXIST::FUNCTION:
+OCSP_basic_sign_ctx                     4430   1_1_1   EXIST::FUNCTION:OCSP
+RAND_DRBG_bytes                         4431   1_1_1   EXIST::FUNCTION:
+RAND_DRBG_secure_new                    4432   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_vctrl                        4433   1_1_1   EXIST::FUNCTION:
+X509_get0_authority_key_id              4434   1_1_0h  EXIST::FUNCTION:
+BIO_bind                                4435   1_1_1   EXIST::FUNCTION:SOCK
+OSSL_STORE_LOADER_set_expect            4436   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_expect                       4437   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_key_fingerprint    4438   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_serial           4439   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_name               4440   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_supports_search              4441   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_find                         4442   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get_type              4443   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_bytes            4444   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_string           4445   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_issuer_serial      4446   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_name             4447   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_alias              4448   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_find              4449   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_free                  4450   1_1_1   EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_digest           4451   1_1_1   EXIST::FUNCTION:
+RAND_DRBG_set_reseed_defaults           4452   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_new_raw_private_key            4453   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_new_raw_public_key             4454   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_new_CMAC_key                   4455   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_priv_key          4456   1_1_1   EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_pub_key           4457   1_1_1   EXIST::FUNCTION:
index fac911a471ee2770137ff93f717ca575a0b7f1cb..7b5e28c3344a15a590bf299f4754a392fce32ce1 100755 (executable)
@@ -241,7 +241,6 @@ my $crypto ="include/internal/dso.h";
 $crypto.=" include/internal/o_dir.h";
 $crypto.=" include/internal/o_str.h";
 $crypto.=" include/internal/err.h";
-$crypto.=" include/internal/rand.h";
 foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
     my $fn = "include/openssl/" . lc(basename($f));
     $crypto .= " $fn" if !defined $skipthese{$fn};