From: Rich Salz <rsalz@openssl.org>
Date: Wed, 21 Jun 2017 12:55:02 +0000 (+0100)
Subject: BN_pseudo_rand is really BN_rand
X-Git-Tag: OpenSSL_1_1_1-pre1~1121
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5ecff87d666f47d0003b106c61ada1e25655b81d;p=oweals%2Fopenssl.git

BN_pseudo_rand is really BN_rand

And BN_pseudo_rand_range is really BN_rand_range.
Document that we might deprecate those functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3743)
---

diff --git a/apps/apps.c b/apps/apps.c
index 8b1aab4c4d..4459be9c9b 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1511,7 +1511,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
     if (btmp == NULL)
         return 0;
 
-    if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+    if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0))
         goto error;
     if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
         goto error;
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index b74699b6ca..4581a66bf6 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -216,7 +216,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
         goto err;
 
     for (i = 0; i < checks; i++) {
-        if (!BN_pseudo_rand_range(check, A1))
+        if (!BN_rand_range(check, A1))
             goto err;
         if (!BN_add_word(check, 1))
             goto err;
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 9ce4c5f606..a7c7309888 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -14,7 +14,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+static int bnrand(int testing, BIGNUM *rnd, int bits, int top, int bottom)
 {
     unsigned char *buf = NULL;
     int ret = 0, bit, bytes, mask;
@@ -46,7 +46,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     if (RAND_bytes(buf, bytes) <= 0)
         goto err;
 
-    if (pseudorand == 2) {
+    if (testing) {
         /*
          * generate patterns that are more likely to trigger BN library bugs
          */
@@ -98,21 +98,14 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
     return bnrand(0, rnd, bits, top, bottom);
 }
 
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
-    return bnrand(1, rnd, bits, top, bottom);
-}
-
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(2, rnd, bits, top, bottom);
+    return bnrand(1, rnd, bits, top, bottom);
 }
 
 /* random number r:  0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    int (*bn_rand) (BIGNUM *, int, int, int) =
-        pseudo ? BN_pseudo_rand : BN_rand;
     int n;
     int count = 100;
 
@@ -133,7 +126,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
          * than range
          */
         do {
-            if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            if (!BN_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
                 return 0;
             /*
              * If r < 3*range, use r := r MOD range (which is either r, r -
@@ -159,7 +152,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
     } else {
         do {
             /* range = 11..._2  or  range = 101..._2 */
-            if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            if (!BN_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
                 return 0;
 
             if (!--count) {
@@ -174,14 +167,14 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
     return 1;
 }
 
-int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bn_rand_range(0, r, range);
+    return BN_rand(rnd, bits, top, bottom);
 }
 
 int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bn_rand_range(1, r, range);
+    return BN_rand_range(r, range);
 }
 
 /*
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 84376c78e5..86fc3a0480 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -179,7 +179,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
             if (!BN_set_word(y, i))
                 goto end;
         } else {
-            if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+            if (!BN_rand(y, BN_num_bits(p), 0, 0))
                 goto end;
             if (BN_ucmp(y, p) >= 0) {
                 if (!(p->neg ? BN_add : BN_sub) (y, y, p))
diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod
index 08d14de7ee..099dda47e9 100644
--- a/doc/man3/BN_rand.pod
+++ b/doc/man3/BN_rand.pod
@@ -34,15 +34,8 @@ If B<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
 is B<BN_RAND_BOTTOM_ANY> it can be odd or even.
 If B<bits> is 1 then B<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
 
-BN_pseudo_rand() does the same, but pseudo-random numbers generated by
-this function are not necessarily unpredictable. They can be used for
-non-cryptographic purposes and for certain purposes in cryptographic
-protocols, but usually not for key generation etc.
-
 BN_rand_range() generates a cryptographically strong pseudo-random
 number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.
-BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
-and hence numbers generated by it are not necessarily unpredictable.
 
 The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
 
@@ -51,6 +44,15 @@ The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
 The functions return 1 on success, 0 on error.
 The error codes can be obtained by L<ERR_get_error(3)>.
 
+=head1 HISTORY
+
+Starting with OpenSSL release 1.1.0,
+BN_pseudo_rand() has been identical to BN_rand()
+and
+BN_pseudo_rand_range() has been identical to BN_rand_range().
+The "pseudo" functions should not be used and may be deprecated in
+a future release.
+
 =head1 SEE ALSO
 
 L<ERR_get_error(3)>, L<RAND_add(3)>, L<RAND_bytes(3)>
diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod
index ffddf81a59..80f75aefe1 100644
--- a/doc/man3/RAND_bytes.pod
+++ b/doc/man3/RAND_bytes.pod
@@ -22,8 +22,6 @@ RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
 into B<buf>. An error occurs if the PRNG has not been seeded with
 enough randomness to ensure an unpredictable byte sequence.
 
-RAND_pseudo_bytes() has been deprecated; use RAND_bytes() instead.
-
 =head1 RETURN VALUES
 
 RAND_bytes() returns 1 on success, -1 if not supported by the current
@@ -32,7 +30,7 @@ obtained by L<ERR_get_error(3)>.
 
 =head1 HISTORY
 
-RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0.
+RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.
 
 =head1 SEE ALSO
 
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index cca1735554..7e04b83ecd 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -154,8 +154,8 @@ void BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void BN_CTX_end(BN_CTX *ctx);
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
 int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
 int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
 int BN_num_bits(const BIGNUM *a);
 int BN_num_bits_word(BN_ULONG l);
diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in
index bec5bd09d2..2603247df2 100644
--- a/include/openssl/opensslconf.h.in
+++ b/include/openssl/opensslconf.h.in
@@ -95,6 +95,12 @@ extern "C" {
 # define OPENSSL_API_COMPAT OPENSSL_MIN_API
 #endif
 
+#if OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
 #if OPENSSL_API_COMPAT < 0x10100000L
 # define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
 #else
diff --git a/test/ectest.c b/test/ectest.c
index 351fefd994..c6e60acb57 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -577,7 +577,7 @@ static int prime_field_tests(void)
         || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
         || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
         || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))
-        || !TEST_true(BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+        || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
         || !TEST_true(BN_add(z, z, y)))
         goto err;
     BN_set_negative(z, 1);
@@ -586,7 +586,7 @@ static int prime_field_tests(void)
 
     if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
         || !TEST_true(EC_POINT_is_at_infinity(group, P))
-        || !TEST_true(BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+        || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
         || !TEST_true(BN_add(z, x, y)))
         goto err;
     BN_set_negative(z, 1);
@@ -921,7 +921,7 @@ static int char2_curve_test(int n)
             || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)))
             goto err;
 
-        if (!TEST_true(BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+        if (!TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
             || !TEST_true(BN_add(z, z, y)))
             goto err;
         BN_set_negative(z, 1);
@@ -932,7 +932,7 @@ static int char2_curve_test(int n)
             || !TEST_true(EC_POINT_is_at_infinity(group, P)))
             goto err;
 
-        if (!TEST_true(BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+        if (!TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
             || !TEST_true(BN_add(z, x, y)))
             goto err;
         BN_set_negative(z, 1);