From: Dr. Matthias St. Pierre Date: Mon, 5 Mar 2018 22:45:44 +0000 (+0100) Subject: Publish the RAND_DRBG API X-Git-Tag: OpenSSL_1_1_1-pre3~63 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6decf9436f7;p=oweals%2Fopenssl.git Publish the RAND_DRBG API Fixes #4403 This commit moves the internal header file "internal/rand.h" to , making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5462) --- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 896c089da6..176a82b156 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -918,11 +918,11 @@ RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate RAND_F_RAND_LOAD_FILE:111:RAND_load_file -RAND_F_RAND_POOL_ADD:103:RAND_POOL_add -RAND_F_RAND_POOL_ADD_BEGIN:113:RAND_POOL_add_begin -RAND_F_RAND_POOL_ADD_END:114:RAND_POOL_add_end -RAND_F_RAND_POOL_BYTES_NEEDED:115:RAND_POOL_bytes_needed -RAND_F_RAND_POOL_NEW:116:RAND_POOL_new +RAND_F_RAND_POOL_ADD:103:rand_pool_add +RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin +RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end +RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed +RAND_F_RAND_POOL_NEW:116:rand_pool_new RAND_F_RAND_WRITE_FILE:112:RAND_write_file RSA_F_CHECK_PADDING_MD:140:check_padding_md RSA_F_ENCODE_PKCS1:146:encode_pkcs1 diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index bed9b2743e..2421385425 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -17,7 +17,7 @@ #include "internal/evp_int.h" #include "modes_lcl.h" #include -#include +#include #include "evp_locl.h" typedef struct { diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 053189e685..ac564a20f8 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -17,7 +17,7 @@ #include #include #include -#include +#include #include "modes_lcl.h" #include "internal/evp_int.h" #include "internal/constant_time_locl.h" diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 215e02f131..e752d304b6 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -18,7 +18,7 @@ #include #include #include -#include +#include #include "modes_lcl.h" #include "internal/constant_time_locl.h" #include "internal/evp_int.h" diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index 10525a84d9..9c1036b4bd 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -13,9 +13,9 @@ # include # include # include +# include # include "internal/aria.h" # include "internal/evp_int.h" -# include "internal/rand.h" # include "modes_lcl.h" # include "evp_locl.h" diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index d8c4afa886..3b4b714e38 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -15,7 +15,7 @@ # include "internal/evp_int.h" # include # include -# include +# include # include "evp_locl.h" typedef struct { diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 75e6ecf314..b8fe42cb96 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -15,7 +15,7 @@ # include "internal/evp_int.h" # include # include -# include +# include # include "evp_locl.h" typedef struct { diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3176c61538..9832e562b2 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -13,9 +13,9 @@ #include #include #include +#include #include #include "internal/evp_int.h" -#include "internal/rand.h" #include "evp_locl.h" int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index 3b79dab8b8..731879330b 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -14,7 +14,7 @@ #include #include #include -#include +#include #include "evp_locl.h" int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index fc1abd97bc..d90d9c5f63 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -15,8 +15,64 @@ * or in the file LICENSE in the source distribution. */ -#include +#ifndef HEADER_RAND_INT_H +# define HEADER_RAND_INT_H + +# include + +/* forward declaration */ +typedef struct rand_pool_st RAND_POOL; void rand_cleanup_int(void); void rand_drbg_cleanup_int(void); void rand_fork(void); + +/* Hardware-based seeding functions. */ +size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); +size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool); + +/* DRBG entropy callbacks. */ +size_t rand_drbg_get_entropy(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, size_t max_len); +void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); +size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len); + + +/* + * RAND_POOL functions + */ +RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len); +void rand_pool_free(RAND_POOL *pool); + +const unsigned char *rand_pool_buffer(RAND_POOL *pool); +unsigned char *rand_pool_detach(RAND_POOL *pool); + +size_t rand_pool_entropy(RAND_POOL *pool); +size_t rand_pool_length(RAND_POOL *pool); + +size_t rand_pool_entropy_available(RAND_POOL *pool); +size_t rand_pool_entropy_needed(RAND_POOL *pool); +size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte); +size_t rand_pool_bytes_remaining(RAND_POOL *pool); + +size_t rand_pool_add(RAND_POOL *pool, + const unsigned char *buffer, size_t len, size_t entropy); +unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len); +size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); + + +/* + * Add random bytes to the pool to acquire requested amount of entropy + * + * This function is platform specific and tries to acquire the requested + * amount of entropy by polling platform specific entropy sources. + * + * If the function succeeds in acquiring at least |entropy_requested| bits + * of entropy, the total entropy count is returned. If it fails, it returns + * an entropy count of 0. + */ +size_t rand_pool_acquire_entropy(RAND_POOL *pool); + +#endif diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 0496cb0ae1..84425dc4e0 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -12,9 +12,9 @@ #include #include #include -#include "rand_lcl.h" #include "internal/thread_once.h" - +#include "internal/thread_once.h" +#include "rand_lcl.h" /* * Implementation of NIST SP 800-90A CTR DRBG. */ diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 12070d7571..93092c86a9 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -328,7 +328,7 @@ end: RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED); drbg->state = DRBG_ERROR; } - RAND_POOL_free(drbg->pool); + rand_pool_free(drbg->pool); drbg->pool = NULL; } if (drbg->state == DRBG_READY) @@ -446,7 +446,7 @@ int rand_drbg_restart(RAND_DRBG *drbg, if (drbg->pool != NULL) { RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); - RAND_POOL_free(drbg->pool); + rand_pool_free(drbg->pool); drbg->pool = NULL; } @@ -464,11 +464,11 @@ int rand_drbg_restart(RAND_DRBG *drbg, } /* will be picked up by the rand_drbg_get_entropy() callback */ - drbg->pool = RAND_POOL_new(entropy, len, len); + drbg->pool = rand_pool_new(entropy, len, len); if (drbg->pool == NULL) return 0; - RAND_POOL_add(drbg->pool, buffer, len, entropy); + rand_pool_add(drbg->pool, buffer, len, entropy); } else { if (drbg->max_adinlen < len) { RANDerr(RAND_F_RAND_DRBG_RESTART, @@ -516,7 +516,7 @@ int rand_drbg_restart(RAND_DRBG *drbg, if (drbg->pool != NULL) { drbg->state = DRBG_ERROR; RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); - RAND_POOL_free(drbg->pool); + rand_pool_free(drbg->pool); drbg->pool = NULL; return 0; } diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index 22467d83a1..542499f1a7 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -34,13 +34,13 @@ static const ERR_STRING_DATA RAND_str_functs[] = { {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0), "RAND_DRBG_uninstantiate"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "RAND_POOL_add"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0), - "RAND_POOL_add_begin"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "RAND_POOL_add_end"}, + "rand_pool_add_begin"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0), - "RAND_POOL_bytes_needed"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "RAND_POOL_new"}, + "rand_pool_bytes_needed"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"}, {0, NULL} }; diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index ceba8bba3f..2f1a52bb59 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -15,7 +15,7 @@ # include # include # include -# include "internal/rand.h" +# include /* How many times to read the TSC as a randomness source. */ # define TSC_READ_COUNT 4 @@ -128,7 +128,7 @@ struct rand_drbg_st { * with respect to how randomness is added to the RNG during reseeding * (see PR #4328). */ - RAND_POOL *pool; + struct rand_pool_st *pool; /* * The following parameters are setup by the per-type "init" function. @@ -206,18 +206,6 @@ extern RAND_METHOD rand_meth; /* How often we've forked (only incremented in child). */ extern int rand_fork_count; -/* Hardware-based seeding functions. */ -size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); -size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool); - -/* DRBG entropy callbacks. */ -size_t rand_drbg_get_entropy(RAND_DRBG *drbg, - unsigned char **pout, - int entropy, size_t min_len, size_t max_len); -void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, - unsigned char *out, size_t outlen); -size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len); - /* DRBG helpers */ int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *buffer, size_t len, size_t entropy); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index d328935637..76d5767ccd 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -95,10 +95,10 @@ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool) if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) { for (i = 0; i < TSC_READ_COUNT; i++) { c = (unsigned char)(OPENSSL_rdtsc() & 0xFF); - RAND_POOL_add(pool, &c, 1, 4); + rand_pool_add(pool, &c, 1, 4); } } - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); } #endif @@ -125,9 +125,9 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) size_t bytes_needed; unsigned char *buffer; - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); if (bytes_needed > 0) { - buffer = RAND_POOL_add_begin(pool, bytes_needed); + buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { @@ -135,7 +135,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) { if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed) == bytes_needed) - return RAND_POOL_add_end(pool, + return rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); } @@ -144,16 +144,16 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) { if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed) == bytes_needed) - return RAND_POOL_add_end(pool, + return rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); } - return RAND_POOL_add_end(pool, 0, 0); + return rand_pool_add_end(pool, 0, 0); } } - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); } #endif @@ -165,7 +165,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) * is fetched using the parent's RAND_DRBG_generate(). * * Otherwise, the entropy is polled from the system entropy sources - * using RAND_POOL_acquire_entropy(). + * using rand_pool_acquire_entropy(). * * If a random pool has been added to the DRBG using RAND_add(), then * its entropy will be used up first. @@ -187,22 +187,22 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, return 0; } - pool = RAND_POOL_new(entropy, min_len, max_len); + pool = rand_pool_new(entropy, min_len, max_len); if (pool == NULL) return 0; if (drbg->pool) { - RAND_POOL_add(pool, - RAND_POOL_buffer(drbg->pool), - RAND_POOL_length(drbg->pool), - RAND_POOL_entropy(drbg->pool)); - RAND_POOL_free(drbg->pool); + rand_pool_add(pool, + rand_pool_buffer(drbg->pool), + rand_pool_length(drbg->pool), + rand_pool_entropy(drbg->pool)); + rand_pool_free(drbg->pool); drbg->pool = NULL; } if (drbg->parent) { - size_t bytes_needed = RAND_POOL_bytes_needed(pool, 8); - unsigned char *buffer = RAND_POOL_add_begin(pool, bytes_needed); + size_t bytes_needed = rand_pool_bytes_needed(pool, 8); + unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; @@ -221,20 +221,20 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, bytes = bytes_needed; rand_drbg_unlock(drbg->parent); - entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); } } else { /* Get entropy by polling system entropy sources. */ - entropy_available = RAND_POOL_acquire_entropy(pool); + entropy_available = rand_pool_acquire_entropy(pool); } if (entropy_available > 0) { - ret = RAND_POOL_length(pool); - *pout = RAND_POOL_detach(pool); + ret = rand_pool_length(pool); + *pout = rand_pool_detach(pool); } - RAND_POOL_free(pool); + rand_pool_free(pool); return ret; } @@ -329,32 +329,32 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len) #endif uint64_t tbits; - pool = RAND_POOL_new(0, 0, max_len); + pool = rand_pool_new(0, 0, max_len); if (pool == NULL) return 0; #ifdef OPENSSL_SYS_UNIX pid = getpid(); - RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0); + rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0); #elif defined(OPENSSL_SYS_WIN32) pid = GetCurrentProcessId(); - RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0); + rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0); #endif thread_id = CRYPTO_THREAD_get_current_id(); if (thread_id != 0) - RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0); + rand_pool_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0); tbits = get_timer_bits(); if (tbits != 0) - RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0); + rand_pool_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0); /* TODO: Use RDSEED? */ - len = RAND_POOL_length(pool); + len = rand_pool_length(pool); if (len != 0) - *pout = RAND_POOL_detach(pool); - RAND_POOL_free(pool); + *pout = rand_pool_detach(pool); + rand_pool_free(pool); return len; } @@ -431,26 +431,26 @@ int RAND_poll(void) } else { /* fill random pool and seed the current legacy RNG */ - pool = RAND_POOL_new(RAND_DRBG_STRENGTH, + pool = rand_pool_new(RAND_DRBG_STRENGTH, RAND_DRBG_STRENGTH / 8, DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8)); if (pool == NULL) return 0; - if (RAND_POOL_acquire_entropy(pool) == 0) + if (rand_pool_acquire_entropy(pool) == 0) goto err; if (meth->add == NULL - || meth->add(RAND_POOL_buffer(pool), - RAND_POOL_length(pool), - (RAND_POOL_entropy(pool) / 8.0)) == 0) + || meth->add(rand_pool_buffer(pool), + rand_pool_length(pool), + (rand_pool_entropy(pool) / 8.0)) == 0) goto err; ret = 1; } err: - RAND_POOL_free(pool); + rand_pool_free(pool); return ret; } @@ -479,7 +479,7 @@ struct rand_pool_st { * Allocate memory and initialize a new random pool */ -RAND_POOL *RAND_POOL_new(int entropy, size_t min_len, size_t max_len) +RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); @@ -509,7 +509,7 @@ err: /* * Free |pool|, securely erasing its buffer. */ -void RAND_POOL_free(RAND_POOL *pool) +void rand_pool_free(RAND_POOL *pool) { if (pool == NULL) return; @@ -521,7 +521,7 @@ void RAND_POOL_free(RAND_POOL *pool) /* * Return the |pool|'s buffer to the caller (readonly). */ -const unsigned char *RAND_POOL_buffer(RAND_POOL *pool) +const unsigned char *rand_pool_buffer(RAND_POOL *pool) { return pool->buffer; } @@ -529,7 +529,7 @@ const unsigned char *RAND_POOL_buffer(RAND_POOL *pool) /* * Return the |pool|'s entropy to the caller. */ -size_t RAND_POOL_entropy(RAND_POOL *pool) +size_t rand_pool_entropy(RAND_POOL *pool) { return pool->entropy; } @@ -537,7 +537,7 @@ size_t RAND_POOL_entropy(RAND_POOL *pool) /* * Return the |pool|'s buffer length to the caller. */ -size_t RAND_POOL_length(RAND_POOL *pool) +size_t rand_pool_length(RAND_POOL *pool) { return pool->len; } @@ -547,7 +547,7 @@ size_t RAND_POOL_length(RAND_POOL *pool) * It's the responsibility of the caller to free the buffer * using OPENSSL_secure_clear_free(). */ -unsigned char *RAND_POOL_detach(RAND_POOL *pool) +unsigned char *rand_pool_detach(RAND_POOL *pool) { unsigned char *ret = pool->buffer; pool->buffer = NULL; @@ -571,7 +571,7 @@ unsigned char *RAND_POOL_detach(RAND_POOL *pool) * |entropy| if the entropy count and buffer size is large enough * 0 otherwise */ -size_t RAND_POOL_entropy_available(RAND_POOL *pool) +size_t rand_pool_entropy_available(RAND_POOL *pool) { if (pool->entropy < pool->requested_entropy) return 0; @@ -587,7 +587,7 @@ size_t RAND_POOL_entropy_available(RAND_POOL *pool) * the random pool. */ -size_t RAND_POOL_entropy_needed(RAND_POOL *pool) +size_t rand_pool_entropy_needed(RAND_POOL *pool) { if (pool->entropy < pool->requested_entropy) return pool->requested_entropy - pool->entropy; @@ -601,10 +601,10 @@ size_t RAND_POOL_entropy_needed(RAND_POOL *pool) * In case of an error, 0 is returned. */ -size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte) +size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte) { size_t bytes_needed; - size_t entropy_needed = RAND_POOL_entropy_needed(pool); + size_t entropy_needed = rand_pool_entropy_needed(pool); if (entropy_per_byte < 1 || entropy_per_byte > 8) { RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE); @@ -628,7 +628,7 @@ size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte) } /* Returns the remaining number of bytes available */ -size_t RAND_POOL_bytes_remaining(RAND_POOL *pool) +size_t rand_pool_bytes_remaining(RAND_POOL *pool) { return pool->max_len - pool->len; } @@ -641,9 +641,9 @@ size_t RAND_POOL_bytes_remaining(RAND_POOL *pool) * randomness. * * Return available amount of entropy after this operation. - * (see RAND_POOL_entropy_available(pool)) + * (see rand_pool_entropy_available(pool)) */ -size_t RAND_POOL_add(RAND_POOL *pool, +size_t rand_pool_add(RAND_POOL *pool, const unsigned char *buffer, size_t len, size_t entropy) { if (len > pool->max_len - pool->len) { @@ -657,7 +657,7 @@ size_t RAND_POOL_add(RAND_POOL *pool, pool->entropy += entropy; } - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); } /* @@ -669,10 +669,10 @@ size_t RAND_POOL_add(RAND_POOL *pool, * If |len| == 0 this is considered a no-op and a NULL pointer * is returned without producing an error message. * - * After updating the buffer, RAND_POOL_add_end() needs to be called + * After updating the buffer, rand_pool_add_end() needs to be called * to finish the udpate operation (see next comment). */ -unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len) +unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) { if (len == 0) return NULL; @@ -689,12 +689,12 @@ unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len) * Finish to add random bytes to the random pool in-place. * * Finishes an in-place update of the random pool started by - * RAND_POOL_add_begin() (see previous comment). + * rand_pool_add_begin() (see previous comment). * It is expected that |len| bytes of random input have been added * to the buffer which contain at least |entropy| bits of randomness. * It is allowed to add less bytes than originally reserved. */ -size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy) +size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) { if (len > pool->max_len - pool->len) { RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); @@ -706,7 +706,7 @@ size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy) pool->entropy += entropy; } - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); } int RAND_set_rand_method(const RAND_METHOD *meth) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 74c828239b..b86f94ab72 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -12,6 +12,7 @@ #include "internal/cryptlib.h" #include #include "rand_lcl.h" +#include "internal/rand_int.h" #include #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \ @@ -50,7 +51,7 @@ * * As a precaution, we assume only 2 bits of entropy per byte. */ -size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) +size_t rand_pool_acquire_entropy(RAND_POOL *pool) { short int code; gid_t curr_gid; @@ -73,13 +74,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) * different processes. */ curr_gid = getgid(); - RAND_POOL_add(pool, &curr_gid, sizeof(curr_gid), 0); + rand_pool_add(pool, &curr_gid, sizeof(curr_gid), 0); curr_pid = getpid(); - RAND_POOL_add(pool, &curr_pid, sizeof(curr_pid), 0); + rand_pool_add(pool, &curr_pid, sizeof(curr_pid), 0); curr_uid = getuid(); - RAND_POOL_add(pool, &curr_uid, sizeof(curr_uid), 0); + rand_pool_add(pool, &curr_uid, sizeof(curr_uid), 0); - bytes_needed = RAND_POOL_bytes_needed(pool, 2 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 2 /*entropy_per_byte*/); for (i = 0; i < bytes_needed; i++) { /* @@ -102,9 +103,9 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) /* Get wall clock time, take 8 bits. */ clock_gettime(CLOCK_REALTIME, &ts); v = (unsigned char)(ts.tv_nsec & 0xFF); - RAND_POOL_add(pool, arg, &v, sizeof(v) , 2); + rand_pool_add(pool, arg, &v, sizeof(v) , 2); } - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); } # else @@ -155,25 +156,25 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) * of input from the different entropy sources (trust, quality, * possibility of blocking). */ -size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) +size_t rand_pool_acquire_entropy(RAND_POOL *pool) { # ifdef OPENSSL_RAND_SEED_NONE - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); # else size_t bytes_needed; size_t entropy_available = 0; unsigned char *buffer; # ifdef OPENSSL_RAND_SEED_GETRANDOM - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); - buffer = RAND_POOL_add_begin(pool, bytes_needed); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; if (getrandom(buffer, bytes_needed, 0) == (int)bytes_needed) bytes = bytes_needed; - entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); } if (entropy_available > 0) return entropy_available; @@ -186,7 +187,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) # endif # ifdef OPENSSL_RAND_SEED_DEVRANDOM - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); if (bytes_needed > 0) { static const char *paths[] = { DEVRANDOM, NULL }; FILE *fp; @@ -196,19 +197,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) if ((fp = fopen(paths[i], "rb")) == NULL) continue; setbuf(fp, NULL); - buffer = RAND_POOL_add_begin(pool, bytes_needed); + buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; if (fread(buffer, 1, bytes_needed, fp) == bytes_needed) bytes = bytes_needed; - entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); } fclose(fp); if (entropy_available > 0) return entropy_available; - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); } } # endif @@ -226,13 +227,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) # endif # ifdef OPENSSL_RAND_SEED_EGD - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); if (bytes_needed > 0) { static const char *paths[] = { DEVRANDOM_EGD, NULL }; int i; for (i = 0; paths[i] != NULL; i++) { - buffer = RAND_POOL_add_begin(pool, bytes_needed); + buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; int num = RAND_query_egd_bytes(paths[i], @@ -240,7 +241,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) if (num == (int)bytes_needed) bytes = bytes_needed; - entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); } if (entropy_available > 0) return entropy_available; @@ -248,7 +249,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) } # endif - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); # endif } # endif diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index 4ec4b35bd4..eb68c8a456 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -54,7 +54,7 @@ static struct items_data_st { {0, 0} }; -size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) +size_t rand_pool_acquire_entropy(RAND_POOL *pool) { /* determine the number of items in the JPI array */ struct items_data_st item_entry; @@ -117,7 +117,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) * was that it contains 4 bits of entropy per byte. This makes a total * amount of total_length*16 bits (256bits). */ - return RAND_POOL_add(pool, + return rand_pool_add(pool, (PTR_T)data_buffer, total_length * 4, total_length * 16); } diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 9eff319bc8..7f34188107 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #include "internal/cryptlib.h" #include #include "rand_lcl.h" +#include "internal/rand_int.h" #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # ifndef OPENSSL_RAND_SEED_OS @@ -38,7 +39,7 @@ # define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" # endif -size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) +size_t rand_pool_acquire_entropy(RAND_POOL *pool) { # ifndef USE_BCRYPTGENRANDOM HCRYPTPROV hProvider; @@ -61,21 +62,21 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) # endif # ifdef USE_BCRYPTGENRANDOM - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); - buffer = RAND_POOL_add_begin(pool, bytes_needed); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; if (BCryptGenRandom(NULL, buffer, bytes_needed, BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) bytes = bytes_needed; - entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); } if (entropy_available > 0) return entropy_available; # else - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); - buffer = RAND_POOL_add_begin(pool, bytes_needed); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; /* poll the CryptoAPI PRNG */ @@ -87,13 +88,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) CryptReleaseContext(hProvider, 0); } - entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); } if (entropy_available > 0) return entropy_available; - bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/); - buffer = RAND_POOL_add_begin(pool, bytes_needed); + bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; /* poll the Pentium PRG with CryptoAPI */ @@ -105,13 +106,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) CryptReleaseContext(hProvider, 0); } - entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); } if (entropy_available > 0) return entropy_available; # endif - return RAND_POOL_entropy_available(pool); + return rand_pool_entropy_available(pool); } # if OPENSSL_API_COMPAT < 0x10100000L diff --git a/include/internal/rand.h b/include/internal/rand.h deleted file mode 100644 index 9f6b1ab961..0000000000 --- a/include/internal/rand.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_DRBG_RAND_H -# define HEADER_DRBG_RAND_H - -/* In CTR mode, disable derivation function ctr_df */ -#define RAND_DRBG_FLAG_CTR_NO_DF 0x1 - -/* - * Default security strength (in the sense of [NIST SP 800-90Ar1]) - * - * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that - * of the cipher by collecting less entropy. The current DRBG implemantion does - * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG - * to that of the cipher. - * - * RAND_DRBG_STRENGTH is currently only used for the legacy RAND - * implementation. - * - * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and - * NID_aes_256_ctr - * - * TODO(DRBG): would be nice to have the NID and strength configurable - */ -# define RAND_DRBG_STRENGTH 256 -# define RAND_DRBG_NID NID_aes_256_ctr - -/* - * Object lifetime functions. - */ -RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); -RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); -int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); -int RAND_DRBG_instantiate(RAND_DRBG *drbg, - const unsigned char *pers, size_t perslen); -int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); -void RAND_DRBG_free(RAND_DRBG *drbg); - -/* - * Object "use" functions. - */ -int RAND_DRBG_reseed(RAND_DRBG *drbg, - const unsigned char *adin, size_t adinlen); -int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, - int prediction_resistance, - const unsigned char *adin, size_t adinlen); -int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); - -int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); -int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); - -int RAND_DRBG_set_reseed_defaults( - unsigned int master_reseed_interval, - unsigned int slave_reseed_interval, - time_t master_reseed_time_interval, - time_t slave_reseed_time_interval - ); - -RAND_DRBG *RAND_DRBG_get0_master(void); -RAND_DRBG *RAND_DRBG_get0_public(void); -RAND_DRBG *RAND_DRBG_get0_private(void); - -/* - * EXDATA - */ -#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) -int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg); -void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx); - -/* - * Callback functions. See comments in drbg_lib.c - */ -typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx, - unsigned char **pout, - int entropy, size_t min_len, - size_t max_len); -typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, - unsigned char *out, size_t outlen); -typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout, - int entropy, size_t min_len, - size_t max_len); -typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx, - unsigned char *out, size_t outlen); - -int RAND_DRBG_set_callbacks(RAND_DRBG *dctx, - RAND_DRBG_get_entropy_fn get_entropy, - RAND_DRBG_cleanup_entropy_fn cleanup_entropy, - RAND_DRBG_get_nonce_fn get_nonce, - RAND_DRBG_cleanup_nonce_fn cleanup_nonce); - -/* - * RAND_POOL functions - */ -RAND_POOL *RAND_POOL_new(int entropy_requested, size_t min_len, size_t max_len); -void RAND_POOL_free(RAND_POOL *pool); - -const unsigned char *RAND_POOL_buffer(RAND_POOL *pool); -unsigned char *RAND_POOL_detach(RAND_POOL *pool); - -size_t RAND_POOL_entropy(RAND_POOL *pool); -size_t RAND_POOL_length(RAND_POOL *pool); - -size_t RAND_POOL_entropy_available(RAND_POOL *pool); -size_t RAND_POOL_entropy_needed(RAND_POOL *pool); -size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte); -size_t RAND_POOL_bytes_remaining(RAND_POOL *pool); - -size_t RAND_POOL_add(RAND_POOL *pool, - const unsigned char *buffer, size_t len, size_t entropy); -unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len); -size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy); - - -/* - * Add random bytes to the pool to acquire requested amount of entropy - * - * This function is platform specific and tries to acquire the requested - * amount of entropy by polling platform specific entropy sources. - * - * If the function succeeds in acquiring at least |entropy_requested| bits - * of entropy, the total entropy count is returned. If it fails, it returns - * an entropy count of 0. - */ -size_t RAND_POOL_acquire_entropy(RAND_POOL *pool); -#endif diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 165878ea1d..7993ca28f3 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -115,7 +115,6 @@ typedef struct ec_key_method_st EC_KEY_METHOD; typedef struct rand_meth_st RAND_METHOD; typedef struct rand_drbg_st RAND_DRBG; -typedef struct rand_pool_st RAND_POOL; typedef struct ssl_dane_st SSL_DANE; typedef struct x509_st X509; diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h new file mode 100644 index 0000000000..667a8ab2fd --- /dev/null +++ b/include/openssl/rand_drbg.h @@ -0,0 +1,113 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +# include +# include + + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implemantion does + * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG + * to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + * + * TODO(DRBG): would be nice to have the NID and strength configurable + */ +# define RAND_DRBG_STRENGTH 256 +# define RAND_DRBG_NID NID_aes_256_ctr + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *dctx, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d5c5918d16..298588cd3d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -14,13 +14,13 @@ #include #include #include +#include #include #include #include #include #include #include "internal/cryptlib.h" -#include "internal/rand.h" #include "internal/refcount.h" const char SSL_version_str[] = OPENSSL_VERSION_TEXT; diff --git a/util/libcrypto.num b/util/libcrypto.num index a965bb54ef..38c902c9c0 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4402,128 +4402,114 @@ EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE DH_new_by_nid 4348 1_1_1 EXIST::FUNCTION:DH DH_get_nid 4349 1_1_1 EXIST::FUNCTION:DH CRYPTO_get_alloc_counts 4350 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG -RAND_POOL_new 4351 1_1_1 EXIST::FUNCTION: -RAND_POOL_free 4352 1_1_1 EXIST::FUNCTION: -RAND_POOL_buffer 4353 1_1_1 EXIST::FUNCTION: -RAND_POOL_detach 4354 1_1_1 EXIST::FUNCTION: -RAND_POOL_entropy 4355 1_1_1 EXIST::FUNCTION: -RAND_POOL_length 4356 1_1_1 EXIST::FUNCTION: -RAND_POOL_entropy_available 4357 1_1_1 EXIST::FUNCTION: -RAND_POOL_entropy_needed 4358 1_1_1 EXIST::FUNCTION: -RAND_POOL_bytes_needed 4359 1_1_1 EXIST::FUNCTION: -RAND_POOL_bytes_remaining 4360 1_1_1 EXIST::FUNCTION: -RAND_POOL_add 4361 1_1_1 EXIST::FUNCTION: -RAND_POOL_add_begin 4362 1_1_1 EXIST::FUNCTION: -RAND_POOL_add_end 4363 1_1_1 EXIST::FUNCTION: -RAND_POOL_acquire_entropy 4364 1_1_1 EXIST::FUNCTION: -OPENSSL_sk_new_reserve 4365 1_1_1 EXIST::FUNCTION: -EVP_PKEY_asn1_set_check 4366 1_1_1 EXIST::FUNCTION: -EVP_PKEY_asn1_set_siginf 4367 1_1_1 EXIST::FUNCTION: -EVP_sm4_ctr 4368 1_1_1 EXIST::FUNCTION:SM4 -EVP_sm4_cbc 4369 1_1_1 EXIST::FUNCTION:SM4 -EVP_sm4_ofb 4370 1_1_1 EXIST::FUNCTION:SM4 -EVP_sm4_ecb 4371 1_1_1 EXIST::FUNCTION:SM4 -EVP_sm4_cfb128 4372 1_1_1 EXIST::FUNCTION:SM4 -EVP_sm3 4373 1_1_1 EXIST::FUNCTION:SM3 -OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP -EVP_PKEY_public_check 4375 1_1_1 EXIST::FUNCTION: -EVP_PKEY_param_check 4376 1_1_1 EXIST::FUNCTION: -EVP_PKEY_meth_set_public_check 4377 1_1_1 EXIST::FUNCTION: -EVP_PKEY_meth_set_param_check 4378 1_1_1 EXIST::FUNCTION: -EVP_PKEY_meth_get_public_check 4379 1_1_1 EXIST::FUNCTION: -EVP_PKEY_meth_get_param_check 4380 1_1_1 EXIST::FUNCTION: -EVP_PKEY_asn1_set_public_check 4381 1_1_1 EXIST::FUNCTION: -EVP_PKEY_asn1_set_param_check 4382 1_1_1 EXIST::FUNCTION: -DH_check_ex 4383 1_1_1 EXIST::FUNCTION:DH -DH_check_pub_key_ex 4384 1_1_1 EXIST::FUNCTION:DH -DH_check_params_ex 4385 1_1_1 EXIST::FUNCTION:DH -RSA_generate_multi_prime_key 4386 1_1_1 EXIST::FUNCTION:RSA -RSA_get_multi_prime_extra_count 4387 1_1_1 EXIST::FUNCTION:RSA -RSA_get0_multi_prime_factors 4388 1_1_1 EXIST::FUNCTION:RSA -RSA_get0_multi_prime_crt_params 4389 1_1_1 EXIST::FUNCTION:RSA -RSA_set0_multi_prime_params 4390 1_1_1 EXIST::FUNCTION:RSA -RSA_get_version 4391 1_1_1 EXIST::FUNCTION:RSA -RSA_meth_get_multi_prime_keygen 4392 1_1_1 EXIST::FUNCTION:RSA -RSA_meth_set_multi_prime_keygen 4393 1_1_1 EXIST::FUNCTION:RSA -RAND_DRBG_get0_master 4394 1_1_1 EXIST::FUNCTION: -RAND_DRBG_set_reseed_time_interval 4395 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_get0_addProfessionInfo 4396 1_1_1 EXIST::FUNCTION: -ADMISSION_SYNTAX_free 4397 1_1_1 EXIST::FUNCTION: -d2i_ADMISSION_SYNTAX 4398 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_set0_authorityId 4399 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_set0_authorityURL 4400 1_1_1 EXIST::FUNCTION: -d2i_PROFESSION_INFO 4401 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_it 4402 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NAMING_AUTHORITY_it 4402 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ADMISSION_SYNTAX_get0_contentsOfAdmissions 4403 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_set0_professionItems 4404 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_new 4405 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_get0_authorityURL 4406 1_1_1 EXIST::FUNCTION: -ADMISSION_SYNTAX_get0_admissionAuthority 4407 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_new 4408 1_1_1 EXIST::FUNCTION: -ADMISSIONS_new 4409 1_1_1 EXIST::FUNCTION: -ADMISSION_SYNTAX_set0_admissionAuthority 4410 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_get0_professionOIDs 4411 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_it 4412 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PROFESSION_INFO_it 4412 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_PROFESSION_INFO 4413 1_1_1 EXIST::FUNCTION: -ADMISSIONS_set0_professionInfos 4414 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_get0_namingAuthority 4415 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_free 4416 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_set0_addProfessionInfo 4417 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_set0_registrationNumber 4418 1_1_1 EXIST::FUNCTION: -ADMISSION_SYNTAX_set0_contentsOfAdmissions 4419 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_get0_authorityId 4420 1_1_1 EXIST::FUNCTION: -ADMISSION_SYNTAX_it 4421 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ADMISSION_SYNTAX_it 4421 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_ADMISSION_SYNTAX 4422 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_get0_authorityText 4423 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_set0_namingAuthority 4424 1_1_1 EXIST::FUNCTION: -i2d_NAMING_AUTHORITY 4425 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_free 4426 1_1_1 EXIST::FUNCTION: -ADMISSIONS_set0_admissionAuthority 4427 1_1_1 EXIST::FUNCTION: -ADMISSIONS_free 4428 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_get0_registrationNumber 4429 1_1_1 EXIST::FUNCTION: -d2i_ADMISSIONS 4430 1_1_1 EXIST::FUNCTION: -i2d_ADMISSIONS 4431 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_get0_professionItems 4432 1_1_1 EXIST::FUNCTION: -ADMISSIONS_get0_admissionAuthority 4433 1_1_1 EXIST::FUNCTION: -PROFESSION_INFO_set0_professionOIDs 4434 1_1_1 EXIST::FUNCTION: -d2i_NAMING_AUTHORITY 4435 1_1_1 EXIST::FUNCTION: -ADMISSIONS_it 4436 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ADMISSIONS_it 4436 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ADMISSIONS_get0_namingAuthority 4437 1_1_1 EXIST::FUNCTION: -NAMING_AUTHORITY_set0_authorityText 4438 1_1_1 EXIST::FUNCTION: -ADMISSIONS_set0_namingAuthority 4439 1_1_1 EXIST::FUNCTION: -ADMISSIONS_get0_professionInfos 4440 1_1_1 EXIST::FUNCTION: -ADMISSION_SYNTAX_new 4441 1_1_1 EXIST::FUNCTION: -EVP_sha512_256 4442 1_1_1 EXIST::FUNCTION: -EVP_sha512_224 4443 1_1_1 EXIST::FUNCTION: -OCSP_basic_sign_ctx 4444 1_1_1 EXIST::FUNCTION:OCSP -RAND_DRBG_bytes 4445 1_1_1 EXIST::FUNCTION: -RAND_DRBG_secure_new 4446 1_1_1 EXIST::FUNCTION: -OSSL_STORE_vctrl 4447 1_1_1 EXIST::FUNCTION: -X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: -BIO_bind 4449 1_1_1 EXIST::FUNCTION:SOCK -OSSL_STORE_LOADER_set_expect 4450 1_1_1 EXIST::FUNCTION: -OSSL_STORE_expect 4451 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_by_key_fingerprint 4452 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_get0_serial 4453 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_by_name 4454 1_1_1 EXIST::FUNCTION: -OSSL_STORE_supports_search 4455 1_1_1 EXIST::FUNCTION: -OSSL_STORE_find 4456 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_get_type 4457 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_get0_bytes 4458 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_get0_string 4459 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_by_issuer_serial 4460 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_get0_name 4461 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_by_alias 4462 1_1_1 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_find 4463 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_free 4464 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_get0_digest 4465 1_1_1 EXIST::FUNCTION: -RAND_DRBG_set_reseed_defaults 4466 1_1_1 EXIST::FUNCTION: -EVP_PKEY_new_raw_private_key 4467 1_1_1 EXIST::FUNCTION: -EVP_PKEY_new_raw_public_key 4468 1_1_1 EXIST::FUNCTION: -EVP_PKEY_new_CMAC_key 4469 1_1_1 EXIST::FUNCTION: -EVP_PKEY_asn1_set_set_priv_key 4470 1_1_1 EXIST::FUNCTION: -EVP_PKEY_asn1_set_set_pub_key 4471 1_1_1 EXIST::FUNCTION: +OPENSSL_sk_new_reserve 4351 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_check 4352 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_siginf 4353 1_1_1 EXIST::FUNCTION: +EVP_sm4_ctr 4354 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_cbc 4355 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_ofb 4356 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_ecb 4357 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_cfb128 4358 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm3 4359 1_1_1 EXIST::FUNCTION:SM3 +OCSP_resp_get0_signer 4360 1_1_0h EXIST::FUNCTION:OCSP +EVP_PKEY_public_check 4361 1_1_1 EXIST::FUNCTION: +EVP_PKEY_param_check 4362 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_set_public_check 4363 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_set_param_check 4364 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_get_public_check 4365 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_get_param_check 4366 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_public_check 4367 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_param_check 4368 1_1_1 EXIST::FUNCTION: +DH_check_ex 4369 1_1_1 EXIST::FUNCTION:DH +DH_check_pub_key_ex 4370 1_1_1 EXIST::FUNCTION:DH +DH_check_params_ex 4371 1_1_1 EXIST::FUNCTION:DH +RSA_generate_multi_prime_key 4372 1_1_1 EXIST::FUNCTION:RSA +RSA_get_multi_prime_extra_count 4373 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_multi_prime_factors 4374 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_multi_prime_crt_params 4375 1_1_1 EXIST::FUNCTION:RSA +RSA_set0_multi_prime_params 4376 1_1_1 EXIST::FUNCTION:RSA +RSA_get_version 4377 1_1_1 EXIST::FUNCTION:RSA +RSA_meth_get_multi_prime_keygen 4378 1_1_1 EXIST::FUNCTION:RSA +RSA_meth_set_multi_prime_keygen 4379 1_1_1 EXIST::FUNCTION:RSA +RAND_DRBG_get0_master 4380 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_reseed_time_interval 4381 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_addProfessionInfo 4382 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_free 4383 1_1_1 EXIST::FUNCTION: +d2i_ADMISSION_SYNTAX 4384 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_set0_authorityId 4385 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_set0_authorityURL 4386 1_1_1 EXIST::FUNCTION: +d2i_PROFESSION_INFO 4387 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_it 4388 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAMING_AUTHORITY_it 4388 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ADMISSION_SYNTAX_get0_contentsOfAdmissions 4389 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_professionItems 4390 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_new 4391 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_get0_authorityURL 4392 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_get0_admissionAuthority 4393 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_new 4394 1_1_1 EXIST::FUNCTION: +ADMISSIONS_new 4395 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_set0_admissionAuthority 4396 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_professionOIDs 4397 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_it 4398 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +PROFESSION_INFO_it 4398 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_PROFESSION_INFO 4399 1_1_1 EXIST::FUNCTION: +ADMISSIONS_set0_professionInfos 4400 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_namingAuthority 4401 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_free 4402 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_addProfessionInfo 4403 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_registrationNumber 4404 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_set0_contentsOfAdmissions 4405 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_get0_authorityId 4406 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_it 4407 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ADMISSION_SYNTAX_it 4407 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_ADMISSION_SYNTAX 4408 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_get0_authorityText 4409 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_namingAuthority 4410 1_1_1 EXIST::FUNCTION: +i2d_NAMING_AUTHORITY 4411 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_free 4412 1_1_1 EXIST::FUNCTION: +ADMISSIONS_set0_admissionAuthority 4413 1_1_1 EXIST::FUNCTION: +ADMISSIONS_free 4414 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_registrationNumber 4415 1_1_1 EXIST::FUNCTION: +d2i_ADMISSIONS 4416 1_1_1 EXIST::FUNCTION: +i2d_ADMISSIONS 4417 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_professionItems 4418 1_1_1 EXIST::FUNCTION: +ADMISSIONS_get0_admissionAuthority 4419 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_professionOIDs 4420 1_1_1 EXIST::FUNCTION: +d2i_NAMING_AUTHORITY 4421 1_1_1 EXIST::FUNCTION: +ADMISSIONS_it 4422 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ADMISSIONS_it 4422 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ADMISSIONS_get0_namingAuthority 4423 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_set0_authorityText 4424 1_1_1 EXIST::FUNCTION: +ADMISSIONS_set0_namingAuthority 4425 1_1_1 EXIST::FUNCTION: +ADMISSIONS_get0_professionInfos 4426 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_new 4427 1_1_1 EXIST::FUNCTION: +EVP_sha512_256 4428 1_1_1 EXIST::FUNCTION: +EVP_sha512_224 4429 1_1_1 EXIST::FUNCTION: +OCSP_basic_sign_ctx 4430 1_1_1 EXIST::FUNCTION:OCSP +RAND_DRBG_bytes 4431 1_1_1 EXIST::FUNCTION: +RAND_DRBG_secure_new 4432 1_1_1 EXIST::FUNCTION: +OSSL_STORE_vctrl 4433 1_1_1 EXIST::FUNCTION: +X509_get0_authority_key_id 4434 1_1_0h EXIST::FUNCTION: +BIO_bind 4435 1_1_1 EXIST::FUNCTION:SOCK +OSSL_STORE_LOADER_set_expect 4436 1_1_1 EXIST::FUNCTION: +OSSL_STORE_expect 4437 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_key_fingerprint 4438 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_serial 4439 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_name 4440 1_1_1 EXIST::FUNCTION: +OSSL_STORE_supports_search 4441 1_1_1 EXIST::FUNCTION: +OSSL_STORE_find 4442 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get_type 4443 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_bytes 4444 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_string 4445 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_issuer_serial 4446 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_name 4447 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_alias 4448 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_find 4449 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_free 4450 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_digest 4451 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_reseed_defaults 4452 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_raw_private_key 4453 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_raw_public_key 4454 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION: diff --git a/util/mkdef.pl b/util/mkdef.pl index fac911a471..7b5e28c334 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -241,7 +241,6 @@ my $crypto ="include/internal/dso.h"; $crypto.=" include/internal/o_dir.h"; $crypto.=" include/internal/o_str.h"; $crypto.=" include/internal/err.h"; -$crypto.=" include/internal/rand.h"; foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) { my $fn = "include/openssl/" . lc(basename($f)); $crypto .= " $fn" if !defined $skipthese{$fn};