From 5ecff87d666f47d0003b106c61ada1e25655b81d Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 21 Jun 2017 13:55:02 +0100 Subject: [PATCH] BN_pseudo_rand is really BN_rand And BN_pseudo_rand_range is really BN_rand_range. Document that we might deprecate those functions. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3743) --- apps/apps.c | 2 +- crypto/bn/bn_prime.c | 2 +- crypto/bn/bn_rand.c | 25 +++++++++---------------- crypto/bn/bn_sqrt.c | 2 +- doc/man3/BN_rand.pod | 16 +++++++++------- doc/man3/RAND_bytes.pod | 4 +--- include/openssl/bn.h | 2 +- include/openssl/opensslconf.h.in | 6 ++++++ test/ectest.c | 8 ++++---- 9 files changed, 33 insertions(+), 34 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 8b1aab4c4d..4459be9c9b 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1511,7 +1511,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) if (btmp == NULL) return 0; - if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0)) + if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0)) goto error; if (ai && !BN_to_ASN1_INTEGER(btmp, ai)) goto error; diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index b74699b6ca..4581a66bf6 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -216,7 +216,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, goto err; for (i = 0; i < checks; i++) { - if (!BN_pseudo_rand_range(check, A1)) + if (!BN_rand_range(check, A1)) goto err; if (!BN_add_word(check, 1)) goto err; diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 9ce4c5f606..a7c7309888 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -14,7 +14,7 @@ #include #include -static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) +static int bnrand(int testing, BIGNUM *rnd, int bits, int top, int bottom) { unsigned char *buf = NULL; int ret = 0, bit, bytes, mask; @@ -46,7 +46,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) if (RAND_bytes(buf, bytes) <= 0) goto err; - if (pseudorand == 2) { + if (testing) { /* * generate patterns that are more likely to trigger BN library bugs */ @@ -98,21 +98,14 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) return bnrand(0, rnd, bits, top, bottom); } -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return bnrand(1, rnd, bits, top, bottom); -} - int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(2, rnd, bits, top, bottom); + return bnrand(1, rnd, bits, top, bottom); } /* random number r: 0 <= r < range */ -static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) +int BN_rand_range(BIGNUM *r, const BIGNUM *range) { - int (*bn_rand) (BIGNUM *, int, int, int) = - pseudo ? BN_pseudo_rand : BN_rand; int n; int count = 100; @@ -133,7 +126,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) * than range */ do { - if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!BN_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) return 0; /* * If r < 3*range, use r := r MOD range (which is either r, r - @@ -159,7 +152,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) } else { do { /* range = 11..._2 or range = 101..._2 */ - if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!BN_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) return 0; if (!--count) { @@ -174,14 +167,14 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) return 1; } -int BN_rand_range(BIGNUM *r, const BIGNUM *range) +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bn_rand_range(0, r, range); + return BN_rand(rnd, bits, top, bottom); } int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { - return bn_rand_range(1, r, range); + return BN_rand_range(r, range); } /* diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 84376c78e5..86fc3a0480 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -179,7 +179,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_set_word(y, i)) goto end; } else { - if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) + if (!BN_rand(y, BN_num_bits(p), 0, 0)) goto end; if (BN_ucmp(y, p) >= 0) { if (!(p->neg ? BN_add : BN_sub) (y, y, p)) diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index 08d14de7ee..099dda47e9 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -34,15 +34,8 @@ If B is B, the number will be odd; if it is B it can be odd or even. If B is 1 then B cannot also be B. -BN_pseudo_rand() does the same, but pseudo-random numbers generated by -this function are not necessarily unpredictable. They can be used for -non-cryptographic purposes and for certain purposes in cryptographic -protocols, but usually not for key generation etc. - BN_rand_range() generates a cryptographically strong pseudo-random number B in the range 0 E= B E B. -BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(), -and hence numbers generated by it are not necessarily unpredictable. The PRNG must be seeded prior to calling BN_rand() or BN_rand_range(). @@ -51,6 +44,15 @@ The PRNG must be seeded prior to calling BN_rand() or BN_rand_range(). The functions return 1 on success, 0 on error. The error codes can be obtained by L. +=head1 HISTORY + +Starting with OpenSSL release 1.1.0, +BN_pseudo_rand() has been identical to BN_rand() +and +BN_pseudo_rand_range() has been identical to BN_rand_range(). +The "pseudo" functions should not be used and may be deprecated in +a future release. + =head1 SEE ALSO L, L, L diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index ffddf81a59..80f75aefe1 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -22,8 +22,6 @@ RAND_bytes() puts B cryptographically strong pseudo-random bytes into B. An error occurs if the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence. -RAND_pseudo_bytes() has been deprecated; use RAND_bytes() instead. - =head1 RETURN VALUES RAND_bytes() returns 1 on success, -1 if not supported by the current @@ -32,7 +30,7 @@ obtained by L. =head1 HISTORY -RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0. +RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. =head1 SEE ALSO diff --git a/include/openssl/bn.h b/include/openssl/bn.h index cca1735554..7e04b83ecd 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -154,8 +154,8 @@ void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG l); diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index bec5bd09d2..2603247df2 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -95,6 +95,12 @@ extern "C" { # define OPENSSL_API_COMPAT OPENSSL_MIN_API #endif +#if OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + #if OPENSSL_API_COMPAT < 0x10100000L # define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) #else diff --git a/test/ectest.c b/test/ectest.c index 351fefd994..c6e60acb57 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -577,7 +577,7 @@ static int prime_field_tests(void) || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)) - || !TEST_true(BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) + || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) || !TEST_true(BN_add(z, z, y))) goto err; BN_set_negative(z, 1); @@ -586,7 +586,7 @@ static int prime_field_tests(void) if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P)) - || !TEST_true(BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) + || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) || !TEST_true(BN_add(z, x, y))) goto err; BN_set_negative(z, 1); @@ -921,7 +921,7 @@ static int char2_curve_test(int n) || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))) goto err; - if (!TEST_true(BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) + if (!TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) || !TEST_true(BN_add(z, z, y))) goto err; BN_set_negative(z, 1); @@ -932,7 +932,7 @@ static int char2_curve_test(int n) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; - if (!TEST_true(BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) + if (!TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) || !TEST_true(BN_add(z, x, y))) goto err; BN_set_negative(z, 1); -- 2.25.1