summaryrefslogtreecommitdiff
path: root/lib/libcrypto
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2014-04-18 13:19:04 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2014-04-18 13:19:04 +0000
commitca325f1a9f6fdd32cbe6bf169bf5c8de1aa698c5 (patch)
tree0cb78215fa8658bd7b302b570dfa192045242b3b /lib/libcrypto
parent542741b7534d56c50bac8b29a6a8fc3751849703 (diff)
another round of chemo for the RAND code to provide clarity.
ok deraadt
Diffstat (limited to 'lib/libcrypto')
-rw-r--r--lib/libcrypto/rand/rand_lib.c238
-rw-r--r--lib/libcrypto/rand/rand_unix.c121
-rw-r--r--lib/libcrypto/rand/randfile.c53
-rw-r--r--lib/libcrypto/rand/rc4_rand.c52
4 files changed, 85 insertions, 379 deletions
diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c
index 243a87ddfbd..6d61b3d3f62 100644
--- a/lib/libcrypto/rand/rand_lib.c
+++ b/lib/libcrypto/rand/rand_lib.c
@@ -1,177 +1,97 @@
-/* crypto/rand/rand_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-
-#include <stdio.h>
-#include <time.h>
#include "cryptlib.h"
#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
+#include <stdlib.h>
-#ifndef OPENSSL_NO_ENGINE
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
-#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-
-int RAND_set_rand_method(const RAND_METHOD *meth)
- {
-#ifndef OPENSSL_NO_ENGINE
- if(funct_ref)
- {
- ENGINE_finish(funct_ref);
- funct_ref = NULL;
- }
-#endif
- default_RAND_meth = meth;
+/*
+ * The useful functions in this file are at the bottom.
+ */
+int
+RAND_set_rand_method(const RAND_METHOD *meth)
+{
return 1;
- }
+}
-const RAND_METHOD *RAND_get_rand_method(void)
- {
- if (!default_RAND_meth)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = ENGINE_get_default_RAND();
- if(e)
- {
- default_RAND_meth = ENGINE_get_RAND(e);
- if(!default_RAND_meth)
- {
- ENGINE_finish(e);
- e = NULL;
- }
- }
- if(e)
- funct_ref = e;
- else
-#endif
- default_RAND_meth = RAND_SSLeay();
- }
- return default_RAND_meth;
- }
+const RAND_METHOD *
+RAND_get_rand_method(void)
+{
+ return NULL;
+}
+
+RAND_METHOD *
+RAND_SSLeay(void)
+{
+ return NULL;
+}
#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine)
- {
- const RAND_METHOD *tmp_meth = NULL;
- if(engine)
- {
- if(!ENGINE_init(engine))
- return 0;
- tmp_meth = ENGINE_get_RAND(engine);
- if(!tmp_meth)
- {
- ENGINE_finish(engine);
- return 0;
- }
- }
- /* This function releases any prior ENGINE so call it first */
- RAND_set_rand_method(tmp_meth);
- funct_ref = engine;
+int
+RAND_set_rand_engine(ENGINE *engine)
+{
return 1;
- }
+}
#endif
-void RAND_cleanup(void)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->cleanup)
- meth->cleanup();
- RAND_set_rand_method(NULL);
- }
+void
+RAND_cleanup(void)
+{
+
+}
+
+void
+RAND_seed(const void *buf, int num)
+{
+
+}
-void RAND_seed(const void *buf, int num)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->seed)
- meth->seed(buf,num);
- }
+void
+RAND_add(const void *buf, int num, double entropy)
+{
-void RAND_add(const void *buf, int num, double entropy)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->add)
- meth->add(buf,num,entropy);
- }
+}
-int RAND_bytes(unsigned char *buf, int num)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->bytes)
- return meth->bytes(buf,num);
- return(-1);
- }
+int
+RAND_status(void)
+{
+ return 1;
+}
-int RAND_pseudo_bytes(unsigned char *buf, int num)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->pseudorand)
- return meth->pseudorand(buf,num);
- return(-1);
- }
+int
+RAND_poll(void)
+{
+ return 1;
+}
-int RAND_status(void)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->status)
- return meth->status();
- return 0;
- }
+/*
+ * Hurray. You've made it to the good parts.
+ */
+int
+RAND_bytes(unsigned char *buf, int num)
+{
+ if (num > 0)
+ arc4random_buf(buf, num);
+ return 1;
+}
+
+int
+RAND_pseudo_bytes(unsigned char *buf, int num)
+{
+ if (num > 0)
+ arc4random_buf(buf, num);
+ return 1;
+}
diff --git a/lib/libcrypto/rand/rand_unix.c b/lib/libcrypto/rand/rand_unix.c
deleted file mode 100644
index a5b9b2a5299..00000000000
--- a/lib/libcrypto/rand/rand_unix.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/rand/rand_unix.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "e_os.h"
-#include "cryptlib.h"
-#include <openssl/rand.h>
-
-#include <stdlib.h>
-#include <string.h>
-
-int RAND_poll(void)
-{
- return 1;
-}
diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index c47d1f72241..23efa173887 100644
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c
@@ -74,10 +74,7 @@
#define BUFSIZE 1024
#define RAND_DATA 1024
-#define RFILE ".rnd"
-
-/* Note that these functions are intended for seed files only.
- * Entropy devices and EGD sockets are handled in rand_unix.c */
+/* Note that these functions should not be used. */
int RAND_load_file(const char *file, long bytes)
{
@@ -145,46 +142,8 @@ err:
}
const char *RAND_file_name(char *buf, size_t size)
- {
- char *s=NULL;
- struct stat sb;
-
- if (OPENSSL_issetugid() == 0)
- s=getenv("RANDFILE");
- if (s != NULL && *s && strlen(s) + 1 < size)
- {
- if (BUF_strlcpy(buf,s,size) >= size)
- return NULL;
- }
- else
- {
- if (OPENSSL_issetugid() == 0)
- s=getenv("HOME");
- if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
- {
- BUF_strlcpy(buf,s,size);
- BUF_strlcat(buf,"/",size);
- BUF_strlcat(buf,RFILE,size);
- }
- else
- buf[0] = '\0'; /* no file name */
- }
-
- /* given that all random loads just fail if the file can't be
- * seen on a stat, we stat the file we're returning, if it
- * fails, use /dev/arandom instead. this allows the user to
- * use their own source for good random data, but defaults
- * to something hopefully decent if that isn't available.
- */
-
- if (!buf[0])
- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
- return(NULL);
- }
- if (stat(buf,&sb) == -1)
- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
- return(NULL);
- }
-
- return(buf);
- }
+{
+ if (BUF_strlcpy(buf,"/dev/urandom",size) >= size)
+ return(NULL);
+ return buf;
+}
diff --git a/lib/libcrypto/rand/rc4_rand.c b/lib/libcrypto/rand/rc4_rand.c
deleted file mode 100644
index 47405b0d9ab..00000000000
--- a/lib/libcrypto/rand/rc4_rand.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/* $OpenBSD: rc4_rand.c,v 1.2 2014/04/16 13:57:14 reyk Exp $ */
-
-/*
- * Copyright (c) 2014 Miodrag Vallat.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-
-#include <openssl/rand.h>
-
-static int
-arc4_rand_bytes(unsigned char *buf, int num)
-{
- if (num > 0)
- arc4random_buf(buf, (size_t)num);
-
- return 1;
-}
-
-static int
-arc4_rand_status(void)
-{
- /* no possible error condition */
- return 1;
-}
-
-static RAND_METHOD rand_arc4_meth = {
- .seed = NULL, /* no external seed allowed */
- .bytes = arc4_rand_bytes,
- .cleanup = NULL, /* no cleanup necessary */
- .add = NULL, /* no external feed allowed */
- .pseudorand = arc4_rand_bytes,
- .status = arc4_rand_status
-};
-
-RAND_METHOD *RAND_SSLeay(void)
-{
- return &rand_arc4_meth;
-}
-