diff options
| author | Matt Caswell <matt@openssl.org> | 2016-04-06 11:19:55 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-04-13 08:52:33 +0100 |
| commit | f3cd81d6538e6295eaa279acd65ad10faeccd2ed (patch) | |
| tree | 26117ea3e3651aff964d42a7b986afd935c6ebeb | |
| parent | b22234deebe2e1758d59c64778ce462f11f16cb4 (diff) | |
| download | openssl-f3cd81d6538e6295eaa279acd65ad10faeccd2ed.tar.gz | |
Deprecate RAND_cleanup() and make it a no-op
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | apps/speed.c | 10 | ||||
| -rw-r--r-- | apps/testdsa.h | 3 | ||||
| -rw-r--r-- | crypto/include/internal/rand.h | 11 | ||||
| -rw-r--r-- | crypto/init.c | 10 | ||||
| -rw-r--r-- | crypto/rand/rand_lib.c | 4 | ||||
| -rw-r--r-- | doc/crypto/RAND_cleanup.pod | 12 | ||||
| -rw-r--r-- | doc/crypto/RAND_set_rand_method.pod | 2 | ||||
| -rw-r--r-- | doc/crypto/rand.pod | 8 | ||||
| -rw-r--r-- | include/openssl/rand.h | 4 |
9 files changed, 38 insertions, 26 deletions
diff --git a/apps/speed.c b/apps/speed.c index 68d6f0f58a..b2c247f68d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -313,7 +313,6 @@ static double ecdh_results[EC_NUM][1]; #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) static const char rnd_seed[] = "string to make the random number generator think it has entropy"; -static int rnd_fake = 0; #endif #ifdef SIGALRM @@ -2448,7 +2447,6 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); - rnd_fake = 1; } for (testnum = 0; testnum < DSA_NUM; testnum++) { int st = 0; @@ -2512,14 +2510,11 @@ int speed_main(int argc, char **argv) dsa_doit[testnum] = 0; } } - if (rnd_fake) - RAND_cleanup(); #endif #ifndef OPENSSL_NO_EC if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); - rnd_fake = 1; } for (testnum = 0; testnum < EC_NUM; testnum++) { int st = 1; @@ -2601,14 +2596,11 @@ int speed_main(int argc, char **argv) } } } - if (rnd_fake) - RAND_cleanup(); #endif #ifndef OPENSSL_NO_EC if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); - rnd_fake = 1; } for (testnum = 0; testnum < EC_NUM; testnum++) { if (!ecdh_doit[testnum]) @@ -2700,8 +2692,6 @@ int speed_main(int argc, char **argv) ecdh_doit[testnum] = 0; } } - if (rnd_fake) - RAND_cleanup(); #endif #ifndef NO_FORK show_res: diff --git a/apps/testdsa.h b/apps/testdsa.h index 6519948fe6..c72c71ecce 100644 --- a/apps/testdsa.h +++ b/apps/testdsa.h @@ -328,6 +328,3 @@ DSA *get_dsa2048() return NULL; } -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; -static int rnd_fake = 0; diff --git a/crypto/include/internal/rand.h b/crypto/include/internal/rand.h new file mode 100644 index 0000000000..f1a9389425 --- /dev/null +++ b/crypto/include/internal/rand.h @@ -0,0 +1,11 @@ +/* + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include <openssl/rand.h> + +void rand_cleanup_intern(void); diff --git a/crypto/init.c b/crypto/init.c index 3699145ac6..d93f282818 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -58,7 +58,7 @@ #include <internal/threads.h> #include <internal/cryptlib_int.h> #include <openssl/err.h> -#include <openssl/rand.h> +#include <internal/rand.h> #include <openssl/evp.h> #include <internal/evp_int.h> #include <internal/conf.h> @@ -453,7 +453,7 @@ void OPENSSL_cleanup(void) #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " - "RAND_cleanup()\n"); + "rand_cleanup_intern()\n"); fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " "CONF_modules_free()\n"); #ifndef OPENSSL_NO_ENGINE @@ -471,14 +471,14 @@ void OPENSSL_cleanup(void) #endif /* * Note that cleanup order is important: - * - RAND_cleanup could call an ENINGE's RAND cleanup function so must be - * called before ENGINE_cleanup() + * - rand_cleanup_intern could call an ENINGE's RAND cleanup function so + * must be called before ENGINE_cleanup() * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data(). * - CONF_modules_free() can end up in ENGINE code so must be called before * ENGINE_cleanup() */ - RAND_cleanup(); + rand_cleanup_intern(); CONF_modules_free(); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 36b41cda80..f5998f80aa 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -59,7 +59,7 @@ #include <time.h> #include "internal/cryptlib.h" #include <openssl/opensslconf.h> -#include <openssl/rand.h> +#include "internal/rand.h" #include <openssl/engine.h> @@ -125,7 +125,7 @@ int RAND_set_rand_engine(ENGINE *engine) } #endif -void RAND_cleanup(void) +void rand_cleanup_intern(void) { const RAND_METHOD *meth = RAND_get_rand_method(); if (meth && meth->cleanup) diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod index 88efb9a048..b5c43eab36 100644 --- a/doc/crypto/RAND_cleanup.pod +++ b/doc/crypto/RAND_cleanup.pod @@ -8,11 +8,15 @@ RAND_cleanup - erase the PRNG state #include <openssl/rand.h> - void RAND_cleanup(void); + #if OPENSSL_API_COMPAT < 0x10100000L + # define RAND_cleanup() + #endif =head1 DESCRIPTION -RAND_cleanup() erases the memory used by the PRNG. +Prior to OpenSSL 1.1.0 RAND_cleanup() erases the memory used by the PRNG. This +function is deprecated and as of version 1.1.0 does nothing. No explicit +initialisation or de-initialisation is necessary. See L<OPENSSL_init_crypto(3)>. =head1 RETURN VALUE @@ -22,4 +26,8 @@ RAND_cleanup() returns no value. L<rand(3)> +=head1 HISTORY + +RAND_cleanup() was deprecated in OpenSSL 1.1.0. + =cut diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod index 533d577fa6..01babe6036 100644 --- a/doc/crypto/RAND_set_rand_method.pod +++ b/doc/crypto/RAND_set_rand_method.pod @@ -46,7 +46,7 @@ API is being used, so this function is no longer recommended. } RAND_METHOD; The components point to the implementation of RAND_seed(), -RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand() +RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand() and RAND_status(). Each component may be NULL if the function is not implemented. diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod index 27a6787dbe..7d9605011b 100644 --- a/doc/crypto/rand.pod +++ b/doc/crypto/rand.pod @@ -27,12 +27,16 @@ rand - pseudo-random number generator const RAND_METHOD *RAND_get_rand_method(void); RAND_METHOD *RAND_OpenSSL(void); - void RAND_cleanup(void); - /* For Win32 only */ void RAND_screen(void); int RAND_event(UINT, WPARAM, LPARAM); +Deprecated: + + #if OPENSSL_API_COMPAT < 0x10100000L + # define RAND_cleanup() + #endif + =head1 DESCRIPTION Since the introduction of the ENGINE API, the recommended way of controlling diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 2a9a85c1f1..75f7389ebd 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -92,7 +92,9 @@ const RAND_METHOD *RAND_get_rand_method(void); int RAND_set_rand_engine(ENGINE *engine); # endif RAND_METHOD *RAND_OpenSSL(void); -void RAND_cleanup(void); +#if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() +#endif int RAND_bytes(unsigned char *buf, int num); DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) void RAND_seed(const void *buf, int num); |