Skip to content

Commit

Permalink
Refactor RAND_set_entropy_source, supports passing in comma-separated…
Browse files Browse the repository at this point in the history
… sources
  • Loading branch information
dongbeiouba committed Sep 12, 2024
1 parent d050652 commit 6241b23
Show file tree
Hide file tree
Showing 6 changed files with 70 additions and 42 deletions.
43 changes: 5 additions & 38 deletions apps/rand.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

typedef enum OPTION_choice {
OPT_COMMON,
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX, OPT_ENTROPY, OPT_SOURCE,
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX, OPT_ENTROPY, OPT_ENTROPY_SOURCE,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;

Expand All @@ -40,7 +40,7 @@ const OPTIONS rand_options[] = {
{"base64", OPT_BASE64, '-', "Base64 encode output"},
{"hex", OPT_HEX, '-', "Hex encode output"},
{"entropy", OPT_ENTROPY, '-', "Output entropy instead of random data"},
{"source", OPT_SOURCE, 's', "Specify the entropy source"},
{"entropy_source", OPT_ENTROPY_SOURCE, 's', "Specify the entropy source"},

OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
Expand All @@ -50,43 +50,10 @@ const OPTIONS rand_options[] = {
{NULL}
};

static int opt_rand_source(const char *name)
{
int ret = 0;

if (strcmp(name, "getrandom") == 0)
ret = RAND_ENTROPY_SOURCE_GETRANDOM;
else if (strcmp(name, "devrandom") == 0)
ret = RAND_ENTROPY_SOURCE_DEVRANDOM;
else if (strcmp(name, "rdtsc") == 0)
ret = RAND_ENTROPY_SOURCE_RDTSC;
else if (strcmp(name, "rdcpu") == 0)
ret = RAND_ENTROPY_SOURCE_RDCPU;
else if (strcmp(name, "egd") == 0)
ret = RAND_ENTROPY_SOURCE_EGD;
else if (strcmp(name, "bcryptgenrandom") == 0)
ret = RAND_ENTROPY_SOURCE_BCRYPTGENRANDOM;
else if (strcmp(name, "cryptgenrandom_def_prov") == 0)
ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_DEF_PROV;
else if (strcmp(name, "cryptgenrandom_intel_prov") == 0)
ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_INTEL_PROV;
else if (strcmp(name, "rtcode") == 0)
ret = RAND_ENTROPY_SOURCE_RTCODE;
else if (strcmp(name, "rtmem") == 0)
ret = RAND_ENTROPY_SOURCE_RTMEM;
else if (strcmp(name, "rtsock") == 0)
ret = RAND_ENTROPY_SOURCE_RTSOCK;
else
BIO_printf(bio_err, "Unknown entropy source '%s'\n", name);

return ret;
}

int rand_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
int source = 0;
char *outfile = NULL, *prog;
OPTION_CHOICE o;
unsigned char *ent_buf = NULL, *p;
Expand Down Expand Up @@ -124,9 +91,9 @@ int rand_main(int argc, char **argv)
case OPT_ENTROPY:
entropy = 1;
break;
case OPT_SOURCE:
source |= opt_rand_source(opt_arg());
RAND_set_entropy_source(source);
case OPT_ENTROPY_SOURCE:
if (!RAND_set_entropy_source(opt_arg()))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
Expand Down
1 change: 1 addition & 0 deletions crypto/err/openssl.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1113,6 +1113,7 @@ RAND_R_FWRITE_ERROR:123:Error writing file
RAND_R_GENERATE_ERROR:112:generate error
RAND_R_INSUFFICIENT_DRBG_STRENGTH:139:insufficient drbg strength
RAND_R_INTERNAL_ERROR:113:internal error
RAND_R_INVALID_ENTROPY_SOURCE:145:invalid entropy source
RAND_R_IN_ERROR_STATE:114:in error state
RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file
RAND_R_NOT_INSTANTIATED:115:not instantiated
Expand Down
4 changes: 3 additions & 1 deletion crypto/rand/rand_err.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -51,6 +51,8 @@ static const ERR_STRING_DATA RAND_str_reasons[] = {
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INSUFFICIENT_DRBG_STRENGTH),
"insufficient drbg strength"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INVALID_ENTROPY_SOURCE),
"invalid entropy source"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE),
"Not a regular file"},
Expand Down
59 changes: 58 additions & 1 deletion crypto/rand/rand_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -822,9 +822,66 @@ void ossl_random_add_conf_module(void)
CONF_module_add("random", random_conf_init, random_conf_deinit);
}

void RAND_set_entropy_source(unsigned int type)
static int entropy_source_to_type(const char *name)
{
int ret;

if (strcmp(name, "getrandom") == 0)
ret = RAND_ENTROPY_SOURCE_GETRANDOM;
else if (strcmp(name, "devrandom") == 0)
ret = RAND_ENTROPY_SOURCE_DEVRANDOM;
else if (strcmp(name, "rdtsc") == 0)
ret = RAND_ENTROPY_SOURCE_RDTSC;
else if (strcmp(name, "rdcpu") == 0)
ret = RAND_ENTROPY_SOURCE_RDCPU;
else if (strcmp(name, "egd") == 0)
ret = RAND_ENTROPY_SOURCE_EGD;
else if (strcmp(name, "bcryptgenrandom") == 0)
ret = RAND_ENTROPY_SOURCE_BCRYPTGENRANDOM;
else if (strcmp(name, "cryptgenrandom_def_prov") == 0)
ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_DEF_PROV;
else if (strcmp(name, "cryptgenrandom_intel_prov") == 0)
ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_INTEL_PROV;
else if (strcmp(name, "rtcode") == 0)
ret = RAND_ENTROPY_SOURCE_RTCODE;
else if (strcmp(name, "rtmem") == 0)
ret = RAND_ENTROPY_SOURCE_RTMEM;
else if (strcmp(name, "rtsock") == 0)
ret = RAND_ENTROPY_SOURCE_RTSOCK;
else
ret = -1;

return ret;
}

int RAND_set_entropy_source(const char *source)
{
int ok = 0;
int type = 0, cur_type;
char *val, *valp, *item;

val = OPENSSL_strdup(source);
if (val == NULL) {
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
return 0;
}

for (valp = val; (item = strtok(valp, ",")) != NULL; valp = NULL) {
cur_type = entropy_source_to_type(item);
if (cur_type < 0) {
ERR_raise_data(ERR_LIB_RAND, RAND_R_INVALID_ENTROPY_SOURCE,
"source=%s", item);
goto end;
}

type |= cur_type;
}

ossl_rand_pool_set_default_entropy_source(type);
ok = 1;
end:
OPENSSL_free(val);
return ok;
}

int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq,
Expand Down
2 changes: 1 addition & 1 deletion include/openssl/rand.h
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq,
const char *cipher, const char *digest);
int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed,
const char *propq);
void RAND_set_entropy_source(unsigned int source);
int RAND_set_entropy_source(const char *source);

void RAND_seed(const void *buf, int num);
void RAND_keep_random_devices_open(int keep);
Expand Down
3 changes: 2 additions & 1 deletion include/openssl/randerr.h
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -41,6 +41,7 @@
# define RAND_R_GENERATE_ERROR 112
# define RAND_R_INSUFFICIENT_DRBG_STRENGTH 139
# define RAND_R_INTERNAL_ERROR 113
# define RAND_R_INVALID_ENTROPY_SOURCE 145
# define RAND_R_IN_ERROR_STATE 114
# define RAND_R_NOT_A_REGULAR_FILE 122
# define RAND_R_NOT_INSTANTIATED 115
Expand Down

0 comments on commit 6241b23

Please sign in to comment.