[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Mon Aug 28 13:13:24 UTC 2017


The branch master has been updated
       via  6969a3f49ae63c8a4fd543a121511a1f0eb64a5e (commit)
       via  4871fa49cdd0d4473b6a815fc01fbde3e6ced339 (commit)
       via  aa048aef0b9146f90c06333dedfc105d1f9e2c22 (commit)
      from  b2db9c18b23f59c3a08ef10f0ee85f24d43da2a4 (commit)


- Log -----------------------------------------------------------------
commit 6969a3f49ae63c8a4fd543a121511a1f0eb64a5e
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Fri Aug 25 23:26:53 2017 +0200

    DRBG: Remove 'randomness' buffer from 'RAND_DRBG'
    
    The DRBG callbacks 'get_entropy()' and 'cleanup_entropy()' are designed
    in such a way that the randomness buffer does not have to be allocated
    by the calling function. It receives the address of a dynamically
    allocated buffer from get_entropy() and returns this address to
    cleanup_entropy(), where it is freed. If these two calls are properly
    paired, the address can be stored in a stack local variable of the
    calling function, so there is no need for having a 'randomness' member
    (and a 'filled' member) in 'RAND_DRBG'.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4266)

commit 4871fa49cdd0d4473b6a815fc01fbde3e6ced339
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Fri Aug 25 22:39:33 2017 +0200

    RAND: Rename the RAND_poll_ex() callback and its typedef
    
    With the introduction of RAND_poll_ex(), the `RAND_add()` calls were
    replaced by meaningless cb(...). This commit changes the 'cb(...)'
    calls back to 'rand_add(...)' calls by changing the signature as follows:
    
    -int RAND_poll_ex(RAND_poll_fn cb, void *arg);
    +int RAND_poll_ex(RAND_poll_cb rand_add, void *arg);
    
    Changed the function typedef name to 'RAND_poll_cb' to emphasize the fact
    that the function type represents a callback function.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4266)

commit aa048aef0b9146f90c06333dedfc105d1f9e2c22
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Sun Aug 20 23:02:46 2017 +0200

    DRBG: clarify difference between entropy counts and buffer lengths
    
    Unlike the NIST DRBG standard, entropy counts are in bits and
    buffer lengths are in bytes. This has lead to some confusion and
    errors in the past, see my comment on PR 3789.
    
    To clarify the destinction between entropy counts and buffer lengths,
    a 'len' suffix has been added to all member names of RAND_DRBG which
    represent buffer lengths:
    
    -   {min,max}_{entropy,adin,nonce,pers}
    +   {min,max}_{entropy,adin,nonce,pers}len
    
    This change makes naming also more consistent, as can be seen in the
    diffs, for example:
    
    -    else if (adinlen > drbg->max_adin) {
    +    else if (adinlen > drbg->max_adinlen) {
    
    Also replaced all 'ent's by 'entropy's, following a suggestion of Paul Dale.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4266)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/drbg_lib.c  | 38 +++++++++----------
 crypto/rand/drbg_rand.c | 36 +++++++++---------
 crypto/rand/rand_lcl.h  | 36 ++++++++++++------
 crypto/rand/rand_lib.c  | 48 ++++++++++--------------
 crypto/rand/rand_unix.c | 22 +++++------
 crypto/rand/rand_vms.c  |  4 +-
 crypto/rand/rand_win.c  |  8 ++--
 doc/man3/RAND_add.pod   |  6 +--
 include/internal/rand.h |  5 ++-
 include/openssl/rand.h  |  4 +-
 test/drbgtest.c         | 98 ++++++++++++++++++++++++-------------------------
 util/private.num        |  2 +-
 12 files changed, 157 insertions(+), 150 deletions(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 6aced40..d1f419d 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -125,9 +125,9 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
                           const unsigned char *pers, size_t perslen)
 {
     unsigned char *nonce = NULL, *entropy = NULL;
-    size_t noncelen = 0, entlen = 0;
+    size_t noncelen = 0, entropylen = 0;
 
-    if (perslen > drbg->max_pers) {
+    if (perslen > drbg->max_perslen) {
         RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
                 RAND_R_PERSONALISATION_STRING_TOO_LONG);
         goto end;
@@ -141,23 +141,23 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
 
     drbg->state = DRBG_ERROR;
     if (drbg->get_entropy != NULL)
-        entlen = drbg->get_entropy(drbg, &entropy, drbg->strength,
-                                   drbg->min_entropy, drbg->max_entropy);
-    if (entlen < drbg->min_entropy || entlen > drbg->max_entropy) {
+        entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
+                                   drbg->min_entropylen, drbg->max_entropylen);
+    if (entropylen < drbg->min_entropylen || entropylen > drbg->max_entropylen) {
         RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
         goto end;
     }
 
-    if (drbg->max_nonce > 0 && drbg->get_nonce != NULL) {
+    if (drbg->max_noncelen > 0 && drbg->get_nonce != NULL) {
         noncelen = drbg->get_nonce(drbg, &nonce, drbg->strength / 2,
-                                   drbg->min_nonce, drbg->max_nonce);
-        if (noncelen < drbg->min_nonce || noncelen > drbg->max_nonce) {
+                                   drbg->min_noncelen, drbg->max_noncelen);
+        if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) {
             RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_NONCE);
             goto end;
         }
     }
 
-    if (!ctr_instantiate(drbg, entropy, entlen,
+    if (!ctr_instantiate(drbg, entropy, entropylen,
                          nonce, noncelen, pers, perslen)) {
         RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_INSTANTIATING_DRBG);
         goto end;
@@ -168,9 +168,9 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
 
 end:
     if (entropy != NULL && drbg->cleanup_entropy != NULL)
-        drbg->cleanup_entropy(drbg, entropy);
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
     if (nonce != NULL && drbg->cleanup_nonce!= NULL )
-        drbg->cleanup_nonce(drbg, nonce);
+        drbg->cleanup_nonce(drbg, nonce, noncelen);
     if (drbg->state == DRBG_READY)
         return 1;
     return 0;
@@ -195,7 +195,7 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
                      const unsigned char *adin, size_t adinlen)
 {
     unsigned char *entropy = NULL;
-    size_t entlen = 0;
+    size_t entropylen = 0;
 
     if (drbg->state == DRBG_ERROR) {
         RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_IN_ERROR_STATE);
@@ -208,28 +208,28 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
 
     if (adin == NULL)
         adinlen = 0;
-    else if (adinlen > drbg->max_adin) {
+    else if (adinlen > drbg->max_adinlen) {
         RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
         return 0;
     }
 
     drbg->state = DRBG_ERROR;
     if (drbg->get_entropy != NULL)
-        entlen = drbg->get_entropy(drbg, &entropy, drbg->strength,
-                                   drbg->min_entropy, drbg->max_entropy);
-    if (entlen < drbg->min_entropy || entlen > drbg->max_entropy) {
+        entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
+                                   drbg->min_entropylen, drbg->max_entropylen);
+    if (entropylen < drbg->min_entropylen || entropylen > drbg->max_entropylen) {
         RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
         goto end;
     }
 
-    if (!ctr_reseed(drbg, entropy, entlen, adin, adinlen))
+    if (!ctr_reseed(drbg, entropy, entropylen, adin, adinlen))
         goto end;
     drbg->state = DRBG_READY;
     drbg->reseed_counter = 1;
 
 end:
     if (entropy != NULL && drbg->cleanup_entropy != NULL)
-        drbg->cleanup_entropy(drbg, entropy);
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
     if (drbg->state == DRBG_READY)
         return 1;
     return 0;
@@ -256,7 +256,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
         RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG);
         return 0;
     }
-    if (adinlen > drbg->max_adin) {
+    if (adinlen > drbg->max_adinlen) {
         RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
         return 0;
     }
diff --git a/crypto/rand/drbg_rand.c b/crypto/rand/drbg_rand.c
index 934679e..83f1ad8 100644
--- a/crypto/rand/drbg_rand.c
+++ b/crypto/rand/drbg_rand.c
@@ -237,29 +237,29 @@ static void ctr_update(RAND_DRBG *drbg,
 }
 
 int ctr_instantiate(RAND_DRBG *drbg,
-                    const unsigned char *ent, size_t entlen,
+                    const unsigned char *entropy, size_t entropylen,
                     const unsigned char *nonce, size_t noncelen,
                     const unsigned char *pers, size_t perslen)
 {
     RAND_DRBG_CTR *ctr = &drbg->ctr;
 
-    if (ent == NULL)
+    if (entropy == NULL)
         return 0;
 
     memset(ctr->K, 0, sizeof(ctr->K));
     memset(ctr->V, 0, sizeof(ctr->V));
     AES_set_encrypt_key(ctr->K, drbg->strength, &ctr->ks);
-    ctr_update(drbg, ent, entlen, pers, perslen, nonce, noncelen);
+    ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen);
     return 1;
 }
 
 int ctr_reseed(RAND_DRBG *drbg,
-               const unsigned char *ent, size_t entlen,
+               const unsigned char *entropy, size_t entropylen,
                const unsigned char *adin, size_t adinlen)
 {
-    if (ent == NULL)
+    if (entropy == NULL)
         return 0;
-    ctr_update(drbg, ent, entlen, adin, adinlen, NULL, 0);
+    ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0);
     return 1;
 }
 
@@ -340,20 +340,20 @@ int ctr_init(RAND_DRBG *drbg)
         /* Set key schedule for df_key */
         AES_set_encrypt_key(df_key, drbg->strength, &ctr->df_ks);
 
-        drbg->min_entropy = ctr->keylen;
-        drbg->max_entropy = DRBG_MAX_LENGTH;
-        drbg->min_nonce = drbg->min_entropy / 2;
-        drbg->max_nonce = DRBG_MAX_LENGTH;
-        drbg->max_pers = DRBG_MAX_LENGTH;
-        drbg->max_adin = DRBG_MAX_LENGTH;
+        drbg->min_entropylen = ctr->keylen;
+        drbg->max_entropylen = DRBG_MAX_LENGTH;
+        drbg->min_noncelen = drbg->min_entropylen / 2;
+        drbg->max_noncelen = DRBG_MAX_LENGTH;
+        drbg->max_perslen = DRBG_MAX_LENGTH;
+        drbg->max_adinlen = DRBG_MAX_LENGTH;
     } else {
-        drbg->min_entropy = drbg->seedlen;
-        drbg->max_entropy = drbg->seedlen;
+        drbg->min_entropylen = drbg->seedlen;
+        drbg->max_entropylen = drbg->seedlen;
         /* Nonce not used */
-        drbg->min_nonce = 0;
-        drbg->max_nonce = 0;
-        drbg->max_pers = drbg->seedlen;
-        drbg->max_adin = drbg->seedlen;
+        drbg->min_noncelen = 0;
+        drbg->max_noncelen = 0;
+        drbg->max_perslen = drbg->seedlen;
+        drbg->max_adinlen = drbg->seedlen;
     }
 
     drbg->max_request = 1 << 16;
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index e60f619..f9de279 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -94,21 +94,35 @@ struct rand_drbg_st {
     int nid; /* the underlying algorithm */
     int fork_count;
     unsigned short flags; /* various external flags */
-    char filled;
     char secure;
     /*
      * This is a fixed-size buffer, but we malloc to make it a little
      * harder to find; a classic security/performance trade-off.
      */
     int size;
-    unsigned char *randomness;
 
-    /* These parameters are setup by the per-type "init" function. */
+    /* 
+     * The following parameters are setup by the per-type "init" function.
+     *
+     * Currently the only type is CTR_DRBG, its init function is ctr_init().
+     *
+     * The parameters are closely related to the ones described in 
+     * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one
+     * crucial difference: In the NIST standard, all counts are given
+     * in bits, whereas in OpenSSL entropy counts are given in bits 
+     * and buffer lengths are given in bytes.
+     * 
+     * Since this difference has lead to some confusion in the past,
+     * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055])
+     * the 'len' suffix has been added to all buffer sizes for 
+     * clarification.
+     */
+    
     int strength;
     size_t max_request;
-    size_t min_entropy, max_entropy;
-    size_t min_nonce, max_nonce;
-    size_t max_pers, max_adin;
+    size_t min_entropylen, max_entropylen;
+    size_t min_noncelen, max_noncelen;
+    size_t max_perslen, max_adinlen;
     unsigned int reseed_counter;
     unsigned int reseed_interval;
     size_t seedlen;
@@ -137,11 +151,11 @@ extern RAND_DRBG priv_drbg;
 extern int rand_fork_count;
 
 /* Hardware-based seeding functions. */
-void rand_read_tsc(RAND_poll_fn cb, void *arg);
-int rand_read_cpu(RAND_poll_fn cb, void *arg);
+void rand_read_tsc(RAND_poll_cb rand_add, void *arg);
+int rand_read_cpu(RAND_poll_cb rand_add, void *arg);
 
 /* DRBG entropy callbacks. */
-void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out);
+void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
 size_t drbg_entropy_from_parent(RAND_DRBG *drbg,
                                 unsigned char **pout,
                                 int entropy, size_t min_len, size_t max_len);
@@ -153,11 +167,11 @@ size_t drbg_entropy_from_system(RAND_DRBG *drbg,
 int ctr_init(RAND_DRBG *drbg);
 int ctr_uninstantiate(RAND_DRBG *drbg);
 int ctr_instantiate(RAND_DRBG *drbg,
-                    const unsigned char *ent, size_t entlen,
+                    const unsigned char *entropy, size_t entropylen,
                     const unsigned char *nonce, size_t noncelen,
                     const unsigned char *pers, size_t perslen);
 int ctr_reseed(RAND_DRBG *drbg,
-               const unsigned char *ent, size_t entlen,
+               const unsigned char *entropy, size_t entropylen,
                const unsigned char *adin, size_t adinlen);
 int ctr_generate(RAND_DRBG *drbg,
                  unsigned char *out, size_t outlen,
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 0d1e3f6..5ed08f1 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -42,7 +42,7 @@ int rand_fork_count;
  * it's not sufficient to indicate whether or not the seeding was
  * done.
  */
-void rand_read_tsc(RAND_poll_fn cb, void *arg)
+void rand_read_tsc(RAND_poll_cb rand_add, void *arg)
 {
     unsigned char c;
     int i;
@@ -50,7 +50,7 @@ void rand_read_tsc(RAND_poll_fn cb, void *arg)
     if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
         for (i = 0; i < TSC_READ_COUNT; i++) {
             c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
-            cb(arg, &c, 1, 0.5);
+            rand_add(arg, &c, 1, 0.5);
         }
     }
 }
@@ -62,14 +62,14 @@ size_t OPENSSL_ia32_rdrand_bytes(char *buf, size_t len);
 
 extern unsigned int OPENSSL_ia32cap_P[];
 
-int rand_read_cpu(RAND_poll_fn cb, void *arg)
+int rand_read_cpu(RAND_poll_cb rand_add, void *arg)
 {
     char buff[RANDOMNESS_NEEDED];
 
     /* If RDSEED is available, use that. */
     if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
         if (OPENSSL_ia32_rdseed_bytes(buff, sizeof(buff)) == sizeof(buff)) {
-            cb(arg, buff, (int)sizeof(buff), sizeof(buff));
+            rand_add(arg, buff, (int)sizeof(buff), sizeof(buff));
             return 1;
         }
     }
@@ -77,7 +77,7 @@ int rand_read_cpu(RAND_poll_fn cb, void *arg)
     /* Second choice is RDRAND. */
     if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
         if (OPENSSL_ia32_rdrand_bytes(buff, sizeof(buff)) == sizeof(buff)) {
-            cb(arg, buff, (int)sizeof(buff), sizeof(buff));
+            rand_add(arg, buff, (int)sizeof(buff), sizeof(buff));
             return 1;
         }
     }
@@ -105,20 +105,14 @@ size_t drbg_entropy_from_system(RAND_DRBG *drbg,
                                 int entropy, size_t min_len, size_t max_len)
 {
     int i;
-
+    unsigned char *randomness;
 
     if (min_len > (size_t)drbg->size) {
         /* Should not happen.  See comment near RANDOMNESS_NEEDED. */
         min_len = drbg->size;
     }
 
-    if (drbg->filled) {
-        /* Re-use what we have. */
-        *pout = drbg->randomness;
-        return drbg->size;
-    }
-
-    drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
+    randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
                                     : OPENSSL_malloc(drbg->size);
 
     /* If we don't have enough, try to get more. */
@@ -133,15 +127,14 @@ size_t drbg_entropy_from_system(RAND_DRBG *drbg,
     if (min_len > rand_bytes.curr)
         min_len = rand_bytes.curr;
     if (min_len != 0) {
-        memcpy(drbg->randomness, rand_bytes.buff, min_len);
-        drbg->filled = 1;
+        memcpy(randomness, rand_bytes.buff, min_len);
         /* Update amount left and shift it down. */
         rand_bytes.curr -= min_len;
         if (rand_bytes.curr != 0)
             memmove(rand_bytes.buff, &rand_bytes.buff[min_len], rand_bytes.curr);
     }
     CRYPTO_THREAD_unlock(rand_bytes.lock);
-    *pout = drbg->randomness;
+    *pout = randomness;
     return min_len;
 }
 
@@ -150,33 +143,33 @@ size_t drbg_entropy_from_parent(RAND_DRBG *drbg,
                                 int entropy, size_t min_len, size_t max_len)
 {
     int st;
-
+    unsigned char *randomness;
+    
     if (min_len > (size_t)drbg->size) {
         /* Should not happen.  See comment near RANDOMNESS_NEEDED. */
         min_len = drbg->size;
     }
 
-    drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
+    randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
                                     : OPENSSL_malloc(drbg->size);
 
     /* Get random from parent, include our state as additional input. */
-    st = RAND_DRBG_generate(drbg->parent, drbg->randomness, min_len, 0,
+    st = RAND_DRBG_generate(drbg->parent, randomness, min_len, 0,
                             (unsigned char *)drbg, sizeof(*drbg));
-    if (st == 0)
+    if (st == 0) {
+        drbg_release_entropy(drbg, randomness, min_len);
         return 0;
-    drbg->filled = 1;
-    *pout = drbg->randomness;
+    }
+    *pout = randomness;
     return min_len;
 }
 
-void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out)
+void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
 {
-    drbg->filled = 0;
     if (drbg->secure)
-        OPENSSL_secure_clear_free(drbg->randomness, drbg->size);
+        OPENSSL_secure_clear_free(out, outlen);
     else
-        OPENSSL_clear_free(drbg->randomness, drbg->size);
-    drbg->randomness = NULL;
+        OPENSSL_clear_free(out, outlen);
 }
 
 
@@ -191,7 +184,6 @@ static int setup_drbg(RAND_DRBG *drbg)
     ret &= drbg->lock != NULL;
     drbg->size = RANDOMNESS_NEEDED;
     drbg->secure = CRYPTO_secure_malloc_initialized();
-    drbg->randomness = NULL;
     /* If you change these parameters, see RANDOMNESS_NEEDED */
     ret &= RAND_DRBG_set(drbg,
                          NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF) == 1;
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index eecd544..4f01e8a 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -50,7 +50,7 @@
  * As a precaution, we generate four times the required amount of seed
  * data.
  */
-int RAND_poll_ex(RAND_poll_fn cb, void *arg)
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg)
 {
     short int code;
     gid_t curr_gid;
@@ -72,11 +72,11 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
      * different processes.
      */
     curr_gid = getgid();
-    cb(arg, &curr_gid, sizeof curr_gid, 0);
+    rand_add(arg, &curr_gid, sizeof curr_gid, 0);
     curr_pid = getpid();
-    cb(arg, &curr_pid, sizeof curr_pid, 0);
+    rand_add(arg, &curr_pid, sizeof curr_pid, 0);
     curr_uid = getuid();
-    cb(arg, &curr_uid, sizeof curr_uid, 0);
+    rand_add(arg, &curr_uid, sizeof curr_uid, 0);
 
     for (i = 0; i < (RANDOMNESS_NEEDED * 4); i++) {
         /*
@@ -99,7 +99,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
         /* Get wall clock time, take 8 bits. */
         clock_gettime(CLOCK_REALTIME, &ts);
         v = (unsigned char)(ts.tv_nsec & 0xFF);
-        cb(arg, &v, sizeof v, 1);
+        rand_add(arg, &v, sizeof v, 1);
     }
     return 1;
 }
@@ -130,7 +130,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
 /*
  * Try the various seeding methods in turn, exit when succesful.
  */
-int RAND_poll_ex(RAND_poll_fn cb, void *arg)
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg)
 {
 #  ifdef OPENSSL_RAND_SEED_NONE
     return 0;
@@ -144,7 +144,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
         int i = getrandom(temp, TEMPSIZE, 0);
 
         if (i >= 0) {
-            cb(arg, temp, i, i);
+            rand_add(arg, temp, i, i);
             if (i == TEMPSIZE)
                 goto done;
         }
@@ -168,7 +168,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
                 continue;
             setbuf(fp, NULL);
             if (fread(temp, 1, TEMPSIZE, fp) == TEMPSIZE) {
-                cb(arg, temp, TEMPSIZE, TEMPSIZE);
+                rand_add(arg, temp, TEMPSIZE, TEMPSIZE);
                 fclose(fp);
                 goto done;
             }
@@ -178,11 +178,11 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
 #   endif
 
 #   ifdef OPENSSL_RAND_SEED_RDTSC
-    rand_read_tsc(cb, arg);
+    rand_read_tsc(rand_add, arg);
 #   endif
 
 #   ifdef OPENSSL_RAND_SEED_RDCPU
-    if (rand_read_cpu(cb, arg))
+    if (rand_read_cpu(rand_add, arg))
         goto done;
 #   endif
 
@@ -193,7 +193,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
 
         for (i = 0; paths[i] != NULL; i++) {
             if (RAND_query_egd_bytes(paths[i], temp, TEMPSIZE) == TEMPSIZE) {
-                cb(arg, temp, TEMPSIZE, TEMPSIZE);
+                rand_add(arg, temp, TEMPSIZE, TEMPSIZE);
                 goto done;
             }
         }
diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
index a6bb76d..773373d 100644
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@@ -54,7 +54,7 @@ static struct items_data_st {
     {0, 0}
 };
 
-int RAND_poll_ex(RAND_poll_fn cb, void *arg)
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg)
 {
     /* determine the number of items in the JPI array */
     struct items_data_st item_entry;
@@ -113,7 +113,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
     total_length += (tmp_length - 1);
 
     /* size of seed is total_length*4 bytes (64bytes) */
-    cb(arg, (PTR_T)data_buffer, total_length * 4, total_length * 2);
+    rand_add(arg, (PTR_T)data_buffer, total_length * 4, total_length * 2);
     return 1;
 }
 
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 457e2ad..8637ca4 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -39,7 +39,7 @@
 #  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
 # endif
 
-int RAND_poll_ex(RAND_poll_fn cb, void *arg)
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg)
 {
 # ifndef USE_BCRYPTGENRANDOM
     HCRYPTPROV hProvider;
@@ -58,7 +58,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
 # ifdef USE_BCRYPTGENRANDOM
     if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf),
                         BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
-        cb(arg, buf, sizeof(buf), sizeof(buf));
+        rand_add(arg, buf, sizeof(buf), sizeof(buf));
         return 1;
     }
 # else
@@ -66,7 +66,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
     if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
                              CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
         if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
-            cb(arg, buf, sizeof(buf), sizeof(buf));
+            rand_add(arg, buf, sizeof(buf), sizeof(buf));
             ok = 1;
         }
         CryptReleaseContext(hProvider, 0);
@@ -78,7 +78,7 @@ int RAND_poll_ex(RAND_poll_fn cb, void *arg)
     if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC,
                              CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
         if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
-            cb(arg, buf, sizeof(buf), sizeof(buf));
+            rand_add(arg, buf, sizeof(buf), sizeof(buf));
             ok = 1;
         }
         CryptReleaseContext(hProvider, 0);
diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod
index 5006bdb..ea81492 100644
--- a/doc/man3/RAND_add.pod
+++ b/doc/man3/RAND_add.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-RAND_add, RAND_poll, RAND_poll_ex, RAND_poll_fn,
+RAND_add, RAND_poll, RAND_poll_ex, RAND_poll_cb,
 RAND_seed, RAND_status, RAND_event, RAND_screen
 - add randomness to the PRNG or get its status
 
@@ -12,9 +12,9 @@ RAND_seed, RAND_status, RAND_event, RAND_screen
 
  int RAND_status(void);
 
- typedef void (*RAND_poll_fn)(void *arg,
+ typedef void (*RAND_poll_cb)(void *arg,
                               const void *buf, int num, double randomness);
- int RAND_poll_ex(RAND_poll_fn cb, void *arg);
+ int RAND_poll_ex(RAND_poll_cb cb, void *arg);
  int RAND_poll();
 
  void RAND_add(const void *buf, int num, double randomness);
diff --git a/include/internal/rand.h b/include/internal/rand.h
index 4e30e38..444c806 100644
--- a/include/internal/rand.h
+++ b/include/internal/rand.h
@@ -50,11 +50,12 @@ typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
                                            int entropy, size_t min_len,
                                            size_t max_len);
 typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
-                                             unsigned char *out);
+                                             unsigned char *out, size_t outlen);
 typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout,
                                          int entropy, size_t min_len,
                                          size_t max_len);
-typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx, unsigned char *out);
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx,
+                                           unsigned char *out, size_t outlen);
 
 int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
                             RAND_DRBG_get_entropy_fn get_entropy,
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index a8c1943..82e3762 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -61,10 +61,10 @@ int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path, int bytes);
 # endif
 
-typedef void (*RAND_poll_fn)(void *arg,
+typedef void (*RAND_poll_cb)(void *arg,
                              const void *buf, int num, double randomness);
 int RAND_poll(void);
-int RAND_poll_ex(RAND_poll_fn cb, void *arg);
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg);
 
 # if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
 /* application has to include <windows.h> in order to use these */
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 2363b50..7d33c30 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -26,16 +26,16 @@ typedef struct drbg_selftest_data_st {
     unsigned int flags;
 
     /* KAT data for no PR */
-    const unsigned char *ent;
-    size_t entlen;
+    const unsigned char *entropy;
+    size_t entropylen;
     const unsigned char *nonce;
     size_t noncelen;
     const unsigned char *pers;
     size_t perslen;
     const unsigned char *adin;
     size_t adinlen;
-    const unsigned char *entreseed;
-    size_t entreseedlen;
+    const unsigned char *entropyreseed;
+    size_t entropyreseedlen;
     const unsigned char *adinreseed;
     size_t adinreseedlen;
     const unsigned char *adin2;
@@ -46,20 +46,20 @@ typedef struct drbg_selftest_data_st {
     size_t kat2len;
 
     /* KAT data for PR */
-    const unsigned char *ent_pr;
-    size_t entlen_pr;
+    const unsigned char *entropy_pr;
+    size_t entropylen_pr;
     const unsigned char *nonce_pr;
     size_t noncelen_pr;
     const unsigned char *pers_pr;
     size_t perslen_pr;
     const unsigned char *adin_pr;
     size_t adinlen_pr;
-    const unsigned char *entpr_pr;
-    size_t entprlen_pr;
+    const unsigned char *entropypr_pr;
+    size_t entropyprlen_pr;
     const unsigned char *ading_pr;
     size_t adinglen_pr;
-    const unsigned char *entg_pr;
-    size_t entglen_pr;
+    const unsigned char *entropyg_pr;
+    size_t entropyglen_pr;
     const unsigned char *kat_pr;
     size_t katlen_pr;
     const unsigned char *kat2_pr;
@@ -106,9 +106,9 @@ static int app_data_index;
  * Test context data, attached as EXDATA to the RAND_DRBG
  */
 typedef struct test_ctx_st {
-    const unsigned char *ent;
-    size_t entlen;
-    int entcnt;
+    const unsigned char *entropy;
+    size_t entropylen;
+    int entropycnt;
     const unsigned char *nonce;
     size_t noncelen;
     int noncecnt;
@@ -119,9 +119,9 @@ static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
 {
     TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
 
-    t->entcnt++;
-    *pout = (unsigned char *)t->ent;
-    return t->entlen;
+    t->entropycnt++;
+    *pout = (unsigned char *)t->entropy;
+    return t->entropylen;
 }
 
 static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
@@ -164,8 +164,8 @@ static int single_kat(DRBG_SELFTEST_DATA *td)
         goto err;
     }
     memset(&t, 0, sizeof(t));
-    t.ent = td->ent;
-    t.entlen = td->entlen;
+    t.entropy = td->entropy;
+    t.entropylen = td->entropylen;
     t.nonce = td->nonce;
     t.noncelen = td->noncelen;
     RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
@@ -177,8 +177,8 @@ static int single_kat(DRBG_SELFTEST_DATA *td)
         failures++;
 
     /* Reseed DRBG with test entropy and additional input */
-    t.ent = td->entreseed;
-    t.entlen = td->entreseedlen;
+    t.entropy = td->entropyreseed;
+    t.entropylen = td->entropyreseedlen;
     if (!TEST_true(RAND_DRBG_reseed(drbg, td->adinreseed, td->adinreseedlen)
             || !TEST_true(RAND_DRBG_generate(drbg, buff, td->kat2len, 0,
                                              td->adin2, td->adin2len))
@@ -195,11 +195,11 @@ static int single_kat(DRBG_SELFTEST_DATA *td)
                                                   kat_nonce, NULL)))
         failures++;
     RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-    t.ent = td->ent_pr;
-    t.entlen = td->entlen_pr;
+    t.entropy = td->entropy_pr;
+    t.entropylen = td->entropylen_pr;
     t.nonce = td->nonce_pr;
     t.noncelen = td->noncelen_pr;
-    t.entcnt = 0;
+    t.entropycnt = 0;
     t.noncecnt = 0;
     if (!TEST_true(RAND_DRBG_instantiate(drbg, td->pers_pr, td->perslen_pr)))
         failures++;
@@ -208,8 +208,8 @@ static int single_kat(DRBG_SELFTEST_DATA *td)
      * Now generate with PR: we need to supply entropy as this will
      * perform a reseed operation.
      */
-    t.ent = td->entpr_pr;
-    t.entlen = td->entprlen_pr;
+    t.entropy = td->entropypr_pr;
+    t.entropylen = td->entropyprlen_pr;
     if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->katlen_pr, 1,
                                       td->adin_pr, td->adinlen_pr))
             || !TEST_mem_eq(td->kat_pr, td->katlen_pr, buff, td->katlen_pr))
@@ -218,8 +218,8 @@ static int single_kat(DRBG_SELFTEST_DATA *td)
     /*
      * Now generate again with PR: supply new entropy again.
      */
-    t.ent = td->entg_pr;
-    t.entlen = td->entglen_pr;
+    t.entropy = td->entropyg_pr;
+    t.entropylen = td->entropyglen_pr;
 
     if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->kat2len_pr, 1,
                                       td->ading_pr, td->adinglen_pr))
@@ -243,11 +243,11 @@ static int init(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td, TEST_CTX *t)
                                                   kat_nonce, NULL)))
         return 0;
     RAND_DRBG_set_ex_data(drbg, app_data_index, t);
-    t->ent = td->ent;
-    t->entlen = td->entlen;
+    t->entropy = td->entropy;
+    t->entropylen = td->entropylen;
     t->nonce = td->nonce;
     t->noncelen = td->noncelen;
-    t->entcnt = 0;
+    t->entropycnt = 0;
     t->noncecnt = 0;
     return 1;
 }
@@ -286,7 +286,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
 
     /* Test detection of too large personlisation string */
     if (!init(drbg, td, &t)
-            || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_pers + 1) > 0)
+            || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0)
         goto err;
 
     /*
@@ -294,7 +294,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
      */
 
     /* Test entropy source failure detecion: i.e. returns no data */
-    t.entlen = 0;
+    t.entropylen = 0;
     if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0))
         goto err;
 
@@ -305,14 +305,14 @@ static int error_check(DRBG_SELFTEST_DATA *td)
         goto err;
 
     /* Test insufficient entropy */
-    t.entlen = drbg->min_entropy - 1;
+    t.entropylen = drbg->min_entropylen - 1;
     if (!init(drbg, td, &t)
             || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
             || !uninstantiate(drbg))
         goto err;
 
     /* Test too much entropy */
-    t.entlen = drbg->max_entropy + 1;
+    t.entropylen = drbg->max_entropylen + 1;
     if (!init(drbg, td, &t)
             || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
             || !uninstantiate(drbg))
@@ -323,8 +323,8 @@ static int error_check(DRBG_SELFTEST_DATA *td)
      */
 
     /* Test too small nonce */
-    if (drbg->min_nonce) {
-        t.noncelen = drbg->min_nonce - 1;
+    if (drbg->min_noncelen) {
+        t.noncelen = drbg->min_noncelen - 1;
         if (!init(drbg, td, &t)
                 || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
                 || !uninstantiate(drbg))
@@ -332,8 +332,8 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     }
 
     /* Test too large nonce */
-    if (drbg->max_nonce) {
-        t.noncelen = drbg->max_nonce + 1;
+    if (drbg->max_noncelen) {
+        t.noncelen = drbg->max_noncelen + 1;
         if (!init(drbg, td, &t)
                 || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
                 || !uninstantiate(drbg))
@@ -353,14 +353,14 @@ static int error_check(DRBG_SELFTEST_DATA *td)
 
     /* Try too large additional input */
     if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
-                                       td->adin, drbg->max_adin + 1)))
+                                       td->adin, drbg->max_adinlen + 1)))
         goto err;
 
     /*
      * Check prediction resistance request fails if entropy source
      * failure.
      */
-    t.entlen = 0;
+    t.entropylen = 0;
     if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
                                       td->adin, td->adinlen))
             || !uninstantiate(drbg))
@@ -373,10 +373,10 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     drbg->reseed_counter = drbg->reseed_interval;
 
     /* Generate output and check entropy has been requested for reseed */
-    t.entcnt = 0;
+    t.entropycnt = 0;
     if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
                                       td->adin, td->adinlen))
-            || !TEST_int_eq(t.entcnt, 1)
+            || !TEST_int_eq(t.entropycnt, 1)
             || !TEST_int_eq(drbg->reseed_counter, reseed_counter_tmp + 1)
             || !uninstantiate(drbg))
         goto err;
@@ -385,7 +385,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
      * Check prediction resistance request fails if entropy source
      * failure.
      */
-    t.entlen = 0;
+    t.entropylen = 0;
     if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
                                        td->adin, td->adinlen))
             || !uninstantiate(drbg))
@@ -398,10 +398,10 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     drbg->reseed_counter = drbg->reseed_interval;
 
     /* Generate output and check entropy has been requested for reseed */
-    t.entcnt = 0;
+    t.entropycnt = 0;
     if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
                                       td->adin, td->adinlen))
-            || !TEST_int_eq(t.entcnt, 1)
+            || !TEST_int_eq(t.entropycnt, 1)
             || !TEST_int_eq(drbg->reseed_counter, reseed_counter_tmp + 1)
             || !uninstantiate(drbg))
         goto err;
@@ -412,11 +412,11 @@ static int error_check(DRBG_SELFTEST_DATA *td)
 
     /* Test explicit reseed with too large additional input */
     if (!init(drbg, td, &t)
-            || RAND_DRBG_reseed(drbg, td->adin, drbg->max_adin + 1) > 0)
+            || RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1) > 0)
         goto err;
 
     /* Test explicit reseed with entropy source failure */
-    t.entlen = 0;
+    t.entropylen = 0;
     if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen), 0)
             || !uninstantiate(drbg))
         goto err;
@@ -424,7 +424,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     /* Test explicit reseed with too much entropy */
     if (!init(drbg, td, &t))
         goto err;
-    t.entlen = drbg->max_entropy + 1;
+    t.entropylen = drbg->max_entropylen + 1;
     if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen), 0)
             || !uninstantiate(drbg))
         goto err;
@@ -432,7 +432,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     /* Test explicit reseed with too little entropy */
     if (!init(drbg, td, &t))
         goto err;
-    t.entlen = drbg->min_entropy - 1;
+    t.entropylen = drbg->min_entropylen - 1;
     if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen), 0)
             || !uninstantiate(drbg))
         goto err;
diff --git a/util/private.num b/util/private.num
index 0634757..a757357 100644
--- a/util/private.num
+++ b/util/private.num
@@ -33,7 +33,7 @@ OSSL_STORE_error_fn                     datatype
 OSSL_STORE_load_fn                      datatype
 OSSL_STORE_open_fn                      datatype
 OSSL_STORE_post_process_info_fn         datatype
-RAND_poll_fn                            datatype
+RAND_poll_cb                            datatype
 SSL_CTX_keylog_cb_func                  datatype
 SSL_early_cb_fn                         datatype
 SSL_psk_client_cb_func                  datatype


More information about the openssl-commits mailing list