[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Jul 14 09:20:45 UTC 2020
The branch master has been updated
via ce3080e931d77fda3bb4f2d923fcc6cec967d1a3 (commit)
from d35bab46c9e5edfeadc756bac9dc38213f172c07 (commit)
- Log -----------------------------------------------------------------
commit ce3080e931d77fda3bb4f2d923fcc6cec967d1a3
Author: Pauli <paul.dale at oracle.com>
Date: Sat Jul 4 10:48:19 2020 +1000
DRBG: rename the DRBG taxonomy.
The existing wording didn't capture the reality of the default setup, this new
nomenclature attempts to improve the situation.
Reviewed-by: Mark J. Cox <mark at awe.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12366)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/drbg_lib.c | 130 +++++------
crypto/rand/rand_local.h | 9 +-
...G_get0_master.pod => RAND_DRBG_get0_public.pod} | 10 +-
doc/man3/RAND_DRBG_new.pod | 2 +-
doc/man3/RAND_DRBG_reseed.pod | 24 +-
include/openssl/rand_drbg.h | 21 +-
test/drbgtest.c | 244 +++++++++++----------
util/libcrypto.num | 2 +-
8 files changed, 230 insertions(+), 212 deletions(-)
rename doc/man3/{RAND_DRBG_get0_master.pod => RAND_DRBG_get0_public.pod} (90%)
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index ee33cfa631..4b5d832df2 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -41,29 +41,32 @@ typedef struct drbg_global_st {
/*
* The three shared DRBG instances
*
- * There are three shared DRBG instances: <master>, <public>, and <private>.
+ * There are three shared DRBG instances: <primary>, <public>, and
+ * <private>. The <public> and <private> DRBGs are secondary ones.
+ * These are used for non-secret (e.g. nonces) and secret
+ * (e.g. private keys) data respectively.
*/
CRYPTO_RWLOCK *lock;
/*
- * The <master> DRBG
+ * The <primary> DRBG
*
* Not used directly by the application, only for reseeding the two other
* DRBGs. It reseeds itself by pulling either randomness from os entropy
* sources or by consuming randomness which was added by RAND_add().
*
- * The <master> DRBG is a global instance which is accessed concurrently by
+ * The <primary> DRBG is a global instance which is accessed concurrently by
* all threads. The necessary locking is managed automatically by its child
* DRBG instances during reseeding.
*/
- RAND_DRBG *master_drbg;
+ RAND_DRBG *primary_drbg;
/*
* The <public> DRBG
*
* Used by default for generating random bytes using RAND_bytes().
*
- * The <public> DRBG is thread-local, i.e., there is one instance per
- * thread.
+ * The <public> secondary DRBG is thread-local, i.e., there is one instance
+ * per thread.
*/
CRYPTO_THREAD_LOCAL public_drbg;
/*
@@ -71,43 +74,44 @@ typedef struct drbg_global_st {
*
* Used by default for generating private keys using RAND_priv_bytes()
*
- * The <private> DRBG is thread-local, i.e., there is one instance per
- * thread.
+ * The <private> secondary DRBG is thread-local, i.e., there is one
+ * instance per thread.
*/
CRYPTO_THREAD_LOCAL private_drbg;
} DRBG_GLOBAL;
#define RAND_DRBG_TYPE_FLAGS ( \
- RAND_DRBG_FLAG_MASTER | RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_PRIVATE )
+ RAND_DRBG_FLAG_PRIMARY | RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_PRIVATE )
-#define RAND_DRBG_TYPE_MASTER 0
+#define RAND_DRBG_TYPE_PRIMARY 0
#define RAND_DRBG_TYPE_PUBLIC 1
#define RAND_DRBG_TYPE_PRIVATE 2
/* Defaults */
static int rand_drbg_type[3] = {
- RAND_DRBG_TYPE, /* Master */
+ RAND_DRBG_TYPE, /* Primary */
RAND_DRBG_TYPE, /* Public */
RAND_DRBG_TYPE /* Private */
};
static unsigned int rand_drbg_flags[3] = {
- RAND_DRBG_FLAGS | RAND_DRBG_FLAG_MASTER, /* Master */
- RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC, /* Public */
- RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIVATE /* Private */
+ RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIMARY, /* Primary */
+ RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC, /* Public */
+ RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIVATE /* Private */
};
-static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL;
-static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL;
+static unsigned int primary_reseed_interval = PRIMARY_RESEED_INTERVAL;
+static unsigned int secondary_reseed_interval = SECONDARY_RESEED_INTERVAL;
-static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
-static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL;
+static time_t primary_reseed_time_interval = PRIMARY_RESEED_TIME_INTERVAL;
+static time_t secondary_reseed_time_interval = SECONDARY_RESEED_TIME_INTERVAL;
/* A logical OR of all used DRBG flag bits (currently there is only one) */
static const unsigned int rand_drbg_used_flags =
RAND_DRBG_FLAG_CTR_NO_DF | RAND_DRBG_FLAG_HMAC | RAND_DRBG_TYPE_FLAGS;
-static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent, int drbg_type);
+static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent,
+ int drbg_type);
static int get_drbg_params(int type, unsigned int flags, const char **name,
OSSL_PARAM params[3])
@@ -229,7 +233,7 @@ static void drbg_ossl_ctx_free(void *vdgbl)
return;
CRYPTO_THREAD_lock_free(dgbl->lock);
- RAND_DRBG_free(dgbl->master_drbg);
+ RAND_DRBG_free(dgbl->primary_drbg);
CRYPTO_THREAD_cleanup_local(&dgbl->private_drbg);
CRYPTO_THREAD_cleanup_local(&dgbl->public_drbg);
@@ -293,16 +297,16 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
int use_df;
if (type == 0 && flags == 0) {
- type = rand_drbg_type[RAND_DRBG_TYPE_MASTER];
- flags = rand_drbg_flags[RAND_DRBG_TYPE_MASTER];
+ type = rand_drbg_type[RAND_DRBG_TYPE_PRIMARY];
+ flags = rand_drbg_flags[RAND_DRBG_TYPE_PRIMARY];
}
if (drbg->parent == NULL) {
- reseed_interval = master_reseed_interval;
- reseed_time_interval = master_reseed_time_interval;
+ reseed_interval = primary_reseed_interval;
+ reseed_time_interval = primary_reseed_time_interval;
} else {
- reseed_interval = slave_reseed_interval;
- reseed_time_interval = slave_reseed_time_interval;
+ reseed_interval = secondary_reseed_interval;
+ reseed_time_interval = secondary_reseed_time_interval;
}
*p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS,
&reseed_interval);
@@ -371,9 +375,10 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags)
}
all = ((flags & RAND_DRBG_TYPE_FLAGS) == 0);
- if (all || (flags & RAND_DRBG_FLAG_MASTER) != 0) {
- rand_drbg_type[RAND_DRBG_TYPE_MASTER] = type;
- rand_drbg_flags[RAND_DRBG_TYPE_MASTER] = flags | RAND_DRBG_FLAG_MASTER;
+ if (all || (flags & RAND_DRBG_FLAG_PRIMARY) != 0) {
+ rand_drbg_type[RAND_DRBG_TYPE_PRIMARY] = type;
+ rand_drbg_flags[RAND_DRBG_TYPE_PRIMARY] = flags
+ | RAND_DRBG_FLAG_PRIMARY;
}
if (all || (flags & RAND_DRBG_FLAG_PUBLIC) != 0) {
rand_drbg_type[RAND_DRBG_TYPE_PUBLIC] = type;
@@ -381,7 +386,8 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags)
}
if (all || (flags & RAND_DRBG_FLAG_PRIVATE) != 0) {
rand_drbg_type[RAND_DRBG_TYPE_PRIVATE] = type;
- rand_drbg_flags[RAND_DRBG_TYPE_PRIVATE] = flags | RAND_DRBG_FLAG_PRIVATE;
+ rand_drbg_flags[RAND_DRBG_TYPE_PRIVATE] = flags
+ | RAND_DRBG_FLAG_PRIVATE;
}
return 1;
}
@@ -473,8 +479,8 @@ int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
return 0;
/* The reset uses the default values for type and flags */
- if (drbg->flags & RAND_DRBG_FLAG_MASTER)
- index = RAND_DRBG_TYPE_MASTER;
+ if (drbg->flags & RAND_DRBG_FLAG_PRIMARY)
+ index = RAND_DRBG_TYPE_PRIMARY;
else if (drbg->flags & RAND_DRBG_FLAG_PRIVATE)
index = RAND_DRBG_TYPE_PRIVATE;
else if (drbg->flags & RAND_DRBG_FLAG_PUBLIC)
@@ -730,32 +736,32 @@ int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval)
/*
* Set the default values for reseed (time) intervals of new DRBG instances
*
- * The default values can be set independently for master DRBG instances
- * (without a parent) and slave DRBG instances (with parent).
+ * The default values can be set independently for primary DRBG instances
+ * (without a parent) and secondary DRBG instances (with parent).
*
* Returns 1 on success, 0 on failure.
*/
int RAND_DRBG_set_reseed_defaults(
- unsigned int _master_reseed_interval,
- unsigned int _slave_reseed_interval,
- time_t _master_reseed_time_interval,
- time_t _slave_reseed_time_interval
+ unsigned int _primary_reseed_interval,
+ unsigned int _secondary_reseed_interval,
+ time_t _primary_reseed_time_interval,
+ time_t _secondary_reseed_time_interval
)
{
- if (_master_reseed_interval > MAX_RESEED_INTERVAL
- || _slave_reseed_interval > MAX_RESEED_INTERVAL)
+ if (_primary_reseed_interval > MAX_RESEED_INTERVAL
+ || _secondary_reseed_interval > MAX_RESEED_INTERVAL)
return 0;
- if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
- || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
+ if (_primary_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
+ || _secondary_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
return 0;
- master_reseed_interval = _master_reseed_interval;
- slave_reseed_interval = _slave_reseed_interval;
+ primary_reseed_interval = _primary_reseed_interval;
+ secondary_reseed_interval = _secondary_reseed_interval;
- master_reseed_time_interval = _master_reseed_time_interval;
- slave_reseed_time_interval = _slave_reseed_time_interval;
+ primary_reseed_time_interval = _primary_reseed_time_interval;
+ secondary_reseed_time_interval = _secondary_reseed_time_interval;
return 1;
}
@@ -793,7 +799,7 @@ static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent, int drbg_type)
if (drbg == NULL)
return NULL;
- /* Only the master DRBG needs to have a lock */
+ /* Only the primary DRBG needs to have a lock */
if (parent == NULL && EVP_RAND_enable_locking(drbg->rand) == 0)
goto err;
@@ -878,30 +884,30 @@ int RAND_DRBG_verify_zeroization(RAND_DRBG *drbg)
}
/*
- * Get the master DRBG.
+ * Get the primary DRBG.
* Returns pointer to the DRBG on success, NULL on failure.
*
*/
-RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx)
+RAND_DRBG *OPENSSL_CTX_get0_primary_drbg(OPENSSL_CTX *ctx)
{
DRBG_GLOBAL *dgbl = drbg_get_global(ctx);
if (dgbl == NULL)
return NULL;
- if (dgbl->master_drbg == NULL) {
+ if (dgbl->primary_drbg == NULL) {
if (!CRYPTO_THREAD_write_lock(dgbl->lock))
return NULL;
- if (dgbl->master_drbg == NULL)
- dgbl->master_drbg = drbg_setup(ctx, NULL, RAND_DRBG_TYPE_MASTER);
+ if (dgbl->primary_drbg == NULL)
+ dgbl->primary_drbg = drbg_setup(ctx, NULL, RAND_DRBG_TYPE_PRIMARY);
CRYPTO_THREAD_unlock(dgbl->lock);
}
- return dgbl->master_drbg;
+ return dgbl->primary_drbg;
}
RAND_DRBG *RAND_DRBG_get0_master(void)
{
- return OPENSSL_CTX_get0_master_drbg(NULL);
+ return OPENSSL_CTX_get0_primary_drbg(NULL);
}
/*
@@ -911,15 +917,15 @@ RAND_DRBG *RAND_DRBG_get0_master(void)
RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx)
{
DRBG_GLOBAL *dgbl = drbg_get_global(ctx);
- RAND_DRBG *drbg, *master;
+ RAND_DRBG *drbg, *primary;
if (dgbl == NULL)
return NULL;
drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg);
if (drbg == NULL) {
- master = OPENSSL_CTX_get0_master_drbg(ctx);
- if (master == NULL)
+ primary = OPENSSL_CTX_get0_primary_drbg(ctx);
+ if (primary == NULL)
return NULL;
ctx = openssl_ctx_get_concrete(ctx);
@@ -930,7 +936,7 @@ RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx)
if (CRYPTO_THREAD_get_local(&dgbl->private_drbg) == NULL
&& !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
return NULL;
- drbg = drbg_setup(ctx, master, RAND_DRBG_TYPE_PUBLIC);
+ drbg = drbg_setup(ctx, primary, RAND_DRBG_TYPE_PUBLIC);
CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg);
}
return drbg;
@@ -948,15 +954,15 @@ RAND_DRBG *RAND_DRBG_get0_public(void)
RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx)
{
DRBG_GLOBAL *dgbl = drbg_get_global(ctx);
- RAND_DRBG *drbg, *master;
+ RAND_DRBG *drbg, *primary;
if (dgbl == NULL)
return NULL;
drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg);
if (drbg == NULL) {
- master = OPENSSL_CTX_get0_master_drbg(ctx);
- if (master == NULL)
+ primary = OPENSSL_CTX_get0_primary_drbg(ctx);
+ if (primary == NULL)
return NULL;
ctx = openssl_ctx_get_concrete(ctx);
@@ -967,7 +973,7 @@ RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx)
if (CRYPTO_THREAD_get_local(&dgbl->public_drbg) == NULL
&& !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
return NULL;
- drbg = drbg_setup(ctx, master, RAND_DRBG_TYPE_PRIVATE);
+ drbg = drbg_setup(ctx, primary, RAND_DRBG_TYPE_PRIVATE);
CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg);
}
return drbg;
diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h
index e46248cf9b..73751d25e4 100644
--- a/crypto/rand/rand_local.h
+++ b/crypto/rand/rand_local.h
@@ -26,10 +26,11 @@
# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */
/* Default reseed intervals */
-# define MASTER_RESEED_INTERVAL (1 << 8)
-# define SLAVE_RESEED_INTERVAL (1 << 16)
-# define MASTER_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */
-# define SLAVE_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */
+# define PRIMARY_RESEED_INTERVAL (1 << 8)
+# define SECONDARY_RESEED_INTERVAL (1 << 16)
+# define PRIMARY_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */
+# define SECONDARY_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */
+
/*
* The state of all types of DRBGs.
*/
diff --git a/doc/man3/RAND_DRBG_get0_master.pod b/doc/man3/RAND_DRBG_get0_public.pod
similarity index 90%
rename from doc/man3/RAND_DRBG_get0_master.pod
rename to doc/man3/RAND_DRBG_get0_public.pod
index 77d0ab70a5..33062a9e7e 100644
--- a/doc/man3/RAND_DRBG_get0_master.pod
+++ b/doc/man3/RAND_DRBG_get0_public.pod
@@ -2,7 +2,7 @@
=head1 NAME
-OPENSSL_CTX_get0_master_drbg,
+OPENSSL_CTX_get0_primary_drbg,
OPENSSL_CTX_get0_public_drbg,
OPENSSL_CTX_get0_private_drbg,
RAND_DRBG_get0_master,
@@ -14,7 +14,7 @@ RAND_DRBG_get0_private
#include <openssl/rand_drbg.h>
- RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx);
+ RAND_DRBG *OPENSSL_CTX_get0_primary_drbg(OPENSSL_CTX *ctx);
RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx);
RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx);
RAND_DRBG *RAND_DRBG_get0_master(void);
@@ -36,7 +36,7 @@ These functions here provide access to the shared DRBG instances.
=head1 RETURN VALUES
-OPENSSL_CTX_get0_master_drbg() returns a pointer to the I<master> DRBG instance
+OPENSSL_CTX_get0_primary_drbg() returns a pointer to the I<master> DRBG instance
for the given OPENSSL_CTX B<ctx>.
OPENSSL_CTX_get0_public_drbg() returns a pointer to the I<public> DRBG instance
@@ -48,7 +48,7 @@ for the given OPENSSL_CTX B<ctx>.
In all the above cases the B<ctx> parameter can
be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_get0_master(),
RAND_DRBG_get0_public() and RAND_DRBG_get0_private() are the same as
-OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and
+OPENSSL_CTX_get0_primary_drbg(), OPENSSL_CTX_get0_public_drbg() and
OPENSSL_CTX_get0_private_drbg() respectively except that the default OPENSSL_CTX
is always used.
@@ -80,7 +80,7 @@ L<RAND_DRBG(7)>
=head1 HISTORY
-The OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and
+The OPENSSL_CTX_get0_primary_drbg(), OPENSSL_CTX_get0_public_drbg() and
OPENSSL_CTX_get0_private_drbg() functions were added in OpenSSL 3.0.
All other RAND_DRBG functions were added in OpenSSL 1.1.1.
diff --git a/doc/man3/RAND_DRBG_new.pod b/doc/man3/RAND_DRBG_new.pod
index d8b9633c7a..340fccdce6 100644
--- a/doc/man3/RAND_DRBG_new.pod
+++ b/doc/man3/RAND_DRBG_new.pod
@@ -84,7 +84,7 @@ see [NIST SP 800-90A Rev. 1].
Enables use of HMAC instead of the HASH DRBG.
-=item RAND_DRBG_FLAG_MASTER
+=item RAND_DRBG_FLAG_PRIMARY
=item RAND_DRBG_FLAG_PUBLIC
diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod
index b73f35fb66..a0878151e4 100644
--- a/doc/man3/RAND_DRBG_reseed.pod
+++ b/doc/man3/RAND_DRBG_reseed.pod
@@ -23,10 +23,10 @@ RAND_DRBG_set_reseed_defaults
time_t interval);
int RAND_DRBG_set_reseed_defaults(
- unsigned int master_reseed_interval,
- unsigned int slave_reseed_interval,
- time_t master_reseed_time_interval,
- time_t slave_reseed_time_interval
+ unsigned int primary_reseed_interval,
+ unsigned int secondary_reseed_interval,
+ time_t primary_reseed_time_interval,
+ time_t secondary_reseed_time_interval
);
@@ -60,12 +60,13 @@ elapsed time since its last reseeding exceeds the given reseed time interval.
If B<interval> == 0, then this feature is disabled.
RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval
-(B<master_reseed_interval> and B<slave_reseed_interval>)
+(B<primary_reseed_interval> and B<secondary_reseed_interval>)
and the reseed time interval
-(B<master_reseed_time_interval> and B<slave_reseed_tme_interval>)
+(B<primary_reseed_time_interval> and B<secondary_reseed_tme_interval>)
of DRBG instances.
-The default values are set independently for master DRBG instances (which don't
-have a parent) and slave DRBG instances (which are chained to a parent DRBG).
+The default values are set independently for primary DRBG instances (which don't
+have a parent) and secondary DRBG instances (which are chained to a parent
+DRBG).
=head1 RETURN VALUES
@@ -74,7 +75,6 @@ RAND_DRBG_set_reseed_interval(), and
RAND_DRBG_set_reseed_time_interval(),
return 1 on success, 0 on failure.
-
=head1 NOTES
The default OpenSSL random generator is already set up for automatic reseeding,
@@ -89,9 +89,9 @@ by providing application defined callbacks using RAND_DRBG_set_callbacks().
The reseeding default values are applied only during creation of a DRBG instance.
To ensure that they are applied to the global and thread-local DRBG instances
-(<master>, resp. <public> and <private>), it is necessary to call
-RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any
- cryptographic routines that obtain random data directly or indirectly.
+(<primary>, resp. <public> and <private>), it is necessary to call
+RAND_DRBG_set_reseed_defaults() before creating any thread and before calling
+any cryptographic routines that obtain random data directly or indirectly.
=head1 SEE ALSO
diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h
index f8517b8ecd..afc4d43eb8 100644
--- a/include/openssl/rand_drbg.h
+++ b/include/openssl/rand_drbg.h
@@ -35,8 +35,8 @@
*/
# define RAND_DRBG_FLAG_HMAC 0x2
-/* Used by RAND_DRBG_set_defaults() to set the master DRBG type and flags. */
-# define RAND_DRBG_FLAG_MASTER 0x4
+/* Used by RAND_DRBG_set_defaults() to set the primary DRBG type and flags. */
+# define RAND_DRBG_FLAG_PRIMARY 0x4
/* Used by RAND_DRBG_set_defaults() to set the public DRBG type and flags. */
# define RAND_DRBG_FLAG_PUBLIC 0x8
/* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */
@@ -104,19 +104,26 @@ int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
int RAND_DRBG_set_reseed_defaults(
- unsigned int master_reseed_interval,
- unsigned int slave_reseed_interval,
- time_t master_reseed_time_interval,
- time_t slave_reseed_time_interval
+ unsigned int primary_reseed_interval,
+ unsigned int secondary_reseed_interval,
+ time_t primary_reseed_time_interval,
+ time_t secondary_reseed_time_interval
);
-RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx);
+RAND_DRBG *OPENSSL_CTX_get0_primary_drbg(OPENSSL_CTX *ctx);
RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx);
RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx);
RAND_DRBG *RAND_DRBG_get0_master(void);
RAND_DRBG *RAND_DRBG_get0_public(void);
RAND_DRBG *RAND_DRBG_get0_private(void);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+/* Retain legacy deprecated names */
+# define RAND_DRBG_FLAG_MASTER RAND_DRBG_FLAG_PRIMARY
+# define OPENSSL_CTX_get0_master_drbg OPENSSL_CTX_get0_primary_drbg
+# define RAND_DRBG_get0_master RAND_DRBG_get0_master
+# endif
+
/*
* EXDATA
*/
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 1022ad7725..f9e65757c2 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -625,7 +625,7 @@ err:
* expected.
*
* |expect_success|: expected outcome (as reported by RAND_status())
- * |master|, |public|, |private|: pointers to the three shared DRBGs
+ * |primary|, |public|, |private|: pointers to the three shared DRBGs
* |expect_xxx_reseed| =
* 1: it is expected that the specified DRBG is reseeded
* 0: it is expected that the specified DRBG is not reseeded
@@ -634,10 +634,10 @@ err:
* |before_reseed| time.
*/
static int test_drbg_reseed(int expect_success,
- RAND_DRBG *master,
+ RAND_DRBG *primary,
RAND_DRBG *public,
RAND_DRBG *private,
- int expect_master_reseed,
+ int expect_primary_reseed,
int expect_public_reseed,
int expect_private_reseed,
time_t reseed_when
@@ -646,14 +646,14 @@ static int test_drbg_reseed(int expect_success,
unsigned char buf[32];
time_t before_reseed, after_reseed;
int expected_state = (expect_success ? DRBG_READY : DRBG_ERROR);
- unsigned int master_reseed, public_reseed, private_reseed;
+ unsigned int primary_reseed, public_reseed, private_reseed;
/*
* step 1: check preconditions
*/
/* Test whether seed propagation is enabled */
- if (!TEST_int_ne(master_reseed = reseed_counter(master), 0)
+ if (!TEST_int_ne(primary_reseed = reseed_counter(primary), 0)
|| !TEST_int_ne(public_reseed = reseed_counter(public), 0)
|| !TEST_int_ne(private_reseed = reseed_counter(private), 0))
return 0;
@@ -666,7 +666,7 @@ static int test_drbg_reseed(int expect_success,
reseed_when = time(NULL);
/* Generate random output from the public and private DRBG */
- before_reseed = expect_master_reseed == 1 ? reseed_when : 0;
+ before_reseed = expect_primary_reseed == 1 ? reseed_when : 0;
if (!TEST_int_eq(RAND_bytes(buf, sizeof(buf)), expect_success)
|| !TEST_int_eq(RAND_priv_bytes(buf, sizeof(buf)), expect_success))
return 0;
@@ -678,14 +678,14 @@ static int test_drbg_reseed(int expect_success,
*/
/* Test whether reseeding succeeded as expected */
- if (/*!TEST_int_eq(state(master), expected_state)
+ if (/*!TEST_int_eq(state(primary), expected_state)
|| */!TEST_int_eq(state(public), expected_state)
|| !TEST_int_eq(state(private), expected_state))
return 0;
- if (expect_master_reseed >= 0) {
- /* Test whether master DRBG was reseeded as expected */
- if (!TEST_int_ge(reseed_counter(master), master_reseed))
+ if (expect_primary_reseed >= 0) {
+ /* Test whether primary DRBG was reseeded as expected */
+ if (!TEST_int_ge(reseed_counter(primary), primary_reseed))
return 0;
}
@@ -693,7 +693,7 @@ static int test_drbg_reseed(int expect_success,
/* Test whether public DRBG was reseeded as expected */
if (!TEST_int_ge(reseed_counter(public), public_reseed)
|| !TEST_uint_ge(reseed_counter(public),
- reseed_counter(master)))
+ reseed_counter(primary)))
return 0;
}
@@ -701,19 +701,19 @@ static int test_drbg_reseed(int expect_success,
/* Test whether public DRBG was reseeded as expected */
if (!TEST_int_ge(reseed_counter(private), private_reseed)
|| !TEST_uint_ge(reseed_counter(private),
- reseed_counter(master)))
+ reseed_counter(primary)))
return 0;
}
if (expect_success == 1) {
- /* Test whether reseed time of master DRBG is set correctly */
- if (!TEST_time_t_le(before_reseed, reseed_time(master))
- || !TEST_time_t_le(reseed_time(master), after_reseed))
+ /* Test whether reseed time of primary DRBG is set correctly */
+ if (!TEST_time_t_le(before_reseed, reseed_time(primary))
+ || !TEST_time_t_le(reseed_time(primary), after_reseed))
return 0;
- /* Test whether reseed times of child DRBGs are synchronized with master */
- if (!TEST_time_t_ge(reseed_time(public), reseed_time(master))
- || !TEST_time_t_ge(reseed_time(private), reseed_time(master)))
+ /* Test whether reseed times of child DRBGs are synchronized with primary */
+ if (!TEST_time_t_ge(reseed_time(public), reseed_time(primary))
+ || !TEST_time_t_ge(reseed_time(private), reseed_time(primary)))
return 0;
} else {
ERR_clear_error();
@@ -725,10 +725,10 @@ static int test_drbg_reseed(int expect_success,
#if defined(OPENSSL_SYS_UNIX)
/*
- * Test whether master, public and private DRBG are reseeded after
+ * Test whether primary, public and private DRBG are reseeded after
* forking the process.
*/
-static int test_drbg_reseed_after_fork(RAND_DRBG *master,
+static int test_drbg_reseed_after_fork(RAND_DRBG *primary,
RAND_DRBG *public,
RAND_DRBG *private)
{
@@ -745,7 +745,7 @@ static int test_drbg_reseed_after_fork(RAND_DRBG *master,
}
/* I'm the child; check whether all three DRBGs reseed. */
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0)))
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, 0)))
status = 1;
exit(status);
}
@@ -758,7 +758,7 @@ static int test_drbg_reseed_after_fork(RAND_DRBG *master,
*/
static int test_rand_drbg_reseed(void)
{
- RAND_DRBG *master, *public, *private;
+ RAND_DRBG *primary, *public, *private;
unsigned char rand_add_buf[256];
int rv = 0;
time_t before_reseed;
@@ -771,25 +771,25 @@ static int test_rand_drbg_reseed(void)
return 0;
/* All three DRBGs should be non-null */
- if (!TEST_ptr(master = RAND_DRBG_get0_master())
+ if (!TEST_ptr(primary = RAND_DRBG_get0_master())
|| !TEST_ptr(public = RAND_DRBG_get0_public())
|| !TEST_ptr(private = RAND_DRBG_get0_private()))
return 0;
- /* There should be three distinct DRBGs, two of them chained to master */
+ /* There should be three distinct DRBGs, two of them chained to primary */
if (!TEST_ptr_ne(public, private)
- || !TEST_ptr_ne(public, master)
- || !TEST_ptr_ne(private, master)
- || !TEST_ptr_eq(public->parent, master)
- || !TEST_ptr_eq(private->parent, master))
+ || !TEST_ptr_ne(public, primary)
+ || !TEST_ptr_ne(private, primary)
+ || !TEST_ptr_eq(public->parent, primary)
+ || !TEST_ptr_eq(private->parent, primary))
return 0;
- /* Disable CRNG testing for the master DRBG */
- if (!TEST_true(disable_crngt(master)))
+ /* Disable CRNG testing for the primary DRBG */
+ if (!TEST_true(disable_crngt(primary)))
return 0;
/* uninstantiate the three global DRBGs */
- RAND_DRBG_uninstantiate(master);
+ RAND_DRBG_uninstantiate(primary);
RAND_DRBG_uninstantiate(private);
RAND_DRBG_uninstantiate(public);
@@ -797,44 +797,44 @@ static int test_rand_drbg_reseed(void)
/*
* Test initial seeding of shared DRBGs
*/
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0)))
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, 0)))
goto error;
/*
* Test initial state of shared DRBGs
*/
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0, 0)))
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 0, 0)))
goto error;
/*
* Test whether the public and private DRBG are both reseeded when their
- * reseed counters differ from the master's reseed counter.
+ * reseed counters differ from the primary's reseed counter.
*/
- inc_reseed_counter(master);
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1, 0)))
+ inc_reseed_counter(primary);
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 1, 1, 0)))
goto error;
/*
* Test whether the public DRBG is reseeded when its reseed counter differs
- * from the master's reseed counter.
+ * from the primary's reseed counter.
*/
- inc_reseed_counter(master);
+ inc_reseed_counter(primary);
inc_reseed_counter(private);
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0, 0)))
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 1, 0, 0)))
goto error;
/*
* Test whether the private DRBG is reseeded when its reseed counter differs
- * from the master's reseed counter.
+ * from the primary's reseed counter.
*/
- inc_reseed_counter(master);
+ inc_reseed_counter(primary);
inc_reseed_counter(public);
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1, 0)))
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 1, 0)))
goto error;
#if defined(OPENSSL_SYS_UNIX)
- if (!TEST_true(test_drbg_reseed_after_fork(master, public, private)))
+ if (!TEST_true(test_drbg_reseed_after_fork(primary, public, private)))
goto error;
#endif
@@ -845,14 +845,14 @@ static int test_rand_drbg_reseed(void)
/*
* Test whether all three DRBGs are reseeded by RAND_add().
* The before_reseed time has to be measured here and passed into the
- * test_drbg_reseed() test, because the master DRBG gets already reseeded
+ * test_drbg_reseed() test, because the primary DRBG gets already reseeded
* in RAND_add(), whence the check for the condition
- * before_reseed <= reseed_time(master) will fail if the time value happens
+ * before_reseed <= reseed_time(primary) will fail if the time value happens
* to increase between the RAND_add() and the test_drbg_reseed() call.
*/
before_reseed = time(NULL);
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1,
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1,
before_reseed)))
goto error;
#else /* FIPS_MODULE */
@@ -864,7 +864,7 @@ static int test_rand_drbg_reseed(void)
*/
before_reseed = time(NULL);
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0,
+ if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 0,
before_reseed)))
goto error;
#endif
@@ -983,84 +983,88 @@ static int test_multi_thread(void)
static int test_rand_drbg_prediction_resistance(void)
{
- RAND_DRBG *m = NULL, *i = NULL, *s = NULL;
+ RAND_DRBG *x = NULL, *y = NULL, *z = NULL;
unsigned char buf1[51], buf2[sizeof(buf1)];
- int ret = 0, mreseed, ireseed, sreseed;
+ int ret = 0, xreseed, yreseed, zreseed;
if (crngt_skip())
return TEST_skip("CRNGT cannot be disabled");
/* Initialise a three long DRBG chain */
- if (!TEST_ptr(m = RAND_DRBG_new(0, 0, NULL))
- || !TEST_true(disable_crngt(m))
- || !TEST_true(RAND_DRBG_instantiate(m, NULL, 0))
- || !TEST_ptr(i = RAND_DRBG_new(0, 0, m))
- || !TEST_true(RAND_DRBG_instantiate(i, NULL, 0))
- || !TEST_ptr(s = RAND_DRBG_new(0, 0, i))
- || !TEST_true(RAND_DRBG_instantiate(s, NULL, 0)))
+ if (!TEST_ptr(x = RAND_DRBG_new(0, 0, NULL))
+ || !TEST_true(disable_crngt(x))
+ || !TEST_true(RAND_DRBG_instantiate(x, NULL, 0))
+ || !TEST_ptr(y = RAND_DRBG_new(0, 0, x))
+ || !TEST_true(RAND_DRBG_instantiate(y, NULL, 0))
+ || !TEST_ptr(z = RAND_DRBG_new(0, 0, y))
+ || !TEST_true(RAND_DRBG_instantiate(z, NULL, 0)))
goto err;
- /* During a normal reseed, only the slave DRBG should be reseed */
- inc_reseed_counter(i);
- mreseed = reseed_counter(m);
- ireseed = reseed_counter(i);
- sreseed = reseed_counter(s);
- if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0))
- || !TEST_int_eq(reseed_counter(m), mreseed)
- || !TEST_int_eq(reseed_counter(i), ireseed)
- || !TEST_int_gt(reseed_counter(s), sreseed))
+ /*
+ * During a normal reseed, only the last DRBG in the chain should
+ * be reseeded.
+ */
+ inc_reseed_counter(y);
+ xreseed = reseed_counter(x);
+ yreseed = reseed_counter(y);
+ zreseed = reseed_counter(z);
+ if (!TEST_true(RAND_DRBG_reseed(z, NULL, 0, 0))
+ || !TEST_int_eq(reseed_counter(x), xreseed)
+ || !TEST_int_eq(reseed_counter(y), yreseed)
+ || !TEST_int_gt(reseed_counter(z), zreseed))
goto err;
/*
* When prediction resistance is requested, the request should be
- * propagated to the master, so that the entire DRBG chain reseeds.
+ * propagated to the primary, so that the entire DRBG chain reseeds.
*/
- sreseed = reseed_counter(s);
- if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 1))
- || !TEST_int_gt(reseed_counter(m), mreseed)
- || !TEST_int_gt(reseed_counter(i), ireseed)
- || !TEST_int_gt(reseed_counter(s), sreseed))
+ zreseed = reseed_counter(z);
+ if (!TEST_true(RAND_DRBG_reseed(z, NULL, 0, 1))
+ || !TEST_int_gt(reseed_counter(x), xreseed)
+ || !TEST_int_gt(reseed_counter(y), yreseed)
+ || !TEST_int_gt(reseed_counter(z), zreseed))
goto err;
- /* During a normal generate, only the slave DRBG should be reseed */
- inc_reseed_counter(i);
- mreseed = reseed_counter(m);
- ireseed = reseed_counter(i);
- sreseed = reseed_counter(s);
- if (!TEST_true(RAND_DRBG_generate(s, buf1, sizeof(buf1), 0, NULL, 0))
- || !TEST_int_eq(reseed_counter(m), mreseed)
- || !TEST_int_eq(reseed_counter(i), ireseed)
- || !TEST_int_gt(reseed_counter(s), sreseed))
+ /*
+ * During a normal generate, only the last DRBG should be reseed */
+ inc_reseed_counter(y);
+ xreseed = reseed_counter(x);
+ yreseed = reseed_counter(y);
+ zreseed = reseed_counter(z);
+ if (!TEST_true(RAND_DRBG_generate(z, buf1, sizeof(buf1), 0, NULL, 0))
+ || !TEST_int_eq(reseed_counter(x), xreseed)
+ || !TEST_int_eq(reseed_counter(y), yreseed)
+ || !TEST_int_gt(reseed_counter(z), zreseed))
goto err;
/*
* When a prediction resistant generate is requested, the request
- * should be propagated to the master, reseeding the entire DRBG chain.
+ * should be propagated to the primary, reseeding the entire DRBG chain.
*/
- sreseed = reseed_counter(s);
- if (!TEST_true(RAND_DRBG_generate(s, buf2, sizeof(buf2), 1, NULL, 0))
- || !TEST_int_gt(reseed_counter(m), mreseed)
- || !TEST_int_gt(reseed_counter(i), ireseed)
- || !TEST_int_gt(reseed_counter(s), sreseed)
+ zreseed = reseed_counter(z);
+ if (!TEST_true(RAND_DRBG_generate(z, buf2, sizeof(buf2), 1, NULL, 0))
+ || !TEST_int_gt(reseed_counter(x), xreseed)
+ || !TEST_int_gt(reseed_counter(y), yreseed)
+ || !TEST_int_gt(reseed_counter(z), zreseed)
|| !TEST_mem_ne(buf1, sizeof(buf1), buf2, sizeof(buf2)))
goto err;
- /* Verify that a normal reseed still only reseeds the slave DRBG */
- inc_reseed_counter(i);
- mreseed = reseed_counter(m);
- ireseed = reseed_counter(i);
- sreseed = reseed_counter(s);
- if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0))
- || !TEST_int_eq(reseed_counter(m), mreseed)
- || !TEST_int_eq(reseed_counter(i), ireseed)
- || !TEST_int_gt(reseed_counter(s), sreseed))
+ /* Verify that a normal reseed still only reseeds the last DRBG */
+ inc_reseed_counter(y);
+ xreseed = reseed_counter(x);
+ yreseed = reseed_counter(y);
+ zreseed = reseed_counter(z);
+ if (!TEST_true(RAND_DRBG_reseed(z, NULL, 0, 0))
+ || !TEST_int_eq(reseed_counter(x), xreseed)
+ || !TEST_int_eq(reseed_counter(y), yreseed)
+ || !TEST_int_gt(reseed_counter(z), zreseed))
goto err;
ret = 1;
err:
- RAND_DRBG_free(s);
- RAND_DRBG_free(i);
- RAND_DRBG_free(m);
+ RAND_DRBG_free(z);
+ RAND_DRBG_free(y);
+ RAND_DRBG_free(x);
return ret;
}
@@ -1106,15 +1110,15 @@ err:
static int test_set_defaults(void)
{
- RAND_DRBG *master = NULL, *public = NULL, *private = NULL;
+ RAND_DRBG *primary = NULL, *public = NULL, *private = NULL;
- /* Check the default type and flags for master, public and private */
- return TEST_ptr(master = RAND_DRBG_get0_master())
+ /* Check the default type and flags for primary, public and private */
+ return TEST_ptr(primary = RAND_DRBG_get0_master())
&& TEST_ptr(public = RAND_DRBG_get0_public())
&& TEST_ptr(private = RAND_DRBG_get0_private())
- && TEST_int_eq(master->type, RAND_DRBG_TYPE)
- && TEST_int_eq(master->flags,
- RAND_DRBG_FLAGS | RAND_DRBG_FLAG_MASTER)
+ && TEST_int_eq(primary->type, RAND_DRBG_TYPE)
+ && TEST_int_eq(primary->flags,
+ RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIMARY)
&& TEST_int_eq(public->type, RAND_DRBG_TYPE)
&& TEST_int_eq(public->flags,
RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC)
@@ -1122,12 +1126,12 @@ static int test_set_defaults(void)
&& TEST_int_eq(private->flags,
RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIVATE)
- /* change master DRBG and check again */
+ /* change primary DRBG and check again */
&& TEST_true(RAND_DRBG_set_defaults(NID_sha256,
- RAND_DRBG_FLAG_MASTER))
- && TEST_true(RAND_DRBG_uninstantiate(master))
- && TEST_int_eq(master->type, NID_sha256)
- && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER)
+ RAND_DRBG_FLAG_PRIMARY))
+ && TEST_true(RAND_DRBG_uninstantiate(primary))
+ && TEST_int_eq(primary->type, NID_sha256)
+ && TEST_int_eq(primary->flags, RAND_DRBG_FLAG_PRIMARY)
&& TEST_int_eq(public->type, RAND_DRBG_TYPE)
&& TEST_int_eq(public->flags,
RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC)
@@ -1138,8 +1142,8 @@ static int test_set_defaults(void)
&& TEST_true(RAND_DRBG_set_defaults(NID_sha256,
RAND_DRBG_FLAG_PRIVATE|RAND_DRBG_FLAG_HMAC))
&& TEST_true(RAND_DRBG_uninstantiate(private))
- && TEST_int_eq(master->type, NID_sha256)
- && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER)
+ && TEST_int_eq(primary->type, NID_sha256)
+ && TEST_int_eq(primary->flags, RAND_DRBG_FLAG_PRIMARY)
&& TEST_int_eq(public->type, RAND_DRBG_TYPE)
&& TEST_int_eq(public->flags,
RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC)
@@ -1151,8 +1155,8 @@ static int test_set_defaults(void)
RAND_DRBG_FLAG_PUBLIC
| RAND_DRBG_FLAG_HMAC))
&& TEST_true(RAND_DRBG_uninstantiate(public))
- && TEST_int_eq(master->type, NID_sha256)
- && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER)
+ && TEST_int_eq(primary->type, NID_sha256)
+ && TEST_int_eq(primary->flags, RAND_DRBG_FLAG_PRIMARY)
&& TEST_int_eq(public->type, NID_sha1)
&& TEST_int_eq(public->flags,
RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_HMAC)
@@ -1167,21 +1171,21 @@ static int test_set_defaults(void)
/* FIPS mode doesn't support CTR DRBG without a derivation function */
#ifndef FIPS_MODULE
- /* Change DRBG defaults and change master and check again */
+ /* Change DRBG defaults and change primary and check again */
&& TEST_true(RAND_DRBG_set_defaults(NID_aes_256_ctr,
RAND_DRBG_FLAG_CTR_NO_DF))
- && TEST_true(RAND_DRBG_uninstantiate(master))
- && TEST_int_eq(master->type, NID_aes_256_ctr)
- && TEST_int_eq(master->flags,
- RAND_DRBG_FLAG_MASTER|RAND_DRBG_FLAG_CTR_NO_DF)
+ && TEST_true(RAND_DRBG_uninstantiate(primary))
+ && TEST_int_eq(primary->type, NID_aes_256_ctr)
+ && TEST_int_eq(primary->flags,
+ RAND_DRBG_FLAG_PRIMARY|RAND_DRBG_FLAG_CTR_NO_DF)
#endif
/* Reset back to the standard defaults */
&& TEST_true(RAND_DRBG_set_defaults(RAND_DRBG_TYPE,
RAND_DRBG_FLAGS
- | RAND_DRBG_FLAG_MASTER
+ | RAND_DRBG_FLAG_PRIMARY
| RAND_DRBG_FLAG_PUBLIC
| RAND_DRBG_FLAG_PRIVATE))
- && TEST_true(RAND_DRBG_uninstantiate(master))
+ && TEST_true(RAND_DRBG_uninstantiate(primary))
&& TEST_true(RAND_DRBG_uninstantiate(public))
&& TEST_true(RAND_DRBG_uninstantiate(private));
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index db033eee9d..4ed13bb5ca 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4642,7 +4642,7 @@ ERR_load_CMP_strings ? 3_0_0 EXIST::FUNCTION:CMP
EVP_MD_CTX_set_params ? 3_0_0 EXIST::FUNCTION:
EVP_MD_CTX_get_params ? 3_0_0 EXIST::FUNCTION:
RAND_DRBG_new_ex ? 3_0_0 EXIST::FUNCTION:
-OPENSSL_CTX_get0_master_drbg ? 3_0_0 EXIST::FUNCTION:
+OPENSSL_CTX_get0_primary_drbg ? 3_0_0 EXIST::FUNCTION:
OPENSSL_CTX_get0_public_drbg ? 3_0_0 EXIST::FUNCTION:
OPENSSL_CTX_get0_private_drbg ? 3_0_0 EXIST::FUNCTION:
BN_CTX_new_ex ? 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list