From 1477af9a22de4bff9408c09f8795c367a211b39a Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Wed, 17 Mar 2021 14:29:24 -0700 Subject: [PATCH 1/5] Add wolfSSL_RAND_set_rand_method() and support for RAND_ callbacks. --- src/ssl.c | 205 +++++++++++++++++++++++++++++++++------ tests/api.c | 121 +++++++++++++++++++++++ wolfssl/openssl/engine.h | 4 +- wolfssl/openssl/rand.h | 2 + wolfssl/ssl.h | 37 ++++++- 5 files changed, 340 insertions(+), 29 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4fb9ebdb0..b37ad8e0b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -153,6 +153,10 @@ #ifdef OPENSSL_EXTRA /* Global pointer to constant BN on */ static WOLFSSL_BIGNUM* bn_one = NULL; + +static const WOLFSSL_RAND_METHOD* rand_methods = NULL; +static int initRandMethMutex = 0; +static wolfSSL_Mutex rand_methods_mutex; #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) @@ -4953,6 +4957,14 @@ int wolfSSL_Init(void) #endif #ifdef OPENSSL_EXTRA + if (wc_InitMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + return BAD_MUTEX_E; + } + else { + initRandMethMutex = 1; + } + if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_RAND_Seed failed"); return WC_INIT_E; @@ -13219,6 +13231,18 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); + + if (wc_LockMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex rand methods"); + return BAD_MUTEX_E; + } + rand_methods = NULL; + wc_UnLockMutex(&rand_methods_mutex); + + if (wc_FreeMutex(&rand_methods_mutex) != 0) + ret = BAD_MUTEX_E; + else + initRandMethMutex = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -17807,24 +17831,131 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #endif } + /* If a valid struct is provided with function pointers, will override + RAND_seed, bytes, cleanup, add, pseudo_bytes and status. If a NULL + pointer is passed in, it will cancel any previous function overrides. + + Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */ + int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods) + { + int ret = WOLFSSL_FAILURE; + + if (initRandMethMutex == 0) { + if (wc_InitMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + ret = BAD_MUTEX_E; + } + else { + initRandMethMutex = 1; + } + } + + if (initRandMethMutex != 0) { + if (wc_LockMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Lock rand methods mutex failed"); + ret = BAD_MUTEX_E; + } + else { + rand_methods = methods; + wc_UnLockMutex(&rand_methods_mutex); + ret = WOLFSSL_SUCCESS; + } + } + + return ret; + } + + /* Sets func_ptr to a pointer to the given function func if it was set + by RAND_set_rand_method, or NULL if either it was not set, + or there was an error retreiving it. + + Returns WOLFSSL_SUCCESS on success, otherwise returns an error code. */ + static int GetRandFunction(RandFunction func, void** func_ptr) + { + int ret = WOLFSSL_FAILURE; + + if (func_ptr == NULL) { + return WOLFSSL_FAILURE; + } + + *func_ptr = NULL; + + if (initRandMethMutex == 0) { + if (wc_InitMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + ret = BAD_MUTEX_E; + } + else { + initRandMethMutex = 1; + } + } + + if (initRandMethMutex != 0) { + if (wc_LockMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Lock rand methods mutex failed"); + ret = BAD_MUTEX_E; + } + else { + if (rand_methods != NULL && rand_methods->status != NULL) { + if (func == RAND_SEED) { + *func_ptr = rand_methods->seed; + } + else if (func == RAND_BYTES) { + *func_ptr = rand_methods->bytes; + } + else if (func == RAND_CLEANUP) { + *func_ptr = rand_methods->cleanup; + } + else if (func == RAND_ADD) { + *func_ptr = rand_methods->add; + } + else if (func == RAND_PSEUDORAND) { + *func_ptr = rand_methods->pseudorand; + } + else if (func == RAND_STATUS) { + *func_ptr = rand_methods->status; + } + } + wc_UnLockMutex(&rand_methods_mutex); + ret = WOLFSSL_SUCCESS; + } + } + + return ret; + } int wolfSSL_RAND_status(void) { - return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */ + RandStatusMethod* randFunc = NULL; + + if (GetRandFunction(RAND_STATUS, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(); + } + + return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */ } - #ifndef NO_WOLFSSL_STUB void wolfSSL_RAND_add(const void* add, int len, double entropy) { - (void)add; - (void)len; - (void)entropy; - WOLFSSL_STUB("RAND_add"); + RandAddMethod* randFunc = NULL; + + if (GetRandFunction(RAND_ADD, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return; + } + else if (randFunc != NULL) { + randFunc(add, len, entropy); + } + /* wolfSSL seeds/adds internally, use explicit RNG if you want to take control */ + return; } - #endif #ifndef NO_DES3 /* 0 on ok */ @@ -31512,11 +31643,17 @@ static int wolfSSL_RAND_Init(void) /* WOLFSSL_SUCCESS on ok */ int wolfSSL_RAND_seed(const void* seed, int len) { + RandSeedMethod* randFunc = NULL; WOLFSSL_MSG("wolfSSL_RAND_seed"); - (void)seed; - (void)len; + if (GetRandFunction(RAND_SEED, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(seed, len); + } return wolfSSL_RAND_Init(); } @@ -31821,22 +31958,40 @@ int wolfSSL_RAND_egd(const char* nm) void wolfSSL_RAND_Cleanup(void) { + RandCleanupMethod* randFunc = NULL; + WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()"); + if (GetRandFunction(RAND_CLEANUP, (void**)&randFunc) + == WOLFSSL_SUCCESS && randFunc != NULL) { + randFunc(); + } + if (wc_LockMutex(&globalRNGMutex) != 0) { WOLFSSL_MSG("Bad Lock Mutex rng"); - return; } - if (initGlobalRNG != 0) { + else if (initGlobalRNG != 0) { wc_FreeRng(&globalRNG); initGlobalRNG = 0; } wc_UnLockMutex(&globalRNGMutex); + + return; } int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) { + RandPseudorandMethod* randFunc = NULL; + + if (GetRandFunction(RAND_PSEUDORAND, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(buf, num); + } + return wolfSSL_RAND_bytes(buf, num); } @@ -31854,9 +32009,18 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) #endif int used_global = 0; int blockCount = 0; + RandBytesMethod* randFunc = NULL; WOLFSSL_ENTER("wolfSSL_RAND_bytes"); + if (GetRandFunction(RAND_BYTES, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(buf, num); + } + #ifdef WOLFSSL_SMALL_STACK tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) @@ -31879,7 +32043,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) if (rng) { /* handles size grater than RNG_MAX_BLOCK_LEN */ blockCount = num / RNG_MAX_BLOCK_LEN; - + while(blockCount--) { if((ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN) != 0)){ WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); @@ -31888,10 +32052,10 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) num -= RNG_MAX_BLOCK_LEN; buf += RNG_MAX_BLOCK_LEN; } - + if (ret == 0 && num) ret = wc_RNG_GenerateBlock(rng, buf, num); - + if (ret != 0) WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); else @@ -45760,19 +45924,6 @@ int wolfSSL_FIPS_mode_set(int r) } #endif -#ifndef NO_WOLFSSL_STUB -int wolfSSL_RAND_set_rand_method(const void *meth) -{ - (void) meth; - WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method"); - WOLFSSL_STUB("RAND_set_rand_method"); - - /* if implemented RAND_bytes and RAND_pseudo_bytes need updated - * those two functions will call the respective functions from meth */ - return SSL_FAILURE; -} -#endif - int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) { int ret = WOLFSSL_FAILURE; diff --git a/tests/api.c b/tests/api.c index 37cdc2bd4..83273c911 100644 --- a/tests/api.c +++ b/tests/api.c @@ -307,6 +307,7 @@ #include #include #include + #include #ifdef OPENSSL_ALL #include #include @@ -30380,6 +30381,125 @@ static void test_wolfSSL_BUF(void) #endif /* OPENSSL_EXTRA */ } +#if defined(OPENSSL_EXTRA) +static int stub_rand_seed(const void *buf, int num) +{ + (void)buf; + (void)num; + + return 123; +} + +static int stub_rand_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 456; +} + +static byte* was_stub_rand_cleanup_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static void stub_rand_cleanup(void) +{ + byte* was_called = was_stub_rand_cleanup_called(); + + *was_called = 1; + + return; +} + +static byte* was_stub_rand_add_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static int stub_rand_add(const void *buf, int num, double entropy) +{ + byte* was_called = was_stub_rand_add_called(); + + (void)buf; + (void)num; + (void)entropy; + + *was_called = 1; + + return 0; +} + +static int stub_rand_pseudo_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 9876; +} + +static int stub_rand_status(void) +{ + return 5432; +} +#endif + +static void test_wolfSSL_RAND_set_rand_method(void) +{ + #if defined(OPENSSL_EXTRA) + WOLFSSL_RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; + unsigned char* buf = NULL; + int num = 0; + double entropy = 0; + byte* was_cleanup_called = was_stub_rand_cleanup_called(); + byte* was_add_called = was_stub_rand_add_called(); + + printf(testingFmt, "wolfSSL_RAND_set_rand_method()"); + + AssertIntNE(wolfSSL_RAND_status(), 5432); + AssertIntEQ(*was_cleanup_called, 0); + wolfSSL_RAND_Cleanup(); + AssertIntEQ(*was_cleanup_called, 0); + + + rand_methods.seed = &stub_rand_seed; + rand_methods.bytes = &stub_rand_bytes; + rand_methods.cleanup = &stub_rand_cleanup; + rand_methods.add = &stub_rand_add; + rand_methods.pseudorand = &stub_rand_pseudo_bytes; + rand_methods.status = &stub_rand_status; + + AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), SSL_SUCCESS); + AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123); + AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456); + AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876); + AssertIntEQ(wolfSSL_RAND_status(), 5432); + + AssertIntEQ(*was_add_called, 0); + /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */ + wolfSSL_RAND_add(buf, num, entropy); + AssertIntEQ(*was_add_called, 1); + was_add_called = 0; + AssertIntEQ(*was_cleanup_called, 0); + wolfSSL_RAND_Cleanup(); + AssertIntEQ(*was_cleanup_called, 1); + *was_cleanup_called = 0; + + + AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), SSL_SUCCESS); + AssertIntNE(wolfSSL_RAND_status(), 5432); + AssertIntEQ(*was_cleanup_called, 0); + wolfSSL_RAND_Cleanup(); + AssertIntEQ(*was_cleanup_called, 0); + + printf(resultFmt, passed); + #endif +} + static void test_wolfSSL_RAND_bytes(void) { #if defined(OPENSSL_EXTRA) @@ -41500,6 +41620,7 @@ void ApiTest(void) test_wolfSSL_CTX_set_srp_password(); test_wolfSSL_CTX_set_ecdh_auto(); test_wolfSSL_THREADID_hash(); + test_wolfSSL_RAND_set_rand_method(); test_wolfSSL_RAND_bytes(); test_wolfSSL_pseudo_rand(); test_wolfSSL_PKCS8_Compat(); diff --git a/wolfssl/openssl/engine.h b/wolfssl/openssl/engine.h index e4a1ff193..ba147ff74 100644 --- a/wolfssl/openssl/engine.h +++ b/wolfssl/openssl/engine.h @@ -4,5 +4,7 @@ #undef HAVE_OPENSSL_ENGINE_H -#define ENGINE_load_builtin_engines() /*ENGINE_load_builtin_engines not needed*/ +/* ENGINE_load_builtin_engines not needed, as all builtin engines are already + loaded into memory and used on startup. */ +#define ENGINE_load_builtin_engines() diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h index 25d1419e2..11af818f6 100644 --- a/wolfssl/openssl/rand.h +++ b/wolfssl/openssl/rand.h @@ -24,4 +24,6 @@ #include #include +typedef WOLFSSL_RAND_METHOD RAND_METHOD; + #define RAND_set_rand_method wolfSSL_RAND_set_rand_method diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a6697e8bc..4f813a279 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -639,6 +639,41 @@ struct WOLFSSL_X509_STORE_CTX { typedef char* WOLFSSL_STRING; +/* seed = Data to mix into the random generator. + len = Number of bytes to mix from seed. */ +typedef int RandSeedMethod(const void* seed, int len); +/* buf = Buffer to store random bytes in. + len = Number of bytes to store in buf. */ +typedef int RandBytesMethod(unsigned char* buf, int len); +typedef void RandCleanupMethod(void); +/* add = Data to mix into the random generator. + len = Number of bytes to mix from add. + entropy = Estimate of randomness contained in seed. + Should be between 0 and len. */ +typedef int RandAddMethod(const void* add, int len, double entropy); +/* buf = Buffer to store pseudorandom bytes in. + len = Number of bytes to store in buf. */ +typedef int RandPseudorandMethod(unsigned char *buf, int len); +typedef int RandStatusMethod(void); + +typedef struct WOLFSSL_RAND_METHOD { + RandSeedMethod* seed; + RandBytesMethod* bytes; + RandCleanupMethod* cleanup; + RandAddMethod* add; + RandPseudorandMethod* pseudorand; + RandStatusMethod* status; +} WOLFSSL_RAND_METHOD; + +typedef enum RandFunction { + RAND_SEED, + RAND_BYTES, + RAND_CLEANUP, + RAND_ADD, + RAND_PSEUDORAND, + RAND_STATUS +} RandFunction; + /* Valid Alert types from page 16/17 * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c */ @@ -3769,7 +3804,7 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void); WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); -WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); +WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods); WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); From 7760dcb43b3acb979d202e3bae47237f0ce369b5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 17 Mar 2021 15:51:52 -0700 Subject: [PATCH 2/5] Fixes and cleanups for the openssl compatibility layer `RAND_` functions. For `opensslextra=x509small` don't include the RAND method code. Removed abandonded "ENABLED_SMALL" option in configure.ac. --- configure.ac | 11 +- src/ssl.c | 370 +++++++++++++++++++++----------------------------- tests/api.c | 14 +- wolfssl/ssl.h | 50 +++---- 4 files changed, 178 insertions(+), 267 deletions(-) diff --git a/configure.ac b/configure.ac index 1ec1f11a5..e73b608d3 100644 --- a/configure.ac +++ b/configure.ac @@ -949,16 +949,12 @@ then AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS" fi -if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes" -then - AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.]) -fi - if test "$ENABLED_OPENSSLEXTRA" = "x509small" then AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra]) AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_NO_OPENSSL_RAND_CB $AM_CFLAGS" fi # One Error Queue per Thread @@ -5194,11 +5190,6 @@ if test "$ENABLED_SP_NONBLOCK" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK" fi -if test "$ENABLED_SMALL" = "yes"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL" -fi - if test "$ENABLED_SP_MATH" = "yes"; then if test "$ENABLED_SP" = "no"; then diff --git a/src/ssl.c b/src/ssl.c index b37ad8e0b..245c195cd 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -151,13 +151,17 @@ #ifndef WOLFCRYPT_ONLY #ifdef OPENSSL_EXTRA -/* Global pointer to constant BN on */ -static WOLFSSL_BIGNUM* bn_one = NULL; + /* Global pointer to constant BN on */ + static WOLFSSL_BIGNUM* bn_one = NULL; -static const WOLFSSL_RAND_METHOD* rand_methods = NULL; -static int initRandMethMutex = 0; -static wolfSSL_Mutex rand_methods_mutex; -#endif + /* WOLFSSL_NO_OPENSSL_RAND_CB: Allows way to reduce code size for + * OPENSSL_EXTRA where RAND callbacks are not used */ + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + static const WOLFSSL_RAND_METHOD* gRandMethods = NULL; + static int gRandMethodsInit = 0; + static wolfSSL_Mutex gRandMethodMutex; + #endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */ +#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) const WOLF_EC_NIST_NAME kNistCurves[] = { @@ -4931,9 +4935,25 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #if defined(OPENSSL_EXTRA) || \ (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)) -static WC_RNG globalRNG; -static int initGlobalRNG = 0; -static wolfSSL_Mutex globalRNGMutex; + + #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */ + static WC_RNG globalRNG; + static int initGlobalRNG = 0; + static wolfSSL_Mutex globalRNGMutex; +#endif + +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) +static int wolfSSL_RAND_InitMutex(void) +{ + if (gRandMethodsInit == 0) { + if (wc_InitMutex(&gRandMethodMutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + return BAD_MUTEX_E; + } + gRandMethodsInit = 1; + } + return 0; +} #endif WOLFSSL_ABI @@ -4948,8 +4968,7 @@ int wolfSSL_Init(void) return WC_INIT_E; } -#if defined(OPENSSL_EXTRA) || \ - (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)) +#ifdef HAVE_GLOBAL_RNG if (wc_InitMutex(&globalRNGMutex) != 0) { WOLFSSL_MSG("Bad Init Mutex rng"); return BAD_MUTEX_E; @@ -4957,18 +4976,12 @@ int wolfSSL_Init(void) #endif #ifdef OPENSSL_EXTRA - if (wc_InitMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Init Mutex rand methods"); + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() != 0) { return BAD_MUTEX_E; } - else { - initRandMethMutex = 1; - } - - if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_RAND_Seed failed"); - return WC_INIT_E; - } + #endif + wolfSSL_RAND_seed(NULL, 0); #endif #ifndef NO_SESSION_CACHE @@ -13231,18 +13244,6 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); - - if (wc_LockMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex rand methods"); - return BAD_MUTEX_E; - } - rand_methods = NULL; - wc_UnLockMutex(&rand_methods_mutex); - - if (wc_FreeMutex(&rand_methods_mutex) != 0) - ret = BAD_MUTEX_E; - else - initRandMethMutex = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -17838,123 +17839,50 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */ int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods) { - int ret = WOLFSSL_FAILURE; - - if (initRandMethMutex == 0) { - if (wc_InitMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Init Mutex rand methods"); - ret = BAD_MUTEX_E; - } - else { - initRandMethMutex = 1; - } + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + gRandMethods = methods; + wc_UnLockMutex(&gRandMethodMutex); } - - if (initRandMethMutex != 0) { - if (wc_LockMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Lock rand methods mutex failed"); - ret = BAD_MUTEX_E; - } - else { - rand_methods = methods; - wc_UnLockMutex(&rand_methods_mutex); - ret = WOLFSSL_SUCCESS; - } - } - - return ret; - } - - /* Sets func_ptr to a pointer to the given function func if it was set - by RAND_set_rand_method, or NULL if either it was not set, - or there was an error retreiving it. - - Returns WOLFSSL_SUCCESS on success, otherwise returns an error code. */ - static int GetRandFunction(RandFunction func, void** func_ptr) - { - int ret = WOLFSSL_FAILURE; - - if (func_ptr == NULL) { - return WOLFSSL_FAILURE; - } - - *func_ptr = NULL; - - if (initRandMethMutex == 0) { - if (wc_InitMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Init Mutex rand methods"); - ret = BAD_MUTEX_E; - } - else { - initRandMethMutex = 1; - } - } - - if (initRandMethMutex != 0) { - if (wc_LockMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Lock rand methods mutex failed"); - ret = BAD_MUTEX_E; - } - else { - if (rand_methods != NULL && rand_methods->status != NULL) { - if (func == RAND_SEED) { - *func_ptr = rand_methods->seed; - } - else if (func == RAND_BYTES) { - *func_ptr = rand_methods->bytes; - } - else if (func == RAND_CLEANUP) { - *func_ptr = rand_methods->cleanup; - } - else if (func == RAND_ADD) { - *func_ptr = rand_methods->add; - } - else if (func == RAND_PSEUDORAND) { - *func_ptr = rand_methods->pseudorand; - } - else if (func == RAND_STATUS) { - *func_ptr = rand_methods->status; - } - } - wc_UnLockMutex(&rand_methods_mutex); - ret = WOLFSSL_SUCCESS; - } - } - - return ret; + #else + (void)methods; + #endif + return WOLFSSL_SUCCESS; } + /* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */ int wolfSSL_RAND_status(void) { - RandStatusMethod* randFunc = NULL; - - if (GetRandFunction(RAND_STATUS, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; + int ret = WOLFSSL_SUCCESS; + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->status) + ret = gRandMethods->status(); + wc_UnLockMutex(&gRandMethodMutex); } - else if (randFunc != NULL) { - return randFunc(); - } - - return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */ + #else + /* wolfCrypt provides enough seed internally, so return success */ + #endif + return ret; } - void wolfSSL_RAND_add(const void* add, int len, double entropy) { - RandAddMethod* randFunc = NULL; - - if (GetRandFunction(RAND_ADD, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return; + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->add) { + /* callback has return code, but RAND_add does not */ + (void)gRandMethods->add(add, len, entropy); + } + wc_UnLockMutex(&gRandMethodMutex); } - else if (randFunc != NULL) { - randFunc(add, len, entropy); - } - + #else /* wolfSSL seeds/adds internally, use explicit RNG if you want to take control */ - return; + (void)add; + (void)len; + (void)entropy; + #endif } #ifndef NO_DES3 @@ -31622,40 +31550,41 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng) */ static int wolfSSL_RAND_Init(void) { - if (wc_LockMutex(&globalRNGMutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex rng"); - return 0; - } - if (initGlobalRNG == 0) { - if (wc_InitRng(&globalRNG) < 0) { - WOLFSSL_MSG("wolfSSL Init Global RNG failed"); - wc_UnLockMutex(&globalRNGMutex); - return 0; + int ret = WOLFSSL_FAILURE; +#ifdef HAVE_GLOBAL_RNG + if (wc_LockMutex(&globalRNGMutex) == 0) { + if (initGlobalRNG == 0) { + ret = wc_InitRng(&globalRNG); + if (ret == 0) { + initGlobalRNG = 1; + ret = WOLFSSL_SUCCESS; + } } - initGlobalRNG = 1; + wc_UnLockMutex(&globalRNGMutex); } - - wc_UnLockMutex(&globalRNGMutex); - return WOLFSSL_SUCCESS; +#endif + return ret; } /* WOLFSSL_SUCCESS on ok */ -int wolfSSL_RAND_seed(const void* seed, int len) +void wolfSSL_RAND_seed(const void* seed, int len) { - RandSeedMethod* randFunc = NULL; - - WOLFSSL_MSG("wolfSSL_RAND_seed"); - - if (GetRandFunction(RAND_SEED, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - else if (randFunc != NULL) { - return randFunc(seed, len); +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->seed) { + /* seed callback has return code, but function RAND_seed does not */ + (void)gRandMethods->seed(seed, len); + } + wc_UnLockMutex(&gRandMethodMutex); } +#else + (void)seed; + (void)len; +#endif - return wolfSSL_RAND_Init(); + /* Make sure global shared RNG (globalRNG) is initialized */ + (void)wolfSSL_RAND_Init(); } @@ -31958,75 +31887,72 @@ int wolfSSL_RAND_egd(const char* nm) void wolfSSL_RAND_Cleanup(void) { - RandCleanupMethod* randFunc = NULL; - - WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()"); - - if (GetRandFunction(RAND_CLEANUP, (void**)&randFunc) - == WOLFSSL_SUCCESS && randFunc != NULL) { - randFunc(); +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->cleanup) + gRandMethods->cleanup(); + wc_UnLockMutex(&gRandMethodMutex); } - - if (wc_LockMutex(&globalRNGMutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex rng"); +#endif +#ifdef HAVE_GLOBAL_RNG + if (wc_LockMutex(&globalRNGMutex) == 0) { + if (initGlobalRNG) { + wc_FreeRng(&globalRNG); + initGlobalRNG = 0; + } + wc_UnLockMutex(&globalRNGMutex); } - else if (initGlobalRNG != 0) { - wc_FreeRng(&globalRNG); - initGlobalRNG = 0; - } - wc_UnLockMutex(&globalRNGMutex); - - return; +#endif } - +/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) { - RandPseudorandMethod* randFunc = NULL; - - if (GetRandFunction(RAND_PSEUDORAND, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - else if (randFunc != NULL) { - return randFunc(buf, num); +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->pseudorand) { + int ret = gRandMethods->pseudorand(buf, num); + wc_UnLockMutex(&gRandMethodMutex); + return ret; + } + wc_UnLockMutex(&gRandMethodMutex); } +#endif + /* fallback to using the global shared RNG */ return wolfSSL_RAND_bytes(buf, num); } - -/* WOLFSSL_SUCCESS on ok */ +/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */ int wolfSSL_RAND_bytes(unsigned char* buf, int num) { int ret = 0; - int initTmpRng = 0; WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRNG; + WC_RNG* tmpRNG = NULL; #else WC_RNG tmpRNG[1]; #endif - int used_global = 0; + int initTmpRng = 0; int blockCount = 0; - RandBytesMethod* randFunc = NULL; +#ifdef HAVE_GLOBAL_RNG + int used_global = 0; +#endif WOLFSSL_ENTER("wolfSSL_RAND_bytes"); - if (GetRandFunction(RAND_BYTES, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; + /* if a RAND callback has been set try and use it */ +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->bytes) { + ret = gRandMethods->bytes(buf, num); + wc_UnLockMutex(&gRandMethodMutex); + return ret; + } + wc_UnLockMutex(&gRandMethodMutex); } - else if (randFunc != NULL) { - return randFunc(buf, num); - } - -#ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (tmpRNG == NULL) - return ret; #endif - +#ifdef HAVE_GLOBAL_RNG if (initGlobalRNG) { if (wc_LockMutex(&globalRNGMutex) != 0) { WOLFSSL_MSG("Bad Lock Mutex rng"); @@ -32036,16 +31962,26 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) rng = &globalRNG; used_global = 1; } - else if(wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; + else +#endif + { + #ifdef WOLFSSL_SMALL_STACK + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + if (tmpRNG == NULL) + return ret; + #endif + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } } if (rng) { - /* handles size grater than RNG_MAX_BLOCK_LEN */ + /* handles size greater than RNG_MAX_BLOCK_LEN */ blockCount = num / RNG_MAX_BLOCK_LEN; - while(blockCount--) { - if((ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN) != 0)){ + while (blockCount--) { + ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN); + if (ret != 0) { WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); break; } @@ -32062,15 +31998,15 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) ret = WOLFSSL_SUCCESS; } - if (used_global == 1) { +#ifdef HAVE_GLOBAL_RNG + if (used_global == 1) wc_UnLockMutex(&globalRNGMutex); - } - +#endif if (initTmpRng) wc_FreeRng(tmpRNG); - #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + if (tmpRNG) + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; diff --git a/tests/api.c b/tests/api.c index 83273c911..0180cfb55 100644 --- a/tests/api.c +++ b/tests/api.c @@ -30381,7 +30381,7 @@ static void test_wolfSSL_BUF(void) #endif /* OPENSSL_EXTRA */ } -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) static int stub_rand_seed(const void *buf, int num) { (void)buf; @@ -30446,11 +30446,11 @@ static int stub_rand_status(void) { return 5432; } -#endif +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ static void test_wolfSSL_RAND_set_rand_method(void) { - #if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) WOLFSSL_RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; unsigned char* buf = NULL; int num = 0; @@ -30473,8 +30473,8 @@ static void test_wolfSSL_RAND_set_rand_method(void) rand_methods.pseudorand = &stub_rand_pseudo_bytes; rand_methods.status = &stub_rand_status; - AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), SSL_SUCCESS); - AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123); + AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); + wolfSSL_RAND_seed(buf, num); AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456); AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876); AssertIntEQ(wolfSSL_RAND_status(), 5432); @@ -30490,14 +30490,14 @@ static void test_wolfSSL_RAND_set_rand_method(void) *was_cleanup_called = 0; - AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), SSL_SUCCESS); + AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), WOLFSSL_SUCCESS); AssertIntNE(wolfSSL_RAND_status(), 5432); AssertIntEQ(*was_cleanup_called, 0); wolfSSL_RAND_Cleanup(); AssertIntEQ(*was_cleanup_called, 0); printf(resultFmt, passed); - #endif +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ } static void test_wolfSSL_RAND_bytes(void) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 4f813a279..b715caeb5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -639,41 +639,25 @@ struct WOLFSSL_X509_STORE_CTX { typedef char* WOLFSSL_STRING; -/* seed = Data to mix into the random generator. - len = Number of bytes to mix from seed. */ -typedef int RandSeedMethod(const void* seed, int len); -/* buf = Buffer to store random bytes in. - len = Number of bytes to store in buf. */ -typedef int RandBytesMethod(unsigned char* buf, int len); -typedef void RandCleanupMethod(void); -/* add = Data to mix into the random generator. - len = Number of bytes to mix from add. - entropy = Estimate of randomness contained in seed. - Should be between 0 and len. */ -typedef int RandAddMethod(const void* add, int len, double entropy); -/* buf = Buffer to store pseudorandom bytes in. - len = Number of bytes to store in buf. */ -typedef int RandPseudorandMethod(unsigned char *buf, int len); -typedef int RandStatusMethod(void); - typedef struct WOLFSSL_RAND_METHOD { - RandSeedMethod* seed; - RandBytesMethod* bytes; - RandCleanupMethod* cleanup; - RandAddMethod* add; - RandPseudorandMethod* pseudorand; - RandStatusMethod* status; + /* seed = Data to mix into the random generator. + * len = Number of bytes to mix from seed. */ + int (*seed)(const void* seed, int len); + /* buf = Buffer to store random bytes in. + * len = Number of bytes to store in buf. */ + int (*bytes)(unsigned char* buf, int len); + void (*cleanup)(void); + /* add = Data to mix into the random generator. + * len = Number of bytes to mix from add. + * entropy = Estimate of randomness contained in seed. + * Should be between 0 and len. */ + int (*add)(const void* add, int len, double entropy); + /* buf = Buffer to store pseudorandom bytes in. + * len = Number of bytes to store in buf. */ + int (*pseudorand)(unsigned char *buf, int len); + int (*status)(void); } WOLFSSL_RAND_METHOD; -typedef enum RandFunction { - RAND_SEED, - RAND_BYTES, - RAND_CLEANUP, - RAND_ADD, - RAND_PSEUDORAND, - RAND_STATUS -} RandFunction; - /* Valid Alert types from page 16/17 * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c */ @@ -1424,7 +1408,7 @@ WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); WOLFSSL_API int wolfSSL_RAND_write_file(const char*); WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); WOLFSSL_API int wolfSSL_RAND_egd(const char*); -WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); +WOLFSSL_API void wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); WOLFSSL_API int wolfSSL_RAND_poll(void); From 832c99597c4d26c211864e8874b9c2863f2a7599 Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Wed, 17 Mar 2021 17:02:20 -0700 Subject: [PATCH 3/5] wolfSSL_RAND_set_rand_method: Code review feedback --- src/ssl.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 245c195cd..e9d15a6a0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13244,6 +13244,11 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); + + if (wc_FreeMutex(&gRandMethodMutex) != 0) + ret = BAD_MUTEX_E; + else + gRandMethodsInit = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -17843,11 +17848,12 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { gRandMethods = methods; wc_UnLockMutex(&gRandMethodMutex); + return WOLFSSL_SUCCESS; } #else (void)methods; #endif - return WOLFSSL_SUCCESS; + return WOLFSSL_FAILURE; } /* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */ @@ -17860,6 +17866,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ret = gRandMethods->status(); wc_UnLockMutex(&gRandMethodMutex); } + else { + ret = WOLFSSL_FAILURE; + } #else /* wolfCrypt provides enough seed internally, so return success */ #endif From 5aa23424a4eadae4b56ed6168a7550d97a799b9a Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Thu, 18 Mar 2021 10:27:31 -0700 Subject: [PATCH 4/5] wolfSSL_RAND_set_rand_method: Cleanup --- src/ssl.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e9d15a6a0..db1532d16 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13244,11 +13244,6 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); - - if (wc_FreeMutex(&gRandMethodMutex) != 0) - ret = BAD_MUTEX_E; - else - gRandMethodsInit = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -31902,6 +31897,9 @@ void wolfSSL_RAND_Cleanup(void) gRandMethods->cleanup(); wc_UnLockMutex(&gRandMethodMutex); } + + if (wc_FreeMutex(&gRandMethodMutex) == 0) + gRandMethodsInit = 0; #endif #ifdef HAVE_GLOBAL_RNG if (wc_LockMutex(&globalRNGMutex) == 0) { From a85e348c0e605be8c60f4b02eb594a87c7096f5b Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Thu, 18 Mar 2021 11:19:04 -0700 Subject: [PATCH 5/5] Change void return from RAND_seed back to int. --- src/ssl.c | 14 +++++++++----- tests/api.c | 2 +- wolfssl/ssl.h | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index db1532d16..d225b6f36 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4981,7 +4981,10 @@ int wolfSSL_Init(void) return BAD_MUTEX_E; } #endif - wolfSSL_RAND_seed(NULL, 0); + if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_RAND_Seed failed"); + return WC_INIT_E; + } #endif #ifndef NO_SESSION_CACHE @@ -31572,13 +31575,14 @@ static int wolfSSL_RAND_Init(void) /* WOLFSSL_SUCCESS on ok */ -void wolfSSL_RAND_seed(const void* seed, int len) +int wolfSSL_RAND_seed(const void* seed, int len) { #ifndef WOLFSSL_NO_OPENSSL_RAND_CB if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { if (gRandMethods && gRandMethods->seed) { - /* seed callback has return code, but function RAND_seed does not */ - (void)gRandMethods->seed(seed, len); + int ret = gRandMethods->seed(seed, len); + wc_UnLockMutex(&gRandMethodMutex); + return ret; } wc_UnLockMutex(&gRandMethodMutex); } @@ -31588,7 +31592,7 @@ void wolfSSL_RAND_seed(const void* seed, int len) #endif /* Make sure global shared RNG (globalRNG) is initialized */ - (void)wolfSSL_RAND_Init(); + return wolfSSL_RAND_Init(); } diff --git a/tests/api.c b/tests/api.c index 0180cfb55..18a03110c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -30474,7 +30474,7 @@ static void test_wolfSSL_RAND_set_rand_method(void) rand_methods.status = &stub_rand_status; AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); - wolfSSL_RAND_seed(buf, num); + AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123); AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456); AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876); AssertIntEQ(wolfSSL_RAND_status(), 5432); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b715caeb5..de93537ed 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1408,7 +1408,7 @@ WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); WOLFSSL_API int wolfSSL_RAND_write_file(const char*); WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); WOLFSSL_API int wolfSSL_RAND_egd(const char*); -WOLFSSL_API void wolfSSL_RAND_seed(const void*, int); +WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); WOLFSSL_API int wolfSSL_RAND_poll(void);