Merge pull request #649 from dongbeiouba/refactor/rand_entropy_source

Refactor RAND_set_entropy_source
Tongsuo-Project · Sep 25, 2024 · 26b0fa5 · 26b0fa5
2 parents b4e5cb8 + 7438248
commit 26b0fa5
Show file tree

Hide file tree

Showing 7 changed files with 71 additions and 43 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -21,7 +21,7 @@ jobs:
         fuzz-seconds: 600
         dry-run: false
     - name: Upload Crash
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v4
       if: failure()
       with:
         name: artifacts

diff --git a/apps/rand.c b/apps/rand.c
@@ -22,7 +22,7 @@
 
 typedef enum OPTION_choice {
     OPT_COMMON,
-    OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX, OPT_ENTROPY, OPT_SOURCE,
+    OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX, OPT_ENTROPY, OPT_ENTROPY_SOURCE,
     OPT_R_ENUM, OPT_PROV_ENUM
 } OPTION_CHOICE;
 
@@ -40,7 +40,7 @@ const OPTIONS rand_options[] = {
     {"base64", OPT_BASE64, '-', "Base64 encode output"},
     {"hex", OPT_HEX, '-', "Hex encode output"},
     {"entropy", OPT_ENTROPY, '-', "Output entropy instead of random data"},
-    {"source", OPT_SOURCE, 's', "Specify the entropy source"},
+    {"entropy_source", OPT_ENTROPY_SOURCE, 's', "Specify the entropy source"},
 
     OPT_R_OPTIONS,
     OPT_PROV_OPTIONS,
@@ -50,43 +50,10 @@ const OPTIONS rand_options[] = {
     {NULL}
 };
 
-static int opt_rand_source(const char *name)
-{
-    int ret = 0;
-
-    if (strcmp(name, "getrandom") == 0)
-        ret = RAND_ENTROPY_SOURCE_GETRANDOM;
-    else if (strcmp(name, "devrandom") == 0)
-        ret = RAND_ENTROPY_SOURCE_DEVRANDOM;
-    else if (strcmp(name, "rdtsc") == 0)
-        ret = RAND_ENTROPY_SOURCE_RDTSC;
-    else if (strcmp(name, "rdcpu") == 0)
-        ret = RAND_ENTROPY_SOURCE_RDCPU;
-    else if (strcmp(name, "egd") == 0)
-        ret = RAND_ENTROPY_SOURCE_EGD;
-    else if (strcmp(name, "bcryptgenrandom") == 0)
-        ret = RAND_ENTROPY_SOURCE_BCRYPTGENRANDOM;
-    else if (strcmp(name, "cryptgenrandom_def_prov") == 0)
-        ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_DEF_PROV;
-    else if (strcmp(name, "cryptgenrandom_intel_prov") == 0)
-        ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_INTEL_PROV;
-    else if (strcmp(name, "rtcode") == 0)
-        ret = RAND_ENTROPY_SOURCE_RTCODE;
-    else if (strcmp(name, "rtmem") == 0)
-        ret = RAND_ENTROPY_SOURCE_RTMEM;
-    else if (strcmp(name, "rtsock") == 0)
-        ret = RAND_ENTROPY_SOURCE_RTSOCK;
-    else
-        BIO_printf(bio_err, "Unknown entropy source '%s'\n", name);
-
-    return ret;
-}
-
 int rand_main(int argc, char **argv)
 {
     ENGINE *e = NULL;
     BIO *out = NULL;
-    int source = 0;
     char *outfile = NULL, *prog;
     OPTION_CHOICE o;
     unsigned char *ent_buf = NULL, *p;
@@ -124,9 +91,9 @@ int rand_main(int argc, char **argv)
         case OPT_ENTROPY:
             entropy = 1;
             break;
-        case OPT_SOURCE:
-            source |= opt_rand_source(opt_arg());
-            RAND_set_entropy_source(source);
+        case OPT_ENTROPY_SOURCE:
+            if (!RAND_set_entropy_source(opt_arg()))
+                goto end;
             break;
         case OPT_PROV_CASES:
             if (!opt_provider(o))

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -1113,6 +1113,7 @@ RAND_R_FWRITE_ERROR:123:Error writing file
 RAND_R_GENERATE_ERROR:112:generate error
 RAND_R_INSUFFICIENT_DRBG_STRENGTH:139:insufficient drbg strength
 RAND_R_INTERNAL_ERROR:113:internal error
+RAND_R_INVALID_ENTROPY_SOURCE:145:invalid entropy source
 RAND_R_IN_ERROR_STATE:114:in error state
 RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file
 RAND_R_NOT_INSTANTIATED:115:not instantiated

diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -51,6 +51,8 @@ static const ERR_STRING_DATA RAND_str_reasons[] = {
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INSUFFICIENT_DRBG_STRENGTH),
     "insufficient drbg strength"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INVALID_ENTROPY_SOURCE),
+    "invalid entropy source"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE),
     "Not a regular file"},

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
@@ -822,9 +822,66 @@ void ossl_random_add_conf_module(void)
     CONF_module_add("random", random_conf_init, random_conf_deinit);
 }
 
-void RAND_set_entropy_source(unsigned int type)
+static int entropy_source_to_type(const char *name)
+{
+    int ret;
+
+    if (strcmp(name, "getrandom") == 0)
+        ret = RAND_ENTROPY_SOURCE_GETRANDOM;
+    else if (strcmp(name, "devrandom") == 0)
+        ret = RAND_ENTROPY_SOURCE_DEVRANDOM;
+    else if (strcmp(name, "rdtsc") == 0)
+        ret = RAND_ENTROPY_SOURCE_RDTSC;
+    else if (strcmp(name, "rdcpu") == 0)
+        ret = RAND_ENTROPY_SOURCE_RDCPU;
+    else if (strcmp(name, "egd") == 0)
+        ret = RAND_ENTROPY_SOURCE_EGD;
+    else if (strcmp(name, "bcryptgenrandom") == 0)
+        ret = RAND_ENTROPY_SOURCE_BCRYPTGENRANDOM;
+    else if (strcmp(name, "cryptgenrandom_def_prov") == 0)
+        ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_DEF_PROV;
+    else if (strcmp(name, "cryptgenrandom_intel_prov") == 0)
+        ret = RAND_ENTROPY_SOURCE_CRYPTGENRANDOM_INTEL_PROV;
+    else if (strcmp(name, "rtcode") == 0)
+        ret = RAND_ENTROPY_SOURCE_RTCODE;
+    else if (strcmp(name, "rtmem") == 0)
+        ret = RAND_ENTROPY_SOURCE_RTMEM;
+    else if (strcmp(name, "rtsock") == 0)
+        ret = RAND_ENTROPY_SOURCE_RTSOCK;
+    else
+        ret = -1;
+
+    return ret;
+}
+
+int RAND_set_entropy_source(const char *source)
 {
+    int ok = 0;
+    int type = 0, cur_type;
+    char *val, *valp, *item;
+
+    val = OPENSSL_strdup(source);
+    if (val == NULL) {
+        ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (valp = val; (item = strtok(valp, ",")) != NULL; valp = NULL) {
+        cur_type = entropy_source_to_type(item);
+        if (cur_type < 0) {
+            ERR_raise_data(ERR_LIB_RAND, RAND_R_INVALID_ENTROPY_SOURCE,
+                           "source=%s", item);
+            goto end;
+        }
+
+        type |= cur_type;
+    }
+
     ossl_rand_pool_set_default_entropy_source(type);
+    ok = 1;
+end:
+    OPENSSL_free(val);
+    return ok;
 }
 
 int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq,

diff --git a/include/openssl/rand.h b/include/openssl/rand.h
@@ -87,7 +87,7 @@ int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq,
                        const char *cipher, const char *digest);
 int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed,
                               const char *propq);
-void RAND_set_entropy_source(unsigned int source);
+int RAND_set_entropy_source(const char *source);
 
 void RAND_seed(const void *buf, int num);
 void RAND_keep_random_devices_open(int keep);

diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,6 +41,7 @@
 # define RAND_R_GENERATE_ERROR                            112
 # define RAND_R_INSUFFICIENT_DRBG_STRENGTH                139
 # define RAND_R_INTERNAL_ERROR                            113
+# define RAND_R_INVALID_ENTROPY_SOURCE                    145
 # define RAND_R_IN_ERROR_STATE                            114
 # define RAND_R_NOT_A_REGULAR_FILE                        122
 # define RAND_R_NOT_INSTANTIATED                          115