Merge pull request #2073 from glyph/no-c-random

Replace C implementation of OS Random engine with Python one that just calls os.urandom

6 files changed, 10 insertions, 207 deletions

diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
index 1ebadccb..dac3e4d8 100644
--- a/src/_cffi_src/build_openssl.py
+++ b/src/_cffi_src/build_openssl.py
@@ -78,7 +78,6 @@ ffi = build_ffi_for_binding(
         "nid",
         "objects",
         "opensslv",
-        "osrandom_engine",
         "pem",
         "pkcs7",
         "pkcs12",
diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py
index 3ebfa6c1..5079fd69 100644
--- a/src/_cffi_src/openssl/engine.py
+++ b/src/_cffi_src/openssl/engine.py
@@ -17,9 +17,16 @@ typedef ... DSA_METHOD;
 typedef ... ECDH_METHOD;
 typedef ... ECDSA_METHOD;
 typedef ... DH_METHOD;
-typedef ... RAND_METHOD;
+typedef struct {
+    void (*seed)(const void *, int);
+    int (*bytes)(unsigned char *, int);
+    void (*cleanup)();
+    void (*add)(const void *, int, double);
+    int (*pseudorand)(unsigned char *, int);
+    int (*status)();
+} RAND_METHOD;
 typedef ... STORE_METHOD;
-typedef ... *ENGINE_GEN_INT_FUNC_PTR;
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
 typedef ... *ENGINE_CTRL_FUNC_PTR;
 typedef ... *ENGINE_LOAD_KEY_PTR;
 typedef ... *ENGINE_CIPHERS_PTR;
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index 0ee19c9e..eebf19ba 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -251,6 +251,7 @@ unsigned long ERR_peek_error_line(const char **, int *);
 unsigned long ERR_peek_last_error_line(const char **, int *);
 unsigned long ERR_get_error_line_data(const char **, int *,
                                       const char **, int *);
+void ERR_clear_error(void);
 unsigned long ERR_peek_error_line_data(const char **,
                                        int *, const char **, int *);
 unsigned long ERR_peek_last_error_line_data(const char **,
diff --git a/src/_cffi_src/openssl/osrandom_engine.py b/src/_cffi_src/openssl/osrandom_engine.py
deleted file mode 100644
index a8479b07..00000000
--- a/src/_cffi_src/openssl/osrandom_engine.py
+++ /dev/null
@@ -1,31 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import os
-
-with open(os.path.join(
-    os.path.dirname(__file__), "src/osrandom_engine.h"
-)) as f:
-    INCLUDES = f.read()
-
-TYPES = """
-static const char *const Cryptography_osrandom_engine_name;
-static const char *const Cryptography_osrandom_engine_id;
-"""
-
-FUNCTIONS = """
-int Cryptography_add_osrandom_engine(void);
-"""
-
-MACROS = """
-"""
-
-with open(os.path.join(
-    os.path.dirname(__file__), "src/osrandom_engine.c"
-)) as f:
-    CUSTOMIZATIONS = f.read()
-
-CONDITIONAL_NAMES = {}
diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
deleted file mode 100644
index 27894712..00000000
--- a/src/_cffi_src/openssl/src/osrandom_engine.c
+++ /dev/null
@@ -1,167 +0,0 @@
-static const char *Cryptography_osrandom_engine_id = "osrandom";
-static const char *Cryptography_osrandom_engine_name = "osrandom_engine";
-
-#if defined(_WIN32)
-static HCRYPTPROV hCryptProv = 0;
-
-static int osrandom_init(ENGINE *e) {
-    if (hCryptProv > 0) {
-        return 1;
-    }
-    if (CryptAcquireContext(&hCryptProv, NULL, NULL,
-                            PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-        return 1;
-    } else {
-        return 0;
-    }
-}
-
-static int osrandom_rand_bytes(unsigned char *buffer, int size) {
-    if (hCryptProv == 0) {
-        return 0;
-    }
-
-    if (!CryptGenRandom(hCryptProv, (DWORD)size, buffer)) {
-        ERR_put_error(
-            ERR_LIB_RAND, 0, ERR_R_RAND_LIB, "osrandom_engine.py", 0
-        );
-        return 0;
-    }
-    return 1;
-}
-
-static int osrandom_finish(ENGINE *e) {
-    if (CryptReleaseContext(hCryptProv, 0)) {
-        hCryptProv = 0;
-        return 1;
-    } else {
-        return 0;
-    }
-}
-
-static int osrandom_rand_status(void) {
-    if (hCryptProv == 0) {
-        return 0;
-    } else {
-        return 1;
-    }
-}
-#else
-static int urandom_fd = -1;
-
-static int osrandom_finish(ENGINE *e);
-
-static int osrandom_init(ENGINE *e) {
-    if (urandom_fd > -1) {
-        return 1;
-    }
-    urandom_fd = open("/dev/urandom", O_RDONLY);
-    if (urandom_fd > -1) {
-        int flags = fcntl(urandom_fd, F_GETFD);
-        if (flags == -1) {
-            osrandom_finish(e);
-            return 0;
-        } else if (fcntl(urandom_fd, F_SETFD, flags | FD_CLOEXEC) == -1) {
-            osrandom_finish(e);
-            return 0;
-        }
-        return 1;
-    } else {
-        return 0;
-    }
-}
-
-static int osrandom_rand_bytes(unsigned char *buffer, int size) {
-    ssize_t n;
-    while (size > 0) {
-        do {
-            n = read(urandom_fd, buffer, (size_t)size);
-        } while (n < 0 && errno == EINTR);
-        if (n <= 0) {
-            ERR_put_error(
-                ERR_LIB_RAND, 0, ERR_R_RAND_LIB, "osrandom_engine.py", 0
-            );
-            return 0;
-        }
-        buffer += n;
-        size -= n;
-    }
-    return 1;
-}
-
-static int osrandom_finish(ENGINE *e) {
-    int n;
-    do {
-        n = close(urandom_fd);
-    } while (n < 0 && errno == EINTR);
-    urandom_fd = -1;
-    if (n < 0) {
-        return 0;
-    } else {
-        return 1;
-    }
-}
-
-static int osrandom_rand_status(void) {
-    if (urandom_fd == -1) {
-        return 0;
-    } else {
-        return 1;
-    }
-}
-#endif
-
-/* This replicates the behavior of the OpenSSL FIPS RNG, which returns a
-   -1 in the event that there is an error when calling RAND_pseudo_bytes. */
-static int osrandom_pseudo_rand_bytes(unsigned char *buffer, int size) {
-    int res = osrandom_rand_bytes(buffer, size);
-    if (res == 0) {
-        return -1;
-    } else {
-        return res;
-    }
-}
-
-static RAND_METHOD osrandom_rand = {
-    NULL,
-    osrandom_rand_bytes,
-    NULL,
-    NULL,
-    osrandom_pseudo_rand_bytes,
-    osrandom_rand_status,
-};
-
-/* Returns 1 if successfully added, 2 if engine has previously been added,
-   and 0 for error. */
-int Cryptography_add_osrandom_engine(void) {
-    ENGINE *e;
-    e = ENGINE_by_id(Cryptography_osrandom_engine_id);
-    if (e != NULL) {
-        ENGINE_free(e);
-        return 2;
-    } else {
-        ERR_clear_error();
-    }
-
-    e = ENGINE_new();
-    if (e == NULL) {
-        return 0;
-    }
-    if(!ENGINE_set_id(e, Cryptography_osrandom_engine_id) ||
-            !ENGINE_set_name(e, Cryptography_osrandom_engine_name) ||
-            !ENGINE_set_RAND(e, &osrandom_rand) ||
-            !ENGINE_set_init_function(e, osrandom_init) ||
-            !ENGINE_set_finish_function(e, osrandom_finish)) {
-        ENGINE_free(e);
-        return 0;
-    }
-    if (!ENGINE_add(e)) {
-        ENGINE_free(e);
-        return 0;
-    }
-    if (!ENGINE_free(e)) {
-        return 0;
-    }
-
-    return 1;
-}
diff --git a/src/_cffi_src/openssl/src/osrandom_engine.h b/src/_cffi_src/openssl/src/osrandom_engine.h
deleted file mode 100644
index 11a3159e..00000000
--- a/src/_cffi_src/openssl/src/osrandom_engine.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifdef _WIN32
-#include <Wincrypt.h>
-#else
-#include <fcntl.h>
-#include <unistd.h>
-#endif