From ec8f096e94beb550d7cd34105fe997b037032eb3 Mon Sep 17 00:00:00 2001
From: Neil Shen <overvenus@gmail.com>
Date: Mon, 11 Dec 2023 17:53:23 +0800
Subject: [PATCH 1/2] Add `rand_priv_bytes`

`rand_priv_bytes` has the same semantics as `rand_bytes`, and it is
intended to be used for generating values that should remain private.

Signed-off-by: Neil Shen <overvenus@gmail.com>
---
 openssl-sys/src/handwritten/rand.rs |  3 +++
 openssl/src/rand.rs                 | 34 ++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/openssl-sys/src/handwritten/rand.rs b/openssl-sys/src/handwritten/rand.rs
index 3bf9da5921..df553bd144 100644
--- a/openssl-sys/src/handwritten/rand.rs
+++ b/openssl-sys/src/handwritten/rand.rs
@@ -3,6 +3,9 @@ use libc::*;
 extern "C" {
     pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int;
 
+    #[cfg(ossl111)]
+    pub fn RAND_priv_bytes(buf: *mut u8, num: c_int) -> c_int;
+
     #[cfg(ossl111)]
     pub fn RAND_keep_random_devices_open(keep: c_int);
 
diff --git a/openssl/src/rand.rs b/openssl/src/rand.rs
index 8317951f81..b4c134b25e 100644
--- a/openssl/src/rand.rs
+++ b/openssl/src/rand.rs
@@ -37,6 +37,31 @@ pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
     }
 }
 
+/// Fill buffer with cryptographically strong pseudo-random bytes. It is
+/// intended to be used for generating values that should remain private.
+///
+/// # Examples
+///
+/// To generate a buffer with cryptographically strong random bytes:
+///
+/// ```
+/// use openssl::rand::rand_priv_bytes;
+///
+/// let mut buf = [0; 256];
+/// rand_priv_bytes(&mut buf).unwrap();
+/// ```
+///
+/// Requires OpenSSL 1.1.1 or newer.
+#[corresponds(RAND_priv_bytes)]
+#[cfg(ossl111)]
+pub fn rand_priv_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
+    unsafe {
+        ffi::init();
+        assert!(buf.len() <= c_int::max_value() as usize);
+        cvt(ffi::RAND_priv_bytes(buf.as_mut_ptr(), buf.len() as LenType)).map(|_| ())
+    }
+}
+
 /// Controls random device file descriptor behavior.
 ///
 /// Requires OpenSSL 1.1.1 or newer.
@@ -50,11 +75,18 @@ pub fn keep_random_devices_open(keep: bool) {
 
 #[cfg(test)]
 mod tests {
-    use super::rand_bytes;
+    use super::{rand_bytes, rand_priv_bytes};
 
     #[test]
     fn test_rand_bytes() {
         let mut buf = [0; 32];
         rand_bytes(&mut buf).unwrap();
     }
+
+    #[test]
+    #[cfg(ossl111)]
+    fn test_rand_priv_bytes() {
+        let mut buf = [0; 32];
+        rand_priv_bytes(&mut buf).unwrap();
+    }
 }

From 6d2fce23d11ac882af04686e5ef0015504547d5d Mon Sep 17 00:00:00 2001
From: Neil Shen <overvenus@gmail.com>
Date: Wed, 13 Dec 2023 12:44:02 +0800
Subject: [PATCH 2/2] Fix legacy OpenSSL build

Signed-off-by: Neil Shen <overvenus@gmail.com>
---
 openssl/src/rand.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/openssl/src/rand.rs b/openssl/src/rand.rs
index b4c134b25e..ef0f7685cc 100644
--- a/openssl/src/rand.rs
+++ b/openssl/src/rand.rs
@@ -75,18 +75,16 @@ pub fn keep_random_devices_open(keep: bool) {
 
 #[cfg(test)]
 mod tests {
-    use super::{rand_bytes, rand_priv_bytes};
-
     #[test]
     fn test_rand_bytes() {
         let mut buf = [0; 32];
-        rand_bytes(&mut buf).unwrap();
+        super::rand_bytes(&mut buf).unwrap();
     }
 
     #[test]
     #[cfg(ossl111)]
     fn test_rand_priv_bytes() {
         let mut buf = [0; 32];
-        rand_priv_bytes(&mut buf).unwrap();
+        super::rand_priv_bytes(&mut buf).unwrap();
     }
 }