Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

1 files changed, 54 insertions, 37 deletions

diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c
index 6445c1b2..5c13d577 100644
--- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c
+++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c
@@ -109,6 +109,8 @@
  *
  */
 
+#define OPENSSL_FIPSEVP
+
 #ifdef MD_RAND_DEBUG
 # ifndef NDEBUG
 #  define NDEBUG
@@ -121,14 +123,11 @@
 
 #include "e_os.h"
 
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#include <openssl/crypto.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
 
 #ifdef BN_DEBUG
 # define PREDICT
@@ -150,7 +149,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
                                            * prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
 /* valid iff crypto_lock_rand is set */
-static unsigned long locking_thread = 0;
+static CRYPTO_THREADID locking_threadid;
 
 #ifdef PREDICT
 int rand_predictable = 0;
@@ -161,13 +160,13 @@ const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT;
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
 static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
 
 RAND_METHOD rand_ssleay_meth = {
     ssleay_rand_seed,
-    ssleay_rand_bytes,
+    ssleay_rand_nopseudo_bytes,
     ssleay_rand_cleanup,
     ssleay_rand_add,
     ssleay_rand_pseudo_bytes,
@@ -199,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
     EVP_MD_CTX m;
     int do_not_lock;
 
+    if (!num)
+        return;
+
     /*
      * (Based on the rand(3) manpage)
      *
@@ -216,8 +218,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 
     /* check if we already have the lock */
     if (crypto_lock_rand) {
+        CRYPTO_THREADID cur;
+        CRYPTO_THREADID_current(&cur);
         CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-        do_not_lock = (locking_thread == CRYPTO_thread_id());
+        do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
         CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
     } else
         do_not_lock = 0;
@@ -271,7 +275,16 @@ static void ssleay_rand_add(const void *buf, int num, double add)
         } else
             MD_Update(&m, &(state[st_idx]), j);
 
+        /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
         MD_Update(&m, buf, j);
+        /*
+         * We know that line may cause programs such as purify and valgrind
+         * to complain about use of uninitialized data.  The problem is not,
+         * it's with the caller.  Removing that line will make sure you get
+         * really bad randomness and thereby other problems such as very
+         * insecure keys.
+         */
+
         MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
         MD_Final(&m, local_md);
         md_c[1]++;
@@ -320,7 +333,7 @@ static void ssleay_rand_seed(const void *buf, int num)
     ssleay_rand_add(buf, num, (double)num);
 }
 
-static int ssleay_rand_bytes(unsigned char *buf, int num)
+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
 {
     static volatile int stirred_pool = 0;
     int i, j, k, st_num, st_idx;
@@ -334,13 +347,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
     int do_stir_pool = 0;
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode()) {
-        FIPSerr(FIPS_F_SSLEAY_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
-        return 0;
-    }
-#endif
-
 #ifdef PREDICT
     if (rand_predictable) {
         static unsigned char val = 0;
@@ -376,12 +382,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
      * are fed into the hash function and the results are kept in the
      * global 'md'.
      */
-
-    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    if (lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
     /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
     CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-    locking_thread = CRYPTO_thread_id();
+    CRYPTO_THREADID_current(&locking_threadid);
     CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
     crypto_lock_rand = 1;
 
@@ -456,7 +462,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 
     /* before unlocking, we must clear 'crypto_lock_rand' */
     crypto_lock_rand = 0;
-    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+    if (lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
     while (num > 0) {
         /* num_ceil -= MD_DIGEST_LENGTH/2 */
@@ -471,9 +478,18 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
         MD_Update(&m, local_md, MD_DIGEST_LENGTH);
         MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
-#ifndef PURIFY
-        MD_Update(&m, buf, j);  /* purify complains */
+
+#ifndef PURIFY                  /* purify complains */
+        /*
+         * The following line uses the supplied buffer as a small source of
+         * entropy: since this buffer is often uninitialised it may cause
+         * programs such as purify or valgrind to complain. So for those
+         * builds it is not used: the removal of such a small source of
+         * entropy has negligible impact on security.
+         */
+        MD_Update(&m, buf, j);
 #endif
+
         k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
         if (k > 0) {
             MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k);
@@ -495,14 +511,18 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
     MD_Init(&m);
     MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
     MD_Update(&m, local_md, MD_DIGEST_LENGTH);
-    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    if (lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
     MD_Update(&m, md, MD_DIGEST_LENGTH);
     MD_Final(&m, md);
-    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+    if (lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
     EVP_MD_CTX_cleanup(&m);
     if (ok)
         return (1);
+    else if (pseudo)
+        return 0;
     else {
         RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
         ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
@@ -511,36 +531,33 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
     }
 }
 
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
+{
+    return ssleay_rand_bytes(buf, num, 0, 1);
+}
+
 /*
  * pseudo-random bytes that are guaranteed to be unique but not unpredictable
  */
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
 {
-    int ret;
-    unsigned long err;
-
-    ret = RAND_bytes(buf, num);
-    if (ret == 0) {
-        err = ERR_peek_error();
-        if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
-            ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
-            ERR_clear_error();
-    }
-    return (ret);
+    return ssleay_rand_bytes(buf, num, 1, 1);
 }
 
 static int ssleay_rand_status(void)
 {
+    CRYPTO_THREADID cur;
     int ret;
     int do_not_lock;
 
+    CRYPTO_THREADID_current(&cur);
     /*
      * check if we already have the lock (could happen if a RAND_poll()
      * implementation calls RAND_status())
      */
     if (crypto_lock_rand) {
         CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-        do_not_lock = (locking_thread == CRYPTO_thread_id());
+        do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
         CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
     } else
         do_not_lock = 0;
@@ -552,7 +569,7 @@ static int ssleay_rand_status(void)
          * prevent ssleay_rand_bytes() from trying to obtain the lock again
          */
         CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-        locking_thread = CRYPTO_thread_id();
+        CRYPTO_THREADID_cpy(&locking_threadid, &cur);
         CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
         crypto_lock_rand = 1;
     }