summaryrefslogtreecommitdiff
path: root/Cryptlib/OpenSSL/crypto/rand
diff options
context:
space:
mode:
authorMathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>2017-09-13 12:09:40 -0700
committerMathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>2017-09-13 12:09:40 -0700
commitb6f94dbeacfc6f0a507413096189304c58dbe66c (patch)
treebce8c7db22209078618294c51d95a0c033aec7d9 /Cryptlib/OpenSSL/crypto/rand
parent25f7fd1fb389a5f6356f353d16c5ead80dac6bbc (diff)
downloadefi-boot-shim-upstream/13_git1505328970.9c1c35c5.tar.gz
efi-boot-shim-upstream/13_git1505328970.9c1c35c5.zip
New upstream version 13~git1505328970.9c1c35c5upstream/13_git1505328970.9c1c35c5
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/rand')
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/md_rand.c540
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/rand_egd.c249
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/rand_err.c77
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/rand_lcl.h128
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/rand_lib.c210
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/rand_unix.c159
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/rand_vms.c133
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/rand_win.c135
-rw-r--r--Cryptlib/OpenSSL/crypto/rand/randfile.c276
9 files changed, 894 insertions, 1013 deletions
diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c
index 85ce4e6f..bd76e23e 100644
--- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c
+++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c
@@ -1,38 +1,134 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSEVP
+#ifdef MD_RAND_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
#include <stdio.h>
#include <string.h>
#include "e_os.h"
-#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS))
-# include <sys/time.h>
-#endif
-#if defined(OPENSSL_SYS_VXWORKS)
-# include <time.h>
-#endif
-
-#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
-#include <openssl/async.h>
#include "rand_lcl.h"
#include <openssl/err.h>
-#include <internal/thread_once.h>
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
#ifdef BN_DEBUG
# define PREDICT
#endif
@@ -48,59 +144,41 @@ static long md_count[2] = { 0, 0 };
static double entropy = 0;
static int initialized = 0;
-static CRYPTO_RWLOCK *rand_lock = NULL;
-static CRYPTO_RWLOCK *rand_tmp_lock = NULL;
-static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT;
-
-/* May be set only when a thread holds rand_lock (to prevent double locking) */
-static unsigned int crypto_lock_rand = 0;
-/* access to locking_threadid is synchronized by rand_tmp_lock */
+static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+ * holds CRYPTO_LOCK_RAND (to
+ * prevent double locking) */
+/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
/* valid iff crypto_lock_rand is set */
-static CRYPTO_THREAD_ID locking_threadid;
+static CRYPTO_THREADID locking_threadid;
#ifdef PREDICT
int rand_predictable = 0;
#endif
-static int rand_hw_seed(EVP_MD_CTX *ctx);
-
-static void rand_cleanup(void);
-static int rand_seed(const void *buf, int num);
-static int rand_add(const void *buf, int num, double add_entropy);
-static int rand_bytes(unsigned char *buf, int num, int pseudo);
-static int rand_nopseudo_bytes(unsigned char *buf, int num);
-#if OPENSSL_API_COMPAT < 0x10100000L
-static int rand_pseudo_bytes(unsigned char *buf, int num);
-#endif
-static int rand_status(void);
-
-static RAND_METHOD rand_meth = {
- rand_seed,
- rand_nopseudo_bytes,
- rand_cleanup,
- rand_add,
-#if OPENSSL_API_COMPAT < 0x10100000L
- rand_pseudo_bytes,
-#else
- NULL,
-#endif
- rand_status
+const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT;
+
+static void ssleay_rand_cleanup(void);
+static void ssleay_rand_seed(const void *buf, int num);
+static void ssleay_rand_add(const void *buf, int num, double add_entropy);
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_status(void);
+
+RAND_METHOD rand_ssleay_meth = {
+ ssleay_rand_seed,
+ ssleay_rand_nopseudo_bytes,
+ ssleay_rand_cleanup,
+ ssleay_rand_add,
+ ssleay_rand_pseudo_bytes,
+ ssleay_rand_status
};
-DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
-{
- OPENSSL_init_crypto(0, NULL);
- rand_lock = CRYPTO_THREAD_lock_new();
- rand_tmp_lock = CRYPTO_THREAD_lock_new();
- return rand_lock != NULL && rand_tmp_lock != NULL;
-}
-
-RAND_METHOD *RAND_OpenSSL(void)
+RAND_METHOD *RAND_SSLeay(void)
{
- return (&rand_meth);
+ return (&rand_ssleay_meth);
}
-static void rand_cleanup(void)
+static void ssleay_rand_cleanup(void)
{
OPENSSL_cleanse(state, sizeof(state));
state_num = 0;
@@ -110,21 +188,18 @@ static void rand_cleanup(void)
md_count[1] = 0;
entropy = 0;
initialized = 0;
- CRYPTO_THREAD_lock_free(rand_lock);
- CRYPTO_THREAD_lock_free(rand_tmp_lock);
}
-static int rand_add(const void *buf, int num, double add)
+static void ssleay_rand_add(const void *buf, int num, double add)
{
int i, j, k, st_idx;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
- EVP_MD_CTX *m;
+ EVP_MD_CTX m;
int do_not_lock;
- int rv = 0;
if (!num)
- return 1;
+ return;
/*
* (Based on the rand(3) manpage)
@@ -141,24 +216,18 @@ static int rand_add(const void *buf, int num, double add)
* hash function.
*/
- m = EVP_MD_CTX_new();
- if (m == NULL)
- goto err;
-
- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
- goto err;
-
/* check if we already have the lock */
if (crypto_lock_rand) {
- CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
- CRYPTO_THREAD_read_lock(rand_tmp_lock);
- do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur);
- CRYPTO_THREAD_unlock(rand_tmp_lock);
+ CRYPTO_THREADID cur;
+ CRYPTO_THREADID_current(&cur);
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
} else
do_not_lock = 0;
if (!do_not_lock)
- CRYPTO_THREAD_write_lock(rand_lock);
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
st_idx = state_index;
/*
@@ -190,28 +259,24 @@ static int rand_add(const void *buf, int num, double add)
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
if (!do_not_lock)
- CRYPTO_THREAD_unlock(rand_lock);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ EVP_MD_CTX_init(&m);
for (i = 0; i < num; i += MD_DIGEST_LENGTH) {
j = (num - i);
j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
- if (!MD_Init(m))
- goto err;
- if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
- goto err;
+ MD_Init(&m);
+ MD_Update(&m, local_md, MD_DIGEST_LENGTH);
k = (st_idx + j) - STATE_SIZE;
if (k > 0) {
- if (!MD_Update(m, &(state[st_idx]), j - k))
- goto err;
- if (!MD_Update(m, &(state[0]), k))
- goto err;
- } else if (!MD_Update(m, &(state[st_idx]), j))
- goto err;
+ MD_Update(&m, &(state[st_idx]), j - k);
+ MD_Update(&m, &(state[0]), k);
+ } else
+ MD_Update(&m, &(state[st_idx]), j);
/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
- if (!MD_Update(m, buf, j))
- goto err;
+ MD_Update(&m, buf, j);
/*
* We know that line may cause programs such as purify and valgrind
* to complain about use of uninitialized data. The problem is not,
@@ -220,10 +285,8 @@ static int rand_add(const void *buf, int num, double add)
* insecure keys.
*/
- if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
- goto err;
- if (!MD_Final(m, local_md))
- goto err;
+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+ MD_Final(&m, local_md);
md_c[1]++;
buf = (const char *)buf + j;
@@ -232,7 +295,7 @@ static int rand_add(const void *buf, int num, double add)
/*
* Parallel threads may interfere with this, but always each byte
* of the new state is the XOR of some previous value of its and
- * local_md (intermediate values may be lost). Alway using locking
+ * local_md (itermediate values may be lost). Alway using locking
* could hurt performance more than necessary given that
* conflicts occur only when the total seeding is longer than the
* random state.
@@ -242,9 +305,10 @@ static int rand_add(const void *buf, int num, double add)
st_idx = 0;
}
}
+ EVP_MD_CTX_cleanup(&m);
if (!do_not_lock)
- CRYPTO_THREAD_write_lock(rand_lock);
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/*
* Don't just copy back local_md into md -- this could mean that other
* thread's seeding remains without effect (except for the incremented
@@ -257,20 +321,19 @@ static int rand_add(const void *buf, int num, double add)
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
if (!do_not_lock)
- CRYPTO_THREAD_unlock(rand_lock);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- rv = 1;
- err:
- EVP_MD_CTX_free(m);
- return rv;
+#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+ assert(md_c[1] == md_count[1]);
+#endif
}
-static int rand_seed(const void *buf, int num)
+static void ssleay_rand_seed(const void *buf, int num)
{
- return rand_add(buf, num, (double)num);
+ ssleay_rand_add(buf, num, (double)num);
}
-static int rand_bytes(unsigned char *buf, int num, int pseudo)
+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
{
static volatile int stirred_pool = 0;
int i, j, k;
@@ -278,32 +341,11 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
- EVP_MD_CTX *m;
+ EVP_MD_CTX m;
#ifndef GETPID_IS_MEANINGLESS
pid_t curr_pid = getpid();
#endif
- time_t curr_time = time(NULL);
int do_stir_pool = 0;
-/* time value for various platforms */
-#ifdef OPENSSL_SYS_WIN32
- FILETIME tv;
-# ifdef _WIN32_WCE
- SYSTEMTIME t;
- GetSystemTime(&t);
- SystemTimeToFileTime(&t, &tv);
-# else
- GetSystemTimeAsFileTime(&tv);
-# endif
-#elif defined(OPENSSL_SYS_VXWORKS)
- struct timespec tv;
- clock_gettime(CLOCK_REALTIME, &ts);
-#elif defined(OPENSSL_SYS_DSPBIOS)
- unsigned long long tv, OPENSSL_rdtsc();
- tv = OPENSSL_rdtsc();
-#else
- struct timeval tv;
- gettimeofday(&tv, NULL);
-#endif
#ifdef PREDICT
if (rand_predictable) {
@@ -318,10 +360,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
if (num <= 0)
return 1;
- m = EVP_MD_CTX_new();
- if (m == NULL)
- goto err_mem;
-
+ EVP_MD_CTX_init(&m);
/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
num_ceil =
(1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
@@ -343,21 +382,13 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
* are fed into the hash function and the results are kept in the
* global 'md'.
*/
+ if (lock)
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
- goto err_mem;
-
- CRYPTO_THREAD_write_lock(rand_lock);
- /*
- * We could end up in an async engine while holding this lock so ensure
- * we don't pause and cause a deadlock
- */
- ASYNC_block_pause();
-
- /* prevent rand_bytes() from trying to obtain the lock again */
- CRYPTO_THREAD_write_lock(rand_tmp_lock);
- locking_threadid = CRYPTO_THREAD_get_current_id();
- CRYPTO_THREAD_unlock(rand_tmp_lock);
+ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+ CRYPTO_THREADID_current(&locking_threadid);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
if (!initialized) {
@@ -391,7 +422,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
* In the output function only half of 'md' remains secret, so we
* better make sure that the required entropy gets 'evenly
* distributed' through 'state', our randomness pool. The input
- * function (rand_add) chains all of 'md', which makes it more
+ * function (ssleay_rand_add) chains all of 'md', which makes it more
* suitable for this purpose.
*/
@@ -403,9 +434,9 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
/*
* Note that the seed does not matter, it's just that
- * rand_add expects to have something to hash.
+ * ssleay_rand_add expects to have something to hash.
*/
- rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+ ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
n -= MD_DIGEST_LENGTH;
}
if (ok)
@@ -431,46 +462,41 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
- ASYNC_unblock_pause();
- CRYPTO_THREAD_unlock(rand_lock);
+ if (lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0) {
/* num_ceil -= MD_DIGEST_LENGTH/2 */
j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
num -= j;
- if (!MD_Init(m))
- goto err;
+ MD_Init(&m);
#ifndef GETPID_IS_MEANINGLESS
if (curr_pid) { /* just in the first iteration to save time */
- if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid))
- goto err;
+ MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid);
curr_pid = 0;
}
#endif
- if (curr_time) { /* just in the first iteration to save time */
- if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time))
- goto err;
- if (!MD_Update(m, (unsigned char *)&tv, sizeof tv))
- goto err;
- curr_time = 0;
- if (!rand_hw_seed(m))
- goto err;
- }
- if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
- goto err;
- if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
- goto err;
+ MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+
+#ifndef PURIFY /* purify complains */
+ /*
+ * The following line uses the supplied buffer as a small source of
+ * entropy: since this buffer is often uninitialised it may cause
+ * programs such as purify or valgrind to complain. So for those
+ * builds it is not used: the removal of such a small source of
+ * entropy has negligible impact on security.
+ */
+ MD_Update(&m, buf, j);
+#endif
k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
if (k > 0) {
- if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
- goto err;
- if (!MD_Update(m, &(state[0]), k))
- goto err;
- } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2))
- goto err;
- if (!MD_Final(m, local_md))
- goto err;
+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k);
+ MD_Update(&m, &(state[0]), k);
+ } else
+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2);
+ MD_Final(&m, local_md);
for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
/* may compete with other threads */
@@ -482,93 +508,69 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
}
}
- if (!MD_Init(m)
- || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))
- || !MD_Update(m, local_md, MD_DIGEST_LENGTH))
- goto err;
- CRYPTO_THREAD_write_lock(rand_lock);
- /*
- * Prevent deadlocks if we end up in an async engine
- */
- ASYNC_block_pause();
- if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) {
- CRYPTO_THREAD_unlock(rand_lock);
- goto err;
- }
- ASYNC_unblock_pause();
- CRYPTO_THREAD_unlock(rand_lock);
-
- EVP_MD_CTX_free(m);
+ MD_Init(&m);
+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+ MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+ if (lock)
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ MD_Update(&m, md, MD_DIGEST_LENGTH);
+ MD_Final(&m, md);
+ if (lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+ EVP_MD_CTX_cleanup(&m);
if (ok)
return (1);
else if (pseudo)
return 0;
else {
- RANDerr(RAND_F_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
+ RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
- "https://www.openssl.org/docs/faq.html");
+ "http://www.openssl.org/support/faq.html");
return (0);
}
- err:
- RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB);
- EVP_MD_CTX_free(m);
- return 0;
- err_mem:
- RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE);
- EVP_MD_CTX_free(m);
- return 0;
-
}
-static int rand_nopseudo_bytes(unsigned char *buf, int num)
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
{
- return rand_bytes(buf, num, 0);
+ return ssleay_rand_bytes(buf, num, 0, 1);
}
-#if OPENSSL_API_COMPAT < 0x10100000L
/*
* pseudo-random bytes that are guaranteed to be unique but not unpredictable
*/
-static int rand_pseudo_bytes(unsigned char *buf, int num)
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
{
- return rand_bytes(buf, num, 1);
+ return ssleay_rand_bytes(buf, num, 1, 1);
}
-#endif
-static int rand_status(void)
+static int ssleay_rand_status(void)
{
- CRYPTO_THREAD_ID cur;
+ CRYPTO_THREADID cur;
int ret;
int do_not_lock;
- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
- return 0;
-
- cur = CRYPTO_THREAD_get_current_id();
+ CRYPTO_THREADID_current(&cur);
/*
* check if we already have the lock (could happen if a RAND_poll()
* implementation calls RAND_status())
*/
if (crypto_lock_rand) {
- CRYPTO_THREAD_read_lock(rand_tmp_lock);
- do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur);
- CRYPTO_THREAD_unlock(rand_tmp_lock);
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
} else
do_not_lock = 0;
if (!do_not_lock) {
- CRYPTO_THREAD_write_lock(rand_lock);
- /*
- * Prevent deadlocks in case we end up in an async engine
- */
- ASYNC_block_pause();
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/*
- * prevent rand_bytes() from trying to obtain the lock again
+ * prevent ssleay_rand_bytes() from trying to obtain the lock again
*/
- CRYPTO_THREAD_write_lock(rand_tmp_lock);
- locking_threadid = cur;
- CRYPTO_THREAD_unlock(rand_tmp_lock);
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+ CRYPTO_THREADID_cpy(&locking_threadid, &cur);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
}
@@ -583,84 +585,8 @@ static int rand_status(void)
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
- ASYNC_unblock_pause();
- CRYPTO_THREAD_unlock(rand_lock);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
return ret;
}
-
-/*
- * rand_hw_seed: get seed data from any available hardware RNG. only
- * currently supports rdrand.
- */
-
-/* Adapted from eng_rdrand.c */
-
-#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \
- && !defined(OPENSSL_NO_RDRAND)
-
-# define RDRAND_CALLS 4
-
-size_t OPENSSL_ia32_rdrand(void);
-extern unsigned int OPENSSL_ia32cap_P[];
-
-static int rand_hw_seed(EVP_MD_CTX *ctx)
-{
- int i;
- if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
- return 1;
- for (i = 0; i < RDRAND_CALLS; i++) {
- size_t rnd;
- rnd = OPENSSL_ia32_rdrand();
- if (rnd == 0)
- return 1;
- if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t)))
- return 0;
- }
- return 1;
-}
-
-/* XOR an existing buffer with random data */
-
-void rand_hw_xor(unsigned char *buf, size_t num)
-{
- size_t rnd;
- if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
- return;
- while (num >= sizeof(size_t)) {
- rnd = OPENSSL_ia32_rdrand();
- if (rnd == 0)
- return;
- *((size_t *)buf) ^= rnd;
- buf += sizeof(size_t);
- num -= sizeof(size_t);
- }
- if (num) {
- rnd = OPENSSL_ia32_rdrand();
- if (rnd == 0)
- return;
- while (num) {
- *buf ^= rnd & 0xff;
- rnd >>= 8;
- buf++;
- num--;
- }
- }
-}
-
-#else
-
-static int rand_hw_seed(EVP_MD_CTX *ctx)
-{
- return 1;
-}
-
-void rand_hw_xor(unsigned char *buf, size_t num)
-{
- return;
-}
-
-#endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c
deleted file mode 100644
index dd58b214..00000000
--- a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_EGD
-NON_EMPTY_TRANSLATION_UNIT
-#else
-
-# include <openssl/crypto.h>
-# include <openssl/e_os2.h>
-# include <openssl/rand.h>
-
-/*-
- * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
- *
- * This module supplies three routines:
- *
- * RAND_query_egd_bytes(path, buf, bytes)
- * will actually query "bytes" bytes of entropy form the egd-socket located
- * at path and will write them to buf (if supplied) or will directly feed
- * it to RAND_seed() if buf==NULL.
- * The number of bytes is not limited by the maximum chunk size of EGD,
- * which is 255 bytes. If more than 255 bytes are wanted, several chunks
- * of entropy bytes are requested. The connection is left open until the
- * query is competed.
- * RAND_query_egd_bytes() returns with
- * -1 if an error occurred during connection or communication.
- * num the number of bytes read from the EGD socket. This number is either
- * the number of bytes requested or smaller, if the EGD pool is
- * drained and the daemon signals that the pool is empty.
- * This routine does not touch any RAND_status(). This is necessary, since
- * PRNG functions may call it during initialization.
- *
- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
- * used to seed the PRNG.
- * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
- * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
- * seed status so that the return value can reflect the seed state:
- * -1 if an error occurred during connection or communication _or_
- * if the PRNG has still not received the required seeding.
- * num the number of bytes read from the EGD socket. This number is either
- * the number of bytes requested or smaller, if the EGD pool is
- * drained and the daemon signals that the pool is empty.
- *
- * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed
- * the PRNG.
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-{
- return (-1);
-}
-
-int RAND_egd(const char *path)
-{
- return (-1);
-}
-
-int RAND_egd_bytes(const char *path, int bytes)
-{
- return (-1);
-}
-# else
-# include <openssl/opensslconf.h>
-# include OPENSSL_UNISTD
-# include <stddef.h>
-# include <sys/types.h>
-# include <sys/socket.h>
-# ifndef NO_SYS_UN_H
-# ifdef OPENSSL_SYS_VXWORKS
-# include <streams/un.h>
-# else
-# include <sys/un.h>
-# endif
-# else
-struct sockaddr_un {
- short sun_family; /* AF_UNIX */
- char sun_path[108]; /* path name (gag) */
-};
-# endif /* NO_SYS_UN_H */
-# include <string.h>
-# include <errno.h>
-
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-{
- int ret = 0;
- struct sockaddr_un addr;
- int len, num, numbytes;
- int fd = -1;
- int success;
- unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- if (strlen(path) >= sizeof(addr.sun_path))
- return (-1);
- OPENSSL_strlcpy(addr.sun_path, path, sizeof addr.sun_path);
- len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (fd == -1)
- return (-1);
- success = 0;
- while (!success) {
- if (connect(fd, (struct sockaddr *)&addr, len) == 0)
- success = 1;
- else {
- switch (errno) {
-# ifdef EINTR
- case EINTR:
-# endif
-# ifdef EAGAIN
- case EAGAIN:
-# endif
-# ifdef EINPROGRESS
- case EINPROGRESS:
-# endif
-# ifdef EALREADY
- case EALREADY:
-# endif
- /* No error, try again */
- break;
-# ifdef EISCONN
- case EISCONN:
- success = 1;
- break;
-# endif
- default:
- ret = -1;
- goto err; /* failure */
- }
- }
- }
-
- while (bytes > 0) {
- egdbuf[0] = 1;
- egdbuf[1] = bytes < 255 ? bytes : 255;
- numbytes = 0;
- while (numbytes != 2) {
- num = write(fd, egdbuf + numbytes, 2 - numbytes);
- if (num >= 0)
- numbytes += num;
- else {
- switch (errno) {
-# ifdef EINTR
- case EINTR:
-# endif
-# ifdef EAGAIN
- case EAGAIN:
-# endif
- /* No error, try again */
- break;
- default:
- ret = -1;
- goto err; /* failure */
- }
- }
- }
- numbytes = 0;
- while (numbytes != 1) {
- num = read(fd, egdbuf, 1);
- if (num == 0)
- goto err; /* descriptor closed */
- else if (num > 0)
- numbytes += num;
- else {
- switch (errno) {
-# ifdef EINTR
- case EINTR:
-# endif
-# ifdef EAGAIN
- case EAGAIN:
-# endif
- /* No error, try again */
- break;
- default:
- ret = -1;
- goto err; /* failure */
- }
- }
- }
- if (egdbuf[0] == 0)
- goto err;
- if (buf)
- retrievebuf = buf + ret;
- else
- retrievebuf = tempbuf;
- numbytes = 0;
- while (numbytes != egdbuf[0]) {
- num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
- if (num == 0)
- goto err; /* descriptor closed */
- else if (num > 0)
- numbytes += num;
- else {
- switch (errno) {
-# ifdef EINTR
- case EINTR:
-# endif
-# ifdef EAGAIN
- case EAGAIN:
-# endif
- /* No error, try again */
- break;
- default:
- ret = -1;
- goto err; /* failure */
- }
- }
- }
- ret += egdbuf[0];
- bytes -= egdbuf[0];
- if (!buf)
- RAND_seed(tempbuf, egdbuf[0]);
- }
- err:
- if (fd != -1)
- close(fd);
- return (ret);
-}
-
-int RAND_egd_bytes(const char *path, int bytes)
-{
- int num, ret = -1;
-
- num = RAND_query_egd_bytes(path, NULL, bytes);
- if (num < 0)
- goto err;
- if (RAND_status() == 1)
- ret = num;
- err:
- return (ret);
-}
-
-int RAND_egd(const char *path)
-{
- return (RAND_egd_bytes(path, 255));
-}
-
-# endif
-
-#endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c
index 55431264..55d86ea8 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c
@@ -1,11 +1,62 @@
-/*
- * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rand/rand_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
*/
#include <stdio.h>
@@ -19,18 +70,25 @@
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
static ERR_STRING_DATA RAND_str_functs[] = {
- {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"},
+ {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
+ {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"},
+ {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
{0, NULL}
};
static ERR_STRING_DATA RAND_str_reasons[] = {
+ {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"},
+ {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
+ {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
+ {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),
+ "no fips random method set"},
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
{0, NULL}
};
#endif
-int ERR_load_RAND_strings(void)
+void ERR_load_RAND_strings(void)
{
#ifndef OPENSSL_NO_ERR
@@ -39,5 +97,4 @@ int ERR_load_RAND_strings(void)
ERR_load_strings(0, RAND_str_reasons);
}
#endif
- return 1;
}
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h
index d98c90e2..f9fda3eb 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h
@@ -1,10 +1,112 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rand/rand_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#ifndef HEADER_RAND_LCL_H
@@ -13,7 +115,17 @@
# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-# define USE_SHA1_RAND
+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+# define USE_SHA1_RAND
+# elif !defined(OPENSSL_NO_MD5)
+# define USE_MD5_RAND
+# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+# define USE_MDC2_RAND
+# elif !defined(OPENSSL_NO_MD2)
+# define USE_MD2_RAND
+# else
+# error No message digest algorithm available
+# endif
# endif
# include <openssl/evp.h>
@@ -41,6 +153,6 @@
# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
# endif
-void rand_hw_xor(unsigned char *buf, size_t num);
+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock);
#endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c
index 23871267..88a78d35 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c
@@ -1,23 +1,74 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <time.h>
-#include "internal/cryptlib.h"
-#include <openssl/opensslconf.h>
-#include "internal/rand.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
-#include <openssl/engine.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
# include <openssl/fips_rand.h>
+# include "rand_lcl.h"
#endif
#ifndef OPENSSL_NO_ENGINE
@@ -29,8 +80,10 @@ static const RAND_METHOD *default_RAND_meth = NULL;
int RAND_set_rand_method(const RAND_METHOD *meth)
{
#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(funct_ref);
- funct_ref = NULL;
+ if (funct_ref) {
+ ENGINE_finish(funct_ref);
+ funct_ref = NULL;
+ }
#endif
default_RAND_meth = meth;
return 1;
@@ -43,7 +96,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
ENGINE *e = ENGINE_get_default_RAND();
if (e) {
default_RAND_meth = ENGINE_get_RAND(e);
- if (default_RAND_meth == NULL) {
+ if (!default_RAND_meth) {
ENGINE_finish(e);
e = NULL;
}
@@ -52,7 +105,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
funct_ref = e;
else
#endif
- default_RAND_meth = RAND_OpenSSL();
+ default_RAND_meth = RAND_SSLeay();
}
return default_RAND_meth;
}
@@ -65,7 +118,7 @@ int RAND_set_rand_engine(ENGINE *engine)
if (!ENGINE_init(engine))
return 0;
tmp_meth = ENGINE_get_RAND(engine);
- if (tmp_meth == NULL) {
+ if (!tmp_meth) {
ENGINE_finish(engine);
return 0;
}
@@ -77,7 +130,7 @@ int RAND_set_rand_engine(ENGINE *engine)
}
#endif
-void rand_cleanup_int(void)
+void RAND_cleanup(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->cleanup)
@@ -107,7 +160,6 @@ int RAND_bytes(unsigned char *buf, int num)
return (-1);
}
-#if OPENSSL_API_COMPAT < 0x10100000L
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
@@ -115,7 +167,6 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
return meth->pseudorand(buf, num);
return (-1);
}
-#endif
int RAND_status(void)
{
@@ -124,3 +175,126 @@ int RAND_status(void)
return meth->status();
return 0;
}
+
+#ifdef OPENSSL_FIPS
+
+/*
+ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest
+ * of OpenSSL.
+ */
+
+/*
+ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
+ * entropy internally through RAND_poll().
+ */
+
+static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len)
+{
+ /* Round up request to multiple of block size */
+ min_len = ((min_len + 19) / 20) * 20;
+ *pout = OPENSSL_malloc(min_len);
+ if (!*pout)
+ return 0;
+ if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) {
+ OPENSSL_free(*pout);
+ *pout = NULL;
+ return 0;
+ }
+ return min_len;
+}
+
+static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
+{
+ if (out) {
+ OPENSSL_cleanse(out, olen);
+ OPENSSL_free(out);
+ }
+}
+
+/*
+ * Set "additional input" when generating random data. This uses the current
+ * PID, a time value and a counter.
+ */
+
+static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
+{
+ /* Use of static variables is OK as this happens under a lock */
+ static unsigned char buf[16];
+ static unsigned long counter;
+ FIPS_get_timevec(buf, &counter);
+ *pout = buf;
+ return sizeof(buf);
+}
+
+/*
+ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is
+ * correctly seeded by RAND_poll().
+ */
+
+static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
+ double entropy)
+{
+ RAND_SSLeay()->add(in, inlen, entropy);
+ return 1;
+}
+
+static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
+{
+ RAND_SSLeay()->seed(in, inlen);
+ return 1;
+}
+
+# ifndef OPENSSL_DRBG_DEFAULT_TYPE
+# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr
+# endif
+# ifndef OPENSSL_DRBG_DEFAULT_FLAGS
+# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF
+# endif
+
+static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
+static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
+
+void RAND_set_fips_drbg_type(int type, int flags)
+{
+ fips_drbg_type = type;
+ fips_drbg_flags = flags;
+}
+
+int RAND_init_fips(void)
+{
+ DRBG_CTX *dctx;
+ size_t plen;
+ unsigned char pers[32], *p;
+# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+ if (fips_drbg_type >> 16) {
+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+ return 0;
+ }
+# endif
+
+ dctx = FIPS_get_default_drbg();
+ if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) {
+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
+ return 0;
+ }
+
+ FIPS_drbg_set_callbacks(dctx,
+ drbg_get_entropy, drbg_free_entropy, 20,
+ drbg_get_entropy, drbg_free_entropy);
+ FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
+ drbg_rand_seed, drbg_rand_add);
+ /* Personalisation string: a string followed by date time vector */
+ strcpy((char *)pers, "OpenSSL DRBG2.0");
+ plen = drbg_get_adin(dctx, &p);
+ memcpy(pers + 16, p, plen);
+
+ if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) {
+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
+ return 0;
+ }
+ FIPS_rand_set_method(FIPS_drbg_method());
+ return 1;
+}
+
+#endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c
index ecba2dc9..11ee152d 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c
@@ -1,21 +1,122 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rand/rand_unix.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
-
#include <stdio.h>
#define USE_SOCKETS
#include "e_os.h"
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
# include <sys/types.h>
# include <sys/time.h>
@@ -143,17 +244,17 @@ int RAND_poll(void)
{
unsigned long l;
pid_t curr_pid = getpid();
-# if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
unsigned char tmpbuf[ENTROPY_NEEDED];
int n = 0;
# endif
# ifdef DEVRANDOM
static const char *randomfiles[] = { DEVRANDOM };
- struct stat randomstats[OSSL_NELEM(randomfiles)];
+ struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])];
int fd;
unsigned int i;
# endif
-# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
+# ifdef DEVRANDOM_EGD
static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
const char **egdsocket = NULL;
# endif
@@ -166,7 +267,8 @@ int RAND_poll(void)
* out of random entries.
*/
- for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {
+ for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
+ (n < ENTROPY_NEEDED); i++) {
if ((fd = open(randomfiles[i], O_RDONLY
# ifdef O_NONBLOCK
| O_NONBLOCK
@@ -205,7 +307,14 @@ int RAND_poll(void)
do {
int try_read = 0;
-# if defined(OPENSSL_SYS_LINUX)
+# if defined(OPENSSL_SYS_BEOS_R5)
+ /*
+ * select() is broken in BeOS R5, so we simply try to read
+ * something and snooze if we couldn't
+ */
+ try_read = 1;
+
+# elif defined(OPENSSL_SYS_LINUX)
/* use poll() */
struct pollfd pset;
@@ -249,6 +358,10 @@ int RAND_poll(void)
ENTROPY_NEEDED - n);
if (r > 0)
n += r;
+# if defined(OPENSSL_SYS_BEOS_R5)
+ if (r == 0)
+ snooze(t.tv_usec);
+# endif
} else
r = -1;
@@ -270,7 +383,7 @@ int RAND_poll(void)
}
# endif /* defined(DEVRANDOM) */
-# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
+# ifdef DEVRANDOM_EGD
/*
* Use an EGD socket to read entropy from an EGD or PRNGD entropy
* collecting daemon.
@@ -287,7 +400,7 @@ int RAND_poll(void)
}
# endif /* defined(DEVRANDOM_EGD) */
-# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
if (n > 0) {
RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
OPENSSL_cleanse(tmpbuf, n);
@@ -303,7 +416,15 @@ int RAND_poll(void)
l = time(NULL);
RAND_add(&l, sizeof(l), 0.0);
-# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
+# if defined(OPENSSL_SYS_BEOS)
+ {
+ system_info sysInfo;
+ get_system_info(&sysInfo);
+ RAND_add(&sysInfo, sizeof(sysInfo), 0);
+ }
+# endif
+
+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
return 1;
# else
return 0;
@@ -314,7 +435,9 @@ int RAND_poll(void)
#endif /* !(defined(OPENSSL_SYS_WINDOWS) ||
* defined(OPENSSL_SYS_WIN32) ||
* defined(OPENSSL_SYS_VMS) ||
- * defined(OPENSSL_SYS_VXWORKS) */
+ * defined(OPENSSL_SYS_OS2) ||
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
int RAND_poll(void)
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_vms.c b/Cryptlib/OpenSSL/crypto/rand/rand_vms.c
deleted file mode 100644
index 9c462dd3..00000000
--- a/Cryptlib/OpenSSL/crypto/rand/rand_vms.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Modified by VMS Software, Inc (2016)
- * Eliminate looping through all processes (performance)
- * Add additional randomizations using rand() function
- */
-
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined(OPENSSL_SYS_VMS)
-# include <descrip.h>
-# include <jpidef.h>
-# include <ssdef.h>
-# include <starlet.h>
-# include <efndef>
-# ifdef __DECC
-# pragma message disable DOLLARID
-# endif
-
-/*
- * Use 32-bit pointers almost everywhere. Define the type to which to cast a
- * pointer passed to an external function.
- */
-# if __INITIAL_POINTER_SIZE == 64
-# define PTR_T __void_ptr64
-# pragma pointer_size save
-# pragma pointer_size 32
-# else /* __INITIAL_POINTER_SIZE == 64 */
-# define PTR_T void *
-# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-static struct items_data_st {
- short length, code; /* length is number of bytes */
-} items_data[] = {
- {4, JPI$_BUFIO},
- {4, JPI$_CPUTIM},
- {4, JPI$_DIRIO},
- {4, JPI$_IMAGECOUNT},
- {8, JPI$_LAST_LOGIN_I},
- {8, JPI$_LOGINTIM},
- {4, JPI$_PAGEFLTS},
- {4, JPI$_PID},
- {4, JPI$_PPGCNT},
- {4, JPI$_WSPEAK},
- {4, JPI$_FINALEXC},
- {0, 0} /* zero terminated */
-};
-
-int RAND_poll(void)
-{
-
- /* determine the number of items in the JPI array */
-
- struct items_data_st item_entry;
- int item_entry_count = sizeof(items_data)/sizeof(item_entry);
-
- /* Create the JPI itemlist array to hold item_data content */
-
- struct {
- short length, code;
- int *buffer;
- int *retlen;
- } item[item_entry_count], *pitem; /* number of entries in items_data */
-
- struct items_data_st *pitems_data;
- int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */
- int iosb[2];
- int sys_time[2];
- int *ptr;
- int i, j ;
- int tmp_length = 0;
- int total_length = 0;
-
- pitems_data = items_data;
- pitem = item;
-
-
- /* Setup itemlist for GETJPI */
- while (pitems_data->length) {
- pitem->length = pitems_data->length;
- pitem->code = pitems_data->code;
- pitem->buffer = &data_buffer[total_length];
- pitem->retlen = 0;
- /* total_length is in longwords */
- total_length += pitems_data->length/4;
- pitems_data++;
- pitem ++;
- }
- pitem->length = pitem->code = 0;
-
- /* Fill data_buffer with various info bits from this process */
- /* and twist that data to seed the SSL random number init */
-
- if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) {
- for (i = 0; i < total_length; i++) {
- sys$gettim((struct _generic_64 *)&sys_time[0]);
- srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i);
-
- if (i == (total_length - 1)) { /* for JPI$_FINALEXC */
- ptr = &data_buffer[i];
- for (j = 0; j < 4; j++) {
- data_buffer[i + j] = ptr[j];
- /* OK to use rand() just to scramble the seed */
- data_buffer[i + j] ^= (sys_time[0] ^ rand());
- tmp_length++;
- }
- } else {
- /* OK to use rand() just to scramble the seed */
- data_buffer[i] ^= (sys_time[0] ^ rand());
- }
- }
-
- total_length += (tmp_length - 1);
-
- /* size of seed is total_length*4 bytes (64bytes) */
- RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2);
- } else {
- return 0;
- }
-
- return 1;
-}
-
-#endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c
deleted file mode 100644
index 1be0ed3c..00000000
--- a/Cryptlib/OpenSSL/crypto/rand/rand_win.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "internal/cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-# include <windows.h>
-/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
-# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
-# define RAND_WINDOWS_USE_BCRYPT
-# endif
-
-# ifdef RAND_WINDOWS_USE_BCRYPT
-# include <bcrypt.h>
-# pragma comment(lib, "bcrypt.lib")
-# ifndef STATUS_SUCCESS
-# define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
-# endif
-# else
-# include <wincrypt.h>
-/*
- * Intel hardware RNG CSP -- available from
- * http://developer.intel.com/design/security/rng/redist_license.htm
- */
-# define PROV_INTEL_SEC 22
-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
-# endif
-
-static void readtimer(void);
-
-int RAND_poll(void)
-{
- MEMORYSTATUS mst;
-# ifndef RAND_WINDOWS_USE_BCRYPT
- HCRYPTPROV hProvider;
-# endif
- DWORD w;
- BYTE buf[64];
-
-# ifdef RAND_WINDOWS_USE_BCRYPT
- if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
- RAND_add(buf, sizeof(buf), sizeof(buf));
- }
-# else
- /* poll the CryptoAPI PRNG */
- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
- if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
- RAND_add(buf, sizeof(buf), sizeof(buf));
- }
- CryptReleaseContext(hProvider, 0);
- }
-
- /* poll the Pentium PRG with CryptoAPI */
- if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
- if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
- RAND_add(buf, sizeof(buf), sizeof(buf));
- }
- CryptReleaseContext(hProvider, 0);
- }
-# endif
-
- /* timer data */
- readtimer();
-
- /* memory usage statistics */
- GlobalMemoryStatus(&mst);
- RAND_add(&mst, sizeof(mst), 1);
-
- /* process ID */
- w = GetCurrentProcessId();
- RAND_add(&w, sizeof(w), 1);
-
- return (1);
-}
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
-{
- RAND_poll();
- return RAND_status();
-}
-
-void RAND_screen(void)
-{
- RAND_poll();
-}
-#endif
-
-/* feed timing information to the PRNG */
-static void readtimer(void)
-{
- DWORD w;
- LARGE_INTEGER l;
- static int have_perfc = 1;
-# if defined(_MSC_VER) && defined(_M_X86)
- static int have_tsc = 1;
- DWORD cyclecount;
-
- if (have_tsc) {
- __try {
- __asm {
- _emit 0x0f _emit 0x31 mov cyclecount, eax}
- RAND_add(&cyclecount, sizeof(cyclecount), 1);
- }
- __except(EXCEPTION_EXECUTE_HANDLER) {
- have_tsc = 0;
- }
- }
-# else
-# define have_tsc 0
-# endif
-
- if (have_perfc) {
- if (QueryPerformanceCounter(&l) == 0)
- have_perfc = 0;
- else
- RAND_add(&l, sizeof(l), 0);
- }
-
- if (!have_tsc && !have_perfc) {
- w = GetTickCount();
- RAND_add(&w, sizeof(w), 0);
- }
-}
-
-#endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c
index 15fa9dce..728fd0a7 100644
--- a/Cryptlib/OpenSSL/crypto/rand/randfile.c
+++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c
@@ -1,19 +1,67 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rand/randfile.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
-#include "internal/cryptlib.h"
-
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include "e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
@@ -57,52 +105,23 @@
# define chmod _chmod
# define open _open
# define fdopen _fdopen
-# define fstat _fstat
-# define fileno _fileno
#endif
#undef BUFSIZE
#define BUFSIZE 1024
#define RAND_DATA 1024
-#ifdef OPENSSL_SYS_VMS
-/*
- * Misc hacks needed for specific cases.
- *
- * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
- * to make sure the FILE* is a 32-bit pointer no matter what. We know that
- * stdio function return this type (a study of stdio.h proves it).
- * Additionally, we create a similar char pointer type for the sake of
- * vms_setbuf below.
- */
-# if __INITIAL_POINTER_SIZE == 64
-# pragma pointer_size save
-# pragma pointer_size 32
-typedef char *char_ptr32;
-# pragma pointer_size restore
-/*
- * On VMS, setbuf() will only take 32-bit pointers, and a compilation
- * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
- * Since we know that the FILE* really is a 32-bit pointer expanded to
- * 64 bits, we also know it's safe to convert it back to a 32-bit pointer.
- * As for the buffer parameter, we only use NULL here, so that passes as
- * well...
- */
-# define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf))
-# endif
-
+#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64)))
/*
* This declaration is a nasty hack to get around vms' extension to fopen for
- * passing in sharing options being disabled by /STANDARD=ANSI89
+ * passing in sharing options being disabled by our /STANDARD=ANSI89
*/
-static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
- (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
+static FILE *(*const vms_fopen)(const char *, const char *, ...) =
+ (FILE *(*)(const char *, const char *, ...))fopen;
# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
-
-# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
#endif
-#define RFILE ".rnd"
+/* #define RFILE ".rnd" - defined in ../../e_os.h */
/*
* Note that these functions are intended for seed files only. Entropy
@@ -116,24 +135,35 @@ int RAND_load_file(const char *file, long bytes)
* if bytes == -1, read complete file.
*/
- unsigned char buf[BUFSIZE];
+ MS_STATIC unsigned char buf[BUFSIZE];
#ifndef OPENSSL_NO_POSIX_IO
struct stat sb;
#endif
int i, ret = 0, n;
- FILE *in = NULL;
+/*
+ * If setvbuf() is to be called, then the FILE pointer
+ * to it must be 32 bit.
+*/
+
+#if !defined OPENSSL_NO_SETVBUF_IONBF && defined(OPENSSL_SYS_VMS) && defined(__VMS_VER) && (__VMS_VER >= 70000000)
+ /* For 64-bit-->32 bit API Support*/
+#if __INITIAL_POINTER_SIZE == 64
+#pragma __required_pointer_size __save
+#pragma __required_pointer_size 32
+#endif
+ FILE *in; /* setvbuf() requires 32-bit pointers */
+#if __INITIAL_POINTER_SIZE == 64
+#pragma __required_pointer_size __restore
+#endif
+#else
+ FILE *in;
+#endif /* OPENSSL_SYS_VMS */
if (file == NULL)
- return 0;
-
- if (bytes == 0)
- return ret;
-
- in = openssl_fopen(file, "rb");
- if (in == NULL)
- goto err;
+ return (0);
#ifndef OPENSSL_NO_POSIX_IO
+# ifdef PURIFY
/*
* struct stat can have padding and unused fields that may not be
* initialized in the call to stat(). We need to clear the entire
@@ -141,11 +171,22 @@ int RAND_load_file(const char *file, long bytes)
* applications such as Valgrind.
*/
memset(&sb, 0, sizeof(sb));
- if (fstat(fileno(in), &sb) < 0)
- goto err;
+# endif
+ if (stat(file, &sb) < 0)
+ return (0);
RAND_add(&sb, sizeof(sb), 0.0);
+#endif
+ if (bytes == 0)
+ return (ret);
-# if defined(S_ISBLK) && defined(S_ISCHR)
+#ifdef OPENSSL_SYS_VMS
+ in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
+#else
+ in = fopen(file, "rb");
+#endif
+ if (in == NULL)
+ goto err;
+#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
/*
* this file is a device. we don't want read an infinite number of
@@ -153,9 +194,10 @@ int RAND_load_file(const char *file, long bytes)
* because we will waste system entropy.
*/
bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
- setbuf(in, NULL); /* don't do buffered reads */
+# ifndef OPENSSL_NO_SETVBUF_IONBF
+ setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
}
-# endif
#endif
for (;;) {
if (bytes > 0)
@@ -165,8 +207,12 @@ int RAND_load_file(const char *file, long bytes)
i = fread(buf, 1, n, in);
if (i <= 0)
break;
-
+#ifdef PURIFY
RAND_add(buf, i, (double)i);
+#else
+ /* even if n != i, use the full array */
+ RAND_add(buf, n, (double)i);
+#endif
ret += i;
if (bytes > 0) {
bytes -= n;
@@ -174,11 +220,10 @@ int RAND_load_file(const char *file, long bytes)
break;
}
}
+ fclose(in);
OPENSSL_cleanse(buf, BUFSIZE);
err:
- if (in != NULL)
- fclose(in);
- return ret;
+ return (ret);
}
int RAND_write_file(const char *file)
@@ -190,15 +235,9 @@ int RAND_write_file(const char *file)
#ifndef OPENSSL_NO_POSIX_IO
struct stat sb;
-# if defined(S_ISBLK) && defined(S_ISCHR)
-# ifdef _WIN32
- /*
- * Check for |file| being a driver as "ASCII-safe" on Windows,
- * because driver paths are always ASCII.
- */
-# endif
i = stat(file, &sb);
if (i != -1) {
+# if defined(S_ISBLK) && defined(S_ISCHR)
if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
/*
* this file is a device. we don't write back to it. we
@@ -206,14 +245,13 @@ int RAND_write_file(const char *file)
* device. Otherwise attempting to write to and chmod the device
* causes problems.
*/
- return 1;
+ return (1);
}
- }
# endif
+ }
#endif
-#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
- !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
{
# ifndef O_BINARY
# define O_BINARY 0
@@ -228,7 +266,7 @@ int RAND_write_file(const char *file)
}
#endif
-#ifdef OPENSSL_SYS_VMS
+#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64)))
/*
* VMS NOTE: Prior versions of this routine created a _new_ version of
* the rand file for each call into this routine, then deleted all
@@ -247,14 +285,17 @@ int RAND_write_file(const char *file)
* rand file in a concurrent use situation.
*/
- out = openssl_fopen(file, "rb+");
-#endif
+ out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS);
if (out == NULL)
- out = openssl_fopen(file, "wb");
+ out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
+#else
+ if (out == NULL)
+ out = fopen(file, "wb");
+#endif
if (out == NULL)
goto err;
-#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
+#ifndef NO_CHMOD
chmod(file, 0600);
#endif
n = RAND_DATA;
@@ -282,70 +323,31 @@ int RAND_write_file(const char *file)
const char *RAND_file_name(char *buf, size_t size)
{
char *s = NULL;
- int use_randfile = 1;
#ifdef __OpenBSD__
struct stat sb;
#endif
-#if defined(_WIN32) && defined(CP_UTF8)
- DWORD len;
- WCHAR *var, *val;
-
- if ((var = L"RANDFILE",
- len = GetEnvironmentVariableW(var, NULL, 0)) == 0
- && (var = L"HOME", use_randfile = 0,
- len = GetEnvironmentVariableW(var, NULL, 0)) == 0
- && (var = L"USERPROFILE",
- len = GetEnvironmentVariableW(var, NULL, 0)) == 0) {
- var = L"SYSTEMROOT",
- len = GetEnvironmentVariableW(var, NULL, 0);
- }
-
- if (len != 0) {
- int sz;
-
- val = _alloca(len * sizeof(WCHAR));
-
- if (GetEnvironmentVariableW(var, val, len) < len
- && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
- NULL, NULL)) != 0) {
- s = _alloca(sz);
- if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
- NULL, NULL) == 0)
- s = NULL;
- }
- }
-#else
- if (OPENSSL_issetugid() != 0) {
- use_randfile = 0;
- } else {
+ if (OPENSSL_issetugid() == 0)
s = getenv("RANDFILE");
- if (s == NULL || *s == '\0') {
- use_randfile = 0;
+ if (s != NULL && *s && strlen(s) + 1 < size) {
+ if (BUF_strlcpy(buf, s, size) >= size)
+ return NULL;
+ } else {
+ if (OPENSSL_issetugid() == 0)
s = getenv("HOME");
- }
- }
-#endif
#ifdef DEFAULT_HOME
- if (!use_randfile && s == NULL) {
- s = DEFAULT_HOME;
- }
+ if (s == NULL) {
+ s = DEFAULT_HOME;
+ }
#endif
- if (s != NULL && *s) {
- size_t len = strlen(s);
-
- if (use_randfile && len + 1 < size) {
- if (OPENSSL_strlcpy(buf, s, size) >= size)
- return NULL;
- } else if (len + strlen(RFILE) + 2 < size) {
- OPENSSL_strlcpy(buf, s, size);
+ if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) {
+ BUF_strlcpy(buf, s, size);
#ifndef OPENSSL_SYS_VMS
- OPENSSL_strlcat(buf, "/", size);
+ BUF_strlcat(buf, "/", size);
#endif
- OPENSSL_strlcat(buf, RFILE, size);
- }
- } else {
- buf[0] = '\0'; /* no file name */
+ BUF_strlcat(buf, RFILE, size);
+ } else
+ buf[0] = '\0'; /* no file name */
}
#ifdef __OpenBSD__
@@ -357,10 +359,14 @@ const char *RAND_file_name(char *buf, size_t size)
* available.
*/
- if (!buf[0] || stat(buf, &sb) == -1)
- if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
- return NULL;
+ if (!buf[0])
+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+ return (NULL);
+ }
+ if (stat(buf, &sb) == -1)
+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+ return (NULL);
}
#endif
- return buf[0] ? buf : NULL;
+ return (buf);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-01 23:16:15 +0000