diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/rand')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/md_rand.c | 546 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 249 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/rand_err.c | 77 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/rand_lcl.h | 128 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 210 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 161 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/rand_vms.c | 133 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/rand_win.c | 135 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/rand/randfile.c | 283 |
9 files changed, 1038 insertions, 884 deletions
diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c index 5c13d577..85ce4e6f 100644 --- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c +++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c @@ -1,134 +1,38 @@ -/* crypto/rand/md_rand.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#define OPENSSL_FIPSEVP - -#ifdef MD_RAND_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif - -#include <assert.h> #include <stdio.h> #include <string.h> #include "e_os.h" +#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS)) +# include <sys/time.h> +#endif +#if defined(OPENSSL_SYS_VXWORKS) +# include <time.h> +#endif + +#include <openssl/opensslconf.h> #include <openssl/crypto.h> #include <openssl/rand.h> +#include <openssl/async.h> #include "rand_lcl.h" #include <openssl/err.h> +#include <internal/thread_once.h> + +#ifdef OPENSSL_FIPS +# include <openssl/fips.h> +#endif + #ifdef BN_DEBUG # define PREDICT #endif @@ -136,7 +40,7 @@ /* #define PREDICT 1 */ #define STATE_SIZE 1023 -static int state_num = 0, state_index = 0; +static size_t state_num = 0, state_index = 0; static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH]; static unsigned char md[MD_DIGEST_LENGTH]; static long md_count[2] = { 0, 0 }; @@ -144,41 +48,59 @@ static long md_count[2] = { 0, 0 }; static double entropy = 0; static int initialized = 0; -static unsigned int crypto_lock_rand = 0; /* may be set only when a thread - * holds CRYPTO_LOCK_RAND (to - * prevent double locking) */ -/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ +static CRYPTO_RWLOCK *rand_lock = NULL; +static CRYPTO_RWLOCK *rand_tmp_lock = NULL; +static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT; + +/* May be set only when a thread holds rand_lock (to prevent double locking) */ +static unsigned int crypto_lock_rand = 0; +/* access to locking_threadid is synchronized by rand_tmp_lock */ /* valid iff crypto_lock_rand is set */ -static CRYPTO_THREADID locking_threadid; +static CRYPTO_THREAD_ID locking_threadid; #ifdef PREDICT int rand_predictable = 0; #endif -const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT; - -static void ssleay_rand_cleanup(void); -static void ssleay_rand_seed(const void *buf, int num); -static void ssleay_rand_add(const void *buf, int num, double add_entropy); -static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num); -static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); -static int ssleay_rand_status(void); - -RAND_METHOD rand_ssleay_meth = { - ssleay_rand_seed, - ssleay_rand_nopseudo_bytes, - ssleay_rand_cleanup, - ssleay_rand_add, - ssleay_rand_pseudo_bytes, - ssleay_rand_status +static int rand_hw_seed(EVP_MD_CTX *ctx); + +static void rand_cleanup(void); +static int rand_seed(const void *buf, int num); +static int rand_add(const void *buf, int num, double add_entropy); +static int rand_bytes(unsigned char *buf, int num, int pseudo); +static int rand_nopseudo_bytes(unsigned char *buf, int num); +#if OPENSSL_API_COMPAT < 0x10100000L +static int rand_pseudo_bytes(unsigned char *buf, int num); +#endif +static int rand_status(void); + +static RAND_METHOD rand_meth = { + rand_seed, + rand_nopseudo_bytes, + rand_cleanup, + rand_add, +#if OPENSSL_API_COMPAT < 0x10100000L + rand_pseudo_bytes, +#else + NULL, +#endif + rand_status }; -RAND_METHOD *RAND_SSLeay(void) +DEFINE_RUN_ONCE_STATIC(do_rand_lock_init) +{ + OPENSSL_init_crypto(0, NULL); + rand_lock = CRYPTO_THREAD_lock_new(); + rand_tmp_lock = CRYPTO_THREAD_lock_new(); + return rand_lock != NULL && rand_tmp_lock != NULL; +} + +RAND_METHOD *RAND_OpenSSL(void) { - return (&rand_ssleay_meth); + return (&rand_meth); } -static void ssleay_rand_cleanup(void) +static void rand_cleanup(void) { OPENSSL_cleanse(state, sizeof(state)); state_num = 0; @@ -188,18 +110,21 @@ static void ssleay_rand_cleanup(void) md_count[1] = 0; entropy = 0; initialized = 0; + CRYPTO_THREAD_lock_free(rand_lock); + CRYPTO_THREAD_lock_free(rand_tmp_lock); } -static void ssleay_rand_add(const void *buf, int num, double add) +static int rand_add(const void *buf, int num, double add) { int i, j, k, st_idx; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; int do_not_lock; + int rv = 0; if (!num) - return; + return 1; /* * (Based on the rand(3) manpage) @@ -216,18 +141,24 @@ static void ssleay_rand_add(const void *buf, int num, double add) * hash function. */ + m = EVP_MD_CTX_new(); + if (m == NULL) + goto err; + + if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) + goto err; + /* check if we already have the lock */ if (crypto_lock_rand) { - CRYPTO_THREADID cur; - CRYPTO_THREADID_current(&cur); - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); + CRYPTO_THREAD_read_lock(rand_tmp_lock); + do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); + CRYPTO_THREAD_unlock(rand_tmp_lock); } else do_not_lock = 0; if (!do_not_lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_THREAD_write_lock(rand_lock); st_idx = state_index; /* @@ -259,24 +190,28 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); if (!do_not_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + CRYPTO_THREAD_unlock(rand_lock); - EVP_MD_CTX_init(&m); for (i = 0; i < num; i += MD_DIGEST_LENGTH) { j = (num - i); j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - MD_Init(&m); - MD_Update(&m, local_md, MD_DIGEST_LENGTH); + if (!MD_Init(m)) + goto err; + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) + goto err; k = (st_idx + j) - STATE_SIZE; if (k > 0) { - MD_Update(&m, &(state[st_idx]), j - k); - MD_Update(&m, &(state[0]), k); - } else - MD_Update(&m, &(state[st_idx]), j); + if (!MD_Update(m, &(state[st_idx]), j - k)) + goto err; + if (!MD_Update(m, &(state[0]), k)) + goto err; + } else if (!MD_Update(m, &(state[st_idx]), j)) + goto err; /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - MD_Update(&m, buf, j); + if (!MD_Update(m, buf, j)) + goto err; /* * We know that line may cause programs such as purify and valgrind * to complain about use of uninitialized data. The problem is not, @@ -285,8 +220,10 @@ static void ssleay_rand_add(const void *buf, int num, double add) * insecure keys. */ - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - MD_Final(&m, local_md); + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + goto err; + if (!MD_Final(m, local_md)) + goto err; md_c[1]++; buf = (const char *)buf + j; @@ -295,7 +232,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) /* * Parallel threads may interfere with this, but always each byte * of the new state is the XOR of some previous value of its and - * local_md (itermediate values may be lost). Alway using locking + * local_md (intermediate values may be lost). Alway using locking * could hurt performance more than necessary given that * conflicts occur only when the total seeding is longer than the * random state. @@ -305,10 +242,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) st_idx = 0; } } - EVP_MD_CTX_cleanup(&m); if (!do_not_lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_THREAD_write_lock(rand_lock); /* * Don't just copy back local_md into md -- this could mean that other * thread's seeding remains without effect (except for the incremented @@ -321,31 +257,53 @@ static void ssleay_rand_add(const void *buf, int num, double add) if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ entropy += add; if (!do_not_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + CRYPTO_THREAD_unlock(rand_lock); -#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) - assert(md_c[1] == md_count[1]); -#endif + rv = 1; + err: + EVP_MD_CTX_free(m); + return rv; } -static void ssleay_rand_seed(const void *buf, int num) +static int rand_seed(const void *buf, int num) { - ssleay_rand_add(buf, num, (double)num); + return rand_add(buf, num, (double)num); } -int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) +static int rand_bytes(unsigned char *buf, int num, int pseudo) { static volatile int stirred_pool = 0; - int i, j, k, st_num, st_idx; - int num_ceil; + int i, j, k; + size_t num_ceil, st_idx, st_num; int ok; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif + time_t curr_time = time(NULL); int do_stir_pool = 0; +/* time value for various platforms */ +#ifdef OPENSSL_SYS_WIN32 + FILETIME tv; +# ifdef _WIN32_WCE + SYSTEMTIME t; + GetSystemTime(&t); + SystemTimeToFileTime(&t, &tv); +# else + GetSystemTimeAsFileTime(&tv); +# endif +#elif defined(OPENSSL_SYS_VXWORKS) + struct timespec tv; + clock_gettime(CLOCK_REALTIME, &ts); +#elif defined(OPENSSL_SYS_DSPBIOS) + unsigned long long tv, OPENSSL_rdtsc(); + tv = OPENSSL_rdtsc(); +#else + struct timeval tv; + gettimeofday(&tv, NULL); +#endif #ifdef PREDICT if (rand_predictable) { @@ -360,7 +318,10 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) if (num <= 0) return 1; - EVP_MD_CTX_init(&m); + m = EVP_MD_CTX_new(); + if (m == NULL) + goto err_mem; + /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ num_ceil = (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); @@ -382,13 +343,21 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) * are fed into the hash function and the results are kept in the * global 'md'. */ - if (lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - CRYPTO_THREADID_current(&locking_threadid); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) + goto err_mem; + + CRYPTO_THREAD_write_lock(rand_lock); + /* + * We could end up in an async engine while holding this lock so ensure + * we don't pause and cause a deadlock + */ + ASYNC_block_pause(); + + /* prevent rand_bytes() from trying to obtain the lock again */ + CRYPTO_THREAD_write_lock(rand_tmp_lock); + locking_threadid = CRYPTO_THREAD_get_current_id(); + CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; if (!initialized) { @@ -422,7 +391,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) * In the output function only half of 'md' remains secret, so we * better make sure that the required entropy gets 'evenly * distributed' through 'state', our randomness pool. The input - * function (ssleay_rand_add) chains all of 'md', which makes it more + * function (rand_add) chains all of 'md', which makes it more * suitable for this purpose. */ @@ -434,9 +403,9 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ /* * Note that the seed does not matter, it's just that - * ssleay_rand_add expects to have something to hash. + * rand_add expects to have something to hash. */ - ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); + rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); n -= MD_DIGEST_LENGTH; } if (ok) @@ -462,41 +431,46 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) /* before unlocking, we must clear 'crypto_lock_rand' */ crypto_lock_rand = 0; - if (lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + ASYNC_unblock_pause(); + CRYPTO_THREAD_unlock(rand_lock); while (num > 0) { /* num_ceil -= MD_DIGEST_LENGTH/2 */ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; num -= j; - MD_Init(&m); + if (!MD_Init(m)) + goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); + if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid)) + goto err; curr_pid = 0; } #endif - MD_Update(&m, local_md, MD_DIGEST_LENGTH); - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - -#ifndef PURIFY /* purify complains */ - /* - * The following line uses the supplied buffer as a small source of - * entropy: since this buffer is often uninitialised it may cause - * programs such as purify or valgrind to complain. So for those - * builds it is not used: the removal of such a small source of - * entropy has negligible impact on security. - */ - MD_Update(&m, buf, j); -#endif + if (curr_time) { /* just in the first iteration to save time */ + if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time)) + goto err; + if (!MD_Update(m, (unsigned char *)&tv, sizeof tv)) + goto err; + curr_time = 0; + if (!rand_hw_seed(m)) + goto err; + } + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) + goto err; + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + goto err; k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; if (k > 0) { - MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); - MD_Update(&m, &(state[0]), k); - } else - MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); - MD_Final(&m, local_md); + if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) + goto err; + if (!MD_Update(m, &(state[0]), k)) + goto err; + } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) + goto err; + if (!MD_Final(m, local_md)) + goto err; for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { /* may compete with other threads */ @@ -508,69 +482,93 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) } } - MD_Init(&m); - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - MD_Update(&m, local_md, MD_DIGEST_LENGTH); - if (lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - MD_Update(&m, md, MD_DIGEST_LENGTH); - MD_Final(&m, md); - if (lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - EVP_MD_CTX_cleanup(&m); + if (!MD_Init(m) + || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)) + || !MD_Update(m, local_md, MD_DIGEST_LENGTH)) + goto err; + CRYPTO_THREAD_write_lock(rand_lock); + /* + * Prevent deadlocks if we end up in an async engine + */ + ASYNC_block_pause(); + if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { + CRYPTO_THREAD_unlock(rand_lock); + goto err; + } + ASYNC_unblock_pause(); + CRYPTO_THREAD_unlock(rand_lock); + + EVP_MD_CTX_free(m); if (ok) return (1); else if (pseudo) return 0; else { - RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); + RANDerr(RAND_F_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " - "http://www.openssl.org/support/faq.html"); + "https://www.openssl.org/docs/faq.html"); return (0); } + err: + RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); + EVP_MD_CTX_free(m); + return 0; + err_mem: + RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE); + EVP_MD_CTX_free(m); + return 0; + } -static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) +static int rand_nopseudo_bytes(unsigned char *buf, int num) { - return ssleay_rand_bytes(buf, num, 0, 1); + return rand_bytes(buf, num, 0); } +#if OPENSSL_API_COMPAT < 0x10100000L /* * pseudo-random bytes that are guaranteed to be unique but not unpredictable */ -static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) +static int rand_pseudo_bytes(unsigned char *buf, int num) { - return ssleay_rand_bytes(buf, num, 1, 1); + return rand_bytes(buf, num, 1); } +#endif -static int ssleay_rand_status(void) +static int rand_status(void) { - CRYPTO_THREADID cur; + CRYPTO_THREAD_ID cur; int ret; int do_not_lock; - CRYPTO_THREADID_current(&cur); + if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) + return 0; + + cur = CRYPTO_THREAD_get_current_id(); /* * check if we already have the lock (could happen if a RAND_poll() * implementation calls RAND_status()) */ if (crypto_lock_rand) { - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + CRYPTO_THREAD_read_lock(rand_tmp_lock); + do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); + CRYPTO_THREAD_unlock(rand_tmp_lock); } else do_not_lock = 0; if (!do_not_lock) { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_THREAD_write_lock(rand_lock); + /* + * Prevent deadlocks in case we end up in an async engine + */ + ASYNC_block_pause(); /* - * prevent ssleay_rand_bytes() from trying to obtain the lock again + * prevent rand_bytes() from trying to obtain the lock again */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - CRYPTO_THREADID_cpy(&locking_threadid, &cur); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + CRYPTO_THREAD_write_lock(rand_tmp_lock); + locking_threadid = cur; + CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; } @@ -585,8 +583,84 @@ static int ssleay_rand_status(void) /* before unlocking, we must clear 'crypto_lock_rand' */ crypto_lock_rand = 0; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + ASYNC_unblock_pause(); + CRYPTO_THREAD_unlock(rand_lock); } return ret; } + +/* + * rand_hw_seed: get seed data from any available hardware RNG. only + * currently supports rdrand. + */ + +/* Adapted from eng_rdrand.c */ + +#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \ + && !defined(OPENSSL_NO_RDRAND) + +# define RDRAND_CALLS 4 + +size_t OPENSSL_ia32_rdrand(void); +extern unsigned int OPENSSL_ia32cap_P[]; + +static int rand_hw_seed(EVP_MD_CTX *ctx) +{ + int i; + if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) + return 1; + for (i = 0; i < RDRAND_CALLS; i++) { + size_t rnd; + rnd = OPENSSL_ia32_rdrand(); + if (rnd == 0) + return 1; + if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t))) + return 0; + } + return 1; +} + +/* XOR an existing buffer with random data */ + +void rand_hw_xor(unsigned char *buf, size_t num) +{ + size_t rnd; + if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) + return; + while (num >= sizeof(size_t)) { + rnd = OPENSSL_ia32_rdrand(); + if (rnd == 0) + return; + *((size_t *)buf) ^= rnd; + buf += sizeof(size_t); + num -= sizeof(size_t); + } + if (num) { + rnd = OPENSSL_ia32_rdrand(); + if (rnd == 0) + return; + while (num) { + *buf ^= rnd & 0xff; + rnd >>= 8; + buf++; + num--; + } + } +} + +#else + +static int rand_hw_seed(EVP_MD_CTX *ctx) +{ + return 1; +} + +void rand_hw_xor(unsigned char *buf, size_t num) +{ + return; +} + +#endif diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c new file mode 100644 index 00000000..dd58b214 --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c @@ -0,0 +1,249 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/opensslconf.h> +#ifdef OPENSSL_NO_EGD +NON_EMPTY_TRANSLATION_UNIT +#else + +# include <openssl/crypto.h> +# include <openssl/e_os2.h> +# include <openssl/rand.h> + +/*- + * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. + * + * This module supplies three routines: + * + * RAND_query_egd_bytes(path, buf, bytes) + * will actually query "bytes" bytes of entropy form the egd-socket located + * at path and will write them to buf (if supplied) or will directly feed + * it to RAND_seed() if buf==NULL. + * The number of bytes is not limited by the maximum chunk size of EGD, + * which is 255 bytes. If more than 255 bytes are wanted, several chunks + * of entropy bytes are requested. The connection is left open until the + * query is competed. + * RAND_query_egd_bytes() returns with + * -1 if an error occurred during connection or communication. + * num the number of bytes read from the EGD socket. This number is either + * the number of bytes requested or smaller, if the EGD pool is + * drained and the daemon signals that the pool is empty. + * This routine does not touch any RAND_status(). This is necessary, since + * PRNG functions may call it during initialization. + * + * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them + * used to seed the PRNG. + * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL. + * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the + * seed status so that the return value can reflect the seed state: + * -1 if an error occurred during connection or communication _or_ + * if the PRNG has still not received the required seeding. + * num the number of bytes read from the EGD socket. This number is either + * the number of bytes requested or smaller, if the EGD pool is + * drained and the daemon signals that the pool is empty. + * + * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed + * the PRNG. + * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. + */ + +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +{ + return (-1); +} + +int RAND_egd(const char *path) +{ + return (-1); +} + +int RAND_egd_bytes(const char *path, int bytes) +{ + return (-1); +} +# else +# include <openssl/opensslconf.h> +# include OPENSSL_UNISTD +# include <stddef.h> +# include <sys/types.h> +# include <sys/socket.h> +# ifndef NO_SYS_UN_H +# ifdef OPENSSL_SYS_VXWORKS +# include <streams/un.h> +# else +# include <sys/un.h> +# endif +# else +struct sockaddr_un { + short sun_family; /* AF_UNIX */ + char sun_path[108]; /* path name (gag) */ +}; +# endif /* NO_SYS_UN_H */ +# include <string.h> +# include <errno.h> + +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +{ + int ret = 0; + struct sockaddr_un addr; + int len, num, numbytes; + int fd = -1; + int success; + unsigned char egdbuf[2], tempbuf[255], *retrievebuf; + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + if (strlen(path) >= sizeof(addr.sun_path)) + return (-1); + OPENSSL_strlcpy(addr.sun_path, path, sizeof addr.sun_path); + len = offsetof(struct sockaddr_un, sun_path) + strlen(path); + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd == -1) + return (-1); + success = 0; + while (!success) { + if (connect(fd, (struct sockaddr *)&addr, len) == 0) + success = 1; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif +# ifdef EINPROGRESS + case EINPROGRESS: +# endif +# ifdef EALREADY + case EALREADY: +# endif + /* No error, try again */ + break; +# ifdef EISCONN + case EISCONN: + success = 1; + break; +# endif + default: + ret = -1; + goto err; /* failure */ + } + } + } + + while (bytes > 0) { + egdbuf[0] = 1; + egdbuf[1] = bytes < 255 ? bytes : 255; + numbytes = 0; + while (numbytes != 2) { + num = write(fd, egdbuf + numbytes, 2 - numbytes); + if (num >= 0) + numbytes += num; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif + /* No error, try again */ + break; + default: + ret = -1; + goto err; /* failure */ + } + } + } + numbytes = 0; + while (numbytes != 1) { + num = read(fd, egdbuf, 1); + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) + numbytes += num; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif + /* No error, try again */ + break; + default: + ret = -1; + goto err; /* failure */ + } + } + } + if (egdbuf[0] == 0) + goto err; + if (buf) + retrievebuf = buf + ret; + else + retrievebuf = tempbuf; + numbytes = 0; + while (numbytes != egdbuf[0]) { + num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) + numbytes += num; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif + /* No error, try again */ + break; + default: + ret = -1; + goto err; /* failure */ + } + } + } + ret += egdbuf[0]; + bytes -= egdbuf[0]; + if (!buf) + RAND_seed(tempbuf, egdbuf[0]); + } + err: + if (fd != -1) + close(fd); + return (ret); +} + +int RAND_egd_bytes(const char *path, int bytes) +{ + int num, ret = -1; + + num = RAND_query_egd_bytes(path, NULL, bytes); + if (num < 0) + goto err; + if (RAND_status() == 1) + ret = num; + err: + return (ret); +} + +int RAND_egd(const char *path) +{ + return (RAND_egd_bytes(path, 255)); +} + +# endif + +#endif diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c index 55d86ea8..55431264 100644 --- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c +++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c @@ -1,62 +1,11 @@ -/* crypto/rand/rand_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - /* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> @@ -70,25 +19,18 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) static ERR_STRING_DATA RAND_str_functs[] = { - {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, - {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, - {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, + {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"}, {0, NULL} }; static ERR_STRING_DATA RAND_str_reasons[] = { - {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"}, - {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, - {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, - {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET), - "no fips random method set"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, {0, NULL} }; #endif -void ERR_load_RAND_strings(void) +int ERR_load_RAND_strings(void) { #ifndef OPENSSL_NO_ERR @@ -97,4 +39,5 @@ void ERR_load_RAND_strings(void) ERR_load_strings(0, RAND_str_reasons); } #endif + return 1; } diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h index f9fda3eb..d98c90e2 100644 --- a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h +++ b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h @@ -1,112 +1,10 @@ -/* crypto/rand/rand_lcl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #ifndef HEADER_RAND_LCL_H @@ -115,17 +13,7 @@ # define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -# define USE_SHA1_RAND -# elif !defined(OPENSSL_NO_MD5) -# define USE_MD5_RAND -# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -# define USE_MDC2_RAND -# elif !defined(OPENSSL_NO_MD2) -# define USE_MD2_RAND -# else -# error No message digest algorithm available -# endif +# define USE_SHA1_RAND # endif # include <openssl/evp.h> @@ -153,6 +41,6 @@ # define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) # endif -int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock); +void rand_hw_xor(unsigned char *buf, size_t num); #endif diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c index 88a78d35..23871267 100644 --- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c @@ -1,74 +1,23 @@ -/* crypto/rand/rand_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <time.h> -#include "cryptlib.h" -#include <openssl/rand.h> +#include "internal/cryptlib.h" +#include <openssl/opensslconf.h> +#include "internal/rand.h" -#ifndef OPENSSL_NO_ENGINE -# include <openssl/engine.h> -#endif +#include <openssl/engine.h> #ifdef OPENSSL_FIPS # include <openssl/fips.h> # include <openssl/fips_rand.h> -# include "rand_lcl.h" #endif #ifndef OPENSSL_NO_ENGINE @@ -80,10 +29,8 @@ static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { #ifndef OPENSSL_NO_ENGINE - if (funct_ref) { - ENGINE_finish(funct_ref); - funct_ref = NULL; - } + ENGINE_finish(funct_ref); + funct_ref = NULL; #endif default_RAND_meth = meth; return 1; @@ -96,7 +43,7 @@ const RAND_METHOD *RAND_get_rand_method(void) ENGINE *e = ENGINE_get_default_RAND(); if (e) { default_RAND_meth = ENGINE_get_RAND(e); - if (!default_RAND_meth) { + if (default_RAND_meth == NULL) { ENGINE_finish(e); e = NULL; } @@ -105,7 +52,7 @@ const RAND_METHOD *RAND_get_rand_method(void) funct_ref = e; else #endif - default_RAND_meth = RAND_SSLeay(); + default_RAND_meth = RAND_OpenSSL(); } return default_RAND_meth; } @@ -118,7 +65,7 @@ int RAND_set_rand_engine(ENGINE *engine) if (!ENGINE_init(engine)) return 0; tmp_meth = ENGINE_get_RAND(engine); - if (!tmp_meth) { + if (tmp_meth == NULL) { ENGINE_finish(engine); return 0; } @@ -130,7 +77,7 @@ int RAND_set_rand_engine(ENGINE *engine) } #endif -void RAND_cleanup(void) +void rand_cleanup_int(void) { const RAND_METHOD *meth = RAND_get_rand_method(); if (meth && meth->cleanup) @@ -160,6 +107,7 @@ int RAND_bytes(unsigned char *buf, int num) return (-1); } +#if OPENSSL_API_COMPAT < 0x10100000L int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); @@ -167,6 +115,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) return meth->pseudorand(buf, num); return (-1); } +#endif int RAND_status(void) { @@ -175,126 +124,3 @@ int RAND_status(void) return meth->status(); return 0; } - -#ifdef OPENSSL_FIPS - -/* - * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest - * of OpenSSL. - */ - -/* - * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather - * entropy internally through RAND_poll(). - */ - -static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, - int entropy, size_t min_len, size_t max_len) -{ - /* Round up request to multiple of block size */ - min_len = ((min_len + 19) / 20) * 20; - *pout = OPENSSL_malloc(min_len); - if (!*pout) - return 0; - if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) { - OPENSSL_free(*pout); - *pout = NULL; - return 0; - } - return min_len; -} - -static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) -{ - if (out) { - OPENSSL_cleanse(out, olen); - OPENSSL_free(out); - } -} - -/* - * Set "additional input" when generating random data. This uses the current - * PID, a time value and a counter. - */ - -static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) -{ - /* Use of static variables is OK as this happens under a lock */ - static unsigned char buf[16]; - static unsigned long counter; - FIPS_get_timevec(buf, &counter); - *pout = buf; - return sizeof(buf); -} - -/* - * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is - * correctly seeded by RAND_poll(). - */ - -static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, - double entropy) -{ - RAND_SSLeay()->add(in, inlen, entropy); - return 1; -} - -static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) -{ - RAND_SSLeay()->seed(in, inlen); - return 1; -} - -# ifndef OPENSSL_DRBG_DEFAULT_TYPE -# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr -# endif -# ifndef OPENSSL_DRBG_DEFAULT_FLAGS -# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF -# endif - -static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; -static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; - -void RAND_set_fips_drbg_type(int type, int flags) -{ - fips_drbg_type = type; - fips_drbg_flags = flags; -} - -int RAND_init_fips(void) -{ - DRBG_CTX *dctx; - size_t plen; - unsigned char pers[32], *p; -# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG - if (fips_drbg_type >> 16) { - RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); - return 0; - } -# endif - - dctx = FIPS_get_default_drbg(); - if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { - RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); - return 0; - } - - FIPS_drbg_set_callbacks(dctx, - drbg_get_entropy, drbg_free_entropy, 20, - drbg_get_entropy, drbg_free_entropy); - FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, - drbg_rand_seed, drbg_rand_add); - /* Personalisation string: a string followed by date time vector */ - strcpy((char *)pers, "OpenSSL DRBG2.0"); - plen = drbg_get_adin(dctx, &p); - memcpy(pers + 16, p, plen); - - if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { - RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); - return 0; - } - FIPS_rand_set_method(FIPS_drbg_method()); - return 1; -} - -#endif diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c index f60fac6c..ecba2dc9 100644 --- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c @@ -1,122 +1,21 @@ -/* crypto/rand/rand_unix.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + #include <stdio.h> #define USE_SOCKETS #include "e_os.h" -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/rand.h> #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) # include <sys/types.h> # include <sys/time.h> @@ -235,7 +134,7 @@ int RAND_poll(void) rnd >>= 8; } RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); - memset(buf, 0, sizeof(buf)); + OPENSSL_cleanse(buf, sizeof(buf)); return 1; } @@ -244,17 +143,17 @@ int RAND_poll(void) { unsigned long l; pid_t curr_pid = getpid(); -# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) +# if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD)) unsigned char tmpbuf[ENTROPY_NEEDED]; int n = 0; # endif # ifdef DEVRANDOM static const char *randomfiles[] = { DEVRANDOM }; - struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; + struct stat randomstats[OSSL_NELEM(randomfiles)]; int fd; unsigned int i; # endif -# ifdef DEVRANDOM_EGD +# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; const char **egdsocket = NULL; # endif @@ -267,8 +166,7 @@ int RAND_poll(void) * out of random entries. */ - for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && - (n < ENTROPY_NEEDED); i++) { + for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) { if ((fd = open(randomfiles[i], O_RDONLY # ifdef O_NONBLOCK | O_NONBLOCK @@ -307,14 +205,7 @@ int RAND_poll(void) do { int try_read = 0; -# if defined(OPENSSL_SYS_BEOS_R5) - /* - * select() is broken in BeOS R5, so we simply try to read - * something and snooze if we couldn't - */ - try_read = 1; - -# elif defined(OPENSSL_SYS_LINUX) +# if defined(OPENSSL_SYS_LINUX) /* use poll() */ struct pollfd pset; @@ -358,10 +249,6 @@ int RAND_poll(void) ENTROPY_NEEDED - n); if (r > 0) n += r; -# if defined(OPENSSL_SYS_BEOS_R5) - if (r == 0) - snooze(t.tv_usec); -# endif } else r = -1; @@ -383,7 +270,7 @@ int RAND_poll(void) } # endif /* defined(DEVRANDOM) */ -# ifdef DEVRANDOM_EGD +# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) /* * Use an EGD socket to read entropy from an EGD or PRNGD entropy * collecting daemon. @@ -400,7 +287,7 @@ int RAND_poll(void) } # endif /* defined(DEVRANDOM_EGD) */ -# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) +# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) if (n > 0) { RAND_add(tmpbuf, sizeof tmpbuf, (double)n); OPENSSL_cleanse(tmpbuf, n); @@ -416,15 +303,7 @@ int RAND_poll(void) l = time(NULL); RAND_add(&l, sizeof(l), 0.0); -# if defined(OPENSSL_SYS_BEOS) - { - system_info sysInfo; - get_system_info(&sysInfo); - RAND_add(&sysInfo, sizeof(sysInfo), 0); - } -# endif - -# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) +# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) return 1; # else return 0; @@ -435,9 +314,7 @@ int RAND_poll(void) #endif /* !(defined(OPENSSL_SYS_WINDOWS) || * defined(OPENSSL_SYS_WIN32) || * defined(OPENSSL_SYS_VMS) || - * defined(OPENSSL_SYS_OS2) || - * defined(OPENSSL_SYS_VXWORKS) || - * defined(OPENSSL_SYS_NETWARE)) */ + * defined(OPENSSL_SYS_VXWORKS) */ #if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) int RAND_poll(void) diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_vms.c b/Cryptlib/OpenSSL/crypto/rand/rand_vms.c new file mode 100644 index 00000000..9c462dd3 --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/rand/rand_vms.c @@ -0,0 +1,133 @@ +/* + * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Modified by VMS Software, Inc (2016) + * Eliminate looping through all processes (performance) + * Add additional randomizations using rand() function + */ + +#include <openssl/rand.h> +#include "rand_lcl.h" + +#if defined(OPENSSL_SYS_VMS) +# include <descrip.h> +# include <jpidef.h> +# include <ssdef.h> +# include <starlet.h> +# include <efndef> +# ifdef __DECC +# pragma message disable DOLLARID +# endif + +/* + * Use 32-bit pointers almost everywhere. Define the type to which to cast a + * pointer passed to an external function. + */ +# if __INITIAL_POINTER_SIZE == 64 +# define PTR_T __void_ptr64 +# pragma pointer_size save +# pragma pointer_size 32 +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_T void * +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + +static struct items_data_st { + short length, code; /* length is number of bytes */ +} items_data[] = { + {4, JPI$_BUFIO}, + {4, JPI$_CPUTIM}, + {4, JPI$_DIRIO}, + {4, JPI$_IMAGECOUNT}, + {8, JPI$_LAST_LOGIN_I}, + {8, JPI$_LOGINTIM}, + {4, JPI$_PAGEFLTS}, + {4, JPI$_PID}, + {4, JPI$_PPGCNT}, + {4, JPI$_WSPEAK}, + {4, JPI$_FINALEXC}, + {0, 0} /* zero terminated */ +}; + +int RAND_poll(void) +{ + + /* determine the number of items in the JPI array */ + + struct items_data_st item_entry; + int item_entry_count = sizeof(items_data)/sizeof(item_entry); + + /* Create the JPI itemlist array to hold item_data content */ + + struct { + short length, code; + int *buffer; + int *retlen; + } item[item_entry_count], *pitem; /* number of entries in items_data */ + + struct items_data_st *pitems_data; + int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */ + int iosb[2]; + int sys_time[2]; + int *ptr; + int i, j ; + int tmp_length = 0; + int total_length = 0; + + pitems_data = items_data; + pitem = item; + + + /* Setup itemlist for GETJPI */ + while (pitems_data->length) { + pitem->length = pitems_data->length; + pitem->code = pitems_data->code; + pitem->buffer = &data_buffer[total_length]; + pitem->retlen = 0; + /* total_length is in longwords */ + total_length += pitems_data->length/4; + pitems_data++; + pitem ++; + } + pitem->length = pitem->code = 0; + + /* Fill data_buffer with various info bits from this process */ + /* and twist that data to seed the SSL random number init */ + + if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) { + for (i = 0; i < total_length; i++) { + sys$gettim((struct _generic_64 *)&sys_time[0]); + srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i); + + if (i == (total_length - 1)) { /* for JPI$_FINALEXC */ + ptr = &data_buffer[i]; + for (j = 0; j < 4; j++) { + data_buffer[i + j] = ptr[j]; + /* OK to use rand() just to scramble the seed */ + data_buffer[i + j] ^= (sys_time[0] ^ rand()); + tmp_length++; + } + } else { + /* OK to use rand() just to scramble the seed */ + data_buffer[i] ^= (sys_time[0] ^ rand()); + } + } + + total_length += (tmp_length - 1); + + /* size of seed is total_length*4 bytes (64bytes) */ + RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2); + } else { + return 0; + } + + return 1; +} + +#endif diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c new file mode 100644 index 00000000..1be0ed3c --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/rand/rand_win.c @@ -0,0 +1,135 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#include <openssl/rand.h> +#include "rand_lcl.h" + +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +# include <windows.h> +/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ +# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601 +# define RAND_WINDOWS_USE_BCRYPT +# endif + +# ifdef RAND_WINDOWS_USE_BCRYPT +# include <bcrypt.h> +# pragma comment(lib, "bcrypt.lib") +# ifndef STATUS_SUCCESS +# define STATUS_SUCCESS ((NTSTATUS)0x00000000L) +# endif +# else +# include <wincrypt.h> +/* + * Intel hardware RNG CSP -- available from + * http://developer.intel.com/design/security/rng/redist_license.htm + */ +# define PROV_INTEL_SEC 22 +# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +# endif + +static void readtimer(void); + +int RAND_poll(void) +{ + MEMORYSTATUS mst; +# ifndef RAND_WINDOWS_USE_BCRYPT + HCRYPTPROV hProvider; +# endif + DWORD w; + BYTE buf[64]; + +# ifdef RAND_WINDOWS_USE_BCRYPT + if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) { + RAND_add(buf, sizeof(buf), sizeof(buf)); + } +# else + /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ + if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { + if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { + RAND_add(buf, sizeof(buf), sizeof(buf)); + } + CryptReleaseContext(hProvider, 0); + } + + /* poll the Pentium PRG with CryptoAPI */ + if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { + if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { + RAND_add(buf, sizeof(buf), sizeof(buf)); + } + CryptReleaseContext(hProvider, 0); + } +# endif + + /* timer data */ + readtimer(); + + /* memory usage statistics */ + GlobalMemoryStatus(&mst); + RAND_add(&mst, sizeof(mst), 1); + + /* process ID */ + w = GetCurrentProcessId(); + RAND_add(&w, sizeof(w), 1); + + return (1); +} + +#if OPENSSL_API_COMPAT < 0x10100000L +int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) +{ + RAND_poll(); + return RAND_status(); +} + +void RAND_screen(void) +{ + RAND_poll(); +} +#endif + +/* feed timing information to the PRNG */ +static void readtimer(void) +{ + DWORD w; + LARGE_INTEGER l; + static int have_perfc = 1; +# if defined(_MSC_VER) && defined(_M_X86) + static int have_tsc = 1; + DWORD cyclecount; + + if (have_tsc) { + __try { + __asm { + _emit 0x0f _emit 0x31 mov cyclecount, eax} + RAND_add(&cyclecount, sizeof(cyclecount), 1); + } + __except(EXCEPTION_EXECUTE_HANDLER) { + have_tsc = 0; + } + } +# else +# define have_tsc 0 +# endif + + if (have_perfc) { + if (QueryPerformanceCounter(&l) == 0) + have_perfc = 0; + else + RAND_add(&l, sizeof(l), 0); + } + + if (!have_tsc && !have_perfc) { + w = GetTickCount(); + RAND_add(&w, sizeof(w), 0); + } +} + +#endif diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c index 9537c56a..15fa9dce 100644 --- a/Cryptlib/OpenSSL/crypto/rand/randfile.c +++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c @@ -1,72 +1,19 @@ -/* crypto/rand/randfile.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -/* We need to define this to get macros like S_IFBLK and S_IFCHR */ -#if !defined(OPENSSL_SYS_VXWORKS) -# define _XOPEN_SOURCE 500 -#endif +#include "internal/cryptlib.h" #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#include "e_os.h" #include <openssl/crypto.h> #include <openssl/rand.h> #include <openssl/buffer.h> @@ -80,6 +27,29 @@ #ifndef OPENSSL_NO_POSIX_IO # include <sys/stat.h> # include <fcntl.h> +/* + * Following should not be needed, and we could have been stricter + * and demand S_IS*. But some systems just don't comply... Formally + * below macros are "anatomically incorrect", because normally they + * would look like ((m) & MASK == TYPE), but since MASK availability + * is as questionable, we settle for this poor-man fallback... + */ +# if !defined(S_ISBLK) +# if defined(_S_IFBLK) +# define S_ISBLK(m) ((m) & _S_IFBLK) +# elif defined(S_IFBLK) +# define S_ISBLK(m) ((m) & S_IFBLK) +# elif defined(_WIN32) +# define S_ISBLK(m) 0 /* no concept of block devices on Windows */ +# endif +# endif +# if !defined(S_ISCHR) +# if defined(_S_IFCHR) +# define S_ISCHR(m) ((m) & _S_IFCHR) +# elif defined(S_IFCHR) +# define S_ISCHR(m) ((m) & S_IFCHR) +# endif +# endif #endif #ifdef _WIN32 @@ -87,6 +57,8 @@ # define chmod _chmod # define open _open # define fdopen _fdopen +# define fstat _fstat +# define fileno _fileno #endif #undef BUFSIZE @@ -95,15 +67,42 @@ #ifdef OPENSSL_SYS_VMS /* + * Misc hacks needed for specific cases. + * + * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically) + * to make sure the FILE* is a 32-bit pointer no matter what. We know that + * stdio function return this type (a study of stdio.h proves it). + * Additionally, we create a similar char pointer type for the sake of + * vms_setbuf below. + */ +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 +typedef char *char_ptr32; +# pragma pointer_size restore +/* + * On VMS, setbuf() will only take 32-bit pointers, and a compilation + * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. + * Since we know that the FILE* really is a 32-bit pointer expanded to + * 64 bits, we also know it's safe to convert it back to a 32-bit pointer. + * As for the buffer parameter, we only use NULL here, so that passes as + * well... + */ +# define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf)) +# endif + +/* * This declaration is a nasty hack to get around vms' extension to fopen for - * passing in sharing options being disabled by our /STANDARD=ANSI89 + * passing in sharing options being disabled by /STANDARD=ANSI89 */ -static FILE *(*const vms_fopen)(const char *, const char *, ...) = - (FILE *(*)(const char *, const char *, ...))fopen; +static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = + (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; # define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" + +# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) #endif -/* #define RFILE ".rnd" - defined in ../../e_os.h */ +#define RFILE ".rnd" /* * Note that these functions are intended for seed files only. Entropy @@ -117,18 +116,24 @@ int RAND_load_file(const char *file, long bytes) * if bytes == -1, read complete file. */ - MS_STATIC unsigned char buf[BUFSIZE]; + unsigned char buf[BUFSIZE]; #ifndef OPENSSL_NO_POSIX_IO struct stat sb; #endif int i, ret = 0, n; - FILE *in; + FILE *in = NULL; if (file == NULL) - return (0); + return 0; + + if (bytes == 0) + return ret; + + in = openssl_fopen(file, "rb"); + if (in == NULL) + goto err; #ifndef OPENSSL_NO_POSIX_IO -# ifdef PURIFY /* * struct stat can have padding and unused fields that may not be * initialized in the call to stat(). We need to clear the entire @@ -136,33 +141,21 @@ int RAND_load_file(const char *file, long bytes) * applications such as Valgrind. */ memset(&sb, 0, sizeof(sb)); -# endif - if (stat(file, &sb) < 0) - return (0); + if (fstat(fileno(in), &sb) < 0) + goto err; RAND_add(&sb, sizeof(sb), 0.0); -#endif - if (bytes == 0) - return (ret); -#ifdef OPENSSL_SYS_VMS - in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); -#else - in = fopen(file, "rb"); -#endif - if (in == NULL) - goto err; -#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO) - if (sb.st_mode & (S_IFBLK | S_IFCHR)) { +# if defined(S_ISBLK) && defined(S_ISCHR) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { /* * this file is a device. we don't want read an infinite number of * bytes from a random device, nor do we want to use buffered I/O * because we will waste system entropy. */ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ -# ifndef OPENSSL_NO_SETVBUF_IONBF - setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + setbuf(in, NULL); /* don't do buffered reads */ } +# endif #endif for (;;) { if (bytes > 0) @@ -172,12 +165,8 @@ int RAND_load_file(const char *file, long bytes) i = fread(buf, 1, n, in); if (i <= 0) break; -#ifdef PURIFY + RAND_add(buf, i, (double)i); -#else - /* even if n != i, use the full array */ - RAND_add(buf, n, (double)i); -#endif ret += i; if (bytes > 0) { bytes -= n; @@ -185,10 +174,11 @@ int RAND_load_file(const char *file, long bytes) break; } } - fclose(in); OPENSSL_cleanse(buf, BUFSIZE); err: - return (ret); + if (in != NULL) + fclose(in); + return ret; } int RAND_write_file(const char *file) @@ -200,9 +190,15 @@ int RAND_write_file(const char *file) #ifndef OPENSSL_NO_POSIX_IO struct stat sb; +# if defined(S_ISBLK) && defined(S_ISCHR) +# ifdef _WIN32 + /* + * Check for |file| being a driver as "ASCII-safe" on Windows, + * because driver paths are always ASCII. + */ +# endif i = stat(file, &sb); if (i != -1) { -# if defined(S_ISBLK) && defined(S_ISCHR) if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { /* * this file is a device. we don't write back to it. we @@ -210,13 +206,14 @@ int RAND_write_file(const char *file) * device. Otherwise attempting to write to and chmod the device * causes problems. */ - return (1); + return 1; } -# endif } +# endif #endif -#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) +#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ + !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) { # ifndef O_BINARY # define O_BINARY 0 @@ -250,17 +247,14 @@ int RAND_write_file(const char *file) * rand file in a concurrent use situation. */ - out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); - if (out == NULL) - out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); -#else - if (out == NULL) - out = fopen(file, "wb"); + out = openssl_fopen(file, "rb+"); #endif if (out == NULL) + out = openssl_fopen(file, "wb"); + if (out == NULL) goto err; -#ifndef NO_CHMOD +#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) chmod(file, 0600); #endif n = RAND_DATA; @@ -288,31 +282,70 @@ int RAND_write_file(const char *file) const char *RAND_file_name(char *buf, size_t size) { char *s = NULL; + int use_randfile = 1; #ifdef __OpenBSD__ struct stat sb; #endif - if (OPENSSL_issetugid() == 0) - s = getenv("RANDFILE"); - if (s != NULL && *s && strlen(s) + 1 < size) { - if (BUF_strlcpy(buf, s, size) >= size) - return NULL; +#if defined(_WIN32) && defined(CP_UTF8) + DWORD len; + WCHAR *var, *val; + + if ((var = L"RANDFILE", + len = GetEnvironmentVariableW(var, NULL, 0)) == 0 + && (var = L"HOME", use_randfile = 0, + len = GetEnvironmentVariableW(var, NULL, 0)) == 0 + && (var = L"USERPROFILE", + len = GetEnvironmentVariableW(var, NULL, 0)) == 0) { + var = L"SYSTEMROOT", + len = GetEnvironmentVariableW(var, NULL, 0); + } + + if (len != 0) { + int sz; + + val = _alloca(len * sizeof(WCHAR)); + + if (GetEnvironmentVariableW(var, val, len) < len + && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, + NULL, NULL)) != 0) { + s = _alloca(sz); + if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, + NULL, NULL) == 0) + s = NULL; + } + } +#else + if (OPENSSL_issetugid() != 0) { + use_randfile = 0; } else { - if (OPENSSL_issetugid() == 0) + s = getenv("RANDFILE"); + if (s == NULL || *s == '\0') { + use_randfile = 0; s = getenv("HOME"); -#ifdef DEFAULT_HOME - if (s == NULL) { - s = DEFAULT_HOME; } + } #endif - if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) { - BUF_strlcpy(buf, s, size); +#ifdef DEFAULT_HOME + if (!use_randfile && s == NULL) { + s = DEFAULT_HOME; + } +#endif + if (s != NULL && *s) { + size_t len = strlen(s); + + if (use_randfile && len + 1 < size) { + if (OPENSSL_strlcpy(buf, s, size) >= size) + return NULL; + } else if (len + strlen(RFILE) + 2 < size) { + OPENSSL_strlcpy(buf, s, size); #ifndef OPENSSL_SYS_VMS - BUF_strlcat(buf, "/", size); + OPENSSL_strlcat(buf, "/", size); #endif - BUF_strlcat(buf, RFILE, size); - } else - buf[0] = '\0'; /* no file name */ + OPENSSL_strlcat(buf, RFILE, size); + } + } else { + buf[0] = '\0'; /* no file name */ } #ifdef __OpenBSD__ @@ -324,14 +357,10 @@ const char *RAND_file_name(char *buf, size_t size) * available. */ - if (!buf[0]) - if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { - return (NULL); - } - if (stat(buf, &sb) == -1) - if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { - return (NULL); + if (!buf[0] || stat(buf, &sb) == -1) + if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) { + return NULL; } #endif - return (buf); + return buf[0] ? buf : NULL; } |