src - OpenBSD base system

diff options


context:
space:
mode:

author	Miod Vallat <miod@cvs.openbsd.org>	2014-04-13 15:25:36 +0000
committer	Miod Vallat <miod@cvs.openbsd.org>	2014-04-13 15:25:36 +0000
commit	84c7bd789732635adc8c671d7050078c85d01b9d (patch)
tree	cf5e8df1672e76e3ba71dc0c73b39ab8a02e95b0 /lib/libcrypto/rand
parent	7beea9a356f8a5b214ed72826b421519e188cf83 (diff)

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

Diffstat (limited to 'lib/libcrypto/rand')

-rw-r--r--

lib/libcrypto/rand/md_rand.c

-rw-r--r--

lib/libcrypto/rand/rand.h

-rw-r--r--

lib/libcrypto/rand/rand_err.c

-rw-r--r--

lib/libcrypto/rand/rand_lib.c

-rw-r--r--

lib/libcrypto/rand/rand_win.c

-rw-r--r--

lib/libcrypto/rand/randfile.c

6 files changed, 39 insertions, 9 deletions

diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c
index fcdd3f2a845..aee1c30b0a9 100644
--- a/lib/libcrypto/rand/md_rand.c
+++ b/lib/libcrypto/rand/md_rand.c

@@ -123,10 +123,10 @@

#include "e_os.h"

+#include <openssl/crypto.h>

#include <openssl/rand.h>

#include "rand_lcl.h"

-#include <openssl/crypto.h>

#include <openssl/err.h>

#ifdef BN_DEBUG

@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)

EVP_MD_CTX m;

int do_not_lock;

+ if (!num)

+ return;

* (Based on the rand(3) manpage)

@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)

* are fed into the hash function and the results are kept in the

* global 'md'.

- CRYPTO_w_lock(CRYPTO_LOCK_RAND);

+#ifdef OPENSSL_FIPS

+ /* NB: in FIPS mode we are already under a lock */

+ if (!FIPS_mode())

+#endif

+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);

/* prevent ssleay_rand_bytes() from trying to obtain the lock again */

CRYPTO_w_lock(CRYPTO_LOCK_RAND2);

@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)

/* before unlocking, we must clear 'crypto_lock_rand' */

crypto_lock_rand = 0;

- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

+#ifdef OPENSSL_FIPS

+ if (!FIPS_mode())

+#endif

+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

while (num > 0)

{

@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)

MD_Init(&m);

MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));

MD_Update(&m,local_md,MD_DIGEST_LENGTH);

- CRYPTO_w_lock(CRYPTO_LOCK_RAND);

+#ifdef OPENSSL_FIPS

+ if (!FIPS_mode())

+#endif

+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);

MD_Update(&m,md,MD_DIGEST_LENGTH);

MD_Final(&m,md);

- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

+#ifdef OPENSSL_FIPS

+ if (!FIPS_mode())

+#endif

+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

EVP_MD_CTX_cleanup(&m);

if (ok)

diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h
index dc8fcf94c5a..bb5520e80ac 100644
--- a/lib/libcrypto/rand/rand.h
+++ b/lib/libcrypto/rand/rand.h

@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);

#define RAND_F_SSLEAY_RAND_BYTES 100

/* Reason codes. */

+#define RAND_R_DUAL_EC_DRBG_DISABLED 104

#define RAND_R_ERROR_INITIALISING_DRBG 102

#define RAND_R_ERROR_INSTANTIATING_DRBG 103

#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101

diff --git a/lib/libcrypto/rand/rand_err.c b/lib/libcrypto/rand/rand_err.c
index b8586c8f4a9..c4c80fc8cca 100644
--- a/lib/libcrypto/rand/rand_err.c
+++ b/lib/libcrypto/rand/rand_err.c

@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=

static ERR_STRING_DATA RAND_str_reasons[]=

{

+{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},

{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},

{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},

{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},

diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c
index daf1dab9739..5ac0e14caf0 100644
--- a/lib/libcrypto/rand/rand_lib.c
+++ b/lib/libcrypto/rand/rand_lib.c

@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,

static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)

{

- OPENSSL_cleanse(out, olen);

- OPENSSL_free(out);

+ if (out)

+ {

+ OPENSSL_cleanse(out, olen);

+ OPENSSL_free(out);

+ }

}

/* Set "additional input" when generating random data. This uses the

@@ -266,6 +269,14 @@ int RAND_init_fips(void)

DRBG_CTX *dctx;

size_t plen;

unsigned char pers[32], *p;

+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG

+ if (fips_drbg_type >> 16)

+ {

+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);

+ return 0;

+ }

+#endif

dctx = FIPS_get_default_drbg();

if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)

{

diff --git a/lib/libcrypto/rand/rand_win.c b/lib/libcrypto/rand/rand_win.c
index 5d134e186bb..34ffcd23f9a 100644
--- a/lib/libcrypto/rand/rand_win.c
+++ b/lib/libcrypto/rand/rand_win.c

@@ -750,7 +750,7 @@ static void readscreen(void)

int y; /* y-coordinate of screen lines to grab */

int n = 16; /* number of screen lines to grab at a time */

- if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)

+ if (check_winnt() && OPENSSL_isservice()>0)

return;

/* Create a screen DC and a memory DC compatible to screen DC */

diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index 030e07f4182..7f1428072d2 100644
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c

@@ -57,7 +57,9 @@

/* We need to define this to get macros like S_IFBLK and S_IFCHR */

+#if !defined(OPENSSL_SYS_VXWORKS)

#define _XOPEN_SOURCE 500

+#endif

#include <errno.h>

#include <stdio.h>