src - OpenBSD base system

diff options


context:
space:
mode:

author	Damien Miller <djm@cvs.openbsd.org>	2008-09-06 12:17:55 +0000
committer	Damien Miller <djm@cvs.openbsd.org>	2008-09-06 12:17:55 +0000
commit	96de7a4399a8c71cbb70d6252fa77acfd76b3f09 (patch)
tree	e6f6e4aad1952944ccd27e9eb47ea48b9a78dde7 /lib/libcrypto/rand
parent	ec7710fe8f10fb624fbc33c0bbad2474e0c26979 (diff)

resolve conflicts

Diffstat (limited to 'lib/libcrypto/rand')

-rw-r--r--

lib/libcrypto/rand/md_rand.c

-rw-r--r--

lib/libcrypto/rand/rand.h

-rw-r--r--

lib/libcrypto/rand/rand_egd.c

-rw-r--r--

lib/libcrypto/rand/rand_err.c

-rw-r--r--

lib/libcrypto/rand/rand_lib.c

-rw-r--r--

lib/libcrypto/rand/rand_unix.c

119

-rw-r--r--

lib/libcrypto/rand/rand_win.c

-rw-r--r--

lib/libcrypto/rand/randfile.c

-rw-r--r--

lib/libcrypto/rand/randtest.c

9 files changed, 165 insertions, 137 deletions

diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c
index c84968df88f..9783d0c23e9 100644
--- a/lib/libcrypto/rand/md_rand.c
+++ b/lib/libcrypto/rand/md_rand.c

@@ -126,7 +126,6 @@

#include <openssl/crypto.h>

#include <openssl/err.h>

-#include <openssl/fips.h>

#ifdef BN_DEBUG

# define PREDICT

@@ -153,7 +152,7 @@ static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */

int rand_predictable=0;

#endif

-const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;

+const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;

static void ssleay_rand_cleanup(void);

static void ssleay_rand_seed(const void *buf, int num);

@@ -301,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)

* other thread's seeding remains without effect (except for

* the incremented counter). By XORing it we keep at least as

* much entropy as fits into md. */

- for (k = 0; k < sizeof md; k++)

+ for (k = 0; k < (int)sizeof(md); k++)

{

md[k] ^= local_md[k];

}

@@ -316,7 +315,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)

static void ssleay_rand_seed(const void *buf, int num)

{

- ssleay_rand_add(buf, num, num);

+ ssleay_rand_add(buf, num, (double)num);

}

static int ssleay_rand_bytes(unsigned char *buf, int num)

@@ -333,14 +332,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)

#endif

int do_stir_pool = 0;

-#ifdef OPENSSL_FIPS

- if(FIPS_mode())

- {

- FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);

- return 0;

- }

-#endif

#ifdef PREDICT

if (rand_predictable)

{

@@ -529,7 +520,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)

err = ERR_peek_error();

if (ERR_GET_LIB(err) == ERR_LIB_RAND &&

ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)

- (void)ERR_get_error();

+ ERR_clear_error();

}

return (ret);

}

diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h
index 604df9be6c3..ac6c0217636 100644
--- a/lib/libcrypto/rand/rand.h
+++ b/lib/libcrypto/rand/rand.h

@@ -72,10 +72,13 @@ extern "C" {

#endif

#if defined(OPENSSL_FIPS)

-#define FIPS_RAND_SIZE_T int

+#define FIPS_RAND_SIZE_T size_t

#endif

-typedef struct rand_meth_st

+/* Already defined in ossl_typ.h */

+/* typedef struct rand_meth_st RAND_METHOD; */

+struct rand_meth_st

{

void (*seed)(const void *buf, int num);

int (*bytes)(unsigned char *buf, int num);

@@ -83,7 +86,7 @@ typedef struct rand_meth_st

void (*add)(const void *buf, int num, double entropy);

int (*pseudorand)(unsigned char *buf, int num);

int (*status)(void);

- } RAND_METHOD;

+ };

#ifdef BN_DEBUG

extern int rand_predictable;

@@ -125,17 +128,11 @@ void ERR_load_RAND_strings(void);

/* Error codes for the RAND functions. */

/* Function codes. */

-#define RAND_F_FIPS_RAND_BYTES 102

#define RAND_F_RAND_GET_RAND_METHOD 101

#define RAND_F_SSLEAY_RAND_BYTES 100

/* Reason codes. */

-#define RAND_R_NON_FIPS_METHOD 101

-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105

-#define RAND_R_PRNG_NOT_REKEYED 103

-#define RAND_R_PRNG_NOT_RESEEDED 104

#define RAND_R_PRNG_NOT_SEEDED 100

-#define RAND_R_PRNG_STUCK 102

#ifdef __cplusplus

}

diff --git a/lib/libcrypto/rand/rand_egd.c b/lib/libcrypto/rand/rand_egd.c
index cd666abfcb6..50bce6cabae 100644
--- a/lib/libcrypto/rand/rand_egd.c
+++ b/lib/libcrypto/rand/rand_egd.c

@@ -95,7 +95,7 @@

* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS)

+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)

int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)

{

return(-1);

diff --git a/lib/libcrypto/rand/rand_err.c b/lib/libcrypto/rand/rand_err.c
index 97f96e1aeee..386934dcd18 100644
--- a/lib/libcrypto/rand/rand_err.c
+++ b/lib/libcrypto/rand/rand_err.c

@@ -70,7 +70,6 @@

static ERR_STRING_DATA RAND_str_functs[]=

{

-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},

{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},

{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},

{0,NULL}

@@ -78,12 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]=

static ERR_STRING_DATA RAND_str_reasons[]=

{

-{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},

-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},

-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},

-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},

{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},

-{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},

{0,NULL}

};

@@ -91,15 +85,12 @@ static ERR_STRING_DATA RAND_str_reasons[]=

void ERR_load_RAND_strings(void)

{

- static int init=1;

+#ifndef OPENSSL_NO_ERR

- if (init)

+ if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)

{

- init=0;

-#ifndef OPENSSL_NO_ERR

ERR_load_strings(0,RAND_str_functs);

ERR_load_strings(0,RAND_str_reasons);

-#endif

}

+#endif

}

diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c
index a21bde79de0..513e3389859 100644
--- a/lib/libcrypto/rand/rand_lib.c
+++ b/lib/libcrypto/rand/rand_lib.c

@@ -63,8 +63,6 @@

#ifndef OPENSSL_NO_ENGINE

#include <openssl/engine.h>

#endif

-#include <openssl/fips.h>

-#include <openssl/fips_rand.h>

#ifndef OPENSSL_NO_ENGINE

/* non-NULL if default_RAND_meth is ENGINE-provided */

@@ -104,22 +102,8 @@ const RAND_METHOD *RAND_get_rand_method(void)

funct_ref = e;

else

#endif

-#ifdef OPENSSL_FIPS

- if(FIPS_mode())

- default_RAND_meth=FIPS_rand_method();

- else

-#endif

- default_RAND_meth = RAND_SSLeay();

+ default_RAND_meth = RAND_SSLeay();

}

-#ifdef OPENSSL_FIPS

- if(FIPS_mode()

- && default_RAND_meth != FIPS_rand_check())

- {

- RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);

- return 0;

- }

-#endif

return default_RAND_meth;

}

diff --git a/lib/libcrypto/rand/rand_unix.c b/lib/libcrypto/rand/rand_unix.c
index 9376554fae7..6c2be5cb966 100644
--- a/lib/libcrypto/rand/rand_unix.c
+++ b/lib/libcrypto/rand/rand_unix.c

@@ -56,7 +56,7 @@

* [including the GNU Public Licence.]

/* ====================================================================

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -108,6 +108,7 @@

* Hudson (tjh@cryptsoft.com).

+#include <stdio.h>

#define USE_SOCKETS

#include "e_os.h"

@@ -115,7 +116,7 @@

#include <openssl/rand.h>

#include "rand_lcl.h"

-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS))

+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))

#include <sys/types.h>

#include <sys/time.h>

@@ -124,6 +125,13 @@

#include <fcntl.h>

#include <unistd.h>

#include <time.h>

+#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */

+# include <poll.h>

+#endif

+#include <limits.h>

+#ifndef FD_SETSIZE

+# define FD_SETSIZE (8*sizeof(fd_set))

+#endif

#ifdef __OpenBSD__

int RAND_poll(void)

@@ -142,7 +150,7 @@ int RAND_poll(void)

return 1;

}

-#else

+#else /* !defined(__OpenBSD__) */

int RAND_poll(void)

{

unsigned long l;

@@ -154,7 +162,8 @@ int RAND_poll(void)

#ifdef DEVRANDOM

static const char *randomfiles[] = { DEVRANDOM };

struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];

- int fd,i;

+ int fd;

+ size_t i;

#endif

#ifdef DEVRANDOM_EGD

static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };

@@ -182,10 +191,9 @@ int RAND_poll(void)

#endif

)) >= 0)

{

- struct timeval t = { 0, 10*1000 }; /* Spend 10ms on

- each file. */

- int r,j;

- fd_set fset;

+ int usec = 10*1000; /* spend 10ms on each file */

+ int r;

+ size_t j;

struct stat *st=&randomstats[i];

/* Avoid using same input... Used to be O_NOFOLLOW

@@ -201,35 +209,75 @@ int RAND_poll(void)

{

- FD_ZERO(&fset);

- FD_SET(fd, &fset);

- r = -1;

+ int try_read = 0;

- if (select(fd+1,&fset,NULL,NULL,&t) < 0)

- t.tv_usec=0;

- else if (FD_ISSET(fd, &fset))

+#if defined(OPENSSL_SYS_LINUX)

+ /* use poll() */

+ struct pollfd pset;

+ pset.fd = fd;

+ pset.events = POLLIN;

+ pset.revents = 0;

+ if (poll(&pset, 1, usec / 1000) < 0)

+ usec = 0;

+ else

+ try_read = (pset.revents & POLLIN) != 0;

+#else

+ /* use select() */

+ fd_set fset;

+ struct timeval t;

+ t.tv_sec = 0;

+ t.tv_usec = usec;

+ if (FD_SETSIZE > 0 && fd >= FD_SETSIZE)

+ {

+ /* can't use select, so just try to read once anyway */

+ try_read = 1;

+ }

+ else

+ {

+ FD_ZERO(&fset);

+ FD_SET(fd, &fset);

+ if (select(fd+1,&fset,NULL,NULL,&t) >= 0)

+ {

+ usec = t.tv_usec;

+ if (FD_ISSET(fd, &fset))

+ try_read = 1;

+ }

+ else

+ usec = 0;

+ }

+#endif

+ if (try_read)

{

- r=read(fd,(unsigned char *)tmpbuf+n,

- ENTROPY_NEEDED-n);

+ r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);

if (r > 0)

n += r;

}

- /* Some Unixen will update t, some

- won't. For those who won't, give

- up here, otherwise, we will do

+ else

+ r = -1;

+ /* Some Unixen will update t in select(), some

+ won't. For those who won't, or if we

+ didn't use select() in the first place,

+ give up here, otherwise, we will do

this once again for the remaining

time. */

- if (t.tv_usec == 10*1000)

- t.tv_usec=0;

+ if (usec == 10*1000)

+ usec = 0;

}

- while ((r > 0 || (errno == EINTR || errno == EAGAIN))

- && t.tv_usec != 0 && n < ENTROPY_NEEDED);

+ while ((r > 0 ||

+ (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);

close(fd);

}

-#endif

+#endif /* defined(DEVRANDOM) */

#ifdef DEVRANDOM_EGD

/* Use an EGD socket to read entropy from an EGD or PRNGD entropy

@@ -244,24 +292,24 @@ int RAND_poll(void)

if (r > 0)

n += r;

}

-#endif

+#endif /* defined(DEVRANDOM_EGD) */

#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

if (n > 0)

{

- RAND_add(tmpbuf,sizeof tmpbuf,n);

+ RAND_add(tmpbuf,sizeof tmpbuf,(double)n);

OPENSSL_cleanse(tmpbuf,n);

}

#endif

/* put in some default random data, we need more than just this */

l=curr_pid;

- RAND_add(&l,sizeof(l),0);

+ RAND_add(&l,sizeof(l),0.0);

l=getuid();

- RAND_add(&l,sizeof(l),0);

+ RAND_add(&l,sizeof(l),0.0);

l=time(NULL);

- RAND_add(&l,sizeof(l),0);

+ RAND_add(&l,sizeof(l),0.0);

#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

return 1;

@@ -270,12 +318,13 @@ int RAND_poll(void)

#endif

}

-#endif

+#endif /* defined(__OpenBSD__) */

+#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */

#if defined(OPENSSL_SYS_VXWORKS)

int RAND_poll(void)

- return 0;

+ {

+ return 0;

+ }

#endif

diff --git a/lib/libcrypto/rand/rand_win.c b/lib/libcrypto/rand/rand_win.c
index 30c69161ef8..00dbe4232cc 100644
--- a/lib/libcrypto/rand/rand_win.c
+++ b/lib/libcrypto/rand/rand_win.c

@@ -121,6 +121,10 @@

#include <wincrypt.h>

#include <tlhelp32.h>

+/* Limit the time spent walking through the heap, processes, threads and modules to

+ a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */

+#define MAXDELAY 1000

/* Intel hardware RNG CSP -- available from

* http://developer.intel.com/design/security/rng/redist_license.htm

@@ -152,6 +156,7 @@ typedef struct tagCURSORINFO

#define CURSOR_SHOWING 0x00000001

#endif /* CURSOR_SHOWING */

+#if !defined(OPENSSL_SYS_WINCE)

typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,

DWORD, DWORD);

typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);

@@ -163,7 +168,7 @@ typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);

typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);

typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);

-typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);

+typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);

typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);

typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);

typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);

@@ -171,9 +176,7 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);

typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);

#include <lmcons.h>

-#ifndef OPENSSL_SYS_WINCE

#include <lmstats.h>

-#endif

#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE

* macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was

* was added to the Platform SDK to allow the NET API to be used in

@@ -184,26 +187,14 @@ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)

(LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);

typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);

#endif /* 1 */

+#endif /* !OPENSSL_SYS_WINCE */

int RAND_poll(void)

{

MEMORYSTATUS m;

HCRYPTPROV hProvider = 0;

- BYTE buf[64];

DWORD w;

- HWND h;

- HMODULE advapi, kernel, user, netapi;

- CRYPTACQUIRECONTEXTW acquire = 0;

- CRYPTGENRANDOM gen = 0;

- CRYPTRELEASECONTEXT release = 0;

-#if 1 /* There was previously a problem with NETSTATGET. Currently, this

- * section is still experimental, but if all goes well, this conditional

- * will be removed

- */

- NETSTATGET netstatget = 0;

- NETFREE netfree = 0;

-#endif /* 1 */

+ int good = 0;

/* Determine the OS version we are on so we can turn off things

* that do not work properly.

@@ -212,21 +203,24 @@ int RAND_poll(void)

osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;

GetVersionEx( &osverinfo ) ;

-#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO

-#ifndef CryptAcquireContext

-#define CryptAcquireContext CryptAcquireContextW

-#endif

+#if defined(OPENSSL_SYS_WINCE)

+# if defined(_WIN32_WCE) && _WIN32_WCE>=300

+/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available

+ * in commonly available implementations prior 300... */

+ {

+ BYTE buf[64];

/* poll the CryptoAPI PRNG */

/* The CryptoAPI returns sizeof(buf) bytes of randomness */

- if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))

+ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,

+ CRYPT_VERIFYCONTEXT))

{

if (CryptGenRandom(hProvider, sizeof(buf), buf))

RAND_add(buf, sizeof(buf), sizeof(buf));

CryptReleaseContext(hProvider, 0);

}

-#endif

-#ifndef OPENSSL_SYS_WINCE

+ }

+# endif

+#else /* OPENSSL_SYS_WINCE */

* None of below libraries are present on Windows CE, which is

* why we #ifndef the whole section. This also excuses us from

@@ -240,17 +234,19 @@ int RAND_poll(void)

* implement own shim routine, which would accept ANSI argument

* and expand it to Unicode.

+ {

/* load functions dynamically - not available on all systems */

- advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));

- kernel = LoadLibrary(TEXT("KERNEL32.DLL"));

- user = LoadLibrary(TEXT("USER32.DLL"));

- netapi = LoadLibrary(TEXT("NETAPI32.DLL"));

-#if 1 /* There was previously a problem with NETSTATGET. Currently, this

- * section is still experimental, but if all goes well, this conditional

- * will be removed

- */

+ HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));

+ HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));

+ HMODULE user = NULL;

+ HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));

+ CRYPTACQUIRECONTEXTW acquire = NULL;

+ CRYPTGENRANDOM gen = NULL;

+ CRYPTRELEASECONTEXT release = NULL;

+ NETSTATGET netstatget = NULL;

+ NETFREE netfree = NULL;

+ BYTE buf[64];

if (netapi)

{

netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");

@@ -280,7 +276,6 @@ int RAND_poll(void)

if (netapi)

FreeLibrary(netapi);

-#endif /* 1 */

/* It appears like this can cause an exception deep within ADVAPI32.DLL

* at random times on Windows 2000. Reported by Jeffrey Altman.

@@ -356,12 +351,13 @@ int RAND_poll(void)

{

/* poll the CryptoAPI PRNG */

/* The CryptoAPI returns sizeof(buf) bytes of randomness */

- if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,

+ if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,

CRYPT_VERIFYCONTEXT))

{

if (gen(hProvider, sizeof(buf), buf) != 0)

{

RAND_add(buf, sizeof(buf), 0);

+ good = 1;

#if 0

printf("randomness from PROV_RSA_FULL\n");

#endif

@@ -375,6 +371,7 @@ int RAND_poll(void)

if (gen(hProvider, sizeof(buf), buf) != 0)

{

RAND_add(buf, sizeof(buf), sizeof(buf));

+ good = 1;

#if 0

printf("randomness from PROV_INTEL_SEC\n");

#endif

@@ -386,7 +383,9 @@ int RAND_poll(void)

if (advapi)

FreeLibrary(advapi);

- if (user)

+ if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||

+ !OPENSSL_isservice()) &&

+ (user = LoadLibrary(TEXT("USER32.DLL"))))

{

GETCURSORINFO cursor;

GETFOREGROUNDWINDOW win;

@@ -399,7 +398,7 @@ int RAND_poll(void)

if (win)

{

/* window handle */

- h = win();

+ HWND h = win();

RAND_add(&h, sizeof(h), 0);

}

if (cursor)

@@ -464,6 +463,7 @@ int RAND_poll(void)

PROCESSENTRY32 p;

THREADENTRY32 t;

MODULEENTRY32 m;

+ DWORD stoptime = 0;

snap = (CREATETOOLHELP32SNAPSHOT)

GetProcAddress(kernel, "CreateToolhelp32Snapshot");

@@ -495,6 +495,7 @@ int RAND_poll(void)

* of entropy.

hlist.dwSize = sizeof(HEAPLIST32);

+ if (good) stoptime = GetTickCount() + MAXDELAY;

if (heaplist_first(handle, &hlist))

{

@@ -512,18 +513,20 @@ int RAND_poll(void)

&& --entrycnt > 0);

}

} while (heaplist_next(handle,

- &hlist));

+ &hlist) && GetTickCount() < stoptime);

/* process walking */

/* PROCESSENTRY32 contains 9 fields that will change

* with each entry. Consider each field a source of

* 1 byte of entropy.

p.dwSize = sizeof(PROCESSENTRY32);

+ if (good) stoptime = GetTickCount() + MAXDELAY;

if (process_first(handle, &p))

RAND_add(&p, p.dwSize, 9);

- while (process_next(handle, &p));

+ while (process_next(handle, &p) && GetTickCount() < stoptime);

/* thread walking */

/* THREADENTRY32 contains 6 fields that will change

@@ -531,10 +534,11 @@ int RAND_poll(void)

* 1 byte of entropy.

t.dwSize = sizeof(THREADENTRY32);

+ if (good) stoptime = GetTickCount() + MAXDELAY;

if (thread_first(handle, &t))

RAND_add(&t, t.dwSize, 6);

- while (thread_next(handle, &t));

+ while (thread_next(handle, &t) && GetTickCount() < stoptime);

/* module walking */

/* MODULEENTRY32 contains 9 fields that will change

@@ -542,18 +546,22 @@ int RAND_poll(void)

* 1 byte of entropy.

m.dwSize = sizeof(MODULEENTRY32);

+ if (good) stoptime = GetTickCount() + MAXDELAY;

if (module_first(handle, &m))

RAND_add(&m, m.dwSize, 9);

- while (module_next(handle, &m));

+ while (module_next(handle, &m)

+ && (GetTickCount() < stoptime));

if (close_snap)

close_snap(handle);

else

CloseHandle(handle);

}

FreeLibrary(kernel);

}

+ }

#endif /* !OPENSSL_SYS_WINCE */

/* timer data */

@@ -693,6 +701,9 @@ static void readscreen(void)

int y; /* y-coordinate of screen lines to grab */

int n = 16; /* number of screen lines to grab at a time */

+ if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())

+ return;

/* Create a screen DC and a memory DC compatible to screen DC */

hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);

hMemDC = CreateCompatibleDC(hScrDC);

diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index d847d8ebdff..005cb38cb0c 100644
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c

@@ -102,10 +102,8 @@ int RAND_load_file(const char *file, long bytes)

if (file == NULL) return(0);

- i=stat(file,&sb);

- /* If the state fails, put some crap in anyway */

- RAND_add(&sb,sizeof(sb),0);

- if (i < 0) return(0);

+ if (stat(file,&sb) < 0) return(0);

+ RAND_add(&sb,sizeof(sb),0.0);

if (bytes == 0) return(ret);

in=fopen(file,"rb");

@@ -128,8 +126,12 @@ int RAND_load_file(const char *file, long bytes)

n = BUFSIZE;

i=fread(buf,1,n,in);

if (i <= 0) break;

+#ifdef PURIFY

+ RAND_add(buf,i,(double)i);

+#else

/* even if n != i, use the full array */

- RAND_add(buf,n,i);

+ RAND_add(buf,n,(double)i);

+#endif

ret+=i;

if (bytes > 0)

{

diff --git a/lib/libcrypto/rand/randtest.c b/lib/libcrypto/rand/randtest.c
index 701932e6ee2..9e92a70b033 100644
--- a/lib/libcrypto/rand/randtest.c
+++ b/lib/libcrypto/rand/randtest.c

@@ -65,7 +65,7 @@

/* some FIPS 140-1 random number test */

/* some simple tests */

-int main()

+int main(int argc,char **argv)

{

unsigned char buf[2500];

int i,j,k,s,sign,nsign,err=0;

@@ -211,6 +211,9 @@ int main()

printf("test 4 done\n");

err:

err=((err)?1:0);

+#ifdef OPENSSL_SYS_NETWARE

+ if (err) printf("ERROR: %d\n", err);

+#endif

EXIT(err);

return(err);

}