merge 0.9.7b with local changes; crank majors for libssl/libcrypto

9 files changed, 90 insertions, 41 deletions

diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl
index 73b5f568e8..df80702373 100644
--- a/src/lib/libcrypto/rand/Makefile.ssl
+++ b/src/lib/libcrypto/rand/Makefile.ssl
@@ -70,7 +70,7 @@ lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
         $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index a00ed70718..eeffc0df4c 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
 
 static void ssleay_rand_cleanup(void)
         {
-        memset(state,0,sizeof(state));
+        OPENSSL_cleanse(state,sizeof(state));
         state_num=0;
         state_index=0;
-        memset(md,0,MD_DIGEST_LENGTH);
+        OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
         md_count[0]=0;
         md_count[1]=0;
         entropy=0;
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index 66e39991ec..606382dd21 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -87,7 +87,9 @@ extern int rand_predictable;
 
 int RAND_set_rand_method(const RAND_METHOD *meth);
 const RAND_METHOD *RAND_get_rand_method(void);
+#ifndef OPENSSL_NO_ENGINE
 int RAND_set_rand_engine(ENGINE *engine);
+#endif
 RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
 int  RAND_bytes(unsigned char *buf,int num);
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
index 96019c07a6..895967476e 100644
--- a/src/lib/libcrypto/rand/rand_egd.c
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -94,7 +94,7 @@
  *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
  */
 
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(__DJGPP__)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
         {
         return(-1);
@@ -114,7 +114,7 @@ int RAND_egd_bytes(const char *path,int bytes)
 #include <sys/types.h>
 #include <sys/socket.h>
 #ifndef NO_SYS_UN_H
-# ifdef OPENSSL_SYS_VSWORKS
+# ifdef OPENSSL_SYS_VXWORKS
 #   include <streams/un.h>
 # else
 #   include <sys/un.h>
@@ -143,7 +143,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 
         memset(&addr, 0, sizeof(addr));
         addr.sun_family = AF_UNIX;
-        if (strlen(path) > sizeof(addr.sun_path))
+        if (strlen(path) >= sizeof(addr.sun_path))
                 return (-1);
         strlcpy(addr.sun_path,path,sizeof addr.sun_path);
         len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 5cf5dc1188..513e338985 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,19 +60,25 @@
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 
+#ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
+#endif
 static const RAND_METHOD *default_RAND_meth = NULL;
 
 int RAND_set_rand_method(const RAND_METHOD *meth)
         {
+#ifndef OPENSSL_NO_ENGINE
         if(funct_ref)
                 {
                 ENGINE_finish(funct_ref);
                 funct_ref = NULL;
                 }
+#endif
         default_RAND_meth = meth;
         return 1;
         }
@@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
         {
         if (!default_RAND_meth)
                 {
+#ifndef OPENSSL_NO_ENGINE
                 ENGINE *e = ENGINE_get_default_RAND();
                 if(e)
                         {
@@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void)
                 if(e)
                         funct_ref = e;
                 else
+#endif
                         default_RAND_meth = RAND_SSLeay();
                 }
         return default_RAND_meth;
         }
 
+#ifndef OPENSSL_NO_ENGINE
 int RAND_set_rand_engine(ENGINE *engine)
         {
         const RAND_METHOD *tmp_meth = NULL;
@@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine)
         funct_ref = engine;
         return 1;
         }
+#endif
 
 void RAND_cleanup(void)
         {
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c
index fa2bab57c6..0599719dd1 100644
--- a/src/lib/libcrypto/rand/rand_unix.c
+++ b/src/lib/libcrypto/rand/rand_unix.c
@@ -115,7 +115,7 @@
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS))
 
 #include <sys/types.h>
 #include <sys/time.h>
@@ -233,7 +233,7 @@ int RAND_poll(void)
         if (n > 0)
                 {
                 RAND_add(tmpbuf,sizeof tmpbuf,n);
-                memset(tmpbuf,0,n);
+                OPENSSL_cleanse(tmpbuf,n);
                 }
 #endif
 
@@ -255,3 +255,10 @@ int RAND_poll(void)
 
 #endif
 #endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+int RAND_poll(void)
+{
+    return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index c1b955b06f..113b58678f 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -125,7 +125,7 @@
  * http://developer.intel.com/design/security/rng/redist_license.htm
  */
 #define PROV_INTEL_SEC 22
-#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
+#define INTEL_DEF_PROV TEXT("Intel Hardware Cryptographic Service Provider")
 
 static void readtimer(void);
 static void readscreen(void);
@@ -170,7 +170,9 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
 typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
 
 #include <lmcons.h>
+#ifndef OPENSSL_SYS_WINCE
 #include <lmstats.h>
+#endif
 #if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
        * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
        * was added to the Platform SDK to allow the NET API to be used in
@@ -209,20 +211,32 @@ int RAND_poll(void)
         osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
         GetVersionEx( &osverinfo ) ;
 
+#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO
+        /* poll the CryptoAPI PRNG */
+        /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+        if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+                {
+                if (CryptGenRandom(hProvider, sizeof(buf), buf))
+                        RAND_add(buf, sizeof(buf), sizeof(buf));
+                CryptReleaseContext(hProvider, 0); 
+                }
+#endif
+
         /* load functions dynamically - not available on all systems */
-        advapi = LoadLibrary("ADVAPI32.DLL");
-        kernel = LoadLibrary("KERNEL32.DLL");
-        user = LoadLibrary("USER32.DLL");
-        netapi = LoadLibrary("NETAPI32.DLL");
+        advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+        kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+        user = LoadLibrary(TEXT("USER32.DLL"));
+        netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
 
+#ifndef OPENSSL_SYS_WINCE
 #if 1 /* There was previously a problem with NETSTATGET.  Currently, this
        * section is still experimental, but if all goes well, this conditional
        * will be removed
        */
         if (netapi)
                 {
-                netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
-                netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
+                netstatget = (NETSTATGET) GetProcAddress(netapi,TEXT("NetStatisticsGet"));
+                netfree = (NETFREE) GetProcAddress(netapi,TEXT("NetApiBufferFree"));
                 }
 
         if (netstatget && netfree)
@@ -249,7 +263,9 @@ int RAND_poll(void)
         if (netapi)
                 FreeLibrary(netapi);
 #endif /* 1 */
+#endif /* !OPENSSL_SYS_WINCE */
  
+#ifndef OPENSSL_SYS_WINCE
         /* It appears like this can cause an exception deep within ADVAPI32.DLL
          * at random times on Windows 2000.  Reported by Jeffrey Altman.  
          * Only use it on NT.
@@ -280,30 +296,40 @@ int RAND_poll(void)
                         bufsz += 8192;
 
                         length = bufsz;
-                        rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
+                        rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
                                 NULL, NULL, buf, &length);
                         }
                 if (rc == ERROR_SUCCESS)
                         {
                         /* For entropy count assume only least significant
                          * byte of each DWORD is random.
-                         */
+                         */
                         RAND_add(&length, sizeof(length), 0);
                         RAND_add(buf, length, length / 4.0);
+
+                        /* Close the Registry Key to allow Windows to cleanup/close
+                         * the open handle
+                         * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+                         *       when the RegQueryValueEx above is done.  However, if
+                         *       it is not explicitly closed, it can cause disk
+                         *       partition manipulation problems.
+                         */
+                        RegCloseKey(HKEY_PERFORMANCE_DATA);
                         }
                 if (buf)
                         free(buf);
                 }
 #endif
+#endif /* !OPENSSL_SYS_WINCE */
 
         if (advapi)
                 {
                 acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
-                        "CryptAcquireContextA");
+                        TEXT("CryptAcquireContextA"));
                 gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
-                        "CryptGenRandom");
+                        TEXT("CryptGenRandom"));
                 release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
-                        "CryptReleaseContext");
+                        TEXT("CryptReleaseContext"));
                 }
 
         if (acquire && gen && release)
@@ -357,9 +383,9 @@ int RAND_poll(void)
                 GETFOREGROUNDWINDOW win;
                 GETQUEUESTATUS queue;
 
-                win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
-                cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
-                queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+                win = (GETFOREGROUNDWINDOW) GetProcAddress(user, TEXT("GetForegroundWindow"));
+                cursor = (GETCURSORINFO) GetProcAddress(user, TEXT("GetCursorInfo"));
+                queue = (GETQUEUESTATUS) GetProcAddress(user, TEXT("GetQueueStatus"));
 
                 if (win)
                         {
@@ -430,17 +456,17 @@ int RAND_poll(void)
                 MODULEENTRY32 m;
 
                 snap = (CREATETOOLHELP32SNAPSHOT)
-                        GetProcAddress(kernel, "CreateToolhelp32Snapshot");
-                heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
-                heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
-                heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
-                heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
-                process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
-                process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
-                thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
-                thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
-                module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
-                module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+                        GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
+                heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
+                heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
+                heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
+                heaplist_next = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListNext"));
+                process_first = (PROCESS32) GetProcAddress(kernel, TEXT("Process32First"));
+                process_next = (PROCESS32) GetProcAddress(kernel, TEXT("Process32Next"));
+                thread_first = (THREAD32) GetProcAddress(kernel, TEXT("Thread32First"));
+                thread_next = (THREAD32) GetProcAddress(kernel, TEXT("Thread32Next"));
+                module_first = (MODULE32) GetProcAddress(kernel, TEXT("Module32First"));
+                module_next = (MODULE32) GetProcAddress(kernel, TEXT("Module32Next"));
 
                 if (snap && heap_first && heap_next && heaplist_first &&
                         heaplist_next && process_first && process_next &&
@@ -575,7 +601,7 @@ static void readtimer(void)
         DWORD w;
         LARGE_INTEGER l;
         static int have_perfc = 1;
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
         static int have_tsc = 1;
         DWORD cyclecount;
 
@@ -628,6 +654,7 @@ static void readtimer(void)
 
 static void readscreen(void)
 {
+#ifndef OPENSSL_SYS_WINCE
   HDC           hScrDC;         /* screen DC */
   HDC           hMemDC;         /* memory DC */
   HBITMAP       hBitmap;        /* handle for our bitmap */
@@ -641,7 +668,7 @@ static void readscreen(void)
   int           n = 16;         /* number of screen lines to grab at a time */
 
   /* Create a screen DC and a memory DC compatible to screen DC */
-  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
+  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
   hMemDC = CreateCompatibleDC(hScrDC);
 
   /* Get screen resolution */
@@ -688,6 +715,7 @@ static void readscreen(void)
   DeleteObject(hBitmap);
   DeleteDC(hMemDC);
   DeleteDC(hScrDC);
+#endif /* !OPENSSL_SYS_WINCE */
 }
 
 #endif
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 311dd27a7b..cfbec2ac1f 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -132,7 +132,7 @@ int RAND_load_file(const char *file, long bytes)
                         }
                 }
         fclose(in);
-        memset(buf,0,BUFSIZE);
+        OPENSSL_cleanse(buf,BUFSIZE);
 err:
         return(ret);
         }
@@ -210,7 +210,7 @@ int RAND_write_file(const char *file)
 #endif /* OPENSSL_SYS_VMS */
 
         fclose(out);
-        memset(buf,0,BUFSIZE);
+        OPENSSL_cleanse(buf,BUFSIZE);
 err:
         return (rand_err ? -1 : ret);
         }
@@ -225,8 +225,8 @@ const char *RAND_file_name(char *buf, size_t size)
                 s=getenv("RANDFILE");
         if (s != NULL && *s && strlen(s) + 1 < size)
                 {
-                strlcpy(buf,s,size);
-                ok = 1;
+                if (strlcpy(buf,s,size) >= size)
+                        return NULL;
                 }
         else
                 {
diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c
index b64de616db..701932e6ee 100644
--- a/src/lib/libcrypto/rand/randtest.c
+++ b/src/lib/libcrypto/rand/randtest.c
@@ -60,6 +60,8 @@
 #include <stdlib.h>
 #include <openssl/rand.h>
 
+#include "../e_os.h"
+
 /* some FIPS 140-1 random number test */
 /* some simple tests */
 
@@ -209,6 +211,6 @@ int main()
         printf("test 4 done\n");
  err:
         err=((err)?1:0);
-        exit(err);
+        EXIT(err);
         return(err);
         }