Import OpenSSL 1.0.1g

author: miod <> 2014-04-13 15:16:40 +0000
committer: miod <> 2014-04-13 15:16:40 +0000
commit: 52628ee3f51f011b463aaedb1a28aa0524b43cb3 (patch)
tree: 4bd2adeac981051908ec5756401424bbb4e57d6a /src/lib/libcrypto/rand
parent: 40c22d3625a3818690c889ed6216fedf2be522c9 (diff)
download: openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.tar.gz
openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.tar.bz2
openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.zip
4 files changed, 17 insertions, 2 deletions
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index dc8fcf94c5..bb5520e80a 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 /* Reason codes. */
+#define RAND_R_DUAL_EC_DRBG_DISABLED                     104
 #define RAND_R_ERROR_INITIALISING_DRBG                   102
 #define RAND_R_ERROR_INSTANTIATING_DRBG                  103
 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index b8586c8f4a..c4c80fc8cc 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 static ERR_STRING_DATA RAND_str_reasons[]=
        {
+{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
 {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index daf1dab973..5ac0e14caf 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
        {
-        OPENSSL_cleanse(out, olen);
+        if (out)
-        OPENSSL_free(out);
+                {
+                OPENSSL_cleanse(out, olen);
+                OPENSSL_free(out);
+                }
        }
 /* Set "additional input" when generating random data. This uses the
@@ -266,6 +269,14 @@ int RAND_init_fips(void)
        DRBG_CTX *dctx;
        size_t plen;
        unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+        if (fips_drbg_type >> 16)
+                {
+                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+                return 0;
+                }
+#endif
+                
        dctx = FIPS_get_default_drbg();
        if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
                {
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 030e07f418..7f1428072d 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -57,7 +57,9 @@
 */
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#if !defined(OPENSSL_SYS_VXWORKS)
 #define _XOPEN_SOURCE 500
+#endif
 #include <errno.h>
 #include <stdio.h>
author	miod <>	2014-04-13 15:16:40 +0000
committer	miod <>	2014-04-13 15:16:40 +0000
commit	52628ee3f51f011b463aaedb1a28aa0524b43cb3 (patch)
tree	4bd2adeac981051908ec5756401424bbb4e57d6a /src/lib/libcrypto/rand
parent	40c22d3625a3818690c889ed6216fedf2be522c9 (diff)
download	openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.tar.gz openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.tar.bz2 openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.zip