summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rand
diff options
context:
space:
mode:
authormiod <>2014-04-13 15:25:35 +0000
committermiod <>2014-04-13 15:25:35 +0000
commitd2b3c9742a7df4ab87384039c99682d1944f66d7 (patch)
tree74f4ff344980894c7c9ceeab9b81176ac7572566 /src/lib/libcrypto/rand
parentdbf195d7fd4efbe4ee578f1dc5c72e7f3deadf18 (diff)
downloadopenbsd-d2b3c9742a7df4ab87384039c99682d1944f66d7.tar.gz
openbsd-d2b3c9742a7df4ab87384039c99682d1944f66d7.tar.bz2
openbsd-d2b3c9742a7df4ab87384039c99682d1944f66d7.zip
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Diffstat (limited to 'src/lib/libcrypto/rand')
-rw-r--r--src/lib/libcrypto/rand/md_rand.c27
-rw-r--r--src/lib/libcrypto/rand/rand.h1
-rw-r--r--src/lib/libcrypto/rand/rand_err.c1
-rw-r--r--src/lib/libcrypto/rand/rand_lib.c15
-rw-r--r--src/lib/libcrypto/rand/rand_win.c2
-rw-r--r--src/lib/libcrypto/rand/randfile.c2
6 files changed, 39 insertions, 9 deletions
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index fcdd3f2a84..aee1c30b0a 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -123,10 +123,10 @@
123 123
124#include "e_os.h" 124#include "e_os.h"
125 125
126#include <openssl/crypto.h>
126#include <openssl/rand.h> 127#include <openssl/rand.h>
127#include "rand_lcl.h" 128#include "rand_lcl.h"
128 129
129#include <openssl/crypto.h>
130#include <openssl/err.h> 130#include <openssl/err.h>
131 131
132#ifdef BN_DEBUG 132#ifdef BN_DEBUG
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
198 EVP_MD_CTX m; 198 EVP_MD_CTX m;
199 int do_not_lock; 199 int do_not_lock;
200 200
201 if (!num)
202 return;
203
201 /* 204 /*
202 * (Based on the rand(3) manpage) 205 * (Based on the rand(3) manpage)
203 * 206 *
@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
380 * are fed into the hash function and the results are kept in the 383 * are fed into the hash function and the results are kept in the
381 * global 'md'. 384 * global 'md'.
382 */ 385 */
383 386#ifdef OPENSSL_FIPS
384 CRYPTO_w_lock(CRYPTO_LOCK_RAND); 387 /* NB: in FIPS mode we are already under a lock */
388 if (!FIPS_mode())
389#endif
390 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
385 391
386 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ 392 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
387 CRYPTO_w_lock(CRYPTO_LOCK_RAND2); 393 CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
460 466
461 /* before unlocking, we must clear 'crypto_lock_rand' */ 467 /* before unlocking, we must clear 'crypto_lock_rand' */
462 crypto_lock_rand = 0; 468 crypto_lock_rand = 0;
463 CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 469#ifdef OPENSSL_FIPS
470 if (!FIPS_mode())
471#endif
472 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
464 473
465 while (num > 0) 474 while (num > 0)
466 { 475 {
@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
512 MD_Init(&m); 521 MD_Init(&m);
513 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); 522 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
514 MD_Update(&m,local_md,MD_DIGEST_LENGTH); 523 MD_Update(&m,local_md,MD_DIGEST_LENGTH);
515 CRYPTO_w_lock(CRYPTO_LOCK_RAND); 524#ifdef OPENSSL_FIPS
525 if (!FIPS_mode())
526#endif
527 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
516 MD_Update(&m,md,MD_DIGEST_LENGTH); 528 MD_Update(&m,md,MD_DIGEST_LENGTH);
517 MD_Final(&m,md); 529 MD_Final(&m,md);
518 CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 530#ifdef OPENSSL_FIPS
531 if (!FIPS_mode())
532#endif
533 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
519 534
520 EVP_MD_CTX_cleanup(&m); 535 EVP_MD_CTX_cleanup(&m);
521 if (ok) 536 if (ok)
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index dc8fcf94c5..bb5520e80a 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
138#define RAND_F_SSLEAY_RAND_BYTES 100 138#define RAND_F_SSLEAY_RAND_BYTES 100
139 139
140/* Reason codes. */ 140/* Reason codes. */
141#define RAND_R_DUAL_EC_DRBG_DISABLED 104
141#define RAND_R_ERROR_INITIALISING_DRBG 102 142#define RAND_R_ERROR_INITIALISING_DRBG 102
142#define RAND_R_ERROR_INSTANTIATING_DRBG 103 143#define RAND_R_ERROR_INSTANTIATING_DRBG 103
143#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 144#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index b8586c8f4a..c4c80fc8cc 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
78 78
79static ERR_STRING_DATA RAND_str_reasons[]= 79static ERR_STRING_DATA RAND_str_reasons[]=
80 { 80 {
81{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
81{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, 82{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
82{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, 83{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
83{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, 84{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index daf1dab973..5ac0e14caf 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
210 210
211static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) 211static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
212 { 212 {
213 OPENSSL_cleanse(out, olen); 213 if (out)
214 OPENSSL_free(out); 214 {
215 OPENSSL_cleanse(out, olen);
216 OPENSSL_free(out);
217 }
215 } 218 }
216 219
217/* Set "additional input" when generating random data. This uses the 220/* Set "additional input" when generating random data. This uses the
@@ -266,6 +269,14 @@ int RAND_init_fips(void)
266 DRBG_CTX *dctx; 269 DRBG_CTX *dctx;
267 size_t plen; 270 size_t plen;
268 unsigned char pers[32], *p; 271 unsigned char pers[32], *p;
272#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
273 if (fips_drbg_type >> 16)
274 {
275 RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
276 return 0;
277 }
278#endif
279
269 dctx = FIPS_get_default_drbg(); 280 dctx = FIPS_get_default_drbg();
270 if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) 281 if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
271 { 282 {
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 5d134e186b..34ffcd23f9 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -750,7 +750,7 @@ static void readscreen(void)
750 int y; /* y-coordinate of screen lines to grab */ 750 int y; /* y-coordinate of screen lines to grab */
751 int n = 16; /* number of screen lines to grab at a time */ 751 int n = 16; /* number of screen lines to grab at a time */
752 752
753 if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) 753 if (check_winnt() && OPENSSL_isservice()>0)
754 return; 754 return;
755 755
756 /* Create a screen DC and a memory DC compatible to screen DC */ 756 /* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 030e07f418..7f1428072d 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -57,7 +57,9 @@
57 */ 57 */
58 58
59/* We need to define this to get macros like S_IFBLK and S_IFCHR */ 59/* We need to define this to get macros like S_IFBLK and S_IFCHR */
60#if !defined(OPENSSL_SYS_VXWORKS)
60#define _XOPEN_SOURCE 500 61#define _XOPEN_SOURCE 500
62#endif
61 63
62#include <errno.h> 64#include <errno.h>
63#include <stdio.h> 65#include <stdio.h>
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-07 21:07:04 +0000