summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rand
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rand')
-rw-r--r--src/lib/libcrypto/rand/md_rand.c17
-rw-r--r--src/lib/libcrypto/rand/rand.h15
-rw-r--r--src/lib/libcrypto/rand/rand_egd.c2
-rw-r--r--src/lib/libcrypto/rand/rand_err.c15
-rw-r--r--src/lib/libcrypto/rand/rand_lib.c18
-rw-r--r--src/lib/libcrypto/rand/rand_unix.c119
-rw-r--r--src/lib/libcrypto/rand/rand_win.c99
-rw-r--r--src/lib/libcrypto/rand/randfile.c12
-rw-r--r--src/lib/libcrypto/rand/randtest.c5
9 files changed, 165 insertions, 137 deletions
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index c84968df88..9783d0c23e 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -126,7 +126,6 @@
126 126
127#include <openssl/crypto.h> 127#include <openssl/crypto.h>
128#include <openssl/err.h> 128#include <openssl/err.h>
129#include <openssl/fips.h>
130 129
131#ifdef BN_DEBUG 130#ifdef BN_DEBUG
132# define PREDICT 131# define PREDICT
@@ -153,7 +152,7 @@ static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
153int rand_predictable=0; 152int rand_predictable=0;
154#endif 153#endif
155 154
156const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; 155const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
157 156
158static void ssleay_rand_cleanup(void); 157static void ssleay_rand_cleanup(void);
159static void ssleay_rand_seed(const void *buf, int num); 158static void ssleay_rand_seed(const void *buf, int num);
@@ -301,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
301 * other thread's seeding remains without effect (except for 300 * other thread's seeding remains without effect (except for
302 * the incremented counter). By XORing it we keep at least as 301 * the incremented counter). By XORing it we keep at least as
303 * much entropy as fits into md. */ 302 * much entropy as fits into md. */
304 for (k = 0; k < sizeof md; k++) 303 for (k = 0; k < (int)sizeof(md); k++)
305 { 304 {
306 md[k] ^= local_md[k]; 305 md[k] ^= local_md[k];
307 } 306 }
@@ -316,7 +315,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
316 315
317static void ssleay_rand_seed(const void *buf, int num) 316static void ssleay_rand_seed(const void *buf, int num)
318 { 317 {
319 ssleay_rand_add(buf, num, num); 318 ssleay_rand_add(buf, num, (double)num);
320 } 319 }
321 320
322static int ssleay_rand_bytes(unsigned char *buf, int num) 321static int ssleay_rand_bytes(unsigned char *buf, int num)
@@ -333,14 +332,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
333#endif 332#endif
334 int do_stir_pool = 0; 333 int do_stir_pool = 0;
335 334
336#ifdef OPENSSL_FIPS
337 if(FIPS_mode())
338 {
339 FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
340 return 0;
341 }
342#endif
343
344#ifdef PREDICT 335#ifdef PREDICT
345 if (rand_predictable) 336 if (rand_predictable)
346 { 337 {
@@ -529,7 +520,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
529 err = ERR_peek_error(); 520 err = ERR_peek_error();
530 if (ERR_GET_LIB(err) == ERR_LIB_RAND && 521 if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
531 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) 522 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
532 (void)ERR_get_error(); 523 ERR_clear_error();
533 } 524 }
534 return (ret); 525 return (ret);
535 } 526 }
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index 604df9be6c..ac6c021763 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -72,10 +72,13 @@ extern "C" {
72#endif 72#endif
73 73
74#if defined(OPENSSL_FIPS) 74#if defined(OPENSSL_FIPS)
75#define FIPS_RAND_SIZE_T int 75#define FIPS_RAND_SIZE_T size_t
76#endif 76#endif
77 77
78typedef struct rand_meth_st 78/* Already defined in ossl_typ.h */
79/* typedef struct rand_meth_st RAND_METHOD; */
80
81struct rand_meth_st
79 { 82 {
80 void (*seed)(const void *buf, int num); 83 void (*seed)(const void *buf, int num);
81 int (*bytes)(unsigned char *buf, int num); 84 int (*bytes)(unsigned char *buf, int num);
@@ -83,7 +86,7 @@ typedef struct rand_meth_st
83 void (*add)(const void *buf, int num, double entropy); 86 void (*add)(const void *buf, int num, double entropy);
84 int (*pseudorand)(unsigned char *buf, int num); 87 int (*pseudorand)(unsigned char *buf, int num);
85 int (*status)(void); 88 int (*status)(void);
86 } RAND_METHOD; 89 };
87 90
88#ifdef BN_DEBUG 91#ifdef BN_DEBUG
89extern int rand_predictable; 92extern int rand_predictable;
@@ -125,17 +128,11 @@ void ERR_load_RAND_strings(void);
125/* Error codes for the RAND functions. */ 128/* Error codes for the RAND functions. */
126 129
127/* Function codes. */ 130/* Function codes. */
128#define RAND_F_FIPS_RAND_BYTES 102
129#define RAND_F_RAND_GET_RAND_METHOD 101 131#define RAND_F_RAND_GET_RAND_METHOD 101
130#define RAND_F_SSLEAY_RAND_BYTES 100 132#define RAND_F_SSLEAY_RAND_BYTES 100
131 133
132/* Reason codes. */ 134/* Reason codes. */
133#define RAND_R_NON_FIPS_METHOD 101
134#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105
135#define RAND_R_PRNG_NOT_REKEYED 103
136#define RAND_R_PRNG_NOT_RESEEDED 104
137#define RAND_R_PRNG_NOT_SEEDED 100 135#define RAND_R_PRNG_NOT_SEEDED 100
138#define RAND_R_PRNG_STUCK 102
139 136
140#ifdef __cplusplus 137#ifdef __cplusplus
141} 138}
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
index cd666abfcb..50bce6caba 100644
--- a/src/lib/libcrypto/rand/rand_egd.c
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -95,7 +95,7 @@
95 * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. 95 * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
96 */ 96 */
97 97
98#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) 98#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
99int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) 99int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
100 { 100 {
101 return(-1); 101 return(-1);
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 97f96e1aee..386934dcd1 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -70,7 +70,6 @@
70 70
71static ERR_STRING_DATA RAND_str_functs[]= 71static ERR_STRING_DATA RAND_str_functs[]=
72 { 72 {
73{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
74{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, 73{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
75{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, 74{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
76{0,NULL} 75{0,NULL}
@@ -78,12 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
78 77
79static ERR_STRING_DATA RAND_str_reasons[]= 78static ERR_STRING_DATA RAND_str_reasons[]=
80 { 79 {
81{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
82{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
83{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
84{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
85{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, 80{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
86{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
87{0,NULL} 81{0,NULL}
88 }; 82 };
89 83
@@ -91,15 +85,12 @@ static ERR_STRING_DATA RAND_str_reasons[]=
91 85
92void ERR_load_RAND_strings(void) 86void ERR_load_RAND_strings(void)
93 { 87 {
94 static int init=1; 88#ifndef OPENSSL_NO_ERR
95 89
96 if (init) 90 if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)
97 { 91 {
98 init=0;
99#ifndef OPENSSL_NO_ERR
100 ERR_load_strings(0,RAND_str_functs); 92 ERR_load_strings(0,RAND_str_functs);
101 ERR_load_strings(0,RAND_str_reasons); 93 ERR_load_strings(0,RAND_str_reasons);
102#endif
103
104 } 94 }
95#endif
105 } 96 }
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index a21bde79de..513e338985 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -63,8 +63,6 @@
63#ifndef OPENSSL_NO_ENGINE 63#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h> 64#include <openssl/engine.h>
65#endif 65#endif
66#include <openssl/fips.h>
67#include <openssl/fips_rand.h>
68 66
69#ifndef OPENSSL_NO_ENGINE 67#ifndef OPENSSL_NO_ENGINE
70/* non-NULL if default_RAND_meth is ENGINE-provided */ 68/* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -104,22 +102,8 @@ const RAND_METHOD *RAND_get_rand_method(void)
104 funct_ref = e; 102 funct_ref = e;
105 else 103 else
106#endif 104#endif
107#ifdef OPENSSL_FIPS 105 default_RAND_meth = RAND_SSLeay();
108 if(FIPS_mode())
109 default_RAND_meth=FIPS_rand_method();
110 else
111#endif
112 default_RAND_meth = RAND_SSLeay();
113 } 106 }
114
115#ifdef OPENSSL_FIPS
116 if(FIPS_mode()
117 && default_RAND_meth != FIPS_rand_check())
118 {
119 RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
120 return 0;
121 }
122#endif
123 return default_RAND_meth; 107 return default_RAND_meth;
124 } 108 }
125 109
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c
index 9376554fae..6c2be5cb96 100644
--- a/src/lib/libcrypto/rand/rand_unix.c
+++ b/src/lib/libcrypto/rand/rand_unix.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -108,6 +108,7 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111#include <stdio.h>
111 112
112#define USE_SOCKETS 113#define USE_SOCKETS
113#include "e_os.h" 114#include "e_os.h"
@@ -115,7 +116,7 @@
115#include <openssl/rand.h> 116#include <openssl/rand.h>
116#include "rand_lcl.h" 117#include "rand_lcl.h"
117 118
118#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) 119#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
119 120
120#include <sys/types.h> 121#include <sys/types.h>
121#include <sys/time.h> 122#include <sys/time.h>
@@ -124,6 +125,13 @@
124#include <fcntl.h> 125#include <fcntl.h>
125#include <unistd.h> 126#include <unistd.h>
126#include <time.h> 127#include <time.h>
128#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
129# include <poll.h>
130#endif
131#include <limits.h>
132#ifndef FD_SETSIZE
133# define FD_SETSIZE (8*sizeof(fd_set))
134#endif
127 135
128#ifdef __OpenBSD__ 136#ifdef __OpenBSD__
129int RAND_poll(void) 137int RAND_poll(void)
@@ -142,7 +150,7 @@ int RAND_poll(void)
142 150
143 return 1; 151 return 1;
144} 152}
145#else 153#else /* !defined(__OpenBSD__) */
146int RAND_poll(void) 154int RAND_poll(void)
147{ 155{
148 unsigned long l; 156 unsigned long l;
@@ -154,7 +162,8 @@ int RAND_poll(void)
154#ifdef DEVRANDOM 162#ifdef DEVRANDOM
155 static const char *randomfiles[] = { DEVRANDOM }; 163 static const char *randomfiles[] = { DEVRANDOM };
156 struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; 164 struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
157 int fd,i; 165 int fd;
166 size_t i;
158#endif 167#endif
159#ifdef DEVRANDOM_EGD 168#ifdef DEVRANDOM_EGD
160 static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; 169 static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -182,10 +191,9 @@ int RAND_poll(void)
182#endif 191#endif
183 )) >= 0) 192 )) >= 0)
184 { 193 {
185 struct timeval t = { 0, 10*1000 }; /* Spend 10ms on 194 int usec = 10*1000; /* spend 10ms on each file */
186 each file. */ 195 int r;
187 int r,j; 196 size_t j;
188 fd_set fset;
189 struct stat *st=&randomstats[i]; 197 struct stat *st=&randomstats[i];
190 198
191 /* Avoid using same input... Used to be O_NOFOLLOW 199 /* Avoid using same input... Used to be O_NOFOLLOW
@@ -201,35 +209,75 @@ int RAND_poll(void)
201 209
202 do 210 do
203 { 211 {
204 FD_ZERO(&fset); 212 int try_read = 0;
205 FD_SET(fd, &fset);
206 r = -1;
207 213
208 if (select(fd+1,&fset,NULL,NULL,&t) < 0) 214#if defined(OPENSSL_SYS_LINUX)
209 t.tv_usec=0; 215 /* use poll() */
210 else if (FD_ISSET(fd, &fset)) 216 struct pollfd pset;
217
218 pset.fd = fd;
219 pset.events = POLLIN;
220 pset.revents = 0;
221
222 if (poll(&pset, 1, usec / 1000) < 0)
223 usec = 0;
224 else
225 try_read = (pset.revents & POLLIN) != 0;
226
227#else
228 /* use select() */
229 fd_set fset;
230 struct timeval t;
231
232 t.tv_sec = 0;
233 t.tv_usec = usec;
234
235 if (FD_SETSIZE > 0 && fd >= FD_SETSIZE)
236 {
237 /* can't use select, so just try to read once anyway */
238 try_read = 1;
239 }
240 else
241 {
242 FD_ZERO(&fset);
243 FD_SET(fd, &fset);
244
245 if (select(fd+1,&fset,NULL,NULL,&t) >= 0)
246 {
247 usec = t.tv_usec;
248 if (FD_ISSET(fd, &fset))
249 try_read = 1;
250 }
251 else
252 usec = 0;
253 }
254#endif
255
256 if (try_read)
211 { 257 {
212 r=read(fd,(unsigned char *)tmpbuf+n, 258 r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
213 ENTROPY_NEEDED-n);
214 if (r > 0) 259 if (r > 0)
215 n += r; 260 n += r;
216 } 261 }
217 262 else
218 /* Some Unixen will update t, some 263 r = -1;
219 won't. For those who won't, give 264
220 up here, otherwise, we will do 265 /* Some Unixen will update t in select(), some
266 won't. For those who won't, or if we
267 didn't use select() in the first place,
268 give up here, otherwise, we will do
221 this once again for the remaining 269 this once again for the remaining
222 time. */ 270 time. */
223 if (t.tv_usec == 10*1000) 271 if (usec == 10*1000)
224 t.tv_usec=0; 272 usec = 0;
225 } 273 }
226 while ((r > 0 || (errno == EINTR || errno == EAGAIN)) 274 while ((r > 0 ||
227 && t.tv_usec != 0 && n < ENTROPY_NEEDED); 275 (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
228 276
229 close(fd); 277 close(fd);
230 } 278 }
231 } 279 }
232#endif 280#endif /* defined(DEVRANDOM) */
233 281
234#ifdef DEVRANDOM_EGD 282#ifdef DEVRANDOM_EGD
235 /* Use an EGD socket to read entropy from an EGD or PRNGD entropy 283 /* Use an EGD socket to read entropy from an EGD or PRNGD entropy
@@ -244,24 +292,24 @@ int RAND_poll(void)
244 if (r > 0) 292 if (r > 0)
245 n += r; 293 n += r;
246 } 294 }
247#endif 295#endif /* defined(DEVRANDOM_EGD) */
248 296
249#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) 297#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
250 if (n > 0) 298 if (n > 0)
251 { 299 {
252 RAND_add(tmpbuf,sizeof tmpbuf,n); 300 RAND_add(tmpbuf,sizeof tmpbuf,(double)n);
253 OPENSSL_cleanse(tmpbuf,n); 301 OPENSSL_cleanse(tmpbuf,n);
254 } 302 }
255#endif 303#endif
256 304
257 /* put in some default random data, we need more than just this */ 305 /* put in some default random data, we need more than just this */
258 l=curr_pid; 306 l=curr_pid;
259 RAND_add(&l,sizeof(l),0); 307 RAND_add(&l,sizeof(l),0.0);
260 l=getuid(); 308 l=getuid();
261 RAND_add(&l,sizeof(l),0); 309 RAND_add(&l,sizeof(l),0.0);
262 310
263 l=time(NULL); 311 l=time(NULL);
264 RAND_add(&l,sizeof(l),0); 312 RAND_add(&l,sizeof(l),0.0);
265 313
266#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) 314#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
267 return 1; 315 return 1;
@@ -270,12 +318,13 @@ int RAND_poll(void)
270#endif 318#endif
271} 319}
272 320
273#endif 321#endif /* defined(__OpenBSD__) */
274#endif 322#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
323
275 324
276#if defined(OPENSSL_SYS_VXWORKS) 325#if defined(OPENSSL_SYS_VXWORKS)
277int RAND_poll(void) 326int RAND_poll(void)
278{ 327 {
279 return 0; 328 return 0;
280} 329 }
281#endif 330#endif
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 30c69161ef..00dbe4232c 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -121,6 +121,10 @@
121#include <wincrypt.h> 121#include <wincrypt.h>
122#include <tlhelp32.h> 122#include <tlhelp32.h>
123 123
124/* Limit the time spent walking through the heap, processes, threads and modules to
125 a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */
126#define MAXDELAY 1000
127
124/* Intel hardware RNG CSP -- available from 128/* Intel hardware RNG CSP -- available from
125 * http://developer.intel.com/design/security/rng/redist_license.htm 129 * http://developer.intel.com/design/security/rng/redist_license.htm
126 */ 130 */
@@ -152,6 +156,7 @@ typedef struct tagCURSORINFO
152#define CURSOR_SHOWING 0x00000001 156#define CURSOR_SHOWING 0x00000001
153#endif /* CURSOR_SHOWING */ 157#endif /* CURSOR_SHOWING */
154 158
159#if !defined(OPENSSL_SYS_WINCE)
155typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, 160typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
156 DWORD, DWORD); 161 DWORD, DWORD);
157typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); 162typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
@@ -163,7 +168,7 @@ typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
163 168
164typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); 169typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
165typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); 170typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
166typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); 171typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);
167typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); 172typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
168typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); 173typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
169typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); 174typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
@@ -171,9 +176,7 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
171typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); 176typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
172 177
173#include <lmcons.h> 178#include <lmcons.h>
174#ifndef OPENSSL_SYS_WINCE
175#include <lmstats.h> 179#include <lmstats.h>
176#endif
177#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE 180#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE
178 * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was 181 * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was
179 * was added to the Platform SDK to allow the NET API to be used in 182 * was added to the Platform SDK to allow the NET API to be used in
@@ -184,26 +187,14 @@ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
184 (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); 187 (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
185typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); 188typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
186#endif /* 1 */ 189#endif /* 1 */
190#endif /* !OPENSSL_SYS_WINCE */
187 191
188int RAND_poll(void) 192int RAND_poll(void)
189{ 193{
190 MEMORYSTATUS m; 194 MEMORYSTATUS m;
191 HCRYPTPROV hProvider = 0; 195 HCRYPTPROV hProvider = 0;
192 BYTE buf[64];
193 DWORD w; 196 DWORD w;
194 HWND h; 197 int good = 0;
195
196 HMODULE advapi, kernel, user, netapi;
197 CRYPTACQUIRECONTEXTW acquire = 0;
198 CRYPTGENRANDOM gen = 0;
199 CRYPTRELEASECONTEXT release = 0;
200#if 1 /* There was previously a problem with NETSTATGET. Currently, this
201 * section is still experimental, but if all goes well, this conditional
202 * will be removed
203 */
204 NETSTATGET netstatget = 0;
205 NETFREE netfree = 0;
206#endif /* 1 */
207 198
208 /* Determine the OS version we are on so we can turn off things 199 /* Determine the OS version we are on so we can turn off things
209 * that do not work properly. 200 * that do not work properly.
@@ -212,21 +203,24 @@ int RAND_poll(void)
212 osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; 203 osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
213 GetVersionEx( &osverinfo ) ; 204 GetVersionEx( &osverinfo ) ;
214 205
215#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO 206#if defined(OPENSSL_SYS_WINCE)
216#ifndef CryptAcquireContext 207# if defined(_WIN32_WCE) && _WIN32_WCE>=300
217#define CryptAcquireContext CryptAcquireContextW 208/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
218#endif 209 * in commonly available implementations prior 300... */
210 {
211 BYTE buf[64];
219 /* poll the CryptoAPI PRNG */ 212 /* poll the CryptoAPI PRNG */
220 /* The CryptoAPI returns sizeof(buf) bytes of randomness */ 213 /* The CryptoAPI returns sizeof(buf) bytes of randomness */
221 if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) 214 if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
215 CRYPT_VERIFYCONTEXT))
222 { 216 {
223 if (CryptGenRandom(hProvider, sizeof(buf), buf)) 217 if (CryptGenRandom(hProvider, sizeof(buf), buf))
224 RAND_add(buf, sizeof(buf), sizeof(buf)); 218 RAND_add(buf, sizeof(buf), sizeof(buf));
225 CryptReleaseContext(hProvider, 0); 219 CryptReleaseContext(hProvider, 0);
226 } 220 }
227#endif 221 }
228 222# endif
229#ifndef OPENSSL_SYS_WINCE 223#else /* OPENSSL_SYS_WINCE */
230 /* 224 /*
231 * None of below libraries are present on Windows CE, which is 225 * None of below libraries are present on Windows CE, which is
232 * why we #ifndef the whole section. This also excuses us from 226 * why we #ifndef the whole section. This also excuses us from
@@ -240,17 +234,19 @@ int RAND_poll(void)
240 * implement own shim routine, which would accept ANSI argument 234 * implement own shim routine, which would accept ANSI argument
241 * and expand it to Unicode. 235 * and expand it to Unicode.
242 */ 236 */
243 237 {
244 /* load functions dynamically - not available on all systems */ 238 /* load functions dynamically - not available on all systems */
245 advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); 239 HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
246 kernel = LoadLibrary(TEXT("KERNEL32.DLL")); 240 HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
247 user = LoadLibrary(TEXT("USER32.DLL")); 241 HMODULE user = NULL;
248 netapi = LoadLibrary(TEXT("NETAPI32.DLL")); 242 HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
249 243 CRYPTACQUIRECONTEXTW acquire = NULL;
250#if 1 /* There was previously a problem with NETSTATGET. Currently, this 244 CRYPTGENRANDOM gen = NULL;
251 * section is still experimental, but if all goes well, this conditional 245 CRYPTRELEASECONTEXT release = NULL;
252 * will be removed 246 NETSTATGET netstatget = NULL;
253 */ 247 NETFREE netfree = NULL;
248 BYTE buf[64];
249
254 if (netapi) 250 if (netapi)
255 { 251 {
256 netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); 252 netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
@@ -280,7 +276,6 @@ int RAND_poll(void)
280 276
281 if (netapi) 277 if (netapi)
282 FreeLibrary(netapi); 278 FreeLibrary(netapi);
283#endif /* 1 */
284 279
285 /* It appears like this can cause an exception deep within ADVAPI32.DLL 280 /* It appears like this can cause an exception deep within ADVAPI32.DLL
286 * at random times on Windows 2000. Reported by Jeffrey Altman. 281 * at random times on Windows 2000. Reported by Jeffrey Altman.
@@ -356,12 +351,13 @@ int RAND_poll(void)
356 { 351 {
357 /* poll the CryptoAPI PRNG */ 352 /* poll the CryptoAPI PRNG */
358 /* The CryptoAPI returns sizeof(buf) bytes of randomness */ 353 /* The CryptoAPI returns sizeof(buf) bytes of randomness */
359 if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, 354 if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
360 CRYPT_VERIFYCONTEXT)) 355 CRYPT_VERIFYCONTEXT))
361 { 356 {
362 if (gen(hProvider, sizeof(buf), buf) != 0) 357 if (gen(hProvider, sizeof(buf), buf) != 0)
363 { 358 {
364 RAND_add(buf, sizeof(buf), 0); 359 RAND_add(buf, sizeof(buf), 0);
360 good = 1;
365#if 0 361#if 0
366 printf("randomness from PROV_RSA_FULL\n"); 362 printf("randomness from PROV_RSA_FULL\n");
367#endif 363#endif
@@ -375,6 +371,7 @@ int RAND_poll(void)
375 if (gen(hProvider, sizeof(buf), buf) != 0) 371 if (gen(hProvider, sizeof(buf), buf) != 0)
376 { 372 {
377 RAND_add(buf, sizeof(buf), sizeof(buf)); 373 RAND_add(buf, sizeof(buf), sizeof(buf));
374 good = 1;
378#if 0 375#if 0
379 printf("randomness from PROV_INTEL_SEC\n"); 376 printf("randomness from PROV_INTEL_SEC\n");
380#endif 377#endif
@@ -386,7 +383,9 @@ int RAND_poll(void)
386 if (advapi) 383 if (advapi)
387 FreeLibrary(advapi); 384 FreeLibrary(advapi);
388 385
389 if (user) 386 if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
387 !OPENSSL_isservice()) &&
388 (user = LoadLibrary(TEXT("USER32.DLL"))))
390 { 389 {
391 GETCURSORINFO cursor; 390 GETCURSORINFO cursor;
392 GETFOREGROUNDWINDOW win; 391 GETFOREGROUNDWINDOW win;
@@ -399,7 +398,7 @@ int RAND_poll(void)
399 if (win) 398 if (win)
400 { 399 {
401 /* window handle */ 400 /* window handle */
402 h = win(); 401 HWND h = win();
403 RAND_add(&h, sizeof(h), 0); 402 RAND_add(&h, sizeof(h), 0);
404 } 403 }
405 if (cursor) 404 if (cursor)
@@ -464,6 +463,7 @@ int RAND_poll(void)
464 PROCESSENTRY32 p; 463 PROCESSENTRY32 p;
465 THREADENTRY32 t; 464 THREADENTRY32 t;
466 MODULEENTRY32 m; 465 MODULEENTRY32 m;
466 DWORD stoptime = 0;
467 467
468 snap = (CREATETOOLHELP32SNAPSHOT) 468 snap = (CREATETOOLHELP32SNAPSHOT)
469 GetProcAddress(kernel, "CreateToolhelp32Snapshot"); 469 GetProcAddress(kernel, "CreateToolhelp32Snapshot");
@@ -495,6 +495,7 @@ int RAND_poll(void)
495 * of entropy. 495 * of entropy.
496 */ 496 */
497 hlist.dwSize = sizeof(HEAPLIST32); 497 hlist.dwSize = sizeof(HEAPLIST32);
498 if (good) stoptime = GetTickCount() + MAXDELAY;
498 if (heaplist_first(handle, &hlist)) 499 if (heaplist_first(handle, &hlist))
499 do 500 do
500 { 501 {
@@ -512,18 +513,20 @@ int RAND_poll(void)
512 && --entrycnt > 0); 513 && --entrycnt > 0);
513 } 514 }
514 } while (heaplist_next(handle, 515 } while (heaplist_next(handle,
515 &hlist)); 516 &hlist) && GetTickCount() < stoptime);
516 517
517 /* process walking */ 518 /* process walking */
518 /* PROCESSENTRY32 contains 9 fields that will change 519 /* PROCESSENTRY32 contains 9 fields that will change
519 * with each entry. Consider each field a source of 520 * with each entry. Consider each field a source of
520 * 1 byte of entropy. 521 * 1 byte of entropy.
521 */ 522 */
522 p.dwSize = sizeof(PROCESSENTRY32); 523 p.dwSize = sizeof(PROCESSENTRY32);
524
525 if (good) stoptime = GetTickCount() + MAXDELAY;
523 if (process_first(handle, &p)) 526 if (process_first(handle, &p))
524 do 527 do
525 RAND_add(&p, p.dwSize, 9); 528 RAND_add(&p, p.dwSize, 9);
526 while (process_next(handle, &p)); 529 while (process_next(handle, &p) && GetTickCount() < stoptime);
527 530
528 /* thread walking */ 531 /* thread walking */
529 /* THREADENTRY32 contains 6 fields that will change 532 /* THREADENTRY32 contains 6 fields that will change
@@ -531,10 +534,11 @@ int RAND_poll(void)
531 * 1 byte of entropy. 534 * 1 byte of entropy.
532 */ 535 */
533 t.dwSize = sizeof(THREADENTRY32); 536 t.dwSize = sizeof(THREADENTRY32);
537 if (good) stoptime = GetTickCount() + MAXDELAY;
534 if (thread_first(handle, &t)) 538 if (thread_first(handle, &t))
535 do 539 do
536 RAND_add(&t, t.dwSize, 6); 540 RAND_add(&t, t.dwSize, 6);
537 while (thread_next(handle, &t)); 541 while (thread_next(handle, &t) && GetTickCount() < stoptime);
538 542
539 /* module walking */ 543 /* module walking */
540 /* MODULEENTRY32 contains 9 fields that will change 544 /* MODULEENTRY32 contains 9 fields that will change
@@ -542,18 +546,22 @@ int RAND_poll(void)
542 * 1 byte of entropy. 546 * 1 byte of entropy.
543 */ 547 */
544 m.dwSize = sizeof(MODULEENTRY32); 548 m.dwSize = sizeof(MODULEENTRY32);
549 if (good) stoptime = GetTickCount() + MAXDELAY;
545 if (module_first(handle, &m)) 550 if (module_first(handle, &m))
546 do 551 do
547 RAND_add(&m, m.dwSize, 9); 552 RAND_add(&m, m.dwSize, 9);
548 while (module_next(handle, &m)); 553 while (module_next(handle, &m)
554 && (GetTickCount() < stoptime));
549 if (close_snap) 555 if (close_snap)
550 close_snap(handle); 556 close_snap(handle);
551 else 557 else
552 CloseHandle(handle); 558 CloseHandle(handle);
559
553 } 560 }
554 561
555 FreeLibrary(kernel); 562 FreeLibrary(kernel);
556 } 563 }
564 }
557#endif /* !OPENSSL_SYS_WINCE */ 565#endif /* !OPENSSL_SYS_WINCE */
558 566
559 /* timer data */ 567 /* timer data */
@@ -693,6 +701,9 @@ static void readscreen(void)
693 int y; /* y-coordinate of screen lines to grab */ 701 int y; /* y-coordinate of screen lines to grab */
694 int n = 16; /* number of screen lines to grab at a time */ 702 int n = 16; /* number of screen lines to grab at a time */
695 703
704 if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())
705 return;
706
696 /* Create a screen DC and a memory DC compatible to screen DC */ 707 /* Create a screen DC and a memory DC compatible to screen DC */
697 hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); 708 hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
698 hMemDC = CreateCompatibleDC(hScrDC); 709 hMemDC = CreateCompatibleDC(hScrDC);
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index d847d8ebdf..005cb38cb0 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -102,10 +102,8 @@ int RAND_load_file(const char *file, long bytes)
102 102
103 if (file == NULL) return(0); 103 if (file == NULL) return(0);
104 104
105 i=stat(file,&sb); 105 if (stat(file,&sb) < 0) return(0);
106 /* If the state fails, put some crap in anyway */ 106 RAND_add(&sb,sizeof(sb),0.0);
107 RAND_add(&sb,sizeof(sb),0);
108 if (i < 0) return(0);
109 if (bytes == 0) return(ret); 107 if (bytes == 0) return(ret);
110 108
111 in=fopen(file,"rb"); 109 in=fopen(file,"rb");
@@ -128,8 +126,12 @@ int RAND_load_file(const char *file, long bytes)
128 n = BUFSIZE; 126 n = BUFSIZE;
129 i=fread(buf,1,n,in); 127 i=fread(buf,1,n,in);
130 if (i <= 0) break; 128 if (i <= 0) break;
129#ifdef PURIFY
130 RAND_add(buf,i,(double)i);
131#else
131 /* even if n != i, use the full array */ 132 /* even if n != i, use the full array */
132 RAND_add(buf,n,i); 133 RAND_add(buf,n,(double)i);
134#endif
133 ret+=i; 135 ret+=i;
134 if (bytes > 0) 136 if (bytes > 0)
135 { 137 {
diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c
index 701932e6ee..9e92a70b03 100644
--- a/src/lib/libcrypto/rand/randtest.c
+++ b/src/lib/libcrypto/rand/randtest.c
@@ -65,7 +65,7 @@
65/* some FIPS 140-1 random number test */ 65/* some FIPS 140-1 random number test */
66/* some simple tests */ 66/* some simple tests */
67 67
68int main() 68int main(int argc,char **argv)
69 { 69 {
70 unsigned char buf[2500]; 70 unsigned char buf[2500];
71 int i,j,k,s,sign,nsign,err=0; 71 int i,j,k,s,sign,nsign,err=0;
@@ -211,6 +211,9 @@ int main()
211 printf("test 4 done\n"); 211 printf("test 4 done\n");
212 err: 212 err:
213 err=((err)?1:0); 213 err=((err)?1:0);
214#ifdef OPENSSL_SYS_NETWARE
215 if (err) printf("ERROR: %d\n", err);
216#endif
214 EXIT(err); 217 EXIT(err);
215 return(err); 218 return(err);
216 } 219 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 16:52:43 +0000