4 files changed, 26 insertions, 127 deletions
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index ea89153cba..ac6c021763 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
 #endif
 #if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T int
+#define FIPS_RAND_SIZE_T size_t
 #endif
 /* Already defined in ossl_typ.h */
@@ -111,15 +111,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
 int RAND_poll(void);
-#ifndef OPENSSL_NO_ENGINE
-#ifdef OPENSSL_FIPS
-void int_RAND_init_engine_callbacks(void);
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
-#endif
-#endif
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@@ -137,29 +128,11 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 /* Function codes. */
-#define RAND_F_ENG_RAND_GET_RAND_METHOD                  108
-#define RAND_F_FIPS_RAND                                 103
-#define RAND_F_FIPS_RAND_BYTES                           102
-#define RAND_F_FIPS_RAND_GET_RAND_METHOD                 109
-#define RAND_F_FIPS_RAND_SET_DT                          106
-#define RAND_F_FIPS_SET_DT                               104
-#define RAND_F_FIPS_SET_PRNG_SEED                        107
-#define RAND_F_FIPS_SET_TEST_MODE                        105
 #define RAND_F_RAND_GET_RAND_METHOD                      101
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 /* Reason codes. */
-#define RAND_R_NON_FIPS_METHOD                           105
-#define RAND_R_NOT_IN_TEST_MODE                          106
-#define RAND_R_NO_KEY_SET                                107
-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH                  101
-#define RAND_R_PRNG_ERROR                                108
-#define RAND_R_PRNG_KEYED                                109
-#define RAND_R_PRNG_NOT_REKEYED                          102
-#define RAND_R_PRNG_NOT_RESEEDED                         103
 #define RAND_R_PRNG_NOT_SEEDED                           100
-#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY              110
-#define RAND_R_PRNG_STUCK                                104
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 829fb44d77..03cda4dd92 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /* crypto/rand/rand_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,14 +70,6 @@
 static ERR_STRING_DATA RAND_str_functs[]=
        {
-{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD),     "ENG_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND),    "FIPS_RAND"},
-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES),      "FIPS_RAND_BYTES"},
-{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD),    "FIPS_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT),     "FIPS_RAND_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_DT),  "FIPS_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED),   "FIPS_SET_PRNG_SEED"},
-{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE),   "FIPS_SET_TEST_MODE"},
 {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
 {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
 {0,NULL}
@@ -85,17 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 static ERR_STRING_DATA RAND_str_reasons[]=
        {
-{ERR_REASON(RAND_R_NON_FIPS_METHOD)      ,"non fips method"},
-{ERR_REASON(RAND_R_NOT_IN_TEST_MODE)     ,"not in test mode"},
-{ERR_REASON(RAND_R_NO_KEY_SET)           ,"no key set"},
-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
-{ERR_REASON(RAND_R_PRNG_ERROR)           ,"prng error"},
-{ERR_REASON(RAND_R_PRNG_KEYED)           ,"prng keyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
 {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
-{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
-{ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index da6b4e0e86..513e338985 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,82 +60,15 @@
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
-#include "rand_lcl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-#ifdef OPENSSL_FIPS
-static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
-                                        const RAND_METHOD **pmeth)
-        {
-        *pmeth = meth;
-        return 1;
-        }
-static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
-        {
-        if (!*pmeth)
-                {
-                if(FIPS_mode())
-                        *pmeth=FIPS_rand_method();
-                else
-                        *pmeth = RAND_SSLeay();
-                }
-        if(FIPS_mode()
-                && *pmeth != FIPS_rand_check())
-            {
-            RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-            return 0;
-            }
-        return *pmeth;
-        }
-static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth)
-        = fips_RAND_set_rand_method;
-static const RAND_METHOD *(*RAND_get_rand_method_func)
-                                                (const RAND_METHOD **pmeth)
-        = fips_RAND_get_rand_method;
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)
-                                                (const RAND_METHOD **pmeth))
-        {
-        RAND_set_rand_method_func = set_rand_func;
-        RAND_get_rand_method_func = get_rand_func;
-        }
-#endif
-int RAND_set_rand_method(const RAND_METHOD *meth)
-        {
-        return RAND_set_rand_method_func(meth, &default_RAND_meth);
-        }
-const RAND_METHOD *RAND_get_rand_method(void)
-        {
-        return RAND_get_rand_method_func(&default_RAND_meth);
-        }
-#else
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
 #endif
+static const RAND_METHOD *default_RAND_meth = NULL;
 int RAND_set_rand_method(const RAND_METHOD *meth)
        {
@@ -196,8 +129,6 @@ int RAND_set_rand_engine(ENGINE *engine)
        }
 #endif
-#endif
 void RAND_cleanup(void)
        {
        const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index d108353bbc..4ed40b7b70 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -75,9 +75,7 @@
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
 #endif
-#ifdef MAC_OS_pre_X
+#ifndef OPENSSL_NO_POSIX_IO
-# include <stat.h>
-#else
 # include <sys/stat.h>
 #endif
@@ -111,14 +109,26 @@ int RAND_load_file(const char *file, long bytes)
         * if bytes == -1, read complete file. */
        MS_STATIC unsigned char buf[BUFSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
        struct stat sb;
+#endif
        int i,ret=0,n;
        FILE *in;
        if (file == NULL) return(0);
+#ifndef OPENSSL_NO_POSIX_IO
+#ifdef PURIFY
+        /* struct stat can have padding and unused fields that may not be
+         * initialized in the call to stat(). We need to clear the entire
+         * structure before calling RAND_add() to avoid complaints from
+         * applications such as Valgrind.
+         */
+        memset(&sb, 0, sizeof(sb));
+#endif
        if (stat(file,&sb) < 0) return(0);
        RAND_add(&sb,sizeof(sb),0.0);
+#endif
        if (bytes == 0) return(ret);
 #ifdef OPENSSL_SYS_VMS
@@ -127,7 +137,7 @@ int RAND_load_file(const char *file, long bytes)
        in=fopen(file,"rb");
 #endif
        if (in == NULL) goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR)
+#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPNESSL_NO_POSIX_IO)
        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
          /* this file is a device. we don't want read an infinite number
           * of bytes from a random device, nor do we want to use buffered
@@ -170,12 +180,13 @@ int RAND_write_file(const char *file)
        int i,ret=0,rand_err=0;
        FILE *out = NULL;
        int n;
+#ifndef OPENSSL_NO_POSIX_IO
        struct stat sb;
        
        i=stat(file,&sb);
        if (i != -1) { 
-#if defined(S_IFBLK) && defined(S_IFCHR)
+#if defined(S_ISBLK) && defined(S_ISCHR)
-          if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+          if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
            /* this file is a device. we don't write back to it. 
             * we "succeed" on the assumption this is some sort 
             * of random device. Otherwise attempting to write to 
@@ -185,14 +196,16 @@ int RAND_write_file(const char *file)
          }
 #endif
        }
+#endif
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
        {
-        /* For some reason Win32 can't write to files created this way */
+#ifndef O_BINARY
-        
+#define O_BINARY 0
+#endif
        /* chmod(..., 0600) is too late to protect the file,
         * permissions should be restrictive from the start */
-        int fd = open(file, O_CREAT, 0600);
+        int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600);
        if (fd != -1)
                out = fdopen(fd, "wb");
        }

diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h index ea89153cba..ac6c021763 100644 --- a/src/lib/libcrypto/rand/rand.h +++ b/src/lib/libcrypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
72	#endif	72	#endif
73		73
74	#if defined(OPENSSL_FIPS)	74	#if defined(OPENSSL_FIPS)
75	#define FIPS_RAND_SIZE_T int	75	#define FIPS_RAND_SIZE_T size_t
76	#endif	76	#endif
77		77
78	/* Already defined in ossl_typ.h */	78	/* Already defined in ossl_typ.h */
@@ -111,15 +111,6 @@ int RAND_query_egd_bytes(const char path, unsigned char buf, int bytes);
111	int RAND_egd(const char *path);	111	int RAND_egd(const char *path);
112	int RAND_egd_bytes(const char *path,int bytes);	112	int RAND_egd_bytes(const char *path,int bytes);
113	int RAND_poll(void);	113	int RAND_poll(void);
114	#ifndef OPENSSL_NO_ENGINE
115	#ifdef OPENSSL_FIPS
116	void int_RAND_init_engine_callbacks(void);
117	void int_RAND_set_callbacks(
118	int (set_rand_func)(const RAND_METHOD meth,
119	const RAND_METHOD **pmeth),
120	const RAND_METHOD (get_rand_func)(const RAND_METHOD **pmeth));
121	#endif
122	#endif
123		114
124	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32)	115	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32)
125		116
@@ -137,29 +128,11 @@ void ERR_load_RAND_strings(void);
137	/* Error codes for the RAND functions. */	128	/* Error codes for the RAND functions. */
138		129
139	/* Function codes. */	130	/* Function codes. */
140	#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
141	#define RAND_F_FIPS_RAND 103
142	#define RAND_F_FIPS_RAND_BYTES 102
143	#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
144	#define RAND_F_FIPS_RAND_SET_DT 106
145	#define RAND_F_FIPS_SET_DT 104
146	#define RAND_F_FIPS_SET_PRNG_SEED 107
147	#define RAND_F_FIPS_SET_TEST_MODE 105
148	#define RAND_F_RAND_GET_RAND_METHOD 101	131	#define RAND_F_RAND_GET_RAND_METHOD 101
149	#define RAND_F_SSLEAY_RAND_BYTES 100	132	#define RAND_F_SSLEAY_RAND_BYTES 100
150		133
151	/* Reason codes. */	134	/* Reason codes. */
152	#define RAND_R_NON_FIPS_METHOD 105
153	#define RAND_R_NOT_IN_TEST_MODE 106
154	#define RAND_R_NO_KEY_SET 107
155	#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
156	#define RAND_R_PRNG_ERROR 108
157	#define RAND_R_PRNG_KEYED 109
158	#define RAND_R_PRNG_NOT_REKEYED 102
159	#define RAND_R_PRNG_NOT_RESEEDED 103
160	#define RAND_R_PRNG_NOT_SEEDED 100	135	#define RAND_R_PRNG_NOT_SEEDED 100
161	#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
162	#define RAND_R_PRNG_STUCK 104
163		136
164	#ifdef __cplusplus	137	#ifdef __cplusplus
165	}	138	}


diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c index 829fb44d77..03cda4dd92 100644 --- a/src/lib/libcrypto/rand/rand_err.c +++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
1	/* crypto/rand/rand_err.c */	1	/* crypto/rand/rand_err.c */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4	*	4	*
5	* Redistribution and use in source and binary forms, with or without	5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions	6	* modification, are permitted provided that the following conditions
@@ -70,14 +70,6 @@
70		70
71	static ERR_STRING_DATA RAND_str_functs[]=	71	static ERR_STRING_DATA RAND_str_functs[]=
72	{	72	{
73	{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
74	{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
75	{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
76	{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
77	{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
78	{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
79	{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
80	{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
81	{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},	73	{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
82	{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},	74	{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
83	{0,NULL}	75	{0,NULL}
@@ -85,17 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
85		77
86	static ERR_STRING_DATA RAND_str_reasons[]=	78	static ERR_STRING_DATA RAND_str_reasons[]=
87	{	79	{
88	{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
89	{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"},
90	{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"},
91	{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
92	{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"},
93	{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"},
94	{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
95	{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
96	{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},	80	{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
97	{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
98	{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
99	{0,NULL}	81	{0,NULL}
100	};	82	};
101		83


diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index da6b4e0e86..513e338985 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,82 +60,15 @@
60	#include <time.h>	60	#include <time.h>
61	#include "cryptlib.h"	61	#include "cryptlib.h"
62	#include <openssl/rand.h>	62	#include <openssl/rand.h>
63	#include "rand_lcl.h"
64	#ifdef OPENSSL_FIPS
65	#include <openssl/fips.h>
66	#include <openssl/fips_rand.h>
67	#endif
68
69	#ifndef OPENSSL_NO_ENGINE	63	#ifndef OPENSSL_NO_ENGINE
70	#include <openssl/engine.h>	64	#include <openssl/engine.h>
71	#endif	65	#endif
72		66
73	static const RAND_METHOD *default_RAND_meth = NULL;
74
75	#ifdef OPENSSL_FIPS
76
77	static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
78	const RAND_METHOD **pmeth)
79	{
80	*pmeth = meth;
81	return 1;
82	}
83
84	static const RAND_METHOD fips_RAND_get_rand_method(const RAND_METHOD *pmeth)
85	{
86	if (!*pmeth)
87	{
88	if(FIPS_mode())
89	*pmeth=FIPS_rand_method();
90	else
91	*pmeth = RAND_SSLeay();
92	}
93
94	if(FIPS_mode()
95	&& *pmeth != FIPS_rand_check())
96	{
97	RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
98	return 0;
99	}
100
101	return *pmeth;
102	}
103
104	static int (RAND_set_rand_method_func)(const RAND_METHOD meth,
105	const RAND_METHOD **pmeth)
106	= fips_RAND_set_rand_method;
107	static const RAND_METHOD (RAND_get_rand_method_func)
108	(const RAND_METHOD **pmeth)
109	= fips_RAND_get_rand_method;
110
111	#ifndef OPENSSL_NO_ENGINE
112	void int_RAND_set_callbacks(
113	int (set_rand_func)(const RAND_METHOD meth,
114	const RAND_METHOD **pmeth),
115	const RAND_METHOD (get_rand_func)
116	(const RAND_METHOD **pmeth))
117	{
118	RAND_set_rand_method_func = set_rand_func;
119	RAND_get_rand_method_func = get_rand_func;
120	}
121	#endif
122
123	int RAND_set_rand_method(const RAND_METHOD *meth)
124	{
125	return RAND_set_rand_method_func(meth, &default_RAND_meth);
126	}
127
128	const RAND_METHOD *RAND_get_rand_method(void)
129	{
130	return RAND_get_rand_method_func(&default_RAND_meth);
131	}
132
133	#else
134
135	#ifndef OPENSSL_NO_ENGINE	67	#ifndef OPENSSL_NO_ENGINE
136	/* non-NULL if default_RAND_meth is ENGINE-provided */	68	/* non-NULL if default_RAND_meth is ENGINE-provided */
137	static ENGINE *funct_ref =NULL;	69	static ENGINE *funct_ref =NULL;
138	#endif	70	#endif
		71	static const RAND_METHOD *default_RAND_meth = NULL;
139		72
140	int RAND_set_rand_method(const RAND_METHOD *meth)	73	int RAND_set_rand_method(const RAND_METHOD *meth)
141	{	74	{
@@ -196,8 +129,6 @@ int RAND_set_rand_engine(ENGINE *engine)
196	}	129	}
197	#endif	130	#endif
198		131
199	#endif
200
201	void RAND_cleanup(void)	132	void RAND_cleanup(void)
202	{	133	{
203	const RAND_METHOD *meth = RAND_get_rand_method();	134	const RAND_METHOD *meth = RAND_get_rand_method();


diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index d108353bbc..4ed40b7b70 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c
@@ -75,9 +75,7 @@
75	#ifndef NO_SYS_TYPES_H	75	#ifndef NO_SYS_TYPES_H
76	# include <sys/types.h>	76	# include <sys/types.h>
77	#endif	77	#endif
78	#ifdef MAC_OS_pre_X	78	#ifndef OPENSSL_NO_POSIX_IO
79	# include <stat.h>
80	#else
81	# include <sys/stat.h>	79	# include <sys/stat.h>
82	#endif	80	#endif
83		81
@@ -111,14 +109,26 @@ int RAND_load_file(const char *file, long bytes)
111	* if bytes == -1, read complete file. */	109	* if bytes == -1, read complete file. */
112		110
113	MS_STATIC unsigned char buf[BUFSIZE];	111	MS_STATIC unsigned char buf[BUFSIZE];
		112	#ifndef OPENSSL_NO_POSIX_IO
114	struct stat sb;	113	struct stat sb;
		114	#endif
115	int i,ret=0,n;	115	int i,ret=0,n;
116	FILE *in;	116	FILE *in;
117		117
118	if (file == NULL) return(0);	118	if (file == NULL) return(0);
119		119
		120	#ifndef OPENSSL_NO_POSIX_IO
		121	#ifdef PURIFY
		122	/* struct stat can have padding and unused fields that may not be
		123	* initialized in the call to stat(). We need to clear the entire
		124	* structure before calling RAND_add() to avoid complaints from
		125	* applications such as Valgrind.
		126	*/
		127	memset(&sb, 0, sizeof(sb));
		128	#endif
120	if (stat(file,&sb) < 0) return(0);	129	if (stat(file,&sb) < 0) return(0);
121	RAND_add(&sb,sizeof(sb),0.0);	130	RAND_add(&sb,sizeof(sb),0.0);
		131	#endif
122	if (bytes == 0) return(ret);	132	if (bytes == 0) return(ret);
123		133
124	#ifdef OPENSSL_SYS_VMS	134	#ifdef OPENSSL_SYS_VMS
@@ -127,7 +137,7 @@ int RAND_load_file(const char *file, long bytes)
127	in=fopen(file,"rb");	137	in=fopen(file,"rb");
128	#endif	138	#endif
129	if (in == NULL) goto err;	139	if (in == NULL) goto err;
130	#if defined(S_IFBLK) && defined(S_IFCHR)	140	#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPNESSL_NO_POSIX_IO)
131	if (sb.st_mode & (S_IFBLK \| S_IFCHR)) {	141	if (sb.st_mode & (S_IFBLK \| S_IFCHR)) {
132	/* this file is a device. we don't want read an infinite number	142	/* this file is a device. we don't want read an infinite number
133	* of bytes from a random device, nor do we want to use buffered	143	* of bytes from a random device, nor do we want to use buffered
@@ -170,12 +180,13 @@ int RAND_write_file(const char *file)
170	int i,ret=0,rand_err=0;	180	int i,ret=0,rand_err=0;
171	FILE *out = NULL;	181	FILE *out = NULL;
172	int n;	182	int n;
		183	#ifndef OPENSSL_NO_POSIX_IO
173	struct stat sb;	184	struct stat sb;
174		185
175	i=stat(file,&sb);	186	i=stat(file,&sb);
176	if (i != -1) {	187	if (i != -1) {
177	#if defined(S_IFBLK) && defined(S_IFCHR)	188	#if defined(S_ISBLK) && defined(S_ISCHR)
178	if (sb.st_mode & (S_IFBLK \| S_IFCHR)) {	189	if (S_ISBLK(sb.st_mode) \|\| S_ISCHR(sb.st_mode)) {
179	/* this file is a device. we don't write back to it.	190	/* this file is a device. we don't write back to it.
180	* we "succeed" on the assumption this is some sort	191	* we "succeed" on the assumption this is some sort
181	* of random device. Otherwise attempting to write to	192	* of random device. Otherwise attempting to write to
@@ -185,14 +196,16 @@ int RAND_write_file(const char *file)
185	}	196	}
186	#endif	197	#endif
187	}	198	}
		199	#endif
188		200
189	#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)	201	#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
190	{	202	{
191	/* For some reason Win32 can't write to files created this way */	203	#ifndef O_BINARY
192		204	#define O_BINARY 0
		205	#endif
193	/* chmod(..., 0600) is too late to protect the file,	206	/* chmod(..., 0600) is too late to protect the file,
194	* permissions should be restrictive from the start */	207	* permissions should be restrictive from the start */
195	int fd = open(file, O_CREAT, 0600);	208	int fd = open(file, O_WRONLY\|O_CREAT\|O_BINARY, 0600);
196	if (fd != -1)	209	if (fd != -1)
197	out = fdopen(fd, "wb");	210	out = fdopen(fd, "wb");
198	}	211	}