4 files changed, 163 insertions, 23 deletions
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index ac6c021763..ea89153cba 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
 #endif
 #if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
+#define FIPS_RAND_SIZE_T int
 #endif
 /* Already defined in ossl_typ.h */
@@ -111,6 +111,15 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
 int RAND_poll(void);
+#ifndef OPENSSL_NO_ENGINE
+#ifdef OPENSSL_FIPS
+void int_RAND_init_engine_callbacks(void);
+void int_RAND_set_callbacks(
+        int (*set_rand_func)(const RAND_METHOD *meth,
+                                                const RAND_METHOD **pmeth),
+        const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
+#endif
+#endif
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@@ -128,11 +137,29 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 /* Function codes. */
+#define RAND_F_ENG_RAND_GET_RAND_METHOD                  108
+#define RAND_F_FIPS_RAND                                 103
+#define RAND_F_FIPS_RAND_BYTES                           102
+#define RAND_F_FIPS_RAND_GET_RAND_METHOD                 109
+#define RAND_F_FIPS_RAND_SET_DT                          106
+#define RAND_F_FIPS_SET_DT                               104
+#define RAND_F_FIPS_SET_PRNG_SEED                        107
+#define RAND_F_FIPS_SET_TEST_MODE                        105
 #define RAND_F_RAND_GET_RAND_METHOD                      101
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 /* Reason codes. */
+#define RAND_R_NON_FIPS_METHOD                           105
+#define RAND_R_NOT_IN_TEST_MODE                          106
+#define RAND_R_NO_KEY_SET                                107
+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH                  101
+#define RAND_R_PRNG_ERROR                                108
+#define RAND_R_PRNG_KEYED                                109
+#define RAND_R_PRNG_NOT_REKEYED                          102
+#define RAND_R_PRNG_NOT_RESEEDED                         103
 #define RAND_R_PRNG_NOT_SEEDED                           100
+#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY              110
+#define RAND_R_PRNG_STUCK                                104
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 386934dcd1..829fb44d77 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /* crypto/rand/rand_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,6 +70,14 @@
 static ERR_STRING_DATA RAND_str_functs[]=
        {
+{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD),     "ENG_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND),    "FIPS_RAND"},
+{ERR_FUNC(RAND_F_FIPS_RAND_BYTES),      "FIPS_RAND_BYTES"},
+{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD),    "FIPS_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT),     "FIPS_RAND_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_DT),  "FIPS_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED),   "FIPS_SET_PRNG_SEED"},
+{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE),   "FIPS_SET_TEST_MODE"},
 {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
 {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
 {0,NULL}
@@ -77,7 +85,17 @@ static ERR_STRING_DATA RAND_str_functs[]=
 static ERR_STRING_DATA RAND_str_reasons[]=
        {
+{ERR_REASON(RAND_R_NON_FIPS_METHOD)      ,"non fips method"},
+{ERR_REASON(RAND_R_NOT_IN_TEST_MODE)     ,"not in test mode"},
+{ERR_REASON(RAND_R_NO_KEY_SET)           ,"no key set"},
+{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
+{ERR_REASON(RAND_R_PRNG_ERROR)           ,"prng error"},
+{ERR_REASON(RAND_R_PRNG_KEYED)           ,"prng keyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
 {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
+{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
+{ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 513e338985..da6b4e0e86 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,15 +60,82 @@
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
+#include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+static const RAND_METHOD *default_RAND_meth = NULL;
+#ifdef OPENSSL_FIPS
+static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
+                                        const RAND_METHOD **pmeth)
+        {
+        *pmeth = meth;
+        return 1;
+        }
+static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
+        {
+        if (!*pmeth)
+                {
+                if(FIPS_mode())
+                        *pmeth=FIPS_rand_method();
+                else
+                        *pmeth = RAND_SSLeay();
+                }
+        if(FIPS_mode()
+                && *pmeth != FIPS_rand_check())
+            {
+            RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+            return 0;
+            }
+        return *pmeth;
+        }
+static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
+                                                const RAND_METHOD **pmeth)
+        = fips_RAND_set_rand_method;
+static const RAND_METHOD *(*RAND_get_rand_method_func)
+                                                (const RAND_METHOD **pmeth)
+        = fips_RAND_get_rand_method;
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+        int (*set_rand_func)(const RAND_METHOD *meth,
+                                                const RAND_METHOD **pmeth),
+        const RAND_METHOD *(*get_rand_func)
+                                                (const RAND_METHOD **pmeth))
+        {
+        RAND_set_rand_method_func = set_rand_func;
+        RAND_get_rand_method_func = get_rand_func;
+        }
+#endif
+int RAND_set_rand_method(const RAND_METHOD *meth)
+        {
+        return RAND_set_rand_method_func(meth, &default_RAND_meth);
+        }
+const RAND_METHOD *RAND_get_rand_method(void)
+        {
+        return RAND_get_rand_method_func(&default_RAND_meth);
+        }
+#else
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
 #endif
-static const RAND_METHOD *default_RAND_meth = NULL;
 int RAND_set_rand_method(const RAND_METHOD *meth)
        {
@@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine)
        }
 #endif
+#endif
 void RAND_cleanup(void)
        {
        const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 6c0ec9a41c..d108353bbc 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -81,10 +81,25 @@
 # include <sys/stat.h>
 #endif
+#ifdef _WIN32
+#define stat    _stat
+#define chmod   _chmod
+#define open    _open
+#define fdopen  _fdopen
+#endif
 #undef BUFSIZE
 #define BUFSIZE 1024
 #define RAND_DATA 1024
+#ifdef OPENSSL_SYS_VMS
+/* This declaration is a nasty hack to get around vms' extension to fopen
+ * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
+static FILE *(*const vms_fopen)(const char *, const char *, ...) =
+    (FILE *(*)(const char *, const char *, ...))fopen;
+#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+#endif
 /* #define RFILE ".rnd" - defined in ../../e_os.h */
 /* Note that these functions are intended for seed files only.
@@ -106,7 +121,11 @@ int RAND_load_file(const char *file, long bytes)
        RAND_add(&sb,sizeof(sb),0.0);
        if (bytes == 0) return(ret);
+#ifdef OPENSSL_SYS_VMS
+        in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
+#else
        in=fopen(file,"rb");
+#endif
        if (in == NULL) goto err;
 #if defined(S_IFBLK) && defined(S_IFCHR)
        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
@@ -167,7 +186,7 @@ int RAND_write_file(const char *file)
 #endif
        }
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
        {
        /* For some reason Win32 can't write to files created this way */
        
@@ -178,8 +197,34 @@ int RAND_write_file(const char *file)
                out = fdopen(fd, "wb");
        }
 #endif
+#ifdef OPENSSL_SYS_VMS
+        /* VMS NOTE: Prior versions of this routine created a _new_
+         * version of the rand file for each call into this routine, then
+         * deleted all existing versions named ;-1, and finally renamed
+         * the current version as ';1'. Under concurrent usage, this
+         * resulted in an RMS race condition in rename() which could
+         * orphan files (see vms message help for RMS$_REENT). With the
+         * fopen() calls below, openssl/VMS now shares the top-level
+         * version of the rand file. Note that there may still be
+         * conditions where the top-level rand file is locked. If so, this
+         * code will then create a new version of the rand file. Without
+         * the delete and rename code, this can result in ascending file
+         * versions that stop at version 32767, and this routine will then
+         * return an error. The remedy for this is to recode the calling
+         * application to avoid concurrent use of the rand file, or
+         * synchronize usage at the application level. Also consider
+         * whether or not you NEED a persistent rand file in a concurrent
+         * use situation. 
+         */
+        out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
+        if (out == NULL)
+                out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
+#else
        if (out == NULL)
                out = fopen(file,"wb");
+#endif
        if (out == NULL) goto err;
 #ifndef NO_CHMOD
@@ -201,25 +246,6 @@ int RAND_write_file(const char *file)
                ret+=i;
                if (n <= 0) break;
                }
-#ifdef OPENSSL_SYS_VMS
-        /* Try to delete older versions of the file, until there aren't
-           any */
-        {
-        char *tmpf;
-        tmpf = OPENSSL_malloc(strlen(file) + 4);  /* to add ";-1" and a nul */
-        if (tmpf)
-                {
-                strcpy(tmpf, file);
-                strcat(tmpf, ";-1");
-                while(delete(tmpf) == 0)
-                        ;
-                rename(file,";1"); /* Make sure it's version 1, or we
-                                      will reach the limit (32767) at
-                                      some point... */
-                }
-        }
-#endif /* OPENSSL_SYS_VMS */
        fclose(out);
        OPENSSL_cleanse(buf,BUFSIZE);

diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h index ac6c021763..ea89153cba 100644 --- a/src/lib/libcrypto/rand/rand.h +++ b/src/lib/libcrypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
72	#endif	72	#endif
73		73
74	#if defined(OPENSSL_FIPS)	74	#if defined(OPENSSL_FIPS)
75	#define FIPS_RAND_SIZE_T size_t	75	#define FIPS_RAND_SIZE_T int
76	#endif	76	#endif
77		77
78	/* Already defined in ossl_typ.h */	78	/* Already defined in ossl_typ.h */
@@ -111,6 +111,15 @@ int RAND_query_egd_bytes(const char path, unsigned char buf, int bytes);
111	int RAND_egd(const char *path);	111	int RAND_egd(const char *path);
112	int RAND_egd_bytes(const char *path,int bytes);	112	int RAND_egd_bytes(const char *path,int bytes);
113	int RAND_poll(void);	113	int RAND_poll(void);
		114	#ifndef OPENSSL_NO_ENGINE
		115	#ifdef OPENSSL_FIPS
		116	void int_RAND_init_engine_callbacks(void);
		117	void int_RAND_set_callbacks(
		118	int (set_rand_func)(const RAND_METHOD meth,
		119	const RAND_METHOD **pmeth),
		120	const RAND_METHOD (get_rand_func)(const RAND_METHOD **pmeth));
		121	#endif
		122	#endif
114		123
115	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32)	124	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32)
116		125
@@ -128,11 +137,29 @@ void ERR_load_RAND_strings(void);
128	/* Error codes for the RAND functions. */	137	/* Error codes for the RAND functions. */
129		138
130	/* Function codes. */	139	/* Function codes. */
		140	#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
		141	#define RAND_F_FIPS_RAND 103
		142	#define RAND_F_FIPS_RAND_BYTES 102
		143	#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
		144	#define RAND_F_FIPS_RAND_SET_DT 106
		145	#define RAND_F_FIPS_SET_DT 104
		146	#define RAND_F_FIPS_SET_PRNG_SEED 107
		147	#define RAND_F_FIPS_SET_TEST_MODE 105
131	#define RAND_F_RAND_GET_RAND_METHOD 101	148	#define RAND_F_RAND_GET_RAND_METHOD 101
132	#define RAND_F_SSLEAY_RAND_BYTES 100	149	#define RAND_F_SSLEAY_RAND_BYTES 100
133		150
134	/* Reason codes. */	151	/* Reason codes. */
		152	#define RAND_R_NON_FIPS_METHOD 105
		153	#define RAND_R_NOT_IN_TEST_MODE 106
		154	#define RAND_R_NO_KEY_SET 107
		155	#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
		156	#define RAND_R_PRNG_ERROR 108
		157	#define RAND_R_PRNG_KEYED 109
		158	#define RAND_R_PRNG_NOT_REKEYED 102
		159	#define RAND_R_PRNG_NOT_RESEEDED 103
135	#define RAND_R_PRNG_NOT_SEEDED 100	160	#define RAND_R_PRNG_NOT_SEEDED 100
		161	#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
		162	#define RAND_R_PRNG_STUCK 104
136		163
137	#ifdef __cplusplus	164	#ifdef __cplusplus
138	}	165	}


diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c index 386934dcd1..829fb44d77 100644 --- a/src/lib/libcrypto/rand/rand_err.c +++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
1	/* crypto/rand/rand_err.c */	1	/* crypto/rand/rand_err.c */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4	*	4	*
5	* Redistribution and use in source and binary forms, with or without	5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions	6	* modification, are permitted provided that the following conditions
@@ -70,6 +70,14 @@
70		70
71	static ERR_STRING_DATA RAND_str_functs[]=	71	static ERR_STRING_DATA RAND_str_functs[]=
72	{	72	{
		73	{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
		74	{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
		75	{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
		76	{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
		77	{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
		78	{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
		79	{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
		80	{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
73	{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},	81	{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
74	{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},	82	{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
75	{0,NULL}	83	{0,NULL}
@@ -77,7 +85,17 @@ static ERR_STRING_DATA RAND_str_functs[]=
77		85
78	static ERR_STRING_DATA RAND_str_reasons[]=	86	static ERR_STRING_DATA RAND_str_reasons[]=
79	{	87	{
		88	{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
		89	{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"},
		90	{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"},
		91	{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
		92	{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"},
		93	{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"},
		94	{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
		95	{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
80	{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},	96	{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
		97	{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
		98	{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
81	{0,NULL}	99	{0,NULL}
82	};	100	};
83		101


diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 513e338985..da6b4e0e86 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,15 +60,82 @@
60	#include <time.h>	60	#include <time.h>
61	#include "cryptlib.h"	61	#include "cryptlib.h"
62	#include <openssl/rand.h>	62	#include <openssl/rand.h>
		63	#include "rand_lcl.h"
		64	#ifdef OPENSSL_FIPS
		65	#include <openssl/fips.h>
		66	#include <openssl/fips_rand.h>
		67	#endif
		68
63	#ifndef OPENSSL_NO_ENGINE	69	#ifndef OPENSSL_NO_ENGINE
64	#include <openssl/engine.h>	70	#include <openssl/engine.h>
65	#endif	71	#endif
66		72
		73	static const RAND_METHOD *default_RAND_meth = NULL;
		74
		75	#ifdef OPENSSL_FIPS
		76
		77	static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
		78	const RAND_METHOD **pmeth)
		79	{
		80	*pmeth = meth;
		81	return 1;
		82	}
		83
		84	static const RAND_METHOD fips_RAND_get_rand_method(const RAND_METHOD *pmeth)
		85	{
		86	if (!*pmeth)
		87	{
		88	if(FIPS_mode())
		89	*pmeth=FIPS_rand_method();
		90	else
		91	*pmeth = RAND_SSLeay();
		92	}
		93
		94	if(FIPS_mode()
		95	&& *pmeth != FIPS_rand_check())
		96	{
		97	RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
		98	return 0;
		99	}
		100
		101	return *pmeth;
		102	}
		103
		104	static int (RAND_set_rand_method_func)(const RAND_METHOD meth,
		105	const RAND_METHOD **pmeth)
		106	= fips_RAND_set_rand_method;
		107	static const RAND_METHOD (RAND_get_rand_method_func)
		108	(const RAND_METHOD **pmeth)
		109	= fips_RAND_get_rand_method;
		110
		111	#ifndef OPENSSL_NO_ENGINE
		112	void int_RAND_set_callbacks(
		113	int (set_rand_func)(const RAND_METHOD meth,
		114	const RAND_METHOD **pmeth),
		115	const RAND_METHOD (get_rand_func)
		116	(const RAND_METHOD **pmeth))
		117	{
		118	RAND_set_rand_method_func = set_rand_func;
		119	RAND_get_rand_method_func = get_rand_func;
		120	}
		121	#endif
		122
		123	int RAND_set_rand_method(const RAND_METHOD *meth)
		124	{
		125	return RAND_set_rand_method_func(meth, &default_RAND_meth);
		126	}
		127
		128	const RAND_METHOD *RAND_get_rand_method(void)
		129	{
		130	return RAND_get_rand_method_func(&default_RAND_meth);
		131	}
		132
		133	#else
		134
67	#ifndef OPENSSL_NO_ENGINE	135	#ifndef OPENSSL_NO_ENGINE
68	/* non-NULL if default_RAND_meth is ENGINE-provided */	136	/* non-NULL if default_RAND_meth is ENGINE-provided */
69	static ENGINE *funct_ref =NULL;	137	static ENGINE *funct_ref =NULL;
70	#endif	138	#endif
71	static const RAND_METHOD *default_RAND_meth = NULL;
72		139
73	int RAND_set_rand_method(const RAND_METHOD *meth)	140	int RAND_set_rand_method(const RAND_METHOD *meth)
74	{	141	{
@@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine)
129	}	196	}
130	#endif	197	#endif
131		198
		199	#endif
		200
132	void RAND_cleanup(void)	201	void RAND_cleanup(void)
133	{	202	{
134	const RAND_METHOD *meth = RAND_get_rand_method();	203	const RAND_METHOD *meth = RAND_get_rand_method();


diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index 6c0ec9a41c..d108353bbc 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c
@@ -81,10 +81,25 @@
81	# include <sys/stat.h>	81	# include <sys/stat.h>
82	#endif	82	#endif
83		83
		84	#ifdef _WIN32
		85	#define stat _stat
		86	#define chmod _chmod
		87	#define open _open
		88	#define fdopen _fdopen
		89	#endif
		90
84	#undef BUFSIZE	91	#undef BUFSIZE
85	#define BUFSIZE 1024	92	#define BUFSIZE 1024
86	#define RAND_DATA 1024	93	#define RAND_DATA 1024
87		94
		95	#ifdef OPENSSL_SYS_VMS
		96	/* This declaration is a nasty hack to get around vms' extension to fopen
		97	* for passing in sharing options being disabled by our /STANDARD=ANSI89 */
		98	static FILE (const vms_fopen)(const char , const char , ...) =
		99	(FILE ()(const char , const char , ...))fopen;
		100	#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
		101	#endif
		102
88	/* #define RFILE ".rnd" - defined in ../../e_os.h */	103	/* #define RFILE ".rnd" - defined in ../../e_os.h */
89		104
90	/* Note that these functions are intended for seed files only.	105	/* Note that these functions are intended for seed files only.
@@ -106,7 +121,11 @@ int RAND_load_file(const char *file, long bytes)
106	RAND_add(&sb,sizeof(sb),0.0);	121	RAND_add(&sb,sizeof(sb),0.0);
107	if (bytes == 0) return(ret);	122	if (bytes == 0) return(ret);
108		123
		124	#ifdef OPENSSL_SYS_VMS
		125	in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
		126	#else
109	in=fopen(file,"rb");	127	in=fopen(file,"rb");
		128	#endif
110	if (in == NULL) goto err;	129	if (in == NULL) goto err;
111	#if defined(S_IFBLK) && defined(S_IFCHR)	130	#if defined(S_IFBLK) && defined(S_IFCHR)
112	if (sb.st_mode & (S_IFBLK \| S_IFCHR)) {	131	if (sb.st_mode & (S_IFBLK \| S_IFCHR)) {
@@ -167,7 +186,7 @@ int RAND_write_file(const char *file)
167	#endif	186	#endif
168	}	187	}
169		188
170	#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)	189	#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
171	{	190	{
172	/* For some reason Win32 can't write to files created this way */	191	/* For some reason Win32 can't write to files created this way */
173		192
@@ -178,8 +197,34 @@ int RAND_write_file(const char *file)
178	out = fdopen(fd, "wb");	197	out = fdopen(fd, "wb");
179	}	198	}
180	#endif	199	#endif
		200
		201	#ifdef OPENSSL_SYS_VMS
		202	/* VMS NOTE: Prior versions of this routine created a _new_
		203	* version of the rand file for each call into this routine, then
		204	* deleted all existing versions named ;-1, and finally renamed
		205	* the current version as ';1'. Under concurrent usage, this
		206	* resulted in an RMS race condition in rename() which could
		207	* orphan files (see vms message help for RMS$_REENT). With the
		208	* fopen() calls below, openssl/VMS now shares the top-level
		209	* version of the rand file. Note that there may still be
		210	* conditions where the top-level rand file is locked. If so, this
		211	* code will then create a new version of the rand file. Without
		212	* the delete and rename code, this can result in ascending file
		213	* versions that stop at version 32767, and this routine will then
		214	* return an error. The remedy for this is to recode the calling
		215	* application to avoid concurrent use of the rand file, or
		216	* synchronize usage at the application level. Also consider
		217	* whether or not you NEED a persistent rand file in a concurrent
		218	* use situation.
		219	*/
		220
		221	out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
		222	if (out == NULL)
		223	out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
		224	#else
181	if (out == NULL)	225	if (out == NULL)
182	out = fopen(file,"wb");	226	out = fopen(file,"wb");
		227	#endif
183	if (out == NULL) goto err;	228	if (out == NULL) goto err;
184		229
185	#ifndef NO_CHMOD	230	#ifndef NO_CHMOD
@@ -201,25 +246,6 @@ int RAND_write_file(const char *file)
201	ret+=i;	246	ret+=i;
202	if (n <= 0) break;	247	if (n <= 0) break;
203	}	248	}
204	#ifdef OPENSSL_SYS_VMS
205	/* Try to delete older versions of the file, until there aren't
206	any */
207	{
208	char *tmpf;
209
210	tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */
211	if (tmpf)
212	{
213	strcpy(tmpf, file);
214	strcat(tmpf, ";-1");
215	while(delete(tmpf) == 0)
216	;
217	rename(file,";1"); /* Make sure it's version 1, or we
218	will reach the limit (32767) at
219	some point... */
220	}
221	}
222	#endif /* OPENSSL_SYS_VMS */
223		249
224	fclose(out);	250	fclose(out);
225	OPENSSL_cleanse(buf,BUFSIZE);	251	OPENSSL_cleanse(buf,BUFSIZE);