summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rand
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rand')
-rw-r--r--src/lib/libcrypto/rand/Makefile71
-rw-r--r--src/lib/libcrypto/rand/md_rand.c12
-rw-r--r--src/lib/libcrypto/rand/rand.h29
-rw-r--r--src/lib/libcrypto/rand/rand_err.c20
-rw-r--r--src/lib/libcrypto/rand/rand_lcl.h11
-rw-r--r--src/lib/libcrypto/rand/rand_lib.c71
-rw-r--r--src/lib/libcrypto/rand/randfile.c66
7 files changed, 233 insertions, 47 deletions
diff --git a/src/lib/libcrypto/rand/Makefile b/src/lib/libcrypto/rand/Makefile
index 27694aa664..30794305cb 100644
--- a/src/lib/libcrypto/rand/Makefile
+++ b/src/lib/libcrypto/rand/Makefile
@@ -17,9 +17,9 @@ TEST= randtest.c
17APPS= 17APPS=
18 18
19LIB=$(TOP)/libcrypto.a 19LIB=$(TOP)/libcrypto.a
20LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ 20LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \
21 rand_win.c rand_unix.c rand_os2.c rand_nw.c 21 rand_win.c rand_unix.c rand_os2.c rand_nw.c
22LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ 22LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \
23 rand_win.o rand_unix.o rand_os2.o rand_nw.o 23 rand_win.o rand_unix.o rand_os2.o rand_nw.o
24 24
25SRC= $(LIBSRC) 25SRC= $(LIBSRC)
@@ -35,7 +35,7 @@ top:
35all: lib 35all: lib
36 36
37lib: $(LIBOBJ) 37lib: $(LIBOBJ)
38 $(AR) $(LIB) $(LIBOBJ) 38 $(ARX) $(LIB) $(LIBOBJ)
39 $(RANLIB) $(LIB) || echo Never mind. 39 $(RANLIB) $(LIB) || echo Never mind.
40 @touch lib 40 @touch lib
41 41
@@ -79,17 +79,34 @@ clean:
79md_rand.o: ../../e_os.h ../../include/openssl/asn1.h 79md_rand.o: ../../e_os.h ../../include/openssl/asn1.h
80md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 80md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
81md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 81md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
82md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 82md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
83md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 83md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
84md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 84md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
85md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 85md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
86md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 86md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
87md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 87md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
88md_rand.o: md_rand.c rand_lcl.h 88md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h
89rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h 89rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
90rand_egd.o: ../../include/openssl/opensslconf.h 90rand_egd.o: ../../include/openssl/opensslconf.h
91rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 91rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
92rand_egd.o: rand_egd.c 92rand_egd.o: rand_egd.c
93rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h
94rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
95rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
96rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
97rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
98rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
99rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
100rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
101rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
102rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
103rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
104rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
105rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
106rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
107rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
108rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
109rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h
93rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 110rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
94rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 111rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
95rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 112rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
@@ -99,34 +116,39 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
99rand_err.o: rand_err.c 116rand_err.o: rand_err.c
100rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h 117rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
101rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 118rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
102rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 119rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
120rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
103rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h 121rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
104rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h 122rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
105rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h 123rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
124rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
106rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 125rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
107rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 126rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
108rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 127rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
109rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h 128rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
110rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 129rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
111rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 130rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
131rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
112rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 132rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
113rand_lib.o: ../cryptlib.h rand_lib.c 133rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c
114rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h 134rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
115rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 135rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
116rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 136rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
117rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h 137rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h
118rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 138rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
119rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 139rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
120rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 140rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
121rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 141rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
122rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 142rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
123rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c 143rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
144rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c
124rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h 145rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h
125rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 146rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
126rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 147rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
127rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h 148rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
128rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 149rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
129rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 150rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
151rand_os2.o: ../../include/openssl/opensslconf.h
130rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 152rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
131rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 153rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
132rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 154rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -136,8 +158,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h
136rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 158rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
137rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 159rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
138rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h 160rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
139rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 161rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
140rand_unix.o: ../../include/openssl/objects.h 162rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
141rand_unix.o: ../../include/openssl/opensslconf.h 163rand_unix.o: ../../include/openssl/opensslconf.h
142rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 164rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
143rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 165rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -148,8 +170,9 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h
148rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 170rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
149rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 171rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
150rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h 172rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
151rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 173rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
152rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 174rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
175rand_win.o: ../../include/openssl/opensslconf.h
153rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 176rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
154rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 177rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
155rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 178rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index 9783d0c23e..0f8dd3e00f 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -126,6 +126,10 @@
126 126
127#include <openssl/crypto.h> 127#include <openssl/crypto.h>
128#include <openssl/err.h> 128#include <openssl/err.h>
129#ifdef OPENSSL_FIPS
130#include <openssl/fips.h>
131#endif
132
129 133
130#ifdef BN_DEBUG 134#ifdef BN_DEBUG
131# define PREDICT 135# define PREDICT
@@ -332,6 +336,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
332#endif 336#endif
333 int do_stir_pool = 0; 337 int do_stir_pool = 0;
334 338
339#ifdef OPENSSL_FIPS
340 if(FIPS_mode())
341 {
342 FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
343 return 0;
344 }
345#endif
346
335#ifdef PREDICT 347#ifdef PREDICT
336 if (rand_predictable) 348 if (rand_predictable)
337 { 349 {
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index ac6c021763..ea89153cba 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
72#endif 72#endif
73 73
74#if defined(OPENSSL_FIPS) 74#if defined(OPENSSL_FIPS)
75#define FIPS_RAND_SIZE_T size_t 75#define FIPS_RAND_SIZE_T int
76#endif 76#endif
77 77
78/* Already defined in ossl_typ.h */ 78/* Already defined in ossl_typ.h */
@@ -111,6 +111,15 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
111int RAND_egd(const char *path); 111int RAND_egd(const char *path);
112int RAND_egd_bytes(const char *path,int bytes); 112int RAND_egd_bytes(const char *path,int bytes);
113int RAND_poll(void); 113int RAND_poll(void);
114#ifndef OPENSSL_NO_ENGINE
115#ifdef OPENSSL_FIPS
116void int_RAND_init_engine_callbacks(void);
117void int_RAND_set_callbacks(
118 int (*set_rand_func)(const RAND_METHOD *meth,
119 const RAND_METHOD **pmeth),
120 const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
121#endif
122#endif
114 123
115#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) 124#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
116 125
@@ -128,11 +137,29 @@ void ERR_load_RAND_strings(void);
128/* Error codes for the RAND functions. */ 137/* Error codes for the RAND functions. */
129 138
130/* Function codes. */ 139/* Function codes. */
140#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
141#define RAND_F_FIPS_RAND 103
142#define RAND_F_FIPS_RAND_BYTES 102
143#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
144#define RAND_F_FIPS_RAND_SET_DT 106
145#define RAND_F_FIPS_SET_DT 104
146#define RAND_F_FIPS_SET_PRNG_SEED 107
147#define RAND_F_FIPS_SET_TEST_MODE 105
131#define RAND_F_RAND_GET_RAND_METHOD 101 148#define RAND_F_RAND_GET_RAND_METHOD 101
132#define RAND_F_SSLEAY_RAND_BYTES 100 149#define RAND_F_SSLEAY_RAND_BYTES 100
133 150
134/* Reason codes. */ 151/* Reason codes. */
152#define RAND_R_NON_FIPS_METHOD 105
153#define RAND_R_NOT_IN_TEST_MODE 106
154#define RAND_R_NO_KEY_SET 107
155#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
156#define RAND_R_PRNG_ERROR 108
157#define RAND_R_PRNG_KEYED 109
158#define RAND_R_PRNG_NOT_REKEYED 102
159#define RAND_R_PRNG_NOT_RESEEDED 103
135#define RAND_R_PRNG_NOT_SEEDED 100 160#define RAND_R_PRNG_NOT_SEEDED 100
161#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
162#define RAND_R_PRNG_STUCK 104
136 163
137#ifdef __cplusplus 164#ifdef __cplusplus
138} 165}
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 386934dcd1..829fb44d77 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
1/* crypto/rand/rand_err.c */ 1/* crypto/rand/rand_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -70,6 +70,14 @@
70 70
71static ERR_STRING_DATA RAND_str_functs[]= 71static ERR_STRING_DATA RAND_str_functs[]=
72 { 72 {
73{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
74{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
75{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
76{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
77{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
78{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
79{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
80{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
73{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, 81{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
74{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, 82{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
75{0,NULL} 83{0,NULL}
@@ -77,7 +85,17 @@ static ERR_STRING_DATA RAND_str_functs[]=
77 85
78static ERR_STRING_DATA RAND_str_reasons[]= 86static ERR_STRING_DATA RAND_str_reasons[]=
79 { 87 {
88{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
89{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"},
90{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"},
91{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
92{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"},
93{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"},
94{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
95{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
80{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, 96{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
97{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
98{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
81{0,NULL} 99{0,NULL}
82 }; 100 };
83 101
diff --git a/src/lib/libcrypto/rand/rand_lcl.h b/src/lib/libcrypto/rand/rand_lcl.h
index 618a8ec899..18cc9b1e4a 100644
--- a/src/lib/libcrypto/rand/rand_lcl.h
+++ b/src/lib/libcrypto/rand/rand_lcl.h
@@ -154,5 +154,16 @@
154#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) 154#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
155#endif 155#endif
156 156
157#ifndef OPENSSL_NO_ENGINE
158void int_RAND_set_callbacks(
159 int (*set_rand_func)(const RAND_METHOD *meth,
160 const RAND_METHOD **pmeth),
161 const RAND_METHOD *(*get_rand_func)
162 (const RAND_METHOD **pmeth));
163int eng_RAND_set_rand_method(const RAND_METHOD *meth,
164 const RAND_METHOD **pmeth);
165const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
166#endif
167
157 168
158#endif 169#endif
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 513e338985..da6b4e0e86 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,15 +60,82 @@
60#include <time.h> 60#include <time.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/rand.h> 62#include <openssl/rand.h>
63#include "rand_lcl.h"
64#ifdef OPENSSL_FIPS
65#include <openssl/fips.h>
66#include <openssl/fips_rand.h>
67#endif
68
63#ifndef OPENSSL_NO_ENGINE 69#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h> 70#include <openssl/engine.h>
65#endif 71#endif
66 72
73static const RAND_METHOD *default_RAND_meth = NULL;
74
75#ifdef OPENSSL_FIPS
76
77static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
78 const RAND_METHOD **pmeth)
79 {
80 *pmeth = meth;
81 return 1;
82 }
83
84static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
85 {
86 if (!*pmeth)
87 {
88 if(FIPS_mode())
89 *pmeth=FIPS_rand_method();
90 else
91 *pmeth = RAND_SSLeay();
92 }
93
94 if(FIPS_mode()
95 && *pmeth != FIPS_rand_check())
96 {
97 RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
98 return 0;
99 }
100
101 return *pmeth;
102 }
103
104static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
105 const RAND_METHOD **pmeth)
106 = fips_RAND_set_rand_method;
107static const RAND_METHOD *(*RAND_get_rand_method_func)
108 (const RAND_METHOD **pmeth)
109 = fips_RAND_get_rand_method;
110
111#ifndef OPENSSL_NO_ENGINE
112void int_RAND_set_callbacks(
113 int (*set_rand_func)(const RAND_METHOD *meth,
114 const RAND_METHOD **pmeth),
115 const RAND_METHOD *(*get_rand_func)
116 (const RAND_METHOD **pmeth))
117 {
118 RAND_set_rand_method_func = set_rand_func;
119 RAND_get_rand_method_func = get_rand_func;
120 }
121#endif
122
123int RAND_set_rand_method(const RAND_METHOD *meth)
124 {
125 return RAND_set_rand_method_func(meth, &default_RAND_meth);
126 }
127
128const RAND_METHOD *RAND_get_rand_method(void)
129 {
130 return RAND_get_rand_method_func(&default_RAND_meth);
131 }
132
133#else
134
67#ifndef OPENSSL_NO_ENGINE 135#ifndef OPENSSL_NO_ENGINE
68/* non-NULL if default_RAND_meth is ENGINE-provided */ 136/* non-NULL if default_RAND_meth is ENGINE-provided */
69static ENGINE *funct_ref =NULL; 137static ENGINE *funct_ref =NULL;
70#endif 138#endif
71static const RAND_METHOD *default_RAND_meth = NULL;
72 139
73int RAND_set_rand_method(const RAND_METHOD *meth) 140int RAND_set_rand_method(const RAND_METHOD *meth)
74 { 141 {
@@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine)
129 } 196 }
130#endif 197#endif
131 198
199#endif
200
132void RAND_cleanup(void) 201void RAND_cleanup(void)
133 { 202 {
134 const RAND_METHOD *meth = RAND_get_rand_method(); 203 const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 005cb38cb0..f63fbc1731 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -81,10 +81,25 @@
81# include <sys/stat.h> 81# include <sys/stat.h>
82#endif 82#endif
83 83
84#ifdef _WIN32
85#define stat _stat
86#define chmod _chmod
87#define open _open
88#define fdopen _fdopen
89#endif
90
84#undef BUFSIZE 91#undef BUFSIZE
85#define BUFSIZE 1024 92#define BUFSIZE 1024
86#define RAND_DATA 1024 93#define RAND_DATA 1024
87 94
95#ifdef OPENSSL_SYS_VMS
96/* This declaration is a nasty hack to get around vms' extension to fopen
97 * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
98static FILE *(*const vms_fopen)(const char *, const char *, ...) =
99 (FILE *(*)(const char *, const char *, ...))fopen;
100#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
101#endif
102
88/* #define RFILE ".rnd" - defined in ../../e_os.h */ 103/* #define RFILE ".rnd" - defined in ../../e_os.h */
89 104
90/* Note that these functions are intended for seed files only. 105/* Note that these functions are intended for seed files only.
@@ -106,7 +121,11 @@ int RAND_load_file(const char *file, long bytes)
106 RAND_add(&sb,sizeof(sb),0.0); 121 RAND_add(&sb,sizeof(sb),0.0);
107 if (bytes == 0) return(ret); 122 if (bytes == 0) return(ret);
108 123
124#ifdef OPENSSL_SYS_VMS
125 in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
126#else
109 in=fopen(file,"rb"); 127 in=fopen(file,"rb");
128#endif
110 if (in == NULL) goto err; 129 if (in == NULL) goto err;
111#if defined(S_IFBLK) && defined(S_IFCHR) 130#if defined(S_IFBLK) && defined(S_IFCHR)
112 if (sb.st_mode & (S_IFBLK | S_IFCHR)) { 131 if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
@@ -167,7 +186,7 @@ int RAND_write_file(const char *file)
167#endif 186#endif
168 } 187 }
169 188
170#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) 189#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
171 { 190 {
172 /* For some reason Win32 can't write to files created this way */ 191 /* For some reason Win32 can't write to files created this way */
173 192
@@ -178,8 +197,34 @@ int RAND_write_file(const char *file)
178 out = fdopen(fd, "wb"); 197 out = fdopen(fd, "wb");
179 } 198 }
180#endif 199#endif
200
201#ifdef OPENSSL_SYS_VMS
202 /* VMS NOTE: Prior versions of this routine created a _new_
203 * version of the rand file for each call into this routine, then
204 * deleted all existing versions named ;-1, and finally renamed
205 * the current version as ';1'. Under concurrent usage, this
206 * resulted in an RMS race condition in rename() which could
207 * orphan files (see vms message help for RMS$_REENT). With the
208 * fopen() calls below, openssl/VMS now shares the top-level
209 * version of the rand file. Note that there may still be
210 * conditions where the top-level rand file is locked. If so, this
211 * code will then create a new version of the rand file. Without
212 * the delete and rename code, this can result in ascending file
213 * versions that stop at version 32767, and this routine will then
214 * return an error. The remedy for this is to recode the calling
215 * application to avoid concurrent use of the rand file, or
216 * synchronize usage at the application level. Also consider
217 * whether or not you NEED a persistent rand file in a concurrent
218 * use situation.
219 */
220
221 out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
222 if (out == NULL)
223 out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
224#else
181 if (out == NULL) 225 if (out == NULL)
182 out = fopen(file,"wb"); 226 out = fopen(file,"wb");
227#endif
183 if (out == NULL) goto err; 228 if (out == NULL) goto err;
184 229
185#ifndef NO_CHMOD 230#ifndef NO_CHMOD
@@ -201,25 +246,6 @@ int RAND_write_file(const char *file)
201 ret+=i; 246 ret+=i;
202 if (n <= 0) break; 247 if (n <= 0) break;
203 } 248 }
204#ifdef OPENSSL_SYS_VMS
205 /* Try to delete older versions of the file, until there aren't
206 any */
207 {
208 char *tmpf;
209
210 tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */
211 if (tmpf)
212 {
213 strcpy(tmpf, file);
214 strcat(tmpf, ";-1");
215 while(delete(tmpf) == 0)
216 ;
217 rename(file,";1"); /* Make sure it's version 1, or we
218 will reach the limit (32767) at
219 some point... */
220 }
221 }
222#endif /* OPENSSL_SYS_VMS */
223 249
224 fclose(out); 250 fclose(out);
225 OPENSSL_cleanse(buf,BUFSIZE); 251 OPENSSL_cleanse(buf,BUFSIZE);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 11:17:04 +0000