From 9200bb13d15da4b2a23e6bc92c20e95b74aa2113 Mon Sep 17 00:00:00 2001 From: beck <> Date: Fri, 15 Dec 2000 02:58:47 +0000 Subject: openssl-engine-0.9.6 merge --- src/lib/libcrypto/rand/Makefile.ssl | 42 ++- src/lib/libcrypto/rand/md_rand.c | 331 ++++------------ src/lib/libcrypto/rand/rand.h | 25 +- src/lib/libcrypto/rand/rand_egd.c | 57 +++ src/lib/libcrypto/rand/rand_lcl.h | 184 +++++++++ src/lib/libcrypto/rand/rand_lib.c | 57 ++- src/lib/libcrypto/rand/rand_win.c | 732 ++++++++++++++++++++++++++++++++++++ src/lib/libcrypto/rand/randfile.c | 31 +- 8 files changed, 1147 insertions(+), 312 deletions(-) create mode 100644 src/lib/libcrypto/rand/rand_lcl.h create mode 100644 src/lib/libcrypto/rand/rand_win.c (limited to 'src/lib/libcrypto/rand') diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl index be8eea34a2..5f6199a35f 100644 --- a/src/lib/libcrypto/rand/Makefile.ssl +++ b/src/lib/libcrypto/rand/Makefile.ssl @@ -22,8 +22,8 @@ TEST= randtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c -LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o +LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c rand_win.c +LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o rand_win.o SRC= $(LIBSRC) @@ -78,15 +78,45 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h -md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +md_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +md_rand.o: ../../include/openssl/symhacks.h rand_lcl.h rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h -rand_err.o: ../../include/openssl/err.h ../../include/openssl/rand.h -rand_lib.o: ../../include/openssl/rand.h +rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rand_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rand_err.o: ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rand_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +rand_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +rand_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h +rand_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +rand_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +rand_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +rand_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rand_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +rand_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_lib.o: ../../include/openssl/symhacks.h +rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h +rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_win.o: ../cryptlib.h rand_lcl.h randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h randfile.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +randfile.o: ../../include/openssl/symhacks.h diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index da4258c479..d167dea77d 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c @@ -109,9 +109,7 @@ * */ -#define ENTROPY_NEEDED 16 /* require 128 bits = 16 bytes of randomness */ - -#ifndef MD_RAND_DEBUG +#ifdef MD_RAND_DEBUG # ifndef NDEBUG # define NDEBUG # endif @@ -119,75 +117,20 @@ #include #include -#include #include #include "openssl/e_os.h" +#include +#include "rand_lcl.h" + #include #include -#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) -#if !defined(NO_SHA) && !defined(NO_SHA1) -#define USE_SHA1_RAND -#elif !defined(NO_MD5) -#define USE_MD5_RAND -#elif !defined(NO_MDC2) && !defined(NO_DES) -#define USE_MDC2_RAND -#elif !defined(NO_MD2) -#define USE_MD2_RAND -#else -#error No message digest algorithm available -#endif -#endif - -/* Changed how the state buffer used. I now attempt to 'wrap' such - * that I don't run over the same locations the next time go through - * the 1023 bytes - many thanks to - * Robert J. LeBlanc for his comments - */ - -#if defined(USE_MD5_RAND) -#include -#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD_CTX MD5_CTX -#define MD_Init(a) MD5_Init(a) -#define MD_Update(a,b,c) MD5_Update(a,b,c) -#define MD_Final(a,b) MD5_Final(a,b) -#define MD(a,b,c) MD5(a,b,c) -#elif defined(USE_SHA1_RAND) -#include -#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD_CTX SHA_CTX -#define MD_Init(a) SHA1_Init(a) -#define MD_Update(a,b,c) SHA1_Update(a,b,c) -#define MD_Final(a,b) SHA1_Final(a,b) -#define MD(a,b,c) SHA1(a,b,c) -#elif defined(USE_MDC2_RAND) -#include -#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD_CTX MDC2_CTX -#define MD_Init(a) MDC2_Init(a) -#define MD_Update(a,b,c) MDC2_Update(a,b,c) -#define MD_Final(a,b) MDC2_Final(a,b) -#define MD(a,b,c) MDC2(a,b,c) -#elif defined(USE_MD2_RAND) -#include -#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD_CTX MD2_CTX -#define MD_Init(a) MD2_Init(a) -#define MD_Update(a,b,c) MD2_Update(a,b,c) -#define MD_Final(a,b) MD2_Final(a,b) -#define MD(a,b,c) MD2(a,b,c) -#endif - -#include - #ifdef BN_DEBUG # define PREDICT #endif -/* #define NORAND 1 */ /* #define PREDICT 1 */ #define STATE_SIZE 1023 @@ -198,6 +141,11 @@ static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; +/* This should be set to 1 only when ssleay_rand_add() is called inside + an already locked state, so it doesn't try to lock and thereby cause + a hang. And it should always be reset back to 0 before unlocking. */ +static int add_do_not_lock=0; + #ifdef PREDICT int rand_predictable=0; #endif @@ -234,6 +182,7 @@ static void ssleay_rand_cleanup(void) md_count[0]=0; md_count[1]=0; entropy=0; + initialized=0; } static void ssleay_rand_add(const void *buf, int num, double add) @@ -243,10 +192,6 @@ static void ssleay_rand_add(const void *buf, int num, double add) unsigned char local_md[MD_DIGEST_LENGTH]; MD_CTX m; -#ifdef NORAND - return; -#endif - /* * (Based on the rand(3) manpage) * @@ -262,7 +207,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) * hash function. */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); st_idx=state_index; /* use our own copies of the counters so that even @@ -294,7 +239,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); for (i=0; i= ENTROPY_NEEDED); if (!ok) { @@ -464,12 +367,42 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) * Once we've had enough initial seeding we don't bother to * adjust the entropy count, though, because we're not ambitious * to provide *information-theoretic* randomness. + * + * NOTE: This approach fails if the program forks before + * we have enough entropy. Entropy should be collected + * in a separate input pool and be transferred to the + * output pool only when the entropy limit has been reached. */ entropy -= num; if (entropy < 0) entropy = 0; } + if (do_stir_pool) + { + /* Our output function chains only half of 'md', so we better + * make sure that the required entropy gets 'evenly distributed' + * through 'state', our randomness pool. The input function + * (ssleay_rand_add) chains all of 'md', which makes it more + * suitable for this purpose. + */ + + int n = STATE_SIZE; /* so that the complete pool gets accessed */ + while (n > 0) + { +#if MD_DIGEST_LENGTH > 20 +# error "Please adjust DUMMY_SEED." +#endif +#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ + /* Note that the seed does not matter, it's just that + * ssleay_rand_add expects to have something to hash. */ + ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); + n -= MD_DIGEST_LENGTH; + } + if (ok) + stirred_pool = 1; + } + st_idx=state_index; st_num=state_num; md_c[0] = md_count[0]; @@ -484,6 +417,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) * are now ours (but other threads may use them too) */ md_count[0] += 1; + + add_do_not_lock = 0; /* If this would ever be forgotten, we can + expect any evil god to eat our souls. */ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); while (num > 0) @@ -536,6 +472,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) else { RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); + ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " + "http://www.openssl.org/support/faq.html"); return(0); } } @@ -561,152 +499,13 @@ static int ssleay_rand_status(void) { int ret; - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - if (!initialized) - ssleay_rand_initialize(); - ret = entropy >= ENTROPY_NEEDED; + RAND_poll(); + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + initialized = 1; + ret = entropy >= ENTROPY_NEEDED; CRYPTO_w_unlock(CRYPTO_LOCK_RAND); return ret; } - -#ifdef WINDOWS -#include -#include - -int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) - { - double add_entropy=0; - SYSTEMTIME t; - - switch (iMsg) - { - case WM_KEYDOWN: - { - static WPARAM key; - if (key != wParam) - add_entropy = 0.05; - key = wParam; - } - break; - case WM_MOUSEMOVE: - { - static int lastx,lasty,lastdx,lastdy; - int x,y,dx,dy; - - x=LOWORD(lParam); - y=HIWORD(lParam); - dx=lastx-x; - dy=lasty-y; - if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) - add_entropy=.2; - lastx=x, lasty=y; - lastdx=dx, lastdy=dy; - } - break; - } - - GetSystemTime(&t); - RAND_add(&iMsg, sizeof(iMsg), add_entropy); - RAND_add(&wParam, sizeof(wParam), 0); - RAND_add(&lParam, sizeof(lParam), 0); - RAND_add(&t, sizeof(t), 0); - - return (RAND_status()); - } - -/***************************************************************************** - * Initialisation function for the SSL random generator. Takes the contents - * of the screen as random seed. - * - * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. - * - * Code adapted from - * ; - * the original copyright message is: - * - * (C) Copyright Microsoft Corp. 1993. All rights reserved. - * - * You have a royalty-free right to use, modify, reproduce and - * distribute the Sample Files (and/or any modified version) in - * any way you find useful, provided that you agree that - * Microsoft has no warranty obligations or liability for any - * Sample Application Files which are modified. - */ -/* - * I have modified the loading of bytes via RAND_seed() mechanism since - * the original would have been very very CPU intensive since RAND_seed() - * does an MD5 per 16 bytes of input. The cost to digest 16 bytes is the same - * as that to digest 56 bytes. So under the old system, a screen of - * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5 - * digests or digesting 2.7 mbytes. What I have put in place would - * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes - * or about 3.5 times as much. - * - eric - */ -void RAND_screen(void) -{ - HDC hScrDC; /* screen DC */ - HDC hMemDC; /* memory DC */ - HBITMAP hBitmap; /* handle for our bitmap */ - HBITMAP hOldBitmap; /* handle for previous bitmap */ - BITMAP bm; /* bitmap properties */ - unsigned int size; /* size of bitmap */ - char *bmbits; /* contents of bitmap */ - int w; /* screen width */ - int h; /* screen height */ - int y; /* y-coordinate of screen lines to grab */ - int n = 16; /* number of screen lines to grab at a time */ - - /* Create a screen DC and a memory DC compatible to screen DC */ - hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL); - hMemDC = CreateCompatibleDC(hScrDC); - - /* Get screen resolution */ - w = GetDeviceCaps(hScrDC, HORZRES); - h = GetDeviceCaps(hScrDC, VERTRES); - - /* Create a bitmap compatible with the screen DC */ - hBitmap = CreateCompatibleBitmap(hScrDC, w, n); - - /* Select new bitmap into memory DC */ - hOldBitmap = SelectObject(hMemDC, hBitmap); - - /* Get bitmap properties */ - GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); - size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; - - bmbits = Malloc(size); - if (bmbits) { - /* Now go through the whole screen, repeatedly grabbing n lines */ - for (y = 0; y < h-n; y += n) - { - unsigned char md[MD_DIGEST_LENGTH]; - - /* Bitblt screen DC to memory DC */ - BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); - - /* Copy bitmap bits from memory DC to bmbits */ - GetBitmapBits(hBitmap, size, bmbits); - - /* Get the MD5 of the bitmap */ - MD(bmbits,size,md); - - /* Seed the random generator with the MD5 digest */ - RAND_seed(md, MD_DIGEST_LENGTH); - } - - Free(bmbits); - } - - /* Select old bitmap back into memory DC */ - hBitmap = SelectObject(hMemDC, hOldBitmap); - - /* Clean up */ - DeleteObject(hBitmap); - DeleteDC(hMemDC); - DeleteDC(hScrDC); -} -#endif diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h index 2973ee90e4..eb9c8c034d 100644 --- a/src/lib/libcrypto/rand/rand.h +++ b/src/lib/libcrypto/rand/rand.h @@ -77,7 +77,9 @@ typedef struct rand_meth_st extern int rand_predictable; #endif -void RAND_set_rand_method(RAND_METHOD *meth); +struct engine_st; + +int RAND_set_rand_method(struct engine_st *meth); RAND_METHOD *RAND_get_rand_method(void ); RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); @@ -90,12 +92,28 @@ int RAND_write_file(const char *file); const char *RAND_file_name(char *file,int num); int RAND_status(void); int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path,int bytes); +void ERR_load_RAND_strings(void); +int RAND_poll(void); + +#ifdef __cplusplus +} +#endif + #if defined(WINDOWS) || defined(WIN32) #include + +#ifdef __cplusplus +extern "C" { +#endif + void RAND_screen(void); int RAND_event(UINT, WPARAM, LPARAM); + +#ifdef __cplusplus +} +#endif #endif -void ERR_load_RAND_strings(void); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -110,8 +128,5 @@ void ERR_load_RAND_strings(void); /* Reason codes. */ #define RAND_R_PRNG_NOT_SEEDED 100 -#ifdef __cplusplus -} -#endif #endif diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c index 380c7828c3..02a0d86fa3 100644 --- a/src/lib/libcrypto/rand/rand_egd.c +++ b/src/lib/libcrypto/rand/rand_egd.c @@ -64,6 +64,11 @@ int RAND_egd(const char *path) { return(-1); } + +int RAND_egd_bytes(const char *path,int bytes) + { + return(-1); + } #else #include #include OPENSSL_UNISTD @@ -107,4 +112,56 @@ int RAND_egd(const char *path) if (fd != -1) close(fd); return(ret); } + +int RAND_egd_bytes(const char *path,int bytes) + { + int ret = 0; + struct sockaddr_un addr; + int len, num; + int fd = -1; + unsigned char buf[255]; + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + if (strlen(path) > sizeof(addr.sun_path)) + return (-1); + strcpy(addr.sun_path,path); + len = offsetof(struct sockaddr_un, sun_path) + strlen(path); + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd == -1) return (-1); + if (connect(fd, (struct sockaddr *)&addr, len) == -1) goto err; + + while(bytes > 0) + { + buf[0] = 1; + buf[1] = bytes < 255 ? bytes : 255; + write(fd, buf, 2); + if (read(fd, buf, 1) != 1) + { + ret=-1; + goto err; + } + if(buf[0] == 0) + goto err; + num = read(fd, buf, buf[0]); + if (num < 1) + { + ret=-1; + goto err; + } + RAND_seed(buf, num); + if (RAND_status() != 1) + { + ret=-1; + goto err; + } + ret += num; + bytes-=num; + } + err: + if (fd != -1) close(fd); + return(ret); + } + + #endif diff --git a/src/lib/libcrypto/rand/rand_lcl.h b/src/lib/libcrypto/rand/rand_lcl.h new file mode 100644 index 0000000000..120e9366d2 --- /dev/null +++ b/src/lib/libcrypto/rand/rand_lcl.h @@ -0,0 +1,184 @@ +/* crypto/rand/md_rand.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_RAND_LCL_H +#define HEADER_RAND_LCL_H + +#define ENTROPY_NEEDED 20 /* require 160 bits = 20 bytes of randomness */ + + +#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) +#if !defined(NO_SHA) && !defined(NO_SHA1) +#define USE_SHA1_RAND +#elif !defined(NO_MD5) +#define USE_MD5_RAND +#elif !defined(NO_MDC2) && !defined(NO_DES) +#define USE_MDC2_RAND +#elif !defined(NO_MD2) +#define USE_MD2_RAND +#else +#error No message digest algorithm available +#endif +#endif + +#if defined(USE_MD5_RAND) +#include +#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH +#define MD(a,b,c) MD5(a,b,c) +#elif defined(USE_SHA1_RAND) +#include +#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH +#define MD(a,b,c) SHA1(a,b,c) +#elif defined(USE_MDC2_RAND) +#include +#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH +#define MD(a,b,c) MDC2(a,b,c) +#elif defined(USE_MD2_RAND) +#include +#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH +#define MD(a,b,c) MD2(a,b,c) +#endif +#if defined(USE_MD5_RAND) +#include +#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH +#define MD_CTX MD5_CTX +#define MD_Init(a) MD5_Init(a) +#define MD_Update(a,b,c) MD5_Update(a,b,c) +#define MD_Final(a,b) MD5_Final(a,b) +#define MD(a,b,c) MD5(a,b,c) +#elif defined(USE_SHA1_RAND) +#include +#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH +#define MD_CTX SHA_CTX +#define MD_Init(a) SHA1_Init(a) +#define MD_Update(a,b,c) SHA1_Update(a,b,c) +#define MD_Final(a,b) SHA1_Final(a,b) +#define MD(a,b,c) SHA1(a,b,c) +#elif defined(USE_MDC2_RAND) +#include +#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH +#define MD_CTX MDC2_CTX +#define MD_Init(a) MDC2_Init(a) +#define MD_Update(a,b,c) MDC2_Update(a,b,c) +#define MD_Final(a,b) MDC2_Final(a,b) +#define MD(a,b,c) MDC2(a,b,c) +#elif defined(USE_MD2_RAND) +#include +#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH +#define MD_CTX MD2_CTX +#define MD_Init(a) MD2_Init(a) +#define MD_Update(a,b,c) MD2_Update(a,b,c) +#define MD_Final(a,b) MD2_Final(a,b) +#define MD(a,b,c) MD2(a,b,c) +#endif + + +#endif diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 7da74aab0e..57eff0f132 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c @@ -59,59 +59,78 @@ #include #include #include +#include -#ifdef NO_RAND -static RAND_METHOD *rand_meth=NULL; -#else -extern RAND_METHOD rand_ssleay_meth; -static RAND_METHOD *rand_meth= &rand_ssleay_meth; -#endif +static ENGINE *rand_engine=NULL; +#if 0 void RAND_set_rand_method(RAND_METHOD *meth) { rand_meth=meth; } +#else +int RAND_set_rand_method(ENGINE *engine) + { + ENGINE *mtmp; + mtmp = rand_engine; + if (!ENGINE_init(engine)) + return 0; + rand_engine = engine; + /* SHOULD ERROR CHECK THIS!!! */ + ENGINE_finish(mtmp); + return 1; + } +#endif RAND_METHOD *RAND_get_rand_method(void) { - return(rand_meth); + if (rand_engine == NULL + && (rand_engine = ENGINE_get_default_RAND()) == NULL) + return NULL; + return ENGINE_get_RAND(rand_engine); } void RAND_cleanup(void) { - if (rand_meth != NULL) - rand_meth->cleanup(); + RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->cleanup) + meth->cleanup(); } void RAND_seed(const void *buf, int num) { - if (rand_meth != NULL) - rand_meth->seed(buf,num); + RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->seed) + meth->seed(buf,num); } void RAND_add(const void *buf, int num, double entropy) { - if (rand_meth != NULL) - rand_meth->add(buf,num,entropy); + RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->add) + meth->add(buf,num,entropy); } int RAND_bytes(unsigned char *buf, int num) { - if (rand_meth != NULL) - return rand_meth->bytes(buf,num); + RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->bytes) + return meth->bytes(buf,num); return(-1); } int RAND_pseudo_bytes(unsigned char *buf, int num) { - if (rand_meth != NULL) - return rand_meth->pseudorand(buf,num); + RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->pseudorand) + return meth->pseudorand(buf,num); return(-1); } int RAND_status(void) { - if (rand_meth != NULL) - return rand_meth->status(); + RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->status) + return meth->status(); return 0; } diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c new file mode 100644 index 0000000000..9f2dcff9a9 --- /dev/null +++ b/src/lib/libcrypto/rand/rand_win.c @@ -0,0 +1,732 @@ +/* crypto/rand/rand_win.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include "rand_lcl.h" + +#if defined(WINDOWS) || defined(WIN32) +#include +#ifndef _WIN32_WINNT +# define _WIN32_WINNT 0x0400 +#endif +#include +#include + +/* Intel hardware RNG CSP -- available from + * http://developer.intel.com/design/security/rng/redist_license.htm + */ +#define PROV_INTEL_SEC 22 +#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider" + +static void readtimer(void); +static void readscreen(void); + +/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined + when WINVER is 0x0500 and up, which currently only happens on Win2000. + Unfortunately, those are typedefs, so they're a little bit difficult to + detect properly. On the other hand, the macro CURSOR_SHOWING is defined + within the same conditional, so it can be use to detect the absence of said + typedefs. */ + +#ifndef CURSOR_SHOWING +/* + * Information about the global cursor. + */ +typedef struct tagCURSORINFO +{ + DWORD cbSize; + DWORD flags; + HCURSOR hCursor; + POINT ptScreenPos; +} CURSORINFO, *PCURSORINFO, *LPCURSORINFO; + +#define CURSOR_SHOWING 0x00000001 +#endif /* CURSOR_SHOWING */ + +typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR, + DWORD, DWORD); +typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); +typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD); + +typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID); +typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); +typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); + +typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); +typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); +typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); +typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); +typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); +typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); + +#include +#include +#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE + * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was + * was added to the Platform SDK to allow the NET API to be used in + * non-Unicode applications provided that Unicode strings were still + * used for input. LMSTR is defined as LPWSTR. + */ +typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) + (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); +typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); +#endif /* 1 */ + +int RAND_poll(void) +{ + MEMORYSTATUS m; + HCRYPTPROV hProvider = 0; + BYTE buf[64]; + DWORD w; + HWND h; + + HMODULE advapi, kernel, user, netapi; + CRYPTACQUIRECONTEXT acquire = 0; + CRYPTGENRANDOM gen = 0; + CRYPTRELEASECONTEXT release = 0; +#if 1 /* There was previously a problem with NETSTATGET. Currently, this + * section is still experimental, but if all goes well, this conditional + * will be removed + */ + NETSTATGET netstatget = 0; + NETFREE netfree = 0; +#endif /* 1 */ + + /* Determine the OS version we are on so we can turn off things + * that do not work properly. + */ + OSVERSIONINFO osverinfo ; + osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; + GetVersionEx( &osverinfo ) ; + + /* load functions dynamically - not available on all systems */ + advapi = LoadLibrary("ADVAPI32.DLL"); + kernel = LoadLibrary("KERNEL32.DLL"); + user = LoadLibrary("USER32.DLL"); + netapi = LoadLibrary("NETAPI32.DLL"); + +#if 1 /* There was previously a problem with NETSTATGET. Currently, this + * section is still experimental, but if all goes well, this conditional + * will be removed + */ + if (netapi) + { + netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); + netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); + } + + if (netstatget && netfree) + { + LPBYTE outbuf; + /* NetStatisticsGet() is a Unicode only function + * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 + * contains 17 fields. We treat each field as a source of + * one byte of entropy. + */ + + if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) + { + RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); + netfree(outbuf); + } + if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) + { + RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); + netfree(outbuf); + } + } + + if (netapi) + FreeLibrary(netapi); +#endif /* 1 */ + + /* It appears like this can cause an exception deep within ADVAPI32.DLL + * at random times on Windows 2000. Reported by Jeffrey Altman. + * Only use it on NT. + */ + if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && + osverinfo.dwMajorVersion < 5) + { + /* Read Performance Statistics from NT/2000 registry + * The size of the performance data can vary from call + * to call so we must guess the size of the buffer to use + * and increase its size if we get an ERROR_MORE_DATA + * return instead of ERROR_SUCCESS. + */ + LONG rc=ERROR_MORE_DATA; + char * buf=NULL; + DWORD bufsz=0; + DWORD length; + + while (rc == ERROR_MORE_DATA) + { + buf = realloc(buf,bufsz+8192); + if (!buf) + break; + bufsz += 8192; + + length = bufsz; + rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", + NULL, NULL, buf, &length); + } + if (rc == ERROR_SUCCESS) + { + /* For entropy count assume only least significant + * byte of each DWORD is random. + */ + RAND_add(&length, sizeof(length), 0); + RAND_add(buf, length, length / 4.0); + } + if (buf) + free(buf); + } + + if (advapi) + { + acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi, + "CryptAcquireContextA"); + gen = (CRYPTGENRANDOM) GetProcAddress(advapi, + "CryptGenRandom"); + release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, + "CryptReleaseContext"); + } + + if (acquire && gen && release) + { + /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ + if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) + { + if (gen(hProvider, sizeof(buf), buf) != 0) + { + RAND_add(buf, sizeof(buf), sizeof(buf)); +#ifdef DEBUG + printf("randomness from PROV_RSA_FULL\n"); +#endif + } + release(hProvider, 0); + } + + /* poll the Pentium PRG with CryptoAPI */ + if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) + { + if (gen(hProvider, sizeof(buf), buf) != 0) + { + RAND_add(buf, sizeof(buf), sizeof(buf)); +#ifdef DEBUG + printf("randomness from PROV_INTEL_SEC\n"); +#endif + } + release(hProvider, 0); + } + } + + if (advapi) + FreeLibrary(advapi); + + /* timer data */ + readtimer(); + + /* memory usage statistics */ + GlobalMemoryStatus(&m); + RAND_add(&m, sizeof(m), 1); + + /* process ID */ + w = GetCurrentProcessId(); + RAND_add(&w, sizeof(w), 1); + + if (user) + { + GETCURSORINFO cursor; + GETFOREGROUNDWINDOW win; + GETQUEUESTATUS queue; + + win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); + cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); + queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); + + if (win) + { + /* window handle */ + h = win(); + RAND_add(&h, sizeof(h), 0); + } + if (cursor) + { + /* unfortunately, its not safe to call GetCursorInfo() + * on NT4 even though it exists in SP3 (or SP6) and + * higher. + */ + if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && + osverinfo.dwMajorVersion < 5) + cursor = 0; + } + if (cursor) + { + /* cursor position */ + /* assume 2 bytes of entropy */ + CURSORINFO ci; + ci.cbSize = sizeof(CURSORINFO); + if (cursor(&ci)) + RAND_add(&ci, ci.cbSize, 2); + } + + if (queue) + { + /* message queue status */ + /* assume 1 byte of entropy */ + w = queue(QS_ALLEVENTS); + RAND_add(&w, sizeof(w), 1); + } + + FreeLibrary(user); + } + + /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap + * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm + * (Win 9x and 2000 only, not available on NT) + * + * This seeding method was proposed in Peter Gutmann, Software + * Generation of Practically Strong Random Numbers, + * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html + * revised version at http://www.cryptoengines.com/~peter/06_random.pdf + * (The assignment of entropy estimates below is arbitrary, but based + * on Peter's analysis the full poll appears to be safe. Additional + * interactive seeding is encouraged.) + */ + + if (kernel) + { + CREATETOOLHELP32SNAPSHOT snap; + HANDLE handle; + + HEAP32FIRST heap_first; + HEAP32NEXT heap_next; + HEAP32LIST heaplist_first, heaplist_next; + PROCESS32 process_first, process_next; + THREAD32 thread_first, thread_next; + MODULE32 module_first, module_next; + + HEAPLIST32 hlist; + HEAPENTRY32 hentry; + PROCESSENTRY32 p; + THREADENTRY32 t; + MODULEENTRY32 m; + + snap = (CREATETOOLHELP32SNAPSHOT) + GetProcAddress(kernel, "CreateToolhelp32Snapshot"); + heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); + heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); + heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); + heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); + process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); + process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); + thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); + thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); + module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); + module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); + + if (snap && heap_first && heap_next && heaplist_first && + heaplist_next && process_first && process_next && + thread_first && thread_next && module_first && + module_next && (handle = snap(TH32CS_SNAPALL,0)) + != NULL) + { + /* heap list and heap walking */ + /* HEAPLIST32 contains 3 fields that will change with + * each entry. Consider each field a source of 1 byte + * of entropy. + * HEAPENTRY32 contains 5 fields that will change with + * each entry. Consider each field a source of 1 byte + * of entropy. + */ + hlist.dwSize = sizeof(HEAPLIST32); + if (heaplist_first(handle, &hlist)) + do + { + RAND_add(&hlist, hlist.dwSize, 3); + hentry.dwSize = sizeof(HEAPENTRY32); + if (heap_first(&hentry, + hlist.th32ProcessID, + hlist.th32HeapID)) + { + int entrycnt = 50; + do + RAND_add(&hentry, + hentry.dwSize, 5); + while (heap_next(&hentry) + && --entrycnt > 0); + } + } while (heaplist_next(handle, + &hlist)); + + /* process walking */ + /* PROCESSENTRY32 contains 9 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ + p.dwSize = sizeof(PROCESSENTRY32); + if (process_first(handle, &p)) + do + RAND_add(&p, p.dwSize, 9); + while (process_next(handle, &p)); + + /* thread walking */ + /* THREADENTRY32 contains 6 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ + t.dwSize = sizeof(THREADENTRY32); + if (thread_first(handle, &t)) + do + RAND_add(&t, t.dwSize, 6); + while (thread_next(handle, &t)); + + /* module walking */ + /* MODULEENTRY32 contains 9 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ + m.dwSize = sizeof(MODULEENTRY32); + if (module_first(handle, &m)) + do + RAND_add(&m, m.dwSize, 9); + while (module_next(handle, &m)); + + CloseHandle(handle); + } + + FreeLibrary(kernel); + } + +#ifdef DEBUG + printf("Exiting RAND_poll\n"); +#endif + + return(1); +} + +int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) + { + double add_entropy=0; + + switch (iMsg) + { + case WM_KEYDOWN: + { + static WPARAM key; + if (key != wParam) + add_entropy = 0.05; + key = wParam; + } + break; + case WM_MOUSEMOVE: + { + static int lastx,lasty,lastdx,lastdy; + int x,y,dx,dy; + + x=LOWORD(lParam); + y=HIWORD(lParam); + dx=lastx-x; + dy=lasty-y; + if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) + add_entropy=.2; + lastx=x, lasty=y; + lastdx=dx, lastdy=dy; + } + break; + } + + readtimer(); + RAND_add(&iMsg, sizeof(iMsg), add_entropy); + RAND_add(&wParam, sizeof(wParam), 0); + RAND_add(&lParam, sizeof(lParam), 0); + + return (RAND_status()); + } + + +void RAND_screen(void) /* function available for backward compatibility */ +{ + RAND_poll(); + readscreen(); +} + + +/* feed timing information to the PRNG */ +static void readtimer(void) +{ + DWORD w; + LARGE_INTEGER l; + static int have_perfc = 1; +#ifndef __GNUC__ + static int have_tsc = 1; + DWORD cyclecount; + + if (have_tsc) { + __try { + __asm { + rdtsc + mov cyclecount, eax + } + RAND_add(&cyclecount, sizeof(cyclecount), 1); + } __except(EXCEPTION_EXECUTE_HANDLER) { + have_tsc = 0; + } + } +#else +# define have_tsc 0 +#endif + + if (have_perfc) { + if (QueryPerformanceCounter(&l) == 0) + have_perfc = 0; + else + RAND_add(&l, sizeof(l), 0); + } + + if (!have_tsc && !have_perfc) { + w = GetTickCount(); + RAND_add(&w, sizeof(w), 0); + } +} + +/* feed screen contents to PRNG */ +/***************************************************************************** + * + * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. + * + * Code adapted from + * ; + * the original copyright message is: + * + * (C) Copyright Microsoft Corp. 1993. All rights reserved. + * + * You have a royalty-free right to use, modify, reproduce and + * distribute the Sample Files (and/or any modified version) in + * any way you find useful, provided that you agree that + * Microsoft has no warranty obligations or liability for any + * Sample Application Files which are modified. + */ + +static void readscreen(void) +{ + HDC hScrDC; /* screen DC */ + HDC hMemDC; /* memory DC */ + HBITMAP hBitmap; /* handle for our bitmap */ + HBITMAP hOldBitmap; /* handle for previous bitmap */ + BITMAP bm; /* bitmap properties */ + unsigned int size; /* size of bitmap */ + char *bmbits; /* contents of bitmap */ + int w; /* screen width */ + int h; /* screen height */ + int y; /* y-coordinate of screen lines to grab */ + int n = 16; /* number of screen lines to grab at a time */ + + /* Create a screen DC and a memory DC compatible to screen DC */ + hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL); + hMemDC = CreateCompatibleDC(hScrDC); + + /* Get screen resolution */ + w = GetDeviceCaps(hScrDC, HORZRES); + h = GetDeviceCaps(hScrDC, VERTRES); + + /* Create a bitmap compatible with the screen DC */ + hBitmap = CreateCompatibleBitmap(hScrDC, w, n); + + /* Select new bitmap into memory DC */ + hOldBitmap = SelectObject(hMemDC, hBitmap); + + /* Get bitmap properties */ + GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); + size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; + + bmbits = OPENSSL_malloc(size); + if (bmbits) { + /* Now go through the whole screen, repeatedly grabbing n lines */ + for (y = 0; y < h-n; y += n) + { + unsigned char md[MD_DIGEST_LENGTH]; + + /* Bitblt screen DC to memory DC */ + BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); + + /* Copy bitmap bits from memory DC to bmbits */ + GetBitmapBits(hBitmap, size, bmbits); + + /* Get the hash of the bitmap */ + MD(bmbits,size,md); + + /* Seed the random generator with the hash value */ + RAND_add(md, MD_DIGEST_LENGTH, 0); + } + + OPENSSL_free(bmbits); + } + + /* Select old bitmap back into memory DC */ + hBitmap = SelectObject(hMemDC, hOldBitmap); + + /* Clean up */ + DeleteObject(hBitmap); + DeleteDC(hMemDC); + DeleteDC(hScrDC); +} + +#else /* Unix version */ + +#include + +int RAND_poll(void) +{ + unsigned long l; + pid_t curr_pid = getpid(); +#ifdef DEVRANDOM + FILE *fh; +#endif + +#ifdef DEVRANDOM + /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD + * have this. Use /dev/urandom if you can as /dev/random may block + * if it runs out of random entries. */ + + if ((fh = fopen(DEVRANDOM, "r")) != NULL) + { + unsigned char tmpbuf[ENTROPY_NEEDED]; + int n; + + setvbuf(fh, NULL, _IONBF, 0); + n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh); + fclose(fh); + RAND_add(tmpbuf,sizeof tmpbuf,n); + memset(tmpbuf,0,n); + } +#endif + + /* put in some default random data, we need more than just this */ + l=curr_pid; + RAND_add(&l,sizeof(l),0); + l=getuid(); + RAND_add(&l,sizeof(l),0); + + l=time(NULL); + RAND_add(&l,sizeof(l),0); + +#ifdef DEVRANDOM + return 1; +#endif + return 0; +} + +#endif diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index c6ff27be0e..29718bdb9d 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c @@ -61,8 +61,6 @@ #include #include -#include "openssl/e_os.h" - #ifdef VMS #include #endif @@ -75,6 +73,7 @@ # include #endif +#include #include #include @@ -139,7 +138,7 @@ err: int RAND_write_file(const char *file) { unsigned char buf[BUFSIZE]; - int i,ret=0,err=0; + int i,ret=0,rand_err=0; FILE *out = NULL; int n; struct stat sb; @@ -156,18 +155,18 @@ int RAND_write_file(const char *file) } } -#if defined(O_CREAT) && defined(O_EXCL) && !defined(WIN32) +#if defined(O_CREAT) && !defined(WIN32) /* For some reason Win32 can't write to files created this way */ - - /* chmod(..., 0600) is too late to protect the file, - * permissions should be restrictive from the start */ - int fd = open(file, O_CREAT | O_EXCL, 0600); - if (fd != -1) - out = fdopen(fd, "wb"); + + /* chmod(..., 0600) is too late to protect the file, + * permissions should be restrictive from the start */ + int fd = open(file, O_CREAT, 0600); + if (fd != -1) + out = fdopen(fd, "wb"); #endif - if (out == NULL) - out = fopen(file,"wb"); - if (out == NULL) goto err; + if (out == NULL) + out = fopen(file,"wb"); + if (out == NULL) goto err; #ifndef NO_CHMOD chmod(file,0600); @@ -178,7 +177,7 @@ int RAND_write_file(const char *file) i=(n > BUFSIZE)?BUFSIZE:n; n-=BUFSIZE; if (RAND_bytes(buf,i) <= 0) - err=1; + rand_err=1; i=fwrite(buf,1,i,out); if (i <= 0) { @@ -194,7 +193,7 @@ int RAND_write_file(const char *file) { char *tmpf; - tmpf = Malloc(strlen(file) + 4); /* to add ";-1" and a nul */ + tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */ if (tmpf) { strcpy(tmpf, file); @@ -211,7 +210,7 @@ int RAND_write_file(const char *file) fclose(out); memset(buf,0,BUFSIZE); err: - return(err ? -1 : ret); + return (rand_err ? -1 : ret); } const char *RAND_file_name(char *buf, int size) -- cgit v1.2.3-55-g6feb