From a0fdc9ec41594852f67ec77dfad9cb06bacc4186 Mon Sep 17 00:00:00 2001 From: djm <> Date: Fri, 9 Jan 2009 12:14:11 +0000 Subject: import openssl-0.9.8j --- src/lib/libcrypto/rand/rand.h | 29 +++++++++++++++- src/lib/libcrypto/rand/rand_err.c | 20 ++++++++++- src/lib/libcrypto/rand/rand_lib.c | 71 ++++++++++++++++++++++++++++++++++++++- src/lib/libcrypto/rand/randfile.c | 66 +++++++++++++++++++++++++----------- 4 files changed, 163 insertions(+), 23 deletions(-) (limited to 'src/lib/libcrypto/rand') diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h index ac6c021763..ea89153cba 100644 --- a/src/lib/libcrypto/rand/rand.h +++ b/src/lib/libcrypto/rand/rand.h @@ -72,7 +72,7 @@ extern "C" { #endif #if defined(OPENSSL_FIPS) -#define FIPS_RAND_SIZE_T size_t +#define FIPS_RAND_SIZE_T int #endif /* Already defined in ossl_typ.h */ @@ -111,6 +111,15 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path,int bytes); int RAND_poll(void); +#ifndef OPENSSL_NO_ENGINE +#ifdef OPENSSL_FIPS +void int_RAND_init_engine_callbacks(void); +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth)); +#endif +#endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) @@ -128,11 +137,29 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ +#define RAND_F_ENG_RAND_GET_RAND_METHOD 108 +#define RAND_F_FIPS_RAND 103 +#define RAND_F_FIPS_RAND_BYTES 102 +#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 +#define RAND_F_FIPS_RAND_SET_DT 106 +#define RAND_F_FIPS_SET_DT 104 +#define RAND_F_FIPS_SET_PRNG_SEED 107 +#define RAND_F_FIPS_SET_TEST_MODE 105 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_NON_FIPS_METHOD 105 +#define RAND_R_NOT_IN_TEST_MODE 106 +#define RAND_R_NO_KEY_SET 107 +#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 +#define RAND_R_PRNG_ERROR 108 +#define RAND_R_PRNG_KEYED 109 +#define RAND_R_PRNG_NOT_REKEYED 102 +#define RAND_R_PRNG_NOT_RESEEDED 103 #define RAND_R_PRNG_NOT_SEEDED 100 +#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 +#define RAND_R_PRNG_STUCK 104 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c index 386934dcd1..829fb44d77 100644 --- a/src/lib/libcrypto/rand/rand_err.c +++ b/src/lib/libcrypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,14 @@ static ERR_STRING_DATA RAND_str_functs[]= { +{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, +{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, +{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, +{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, +{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, +{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, +{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, +{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} @@ -77,7 +85,17 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { +{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, +{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, +{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, +{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, +{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, +{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, +{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, +{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"}, +{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"}, {0,NULL} }; diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 513e338985..da6b4e0e86 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c @@ -60,15 +60,82 @@ #include #include "cryptlib.h" #include +#include "rand_lcl.h" +#ifdef OPENSSL_FIPS +#include +#include +#endif + #ifndef OPENSSL_NO_ENGINE #include #endif +static const RAND_METHOD *default_RAND_meth = NULL; + +#ifdef OPENSSL_FIPS + +static int fips_RAND_set_rand_method(const RAND_METHOD *meth, + const RAND_METHOD **pmeth) + { + *pmeth = meth; + return 1; + } + +static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth) + { + if (!*pmeth) + { + if(FIPS_mode()) + *pmeth=FIPS_rand_method(); + else + *pmeth = RAND_SSLeay(); + } + + if(FIPS_mode() + && *pmeth != FIPS_rand_check()) + { + RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); + return 0; + } + + return *pmeth; + } + +static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth) + = fips_RAND_set_rand_method; +static const RAND_METHOD *(*RAND_get_rand_method_func) + (const RAND_METHOD **pmeth) + = fips_RAND_get_rand_method; + +#ifndef OPENSSL_NO_ENGINE +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func) + (const RAND_METHOD **pmeth)) + { + RAND_set_rand_method_func = set_rand_func; + RAND_get_rand_method_func = get_rand_func; + } +#endif + +int RAND_set_rand_method(const RAND_METHOD *meth) + { + return RAND_set_rand_method_func(meth, &default_RAND_meth); + } + +const RAND_METHOD *RAND_get_rand_method(void) + { + return RAND_get_rand_method_func(&default_RAND_meth); + } + +#else + #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; #endif -static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { @@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine) } #endif +#endif + void RAND_cleanup(void) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index 6c0ec9a41c..d108353bbc 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c @@ -81,10 +81,25 @@ # include #endif +#ifdef _WIN32 +#define stat _stat +#define chmod _chmod +#define open _open +#define fdopen _fdopen +#endif + #undef BUFSIZE #define BUFSIZE 1024 #define RAND_DATA 1024 +#ifdef OPENSSL_SYS_VMS +/* This declaration is a nasty hack to get around vms' extension to fopen + * for passing in sharing options being disabled by our /STANDARD=ANSI89 */ +static FILE *(*const vms_fopen)(const char *, const char *, ...) = + (FILE *(*)(const char *, const char *, ...))fopen; +#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" +#endif + /* #define RFILE ".rnd" - defined in ../../e_os.h */ /* Note that these functions are intended for seed files only. @@ -106,7 +121,11 @@ int RAND_load_file(const char *file, long bytes) RAND_add(&sb,sizeof(sb),0.0); if (bytes == 0) return(ret); +#ifdef OPENSSL_SYS_VMS + in=vms_fopen(file,"rb",VMS_OPEN_ATTRS); +#else in=fopen(file,"rb"); +#endif if (in == NULL) goto err; #if defined(S_IFBLK) && defined(S_IFCHR) if (sb.st_mode & (S_IFBLK | S_IFCHR)) { @@ -167,7 +186,7 @@ int RAND_write_file(const char *file) #endif } -#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) +#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) { /* For some reason Win32 can't write to files created this way */ @@ -178,8 +197,34 @@ int RAND_write_file(const char *file) out = fdopen(fd, "wb"); } #endif + +#ifdef OPENSSL_SYS_VMS + /* VMS NOTE: Prior versions of this routine created a _new_ + * version of the rand file for each call into this routine, then + * deleted all existing versions named ;-1, and finally renamed + * the current version as ';1'. Under concurrent usage, this + * resulted in an RMS race condition in rename() which could + * orphan files (see vms message help for RMS$_REENT). With the + * fopen() calls below, openssl/VMS now shares the top-level + * version of the rand file. Note that there may still be + * conditions where the top-level rand file is locked. If so, this + * code will then create a new version of the rand file. Without + * the delete and rename code, this can result in ascending file + * versions that stop at version 32767, and this routine will then + * return an error. The remedy for this is to recode the calling + * application to avoid concurrent use of the rand file, or + * synchronize usage at the application level. Also consider + * whether or not you NEED a persistent rand file in a concurrent + * use situation. + */ + + out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS); + if (out == NULL) + out = vms_fopen(file,"wb",VMS_OPEN_ATTRS); +#else if (out == NULL) out = fopen(file,"wb"); +#endif if (out == NULL) goto err; #ifndef NO_CHMOD @@ -201,25 +246,6 @@ int RAND_write_file(const char *file) ret+=i; if (n <= 0) break; } -#ifdef OPENSSL_SYS_VMS - /* Try to delete older versions of the file, until there aren't - any */ - { - char *tmpf; - - tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */ - if (tmpf) - { - strcpy(tmpf, file); - strcat(tmpf, ";-1"); - while(delete(tmpf) == 0) - ; - rename(file,";1"); /* Make sure it's version 1, or we - will reach the limit (32767) at - some point... */ - } - } -#endif /* OPENSSL_SYS_VMS */ fclose(out); OPENSSL_cleanse(buf,BUFSIZE); -- cgit v1.2.3-55-g6feb