From f1625f274acf5dcd5601f6cb5e29e233b2a441a3 Mon Sep 17 00:00:00 2001 From: djm <> Date: Sat, 6 Sep 2008 12:15:54 +0000 Subject: import of OpenSSL 0.9.8h --- src/lib/libcrypto/rand/Makefile | 141 ++++++++++++++----------------------- src/lib/libcrypto/rand/md_rand.c | 17 ++--- src/lib/libcrypto/rand/rand_egd.c | 2 +- src/lib/libcrypto/rand/rand_unix.c | 119 ++++++++++++++++++++++--------- src/lib/libcrypto/rand/rand_win.c | 99 ++++++++++++++------------ src/lib/libcrypto/rand/randtest.c | 5 +- 6 files changed, 200 insertions(+), 183 deletions(-) (limited to 'src/lib/libcrypto/rand') diff --git a/src/lib/libcrypto/rand/Makefile b/src/lib/libcrypto/rand/Makefile index b1d1a75f98..3c1ab5bbae 100644 --- a/src/lib/libcrypto/rand/Makefile +++ b/src/lib/libcrypto/rand/Makefile @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -23,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ - rand_win.c rand_unix.c rand_os2.c + rand_win.c rand_unix.c rand_os2.c rand_nw.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ - rand_win.o rand_unix.o rand_os2.o + rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) @@ -53,6 +48,7 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ @@ -68,6 +64,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -79,26 +76,16 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md_rand.o: ../../e_os.h ../../include/openssl/aes.h -md_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -md_rand.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +md_rand.o: ../../e_os.h ../../include/openssl/asn1.h +md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -md_rand.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -md_rand.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -md_rand.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -md_rand.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -md_rand.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -md_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -md_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -md_rand.o: ../../include/openssl/ui_compat.h md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md_rand.o: md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h rand_egd.o: ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h @@ -110,83 +97,59 @@ rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c -rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h -rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rand_lib.o: ../../e_os.h ../../include/openssl/bio.h rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rand_lib.o: ../../include/openssl/err.h ../../include/openssl/fips.h -rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/lhash.h +rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h rand_lib.o: ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_lib.o: ../../include/openssl/ui_compat.h ../cryptlib.h rand_lib.c -rand_os2.o: ../../e_os.h ../../include/openssl/aes.h -rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_os2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rand_os2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_lib.o: ../cryptlib.h rand_lib.c +rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h +rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c +rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h +rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_os2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rand_os2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rand_os2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_os2.o: ../../include/openssl/opensslconf.h +rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -rand_os2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rand_os2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_os2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c -rand_unix.o: ../../e_os.h ../../include/openssl/aes.h -rand_unix.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rand_unix.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_unix.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rand_unix.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_os2.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h +rand_os2.o: rand_os2.c +rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h +rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_unix.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rand_unix.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rand_unix.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_unix.o: ../../include/openssl/objects.h rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -rand_unix.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rand_unix.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_unix.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c -rand_win.o: ../../e_os.h ../../include/openssl/aes.h -rand_win.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rand_win.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_win.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rand_win.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_unix.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_unix.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h +rand_unix.o: rand_unix.c +rand_win.o: ../../e_os.h ../../include/openssl/asn1.h +rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_win.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rand_win.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rand_win.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_win.o: ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_win.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -rand_win.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rand_win.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c +rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h +rand_win.o: rand_win.c randfile.o: ../../e_os.h ../../include/openssl/buffer.h randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h randfile.o: ../../include/openssl/opensslconf.h diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index c84968df88..9783d0c23e 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c @@ -126,7 +126,6 @@ #include #include -#include #ifdef BN_DEBUG # define PREDICT @@ -153,7 +152,7 @@ static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ int rand_predictable=0; #endif -const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; +const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; static void ssleay_rand_cleanup(void); static void ssleay_rand_seed(const void *buf, int num); @@ -301,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) * other thread's seeding remains without effect (except for * the incremented counter). By XORing it we keep at least as * much entropy as fits into md. */ - for (k = 0; k < sizeof md; k++) + for (k = 0; k < (int)sizeof(md); k++) { md[k] ^= local_md[k]; } @@ -316,7 +315,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) static void ssleay_rand_seed(const void *buf, int num) { - ssleay_rand_add(buf, num, num); + ssleay_rand_add(buf, num, (double)num); } static int ssleay_rand_bytes(unsigned char *buf, int num) @@ -333,14 +332,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; -#ifdef OPENSSL_FIPS - if(FIPS_mode()) - { - FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); - return 0; - } -#endif - #ifdef PREDICT if (rand_predictable) { @@ -529,7 +520,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) - (void)ERR_get_error(); + ERR_clear_error(); } return (ret); } diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c index cd666abfcb..50bce6caba 100644 --- a/src/lib/libcrypto/rand/rand_egd.c +++ b/src/lib/libcrypto/rand/rand_egd.c @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c index 9376554fae..6c2be5cb96 100644 --- a/src/lib/libcrypto/rand/rand_unix.c +++ b/src/lib/libcrypto/rand/rand_unix.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -108,6 +108,7 @@ * Hudson (tjh@cryptsoft.com). * */ +#include #define USE_SOCKETS #include "e_os.h" @@ -115,7 +116,7 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) #include #include @@ -124,6 +125,13 @@ #include #include #include +#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ +# include +#endif +#include +#ifndef FD_SETSIZE +# define FD_SETSIZE (8*sizeof(fd_set)) +#endif #ifdef __OpenBSD__ int RAND_poll(void) @@ -142,7 +150,7 @@ int RAND_poll(void) return 1; } -#else +#else /* !defined(__OpenBSD__) */ int RAND_poll(void) { unsigned long l; @@ -154,7 +162,8 @@ int RAND_poll(void) #ifdef DEVRANDOM static const char *randomfiles[] = { DEVRANDOM }; struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; - int fd,i; + int fd; + size_t i; #endif #ifdef DEVRANDOM_EGD static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; @@ -182,10 +191,9 @@ int RAND_poll(void) #endif )) >= 0) { - struct timeval t = { 0, 10*1000 }; /* Spend 10ms on - each file. */ - int r,j; - fd_set fset; + int usec = 10*1000; /* spend 10ms on each file */ + int r; + size_t j; struct stat *st=&randomstats[i]; /* Avoid using same input... Used to be O_NOFOLLOW @@ -201,35 +209,75 @@ int RAND_poll(void) do { - FD_ZERO(&fset); - FD_SET(fd, &fset); - r = -1; + int try_read = 0; - if (select(fd+1,&fset,NULL,NULL,&t) < 0) - t.tv_usec=0; - else if (FD_ISSET(fd, &fset)) +#if defined(OPENSSL_SYS_LINUX) + /* use poll() */ + struct pollfd pset; + + pset.fd = fd; + pset.events = POLLIN; + pset.revents = 0; + + if (poll(&pset, 1, usec / 1000) < 0) + usec = 0; + else + try_read = (pset.revents & POLLIN) != 0; + +#else + /* use select() */ + fd_set fset; + struct timeval t; + + t.tv_sec = 0; + t.tv_usec = usec; + + if (FD_SETSIZE > 0 && fd >= FD_SETSIZE) + { + /* can't use select, so just try to read once anyway */ + try_read = 1; + } + else + { + FD_ZERO(&fset); + FD_SET(fd, &fset); + + if (select(fd+1,&fset,NULL,NULL,&t) >= 0) + { + usec = t.tv_usec; + if (FD_ISSET(fd, &fset)) + try_read = 1; + } + else + usec = 0; + } +#endif + + if (try_read) { - r=read(fd,(unsigned char *)tmpbuf+n, - ENTROPY_NEEDED-n); + r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n); if (r > 0) n += r; } - - /* Some Unixen will update t, some - won't. For those who won't, give - up here, otherwise, we will do + else + r = -1; + + /* Some Unixen will update t in select(), some + won't. For those who won't, or if we + didn't use select() in the first place, + give up here, otherwise, we will do this once again for the remaining time. */ - if (t.tv_usec == 10*1000) - t.tv_usec=0; + if (usec == 10*1000) + usec = 0; } - while ((r > 0 || (errno == EINTR || errno == EAGAIN)) - && t.tv_usec != 0 && n < ENTROPY_NEEDED); + while ((r > 0 || + (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); close(fd); } } -#endif +#endif /* defined(DEVRANDOM) */ #ifdef DEVRANDOM_EGD /* Use an EGD socket to read entropy from an EGD or PRNGD entropy @@ -244,24 +292,24 @@ int RAND_poll(void) if (r > 0) n += r; } -#endif +#endif /* defined(DEVRANDOM_EGD) */ #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) if (n > 0) { - RAND_add(tmpbuf,sizeof tmpbuf,n); + RAND_add(tmpbuf,sizeof tmpbuf,(double)n); OPENSSL_cleanse(tmpbuf,n); } #endif /* put in some default random data, we need more than just this */ l=curr_pid; - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); l=getuid(); - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); l=time(NULL); - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) return 1; @@ -270,12 +318,13 @@ int RAND_poll(void) #endif } -#endif -#endif +#endif /* defined(__OpenBSD__) */ +#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ + #if defined(OPENSSL_SYS_VXWORKS) int RAND_poll(void) -{ - return 0; -} + { + return 0; + } #endif diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c index 30c69161ef..00dbe4232c 100644 --- a/src/lib/libcrypto/rand/rand_win.c +++ b/src/lib/libcrypto/rand/rand_win.c @@ -121,6 +121,10 @@ #include #include +/* Limit the time spent walking through the heap, processes, threads and modules to + a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */ +#define MAXDELAY 1000 + /* Intel hardware RNG CSP -- available from * http://developer.intel.com/design/security/rng/redist_license.htm */ @@ -152,6 +156,7 @@ typedef struct tagCURSORINFO #define CURSOR_SHOWING 0x00000001 #endif /* CURSOR_SHOWING */ +#if !defined(OPENSSL_SYS_WINCE) typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, DWORD, DWORD); typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); @@ -163,7 +168,7 @@ typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); -typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); +typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t); typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); @@ -171,9 +176,7 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include -#ifndef OPENSSL_SYS_WINCE #include -#endif #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was * was added to the Platform SDK to allow the NET API to be used in @@ -184,26 +187,14 @@ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); #endif /* 1 */ +#endif /* !OPENSSL_SYS_WINCE */ int RAND_poll(void) { MEMORYSTATUS m; HCRYPTPROV hProvider = 0; - BYTE buf[64]; DWORD w; - HWND h; - - HMODULE advapi, kernel, user, netapi; - CRYPTACQUIRECONTEXTW acquire = 0; - CRYPTGENRANDOM gen = 0; - CRYPTRELEASECONTEXT release = 0; -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ - NETSTATGET netstatget = 0; - NETFREE netfree = 0; -#endif /* 1 */ + int good = 0; /* Determine the OS version we are on so we can turn off things * that do not work properly. @@ -212,21 +203,24 @@ int RAND_poll(void) osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; GetVersionEx( &osverinfo ) ; -#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO -#ifndef CryptAcquireContext -#define CryptAcquireContext CryptAcquireContextW -#endif +#if defined(OPENSSL_SYS_WINCE) +# if defined(_WIN32_WCE) && _WIN32_WCE>=300 +/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available + * in commonly available implementations prior 300... */ + { + BYTE buf[64]; /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) + if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { if (CryptGenRandom(hProvider, sizeof(buf), buf)) RAND_add(buf, sizeof(buf), sizeof(buf)); CryptReleaseContext(hProvider, 0); } -#endif - -#ifndef OPENSSL_SYS_WINCE + } +# endif +#else /* OPENSSL_SYS_WINCE */ /* * None of below libraries are present on Windows CE, which is * why we #ifndef the whole section. This also excuses us from @@ -240,17 +234,19 @@ int RAND_poll(void) * implement own shim routine, which would accept ANSI argument * and expand it to Unicode. */ - + { /* load functions dynamically - not available on all systems */ - advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); - kernel = LoadLibrary(TEXT("KERNEL32.DLL")); - user = LoadLibrary(TEXT("USER32.DLL")); - netapi = LoadLibrary(TEXT("NETAPI32.DLL")); - -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ + HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); + HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + HMODULE user = NULL; + HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); + CRYPTACQUIRECONTEXTW acquire = NULL; + CRYPTGENRANDOM gen = NULL; + CRYPTRELEASECONTEXT release = NULL; + NETSTATGET netstatget = NULL; + NETFREE netfree = NULL; + BYTE buf[64]; + if (netapi) { netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); @@ -280,7 +276,6 @@ int RAND_poll(void) if (netapi) FreeLibrary(netapi); -#endif /* 1 */ /* It appears like this can cause an exception deep within ADVAPI32.DLL * at random times on Windows 2000. Reported by Jeffrey Altman. @@ -356,12 +351,13 @@ int RAND_poll(void) { /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, + if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), 0); + good = 1; #if 0 printf("randomness from PROV_RSA_FULL\n"); #endif @@ -375,6 +371,7 @@ int RAND_poll(void) if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), sizeof(buf)); + good = 1; #if 0 printf("randomness from PROV_INTEL_SEC\n"); #endif @@ -386,7 +383,9 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - if (user) + if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + !OPENSSL_isservice()) && + (user = LoadLibrary(TEXT("USER32.DLL")))) { GETCURSORINFO cursor; GETFOREGROUNDWINDOW win; @@ -399,7 +398,7 @@ int RAND_poll(void) if (win) { /* window handle */ - h = win(); + HWND h = win(); RAND_add(&h, sizeof(h), 0); } if (cursor) @@ -464,6 +463,7 @@ int RAND_poll(void) PROCESSENTRY32 p; THREADENTRY32 t; MODULEENTRY32 m; + DWORD stoptime = 0; snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, "CreateToolhelp32Snapshot"); @@ -495,6 +495,7 @@ int RAND_poll(void) * of entropy. */ hlist.dwSize = sizeof(HEAPLIST32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (heaplist_first(handle, &hlist)) do { @@ -512,18 +513,20 @@ int RAND_poll(void) && --entrycnt > 0); } } while (heaplist_next(handle, - &hlist)); - + &hlist) && GetTickCount() < stoptime); + /* process walking */ /* PROCESSENTRY32 contains 9 fields that will change * with each entry. Consider each field a source of * 1 byte of entropy. */ p.dwSize = sizeof(PROCESSENTRY32); + + if (good) stoptime = GetTickCount() + MAXDELAY; if (process_first(handle, &p)) do RAND_add(&p, p.dwSize, 9); - while (process_next(handle, &p)); + while (process_next(handle, &p) && GetTickCount() < stoptime); /* thread walking */ /* THREADENTRY32 contains 6 fields that will change @@ -531,10 +534,11 @@ int RAND_poll(void) * 1 byte of entropy. */ t.dwSize = sizeof(THREADENTRY32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (thread_first(handle, &t)) do RAND_add(&t, t.dwSize, 6); - while (thread_next(handle, &t)); + while (thread_next(handle, &t) && GetTickCount() < stoptime); /* module walking */ /* MODULEENTRY32 contains 9 fields that will change @@ -542,18 +546,22 @@ int RAND_poll(void) * 1 byte of entropy. */ m.dwSize = sizeof(MODULEENTRY32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (module_first(handle, &m)) do RAND_add(&m, m.dwSize, 9); - while (module_next(handle, &m)); + while (module_next(handle, &m) + && (GetTickCount() < stoptime)); if (close_snap) close_snap(handle); else CloseHandle(handle); + } FreeLibrary(kernel); } + } #endif /* !OPENSSL_SYS_WINCE */ /* timer data */ @@ -693,6 +701,9 @@ static void readscreen(void) int y; /* y-coordinate of screen lines to grab */ int n = 16; /* number of screen lines to grab at a time */ + if (GetVersion() >= 0x80000000 || !OPENSSL_isservice()) + return; + /* Create a screen DC and a memory DC compatible to screen DC */ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); hMemDC = CreateCompatibleDC(hScrDC); diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c index 701932e6ee..9e92a70b03 100644 --- a/src/lib/libcrypto/rand/randtest.c +++ b/src/lib/libcrypto/rand/randtest.c @@ -65,7 +65,7 @@ /* some FIPS 140-1 random number test */ /* some simple tests */ -int main() +int main(int argc,char **argv) { unsigned char buf[2500]; int i,j,k,s,sign,nsign,err=0; @@ -211,6 +211,9 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } -- cgit v1.2.3-55-g6feb