aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/rand
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2014-02-07 23:28:38 +0100
committermarha <marha@users.sourceforge.net>2014-02-07 23:38:15 +0100
commit982ac918afe6a1c02d5cf735d7b6c56443a048cc (patch)
treee737eb3f7bb18d933e14f0967c1c1aa5ce5e06f6 /openssl/crypto/rand
parent30af30b78075159fce477ae99cc72540133714d0 (diff)
downloadvcxsrv-982ac918afe6a1c02d5cf735d7b6c56443a048cc.tar.gz
vcxsrv-982ac918afe6a1c02d5cf735d7b6c56443a048cc.tar.bz2
vcxsrv-982ac918afe6a1c02d5cf735d7b6c56443a048cc.zip
xkbcomp xkeyboard-config libxcb libxtrans fontconfig libX11 libxcb mesa xserver git update 7 Feb 2014
Update to openssl1.0.1f xserver commit 83e38eb73fd8c852513aac2da2975b4c01070ec2 libxcb commit d7eb0bdf3b5b11ee9f40ee5e73df8fc0bdfa59f3 xkeyboard-config commit 7596672b96315465df8d8d691e3a567a52f70743 libX11 commit aacf95dacc7c598e7297894580d4d655593813b2 xkbcomp commit 31b90ee4ffc774e0da540277907fc5540c0b012c libxtrans commit 3f0de269abe59353acbd7a5587d68ce0da91db67 fontconfig commit e310d2fac2d874d5aa76c609df70cc7b871c0b6d mesa commit dd2229d4c68ed78a50104637aef904f8ab6d7dd3
Diffstat (limited to 'openssl/crypto/rand')
-rw-r--r--openssl/crypto/rand/md_rand.c22
-rw-r--r--openssl/crypto/rand/rand.h1
-rw-r--r--openssl/crypto/rand/rand_err.c1
-rw-r--r--openssl/crypto/rand/rand_lib.c8
4 files changed, 27 insertions, 5 deletions
diff --git a/openssl/crypto/rand/md_rand.c b/openssl/crypto/rand/md_rand.c
index 1e3bcb9bc..dd2916372 100644
--- a/openssl/crypto/rand/md_rand.c
+++ b/openssl/crypto/rand/md_rand.c
@@ -380,8 +380,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
* are fed into the hash function and the results are kept in the
* global 'md'.
*/
-
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ /* NB: in FIPS mode we are already under a lock */
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +463,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
{
@@ -512,10 +518,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
MD_Init(&m);
MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
MD_Update(&m,md,MD_DIGEST_LENGTH);
MD_Final(&m,md);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
EVP_MD_CTX_cleanup(&m);
if (ok)
diff --git a/openssl/crypto/rand/rand.h b/openssl/crypto/rand/rand.h
index dc8fcf94c..bb5520e80 100644
--- a/openssl/crypto/rand/rand.h
+++ b/openssl/crypto/rand/rand.h
@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
#define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */
+#define RAND_R_DUAL_EC_DRBG_DISABLED 104
#define RAND_R_ERROR_INITIALISING_DRBG 102
#define RAND_R_ERROR_INSTANTIATING_DRBG 103
#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
diff --git a/openssl/crypto/rand/rand_err.c b/openssl/crypto/rand/rand_err.c
index b8586c8f4..c4c80fc8c 100644
--- a/openssl/crypto/rand/rand_err.c
+++ b/openssl/crypto/rand/rand_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
static ERR_STRING_DATA RAND_str_reasons[]=
{
+{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
diff --git a/openssl/crypto/rand/rand_lib.c b/openssl/crypto/rand/rand_lib.c
index 476a0cd18..5ac0e14ca 100644
--- a/openssl/crypto/rand/rand_lib.c
+++ b/openssl/crypto/rand/rand_lib.c
@@ -269,6 +269,14 @@ int RAND_init_fips(void)
DRBG_CTX *dctx;
size_t plen;
unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+ if (fips_drbg_type >> 16)
+ {
+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+ return 0;
+ }
+#endif
+
dctx = FIPS_get_default_drbg();
if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
{