Update OpenSSL from 1.0.1h to 1.0.1i

author: Mike DePaulo <mikedep333@gmail.com> 2014-09-01 17:44:28 -0400
committer: Mike DePaulo <mikedep333@gmail.com> 2014-09-01 17:44:28 -0400
commit: f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21 (patch)
tree: fd03f01d13342419f0ebaf53daa0161a072a8d62 /openssl/crypto/rand
parent: cf84b2dc07ef59c1adb4fe29789c7dbbbd35fbb4 (diff)
download: vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.gz
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.bz2
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.zip
4 files changed, 11 insertions, 18 deletions
diff --git a/openssl/crypto/rand/md_rand.c b/openssl/crypto/rand/md_rand.c
index aee1c30b0..888b4eb8d 100644
--- a/openssl/crypto/rand/md_rand.c
+++ b/openssl/crypto/rand/md_rand.c
@@ -159,7 +159,6 @@ const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
 static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo);
 static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
@@ -334,7 +333,7 @@ static void ssleay_rand_seed(const void *buf, int num)
 	ssleay_rand_add(buf, num, (double)num);
 	}
 
-static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
 	{
 	static volatile int stirred_pool = 0;
 	int i,j,k,st_num,st_idx;
@@ -383,10 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	 * are fed into the hash function and the results are kept in the
 	 * global 'md'.
 	 */
-#ifdef OPENSSL_FIPS
-	/* NB: in FIPS mode we are already under a lock */
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
 	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
@@ -466,9 +462,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
 	/* before unlocking, we must clear 'crypto_lock_rand' */
 	crypto_lock_rand = 0;
-#ifdef OPENSSL_FIPS
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	while (num > 0)
@@ -521,15 +515,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	MD_Init(&m);
 	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-#ifdef OPENSSL_FIPS
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
 	MD_Final(&m,md);
-#ifdef OPENSSL_FIPS
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	EVP_MD_CTX_cleanup(&m);
@@ -548,14 +538,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
 static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
 	{
-	return ssleay_rand_bytes(buf, num, 0);
+	return ssleay_rand_bytes(buf, num, 0, 1);
 	}
 
 /* pseudo-random bytes that are guaranteed to be unique but not
    unpredictable */
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
 	{
-	return ssleay_rand_bytes(buf, num, 1);
+	return ssleay_rand_bytes(buf, num, 1, 1);
 	}
 
 static int ssleay_rand_status(void)
diff --git a/openssl/crypto/rand/rand_lcl.h b/openssl/crypto/rand/rand_lcl.h
index 618a8ec89..0fabf8dc5 100644
--- a/openssl/crypto/rand/rand_lcl.h
+++ b/openssl/crypto/rand/rand_lcl.h
@@ -154,5 +154,6 @@
 #define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
 #endif
 
+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock);
 
 #endif
diff --git a/openssl/crypto/rand/rand_lib.c b/openssl/crypto/rand/rand_lib.c
index 5ac0e14ca..239a1cde8 100644
--- a/openssl/crypto/rand/rand_lib.c
+++ b/openssl/crypto/rand/rand_lib.c
@@ -68,6 +68,7 @@
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>
+#include "rand_lcl.h"
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
@@ -199,7 +200,7 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 	*pout = OPENSSL_malloc(min_len);
 	if (!*pout)
 		return 0;
-	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
+	if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0)
 		{
 		OPENSSL_free(*pout);
 		*pout = NULL;
diff --git a/openssl/crypto/rand/randfile.c b/openssl/crypto/rand/randfile.c
index 7f1428072..14ba69d4c 100644
--- a/openssl/crypto/rand/randfile.c
+++ b/openssl/crypto/rand/randfile.c
@@ -79,6 +79,7 @@
 #endif
 #ifndef OPENSSL_NO_POSIX_IO
 # include <sys/stat.h>
+# include <fcntl.h>
 #endif
 
 #ifdef _WIN32
author	Mike DePaulo <mikedep333@gmail.com>	2014-09-01 17:44:28 -0400
committer	Mike DePaulo <mikedep333@gmail.com>	2014-09-01 17:44:28 -0400
commit	f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21 (patch)
tree	fd03f01d13342419f0ebaf53daa0161a072a8d62 /openssl/crypto/rand
parent	cf84b2dc07ef59c1adb4fe29789c7dbbbd35fbb4 (diff)
download	vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.gz vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.bz2 vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.zip