diff options
author | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
commit | 462f18c7b25fe3e467f837647d07ab0a78aa8d2b (patch) | |
tree | fc8013c0a1bac05a1945846c1697e973f4c35013 /openssl/crypto/rand | |
parent | 36f711ee12b6dd5184198abed3aa551efb585587 (diff) | |
download | vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.gz vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.bz2 vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.zip |
Merged origin/release (checked in because wanted to merge new stuff)
Diffstat (limited to 'openssl/crypto/rand')
-rw-r--r-- | openssl/crypto/rand/md_rand.c | 839 | ||||
-rw-r--r-- | openssl/crypto/rand/rand.h | 104 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_egd.c | 358 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_err.c | 53 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_lcl.h | 93 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_lib.c | 359 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_nw.c | 110 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_os2.c | 86 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_unix.c | 622 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_vms.c | 167 | ||||
-rw-r--r-- | openssl/crypto/rand/rand_win.c | 1227 | ||||
-rw-r--r-- | openssl/crypto/rand/randfile.c | 394 | ||||
-rw-r--r-- | openssl/crypto/rand/randtest.c | 278 |
13 files changed, 2322 insertions, 2368 deletions
diff --git a/openssl/crypto/rand/md_rand.c b/openssl/crypto/rand/md_rand.c index 888b4eb8d..5c13d5776 100644 --- a/openssl/crypto/rand/md_rand.c +++ b/openssl/crypto/rand/md_rand.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -113,7 +113,7 @@ #ifdef MD_RAND_DEBUG # ifndef NDEBUG -# define NDEBUG +# define NDEBUG # endif #endif @@ -133,28 +133,29 @@ # define PREDICT #endif -/* #define PREDICT 1 */ +/* #define PREDICT 1 */ -#define STATE_SIZE 1023 -static int state_num=0,state_index=0; -static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; +#define STATE_SIZE 1023 +static int state_num = 0, state_index = 0; +static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH]; static unsigned char md[MD_DIGEST_LENGTH]; -static long md_count[2]={0,0}; -static double entropy=0; -static int initialized=0; +static long md_count[2] = { 0, 0 }; + +static double entropy = 0; +static int initialized = 0; static unsigned int crypto_lock_rand = 0; /* may be set only when a thread - * holds CRYPTO_LOCK_RAND - * (to prevent double locking) */ + * holds CRYPTO_LOCK_RAND (to + * prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ - +/* valid iff crypto_lock_rand is set */ +static CRYPTO_THREADID locking_threadid; #ifdef PREDICT -int rand_predictable=0; +int rand_predictable = 0; #endif -const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; +const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT; static void ssleay_rand_cleanup(void); static void ssleay_rand_seed(const void *buf, int num); @@ -163,435 +164,429 @@ static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num); static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); static int ssleay_rand_status(void); -RAND_METHOD rand_ssleay_meth={ - ssleay_rand_seed, - ssleay_rand_nopseudo_bytes, - ssleay_rand_cleanup, - ssleay_rand_add, - ssleay_rand_pseudo_bytes, - ssleay_rand_status - }; +RAND_METHOD rand_ssleay_meth = { + ssleay_rand_seed, + ssleay_rand_nopseudo_bytes, + ssleay_rand_cleanup, + ssleay_rand_add, + ssleay_rand_pseudo_bytes, + ssleay_rand_status +}; RAND_METHOD *RAND_SSLeay(void) - { - return(&rand_ssleay_meth); - } +{ + return (&rand_ssleay_meth); +} static void ssleay_rand_cleanup(void) - { - OPENSSL_cleanse(state,sizeof(state)); - state_num=0; - state_index=0; - OPENSSL_cleanse(md,MD_DIGEST_LENGTH); - md_count[0]=0; - md_count[1]=0; - entropy=0; - initialized=0; - } +{ + OPENSSL_cleanse(state, sizeof(state)); + state_num = 0; + state_index = 0; + OPENSSL_cleanse(md, MD_DIGEST_LENGTH); + md_count[0] = 0; + md_count[1] = 0; + entropy = 0; + initialized = 0; +} static void ssleay_rand_add(const void *buf, int num, double add) - { - int i,j,k,st_idx; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; - int do_not_lock; - - if (!num) - return; - - /* - * (Based on the rand(3) manpage) - * - * The input is chopped up into units of 20 bytes (or less for - * the last block). Each of these blocks is run through the hash - * function as follows: The data passed to the hash function - * is the current 'md', the same number of bytes from the 'state' - * (the location determined by in incremented looping index) as - * the current 'block', the new key data 'block', and 'count' - * (which is incremented after each use). - * The result of this is kept in 'md' and also xored into the - * 'state' at the same locations that were used as input into the - * hash function. - */ - - /* check if we already have the lock */ - if (crypto_lock_rand) - { - CRYPTO_THREADID cur; - CRYPTO_THREADID_current(&cur); - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } - else - do_not_lock = 0; - - if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); - st_idx=state_index; - - /* use our own copies of the counters so that even - * if a concurrent thread seeds with exactly the - * same data and uses the same subarray there's _some_ - * difference */ - md_c[0] = md_count[0]; - md_c[1] = md_count[1]; - - memcpy(local_md, md, sizeof md); - - /* state_index <= state_num <= STATE_SIZE */ - state_index += num; - if (state_index >= STATE_SIZE) - { - state_index%=STATE_SIZE; - state_num=STATE_SIZE; - } - else if (state_num < STATE_SIZE) - { - if (state_index > state_num) - state_num=state_index; - } - /* state_index <= state_num <= STATE_SIZE */ - - /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] - * are what we will use now, but other threads may use them - * as well */ - - md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - - if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - EVP_MD_CTX_init(&m); - for (i=0; i<num; i+=MD_DIGEST_LENGTH) - { - j=(num-i); - j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j; - - MD_Init(&m); - MD_Update(&m,local_md,MD_DIGEST_LENGTH); - k=(st_idx+j)-STATE_SIZE; - if (k > 0) - { - MD_Update(&m,&(state[st_idx]),j-k); - MD_Update(&m,&(state[0]),k); - } - else - MD_Update(&m,&(state[st_idx]),j); - - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - MD_Update(&m,buf,j); - /* We know that line may cause programs such as - purify and valgrind to complain about use of - uninitialized data. The problem is not, it's - with the caller. Removing that line will make - sure you get really bad randomness and thereby - other problems such as very insecure keys. */ - - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Final(&m,local_md); - md_c[1]++; - - buf=(const char *)buf + j; - - for (k=0; k<j; k++) - { - /* Parallel threads may interfere with this, - * but always each byte of the new state is - * the XOR of some previous value of its - * and local_md (itermediate values may be lost). - * Alway using locking could hurt performance more - * than necessary given that conflicts occur only - * when the total seeding is longer than the random - * state. */ - state[st_idx++]^=local_md[k]; - if (st_idx >= STATE_SIZE) - st_idx=0; - } - } - EVP_MD_CTX_cleanup(&m); - - if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); - /* Don't just copy back local_md into md -- this could mean that - * other thread's seeding remains without effect (except for - * the incremented counter). By XORing it we keep at least as - * much entropy as fits into md. */ - for (k = 0; k < (int)sizeof(md); k++) - { - md[k] ^= local_md[k]; - } - if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ - entropy += add; - if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - +{ + int i, j, k, st_idx; + long md_c[2]; + unsigned char local_md[MD_DIGEST_LENGTH]; + EVP_MD_CTX m; + int do_not_lock; + + if (!num) + return; + + /* + * (Based on the rand(3) manpage) + * + * The input is chopped up into units of 20 bytes (or less for + * the last block). Each of these blocks is run through the hash + * function as follows: The data passed to the hash function + * is the current 'md', the same number of bytes from the 'state' + * (the location determined by in incremented looping index) as + * the current 'block', the new key data 'block', and 'count' + * (which is incremented after each use). + * The result of this is kept in 'md' and also xored into the + * 'state' at the same locations that were used as input into the + * hash function. + */ + + /* check if we already have the lock */ + if (crypto_lock_rand) { + CRYPTO_THREADID cur; + CRYPTO_THREADID_current(&cur); + CRYPTO_r_lock(CRYPTO_LOCK_RAND2); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); + CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } else + do_not_lock = 0; + + if (!do_not_lock) + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + st_idx = state_index; + + /* + * use our own copies of the counters so that even if a concurrent thread + * seeds with exactly the same data and uses the same subarray there's + * _some_ difference + */ + md_c[0] = md_count[0]; + md_c[1] = md_count[1]; + + memcpy(local_md, md, sizeof md); + + /* state_index <= state_num <= STATE_SIZE */ + state_index += num; + if (state_index >= STATE_SIZE) { + state_index %= STATE_SIZE; + state_num = STATE_SIZE; + } else if (state_num < STATE_SIZE) { + if (state_index > state_num) + state_num = state_index; + } + /* state_index <= state_num <= STATE_SIZE */ + + /* + * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we + * will use now, but other threads may use them as well + */ + + md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); + + if (!do_not_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + EVP_MD_CTX_init(&m); + for (i = 0; i < num; i += MD_DIGEST_LENGTH) { + j = (num - i); + j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; + + MD_Init(&m); + MD_Update(&m, local_md, MD_DIGEST_LENGTH); + k = (st_idx + j) - STATE_SIZE; + if (k > 0) { + MD_Update(&m, &(state[st_idx]), j - k); + MD_Update(&m, &(state[0]), k); + } else + MD_Update(&m, &(state[st_idx]), j); + + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + MD_Update(&m, buf, j); + /* + * We know that line may cause programs such as purify and valgrind + * to complain about use of uninitialized data. The problem is not, + * it's with the caller. Removing that line will make sure you get + * really bad randomness and thereby other problems such as very + * insecure keys. + */ + + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + MD_Final(&m, local_md); + md_c[1]++; + + buf = (const char *)buf + j; + + for (k = 0; k < j; k++) { + /* + * Parallel threads may interfere with this, but always each byte + * of the new state is the XOR of some previous value of its and + * local_md (itermediate values may be lost). Alway using locking + * could hurt performance more than necessary given that + * conflicts occur only when the total seeding is longer than the + * random state. + */ + state[st_idx++] ^= local_md[k]; + if (st_idx >= STATE_SIZE) + st_idx = 0; + } + } + EVP_MD_CTX_cleanup(&m); + + if (!do_not_lock) + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + /* + * Don't just copy back local_md into md -- this could mean that other + * thread's seeding remains without effect (except for the incremented + * counter). By XORing it we keep at least as much entropy as fits into + * md. + */ + for (k = 0; k < (int)sizeof(md); k++) { + md[k] ^= local_md[k]; + } + if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ + entropy += add; + if (!do_not_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) - assert(md_c[1] == md_count[1]); + assert(md_c[1] == md_count[1]); #endif - } +} static void ssleay_rand_seed(const void *buf, int num) - { - ssleay_rand_add(buf, num, (double)num); - } +{ + ssleay_rand_add(buf, num, (double)num); +} int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - { - static volatile int stirred_pool = 0; - int i,j,k,st_num,st_idx; - int num_ceil; - int ok; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; +{ + static volatile int stirred_pool = 0; + int i, j, k, st_num, st_idx; + int num_ceil; + int ok; + long md_c[2]; + unsigned char local_md[MD_DIGEST_LENGTH]; + EVP_MD_CTX m; #ifndef GETPID_IS_MEANINGLESS - pid_t curr_pid = getpid(); + pid_t curr_pid = getpid(); #endif - int do_stir_pool = 0; + int do_stir_pool = 0; #ifdef PREDICT - if (rand_predictable) - { - static unsigned char val=0; - - for (i=0; i<num; i++) - buf[i]=val++; - return(1); - } + if (rand_predictable) { + static unsigned char val = 0; + + for (i = 0; i < num; i++) + buf[i] = val++; + return (1); + } #endif - if (num <= 0) - return 1; - - EVP_MD_CTX_init(&m); - /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ - num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); - - /* - * (Based on the rand(3) manpage:) - * - * For each group of 10 bytes (or less), we do the following: - * - * Input into the hash function the local 'md' (which is initialized from - * the global 'md' before any bytes are generated), the bytes that are to - * be overwritten by the random bytes, and bytes from the 'state' - * (incrementing looping index). From this digest output (which is kept - * in 'md'), the top (up to) 10 bytes are returned to the caller and the - * bottom 10 bytes are xored into the 'state'. - * - * Finally, after we have finished 'num' random bytes for the - * caller, 'count' (which is incremented) and the local and global 'md' - * are fed into the hash function and the results are kept in the - * global 'md'. - */ - if (lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - CRYPTO_THREADID_current(&locking_threadid); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); - crypto_lock_rand = 1; - - if (!initialized) - { - RAND_poll(); - initialized = 1; - } - - if (!stirred_pool) - do_stir_pool = 1; - - ok = (entropy >= ENTROPY_NEEDED); - if (!ok) - { - /* If the PRNG state is not yet unpredictable, then seeing - * the PRNG output may help attackers to determine the new - * state; thus we have to decrease the entropy estimate. - * Once we've had enough initial seeding we don't bother to - * adjust the entropy count, though, because we're not ambitious - * to provide *information-theoretic* randomness. - * - * NOTE: This approach fails if the program forks before - * we have enough entropy. Entropy should be collected - * in a separate input pool and be transferred to the - * output pool only when the entropy limit has been reached. - */ - entropy -= num; - if (entropy < 0) - entropy = 0; - } - - if (do_stir_pool) - { - /* In the output function only half of 'md' remains secret, - * so we better make sure that the required entropy gets - * 'evenly distributed' through 'state', our randomness pool. - * The input function (ssleay_rand_add) chains all of 'md', - * which makes it more suitable for this purpose. - */ - - int n = STATE_SIZE; /* so that the complete pool gets accessed */ - while (n > 0) - { + if (num <= 0) + return 1; + + EVP_MD_CTX_init(&m); + /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ + num_ceil = + (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); + + /* + * (Based on the rand(3) manpage:) + * + * For each group of 10 bytes (or less), we do the following: + * + * Input into the hash function the local 'md' (which is initialized from + * the global 'md' before any bytes are generated), the bytes that are to + * be overwritten by the random bytes, and bytes from the 'state' + * (incrementing looping index). From this digest output (which is kept + * in 'md'), the top (up to) 10 bytes are returned to the caller and the + * bottom 10 bytes are xored into the 'state'. + * + * Finally, after we have finished 'num' random bytes for the + * caller, 'count' (which is incremented) and the local and global 'md' + * are fed into the hash function and the results are kept in the + * global 'md'. + */ + if (lock) + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ + CRYPTO_w_lock(CRYPTO_LOCK_RAND2); + CRYPTO_THREADID_current(&locking_threadid); + CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; + + if (!initialized) { + RAND_poll(); + initialized = 1; + } + + if (!stirred_pool) + do_stir_pool = 1; + + ok = (entropy >= ENTROPY_NEEDED); + if (!ok) { + /* + * If the PRNG state is not yet unpredictable, then seeing the PRNG + * output may help attackers to determine the new state; thus we have + * to decrease the entropy estimate. Once we've had enough initial + * seeding we don't bother to adjust the entropy count, though, + * because we're not ambitious to provide *information-theoretic* + * randomness. NOTE: This approach fails if the program forks before + * we have enough entropy. Entropy should be collected in a separate + * input pool and be transferred to the output pool only when the + * entropy limit has been reached. + */ + entropy -= num; + if (entropy < 0) + entropy = 0; + } + + if (do_stir_pool) { + /* + * In the output function only half of 'md' remains secret, so we + * better make sure that the required entropy gets 'evenly + * distributed' through 'state', our randomness pool. The input + * function (ssleay_rand_add) chains all of 'md', which makes it more + * suitable for this purpose. + */ + + int n = STATE_SIZE; /* so that the complete pool gets accessed */ + while (n > 0) { #if MD_DIGEST_LENGTH > 20 # error "Please adjust DUMMY_SEED." #endif #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ - /* Note that the seed does not matter, it's just that - * ssleay_rand_add expects to have something to hash. */ - ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); - n -= MD_DIGEST_LENGTH; - } - if (ok) - stirred_pool = 1; - } - - st_idx=state_index; - st_num=state_num; - md_c[0] = md_count[0]; - md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); - - state_index+=num_ceil; - if (state_index > state_num) - state_index %= state_num; - - /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] - * are now ours (but other threads may use them too) */ - - md_count[0] += 1; - - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - if (lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - while (num > 0) - { - /* num_ceil -= MD_DIGEST_LENGTH/2 */ - j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; - num-=j; - MD_Init(&m); + /* + * Note that the seed does not matter, it's just that + * ssleay_rand_add expects to have something to hash. + */ + ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); + n -= MD_DIGEST_LENGTH; + } + if (ok) + stirred_pool = 1; + } + + st_idx = state_index; + st_num = state_num; + md_c[0] = md_count[0]; + md_c[1] = md_count[1]; + memcpy(local_md, md, sizeof md); + + state_index += num_ceil; + if (state_index > state_num) + state_index %= state_num; + + /* + * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now + * ours (but other threads may use them too) + */ + + md_count[0] += 1; + + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; + if (lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + while (num > 0) { + /* num_ceil -= MD_DIGEST_LENGTH/2 */ + j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; + num -= j; + MD_Init(&m); #ifndef GETPID_IS_MEANINGLESS - if (curr_pid) /* just in the first iteration to save time */ - { - MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid); - curr_pid = 0; - } + if (curr_pid) { /* just in the first iteration to save time */ + MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); + curr_pid = 0; + } #endif - MD_Update(&m,local_md,MD_DIGEST_LENGTH); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - -#ifndef PURIFY /* purify complains */ - /* The following line uses the supplied buffer as a small - * source of entropy: since this buffer is often uninitialised - * it may cause programs such as purify or valgrind to - * complain. So for those builds it is not used: the removal - * of such a small source of entropy has negligible impact on - * security. - */ - MD_Update(&m,buf,j); + MD_Update(&m, local_md, MD_DIGEST_LENGTH); + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + +#ifndef PURIFY /* purify complains */ + /* + * The following line uses the supplied buffer as a small source of + * entropy: since this buffer is often uninitialised it may cause + * programs such as purify or valgrind to complain. So for those + * builds it is not used: the removal of such a small source of + * entropy has negligible impact on security. + */ + MD_Update(&m, buf, j); #endif - k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; - if (k > 0) - { - MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); - MD_Update(&m,&(state[0]),k); - } - else - MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2); - MD_Final(&m,local_md); - - for (i=0; i<MD_DIGEST_LENGTH/2; i++) - { - state[st_idx++]^=local_md[i]; /* may compete with other threads */ - if (st_idx >= st_num) - st_idx=0; - if (i < j) - *(buf++)=local_md[i+MD_DIGEST_LENGTH/2]; - } - } - - MD_Init(&m); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Update(&m,local_md,MD_DIGEST_LENGTH); - if (lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - MD_Update(&m,md,MD_DIGEST_LENGTH); - MD_Final(&m,md); - if (lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - EVP_MD_CTX_cleanup(&m); - if (ok) - return(1); - else if (pseudo) - return 0; - else - { - RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); - ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " - "http://www.openssl.org/support/faq.html"); - return(0); - } - } + k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; + if (k > 0) { + MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); + MD_Update(&m, &(state[0]), k); + } else + MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); + MD_Final(&m, local_md); + + for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { + /* may compete with other threads */ + state[st_idx++] ^= local_md[i]; + if (st_idx >= st_num) + st_idx = 0; + if (i < j) + *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2]; + } + } + + MD_Init(&m); + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + MD_Update(&m, local_md, MD_DIGEST_LENGTH); + if (lock) + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + MD_Update(&m, md, MD_DIGEST_LENGTH); + MD_Final(&m, md); + if (lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + EVP_MD_CTX_cleanup(&m); + if (ok) + return (1); + else if (pseudo) + return 0; + else { + RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); + ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " + "http://www.openssl.org/support/faq.html"); + return (0); + } +} static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) - { - return ssleay_rand_bytes(buf, num, 0, 1); - } +{ + return ssleay_rand_bytes(buf, num, 0, 1); +} -/* pseudo-random bytes that are guaranteed to be unique but not - unpredictable */ -static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) - { - return ssleay_rand_bytes(buf, num, 1, 1); - } +/* + * pseudo-random bytes that are guaranteed to be unique but not unpredictable + */ +static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) +{ + return ssleay_rand_bytes(buf, num, 1, 1); +} static int ssleay_rand_status(void) - { - CRYPTO_THREADID cur; - int ret; - int do_not_lock; - - CRYPTO_THREADID_current(&cur); - /* check if we already have the lock - * (could happen if a RAND_poll() implementation calls RAND_status()) */ - if (crypto_lock_rand) - { - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } - else - do_not_lock = 0; - - if (!do_not_lock) - { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - CRYPTO_THREADID_cpy(&locking_threadid, &cur); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); - crypto_lock_rand = 1; - } - - if (!initialized) - { - RAND_poll(); - initialized = 1; - } - - ret = entropy >= ENTROPY_NEEDED; - - if (!do_not_lock) - { - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } - - return ret; - } +{ + CRYPTO_THREADID cur; + int ret; + int do_not_lock; + + CRYPTO_THREADID_current(&cur); + /* + * check if we already have the lock (could happen if a RAND_poll() + * implementation calls RAND_status()) + */ + if (crypto_lock_rand) { + CRYPTO_r_lock(CRYPTO_LOCK_RAND2); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); + CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } else + do_not_lock = 0; + + if (!do_not_lock) { + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + /* + * prevent ssleay_rand_bytes() from trying to obtain the lock again + */ + CRYPTO_w_lock(CRYPTO_LOCK_RAND2); + CRYPTO_THREADID_cpy(&locking_threadid, &cur); + CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; + } + + if (!initialized) { + RAND_poll(); + initialized = 1; + } + + ret = entropy >= ENTROPY_NEEDED; + + if (!do_not_lock) { + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + } + + return ret; +} diff --git a/openssl/crypto/rand/rand.h b/openssl/crypto/rand/rand.h index bb5520e80..2553afda2 100644 --- a/openssl/crypto/rand/rand.h +++ b/openssl/crypto/rand/rand.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,75 +57,75 @@ */ #ifndef HEADER_RAND_H -#define HEADER_RAND_H +# define HEADER_RAND_H -#include <stdlib.h> -#include <openssl/ossl_typ.h> -#include <openssl/e_os2.h> +# include <stdlib.h> +# include <openssl/ossl_typ.h> +# include <openssl/e_os2.h> -#if defined(OPENSSL_SYS_WINDOWS) -#include <windows.h> -#endif +# if defined(OPENSSL_SYS_WINDOWS) +# include <windows.h> +# endif #ifdef __cplusplus extern "C" { #endif -#if defined(OPENSSL_FIPS) -#define FIPS_RAND_SIZE_T size_t -#endif +# if defined(OPENSSL_FIPS) +# define FIPS_RAND_SIZE_T size_t +# endif /* Already defined in ossl_typ.h */ /* typedef struct rand_meth_st RAND_METHOD; */ -struct rand_meth_st - { - void (*seed)(const void *buf, int num); - int (*bytes)(unsigned char *buf, int num); - void (*cleanup)(void); - void (*add)(const void *buf, int num, double entropy); - int (*pseudorand)(unsigned char *buf, int num); - int (*status)(void); - }; - -#ifdef BN_DEBUG +struct rand_meth_st { + void (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + void (*add) (const void *buf, int num, double entropy); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +# ifdef BN_DEBUG extern int rand_predictable; -#endif +# endif int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); -#ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); -#endif +# endif RAND_METHOD *RAND_SSLeay(void); -void RAND_cleanup(void ); -int RAND_bytes(unsigned char *buf,int num); -int RAND_pseudo_bytes(unsigned char *buf,int num); -void RAND_seed(const void *buf,int num); -void RAND_add(const void *buf,int num,double entropy); -int RAND_load_file(const char *file,long max_bytes); -int RAND_write_file(const char *file); -const char *RAND_file_name(char *file,size_t num); +void RAND_cleanup(void); +int RAND_bytes(unsigned char *buf, int num); +int RAND_pseudo_bytes(unsigned char *buf, int num); +void RAND_seed(const void *buf, int num); +void RAND_add(const void *buf, int num, double entropy); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); int RAND_status(void); int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); -int RAND_egd_bytes(const char *path,int bytes); +int RAND_egd_bytes(const char *path, int bytes); int RAND_poll(void); -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) void RAND_screen(void); int RAND_event(UINT, WPARAM, LPARAM); -#endif +# endif -#ifdef OPENSSL_FIPS +# ifdef OPENSSL_FIPS void RAND_set_fips_drbg_type(int type, int flags); int RAND_init_fips(void); -#endif +# endif /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_RAND_strings(void); @@ -133,16 +133,16 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ -#define RAND_F_RAND_GET_RAND_METHOD 101 -#define RAND_F_RAND_INIT_FIPS 102 -#define RAND_F_SSLEAY_RAND_BYTES 100 +# define RAND_F_RAND_GET_RAND_METHOD 101 +# define RAND_F_RAND_INIT_FIPS 102 +# define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ -#define RAND_R_DUAL_EC_DRBG_DISABLED 104 -#define RAND_R_ERROR_INITIALISING_DRBG 102 -#define RAND_R_ERROR_INSTANTIATING_DRBG 103 -#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 -#define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_DUAL_EC_DRBG_DISABLED 104 +# define RAND_R_ERROR_INITIALISING_DRBG 102 +# define RAND_R_ERROR_INSTANTIATING_DRBG 103 +# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 +# define RAND_R_PRNG_NOT_SEEDED 100 #ifdef __cplusplus } diff --git a/openssl/crypto/rand/rand_egd.c b/openssl/crypto/rand/rand_egd.c index d53b916eb..1b6e501b7 100644 --- a/openssl/crypto/rand/rand_egd.c +++ b/openssl/crypto/rand/rand_egd.c @@ -8,7 +8,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,7 +58,7 @@ #include <openssl/rand.h> #include <openssl/buffer.h> -/* +/*- * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. * * This module supplies three routines: @@ -97,207 +97,195 @@ #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) - { - return(-1); - } +{ + return (-1); +} + int RAND_egd(const char *path) - { - return(-1); - } +{ + return (-1); +} -int RAND_egd_bytes(const char *path,int bytes) - { - return(-1); - } +int RAND_egd_bytes(const char *path, int bytes) +{ + return (-1); +} #else -#include <openssl/opensslconf.h> -#include OPENSSL_UNISTD -#include <sys/types.h> -#include <sys/socket.h> -#ifndef NO_SYS_UN_H -# ifdef OPENSSL_SYS_VXWORKS +# include <openssl/opensslconf.h> +# include OPENSSL_UNISTD +# include <sys/types.h> +# include <sys/socket.h> +# ifndef NO_SYS_UN_H +# ifdef OPENSSL_SYS_VXWORKS # include <streams/un.h> -# else +# else # include <sys/un.h> -# endif -#else -struct sockaddr_un { - short sun_family; /* AF_UNIX */ - char sun_path[108]; /* path name (gag) */ +# endif +# else +struct sockaddr_un { + short sun_family; /* AF_UNIX */ + char sun_path[108]; /* path name (gag) */ }; -#endif /* NO_SYS_UN_H */ -#include <string.h> -#include <errno.h> +# endif /* NO_SYS_UN_H */ +# include <string.h> +# include <errno.h> -#ifndef offsetof +# ifndef offsetof # define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) -#endif +# endif int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) - { - int ret = 0; - struct sockaddr_un addr; - int len, num, numbytes; - int fd = -1; - int success; - unsigned char egdbuf[2], tempbuf[255], *retrievebuf; +{ + int ret = 0; + struct sockaddr_un addr; + int len, num, numbytes; + int fd = -1; + int success; + unsigned char egdbuf[2], tempbuf[255], *retrievebuf; - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - if (strlen(path) >= sizeof(addr.sun_path)) - return (-1); - BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); - len = offsetof(struct sockaddr_un, sun_path) + strlen(path); - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd == -1) return (-1); - success = 0; - while (!success) - { - if (connect(fd, (struct sockaddr *)&addr, len) == 0) - success = 1; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif -#ifdef EINPROGRESS - case EINPROGRESS: -#endif -#ifdef EALREADY - case EALREADY: -#endif - /* No error, try again */ - break; -#ifdef EISCONN - case EISCONN: - success = 1; - break; -#endif - default: - goto err; /* failure */ - } - } - } + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + if (strlen(path) >= sizeof(addr.sun_path)) + return (-1); + BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path); + len = offsetof(struct sockaddr_un, sun_path) + strlen(path); + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd == -1) + return (-1); + success = 0; + while (!success) { + if (connect(fd, (struct sockaddr *)&addr, len) == 0) + success = 1; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif +# ifdef EINPROGRESS + case EINPROGRESS: +# endif +# ifdef EALREADY + case EALREADY: +# endif + /* No error, try again */ + break; +# ifdef EISCONN + case EISCONN: + success = 1; + break; +# endif + default: + goto err; /* failure */ + } + } + } - while(bytes > 0) - { - egdbuf[0] = 1; - egdbuf[1] = bytes < 255 ? bytes : 255; - numbytes = 0; - while (numbytes != 2) - { - num = write(fd, egdbuf + numbytes, 2 - numbytes); - if (num >= 0) - numbytes += num; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - numbytes = 0; - while (numbytes != 1) - { - num = read(fd, egdbuf, 1); - if (num == 0) - goto err; /* descriptor closed */ - else if (num > 0) - numbytes += num; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - if(egdbuf[0] == 0) - goto err; - if (buf) - retrievebuf = buf + ret; - else - retrievebuf = tempbuf; - numbytes = 0; - while (numbytes != egdbuf[0]) - { - num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); - if (num == 0) - goto err; /* descriptor closed */ - else if (num > 0) - numbytes += num; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - ret += egdbuf[0]; - bytes -= egdbuf[0]; - if (!buf) - RAND_seed(tempbuf, egdbuf[0]); - } + while (bytes > 0) { + egdbuf[0] = 1; + egdbuf[1] = bytes < 255 ? bytes : 255; + numbytes = 0; + while (numbytes != 2) { + num = write(fd, egdbuf + numbytes, 2 - numbytes); + if (num >= 0) + numbytes += num; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif + /* No error, try again */ + break; + default: + ret = -1; + goto err; /* failure */ + } + } + } + numbytes = 0; + while (numbytes != 1) { + num = read(fd, egdbuf, 1); + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) + numbytes += num; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif + /* No error, try again */ + break; + default: + ret = -1; + goto err; /* failure */ + } + } + } + if (egdbuf[0] == 0) + goto err; + if (buf) + retrievebuf = buf + ret; + else + retrievebuf = tempbuf; + numbytes = 0; + while (numbytes != egdbuf[0]) { + num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) + numbytes += num; + else { + switch (errno) { +# ifdef EINTR + case EINTR: +# endif +# ifdef EAGAIN + case EAGAIN: +# endif + /* No error, try again */ + break; + default: + ret = -1; + goto err; /* failure */ + } + } + } + ret += egdbuf[0]; + bytes -= egdbuf[0]; + if (!buf) + RAND_seed(tempbuf, egdbuf[0]); + } err: - if (fd != -1) close(fd); - return(ret); - } - + if (fd != -1) + close(fd); + return (ret); +} int RAND_egd_bytes(const char *path, int bytes) - { - int num, ret = 0; +{ + int num, ret = 0; - num = RAND_query_egd_bytes(path, NULL, bytes); - if (num < 1) goto err; - if (RAND_status() == 1) - ret = num; + num = RAND_query_egd_bytes(path, NULL, bytes); + if (num < 1) + goto err; + if (RAND_status() == 1) + ret = num; err: - return(ret); - } - + return (ret); +} int RAND_egd(const char *path) - { - return (RAND_egd_bytes(path, 255)); - } - +{ + return (RAND_egd_bytes(path, 255)); +} #endif diff --git a/openssl/crypto/rand/rand_err.c b/openssl/crypto/rand/rand_err.c index c4c80fc8c..55d86ea8a 100644 --- a/openssl/crypto/rand/rand_err.c +++ b/openssl/crypto/rand/rand_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,8 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -65,37 +66,35 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) -static ERR_STRING_DATA RAND_str_functs[]= - { -{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, -{ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, -{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, -{0,NULL} - }; +static ERR_STRING_DATA RAND_str_functs[] = { + {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, + {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, + {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, + {0, NULL} +}; -static ERR_STRING_DATA RAND_str_reasons[]= - { -{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"}, -{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, -{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, -{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, -{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, -{0,NULL} - }; +static ERR_STRING_DATA RAND_str_reasons[] = { + {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"}, + {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, + {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, + {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET), + "no fips random method set"}, + {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, + {0, NULL} +}; #endif void ERR_load_RAND_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) - { - ERR_load_strings(0,RAND_str_functs); - ERR_load_strings(0,RAND_str_reasons); - } + if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) { + ERR_load_strings(0, RAND_str_functs); + ERR_load_strings(0, RAND_str_reasons); + } #endif - } +} diff --git a/openssl/crypto/rand/rand_lcl.h b/openssl/crypto/rand/rand_lcl.h index 0fabf8dc5..f9fda3eb8 100644 --- a/openssl/crypto/rand/rand_lcl.h +++ b/openssl/crypto/rand/rand_lcl.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -110,49 +110,48 @@ */ #ifndef HEADER_RAND_LCL_H -#define HEADER_RAND_LCL_H +# define HEADER_RAND_LCL_H -#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ +# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ +# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) +# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +# define USE_SHA1_RAND +# elif !defined(OPENSSL_NO_MD5) +# define USE_MD5_RAND +# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) +# define USE_MDC2_RAND +# elif !defined(OPENSSL_NO_MD2) +# define USE_MD2_RAND +# else +# error No message digest algorithm available +# endif +# endif -#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -#define USE_SHA1_RAND -#elif !defined(OPENSSL_NO_MD5) -#define USE_MD5_RAND -#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -#define USE_MDC2_RAND -#elif !defined(OPENSSL_NO_MD2) -#define USE_MD2_RAND -#else -#error No message digest algorithm available -#endif -#endif - -#include <openssl/evp.h> -#define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) -#define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL) -#if defined(USE_MD5_RAND) -#include <openssl/md5.h> -#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL) -#elif defined(USE_SHA1_RAND) -#include <openssl/sha.h> -#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) -#elif defined(USE_MDC2_RAND) -#include <openssl/mdc2.h> -#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL) -#elif defined(USE_MD2_RAND) -#include <openssl/md2.h> -#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) -#endif +# include <openssl/evp.h> +# define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) +# define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL) +# if defined(USE_MD5_RAND) +# include <openssl/md5.h> +# define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH +# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL) +# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL) +# elif defined(USE_SHA1_RAND) +# include <openssl/sha.h> +# define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH +# define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) +# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) +# elif defined(USE_MDC2_RAND) +# include <openssl/mdc2.h> +# define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH +# define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL) +# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL) +# elif defined(USE_MD2_RAND) +# include <openssl/md2.h> +# define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH +# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL) +# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) +# endif int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock); diff --git a/openssl/crypto/rand/rand_lib.c b/openssl/crypto/rand/rand_lib.c index 239a1cde8..88a78d350 100644 --- a/openssl/crypto/rand/rand_lib.c +++ b/openssl/crypto/rand/rand_lib.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,246 +62,239 @@ #include <openssl/rand.h> #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif #ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#include <openssl/fips_rand.h> -#include "rand_lcl.h" +# include <openssl/fips.h> +# include <openssl/fips_rand.h> +# include "rand_lcl.h" #endif #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -static ENGINE *funct_ref =NULL; +static ENGINE *funct_ref = NULL; #endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) - { +{ #ifndef OPENSSL_NO_ENGINE - if(funct_ref) - { - ENGINE_finish(funct_ref); - funct_ref = NULL; - } + if (funct_ref) { + ENGINE_finish(funct_ref); + funct_ref = NULL; + } #endif - default_RAND_meth = meth; - return 1; - } + default_RAND_meth = meth; + return 1; +} const RAND_METHOD *RAND_get_rand_method(void) - { - if (!default_RAND_meth) - { +{ + if (!default_RAND_meth) { #ifndef OPENSSL_NO_ENGINE - ENGINE *e = ENGINE_get_default_RAND(); - if(e) - { - default_RAND_meth = ENGINE_get_RAND(e); - if(!default_RAND_meth) - { - ENGINE_finish(e); - e = NULL; - } - } - if(e) - funct_ref = e; - else + ENGINE *e = ENGINE_get_default_RAND(); + if (e) { + default_RAND_meth = ENGINE_get_RAND(e); + if (!default_RAND_meth) { + ENGINE_finish(e); + e = NULL; + } + } + if (e) + funct_ref = e; + else #endif - default_RAND_meth = RAND_SSLeay(); - } - return default_RAND_meth; - } + default_RAND_meth = RAND_SSLeay(); + } + return default_RAND_meth; +} #ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) - { - const RAND_METHOD *tmp_meth = NULL; - if(engine) - { - if(!ENGINE_init(engine)) - return 0; - tmp_meth = ENGINE_get_RAND(engine); - if(!tmp_meth) - { - ENGINE_finish(engine); - return 0; - } - } - /* This function releases any prior ENGINE so call it first */ - RAND_set_rand_method(tmp_meth); - funct_ref = engine; - return 1; - } +{ + const RAND_METHOD *tmp_meth = NULL; + if (engine) { + if (!ENGINE_init(engine)) + return 0; + tmp_meth = ENGINE_get_RAND(engine); + if (!tmp_meth) { + ENGINE_finish(engine); + return 0; + } + } + /* This function releases any prior ENGINE so call it first */ + RAND_set_rand_method(tmp_meth); + funct_ref = engine; + return 1; +} #endif void RAND_cleanup(void) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->cleanup) - meth->cleanup(); - RAND_set_rand_method(NULL); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->cleanup) + meth->cleanup(); + RAND_set_rand_method(NULL); +} void RAND_seed(const void *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->seed) - meth->seed(buf,num); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->seed) + meth->seed(buf, num); +} void RAND_add(const void *buf, int num, double entropy) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->add) - meth->add(buf,num,entropy); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->add) + meth->add(buf, num, entropy); +} int RAND_bytes(unsigned char *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->bytes) - return meth->bytes(buf,num); - return(-1); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->bytes) + return meth->bytes(buf, num); + return (-1); +} int RAND_pseudo_bytes(unsigned char *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->pseudorand) - return meth->pseudorand(buf,num); - return(-1); - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->pseudorand) + return meth->pseudorand(buf, num); + return (-1); +} int RAND_status(void) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->status) - return meth->status(); - return 0; - } +{ + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->status) + return meth->status(); + return 0; +} #ifdef OPENSSL_FIPS -/* FIPS DRBG initialisation code. This sets up the DRBG for use by the - * rest of OpenSSL. +/* + * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest + * of OpenSSL. */ -/* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather +/* + * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather * entropy internally through RAND_poll(). */ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, - int entropy, size_t min_len, size_t max_len) - { - /* Round up request to multiple of block size */ - min_len = ((min_len + 19) / 20) * 20; - *pout = OPENSSL_malloc(min_len); - if (!*pout) - return 0; - if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) - { - OPENSSL_free(*pout); - *pout = NULL; - return 0; - } - return min_len; - } + int entropy, size_t min_len, size_t max_len) +{ + /* Round up request to multiple of block size */ + min_len = ((min_len + 19) / 20) * 20; + *pout = OPENSSL_malloc(min_len); + if (!*pout) + return 0; + if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) { + OPENSSL_free(*pout); + *pout = NULL; + return 0; + } + return min_len; +} static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) - { - if (out) - { - OPENSSL_cleanse(out, olen); - OPENSSL_free(out); - } - } +{ + if (out) { + OPENSSL_cleanse(out, olen); + OPENSSL_free(out); + } +} -/* Set "additional input" when generating random data. This uses the - * current PID, a time value and a counter. +/* + * Set "additional input" when generating random data. This uses the current + * PID, a time value and a counter. */ static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) - { - /* Use of static variables is OK as this happens under a lock */ - static unsigned char buf[16]; - static unsigned long counter; - FIPS_get_timevec(buf, &counter); - *pout = buf; - return sizeof(buf); - } +{ + /* Use of static variables is OK as this happens under a lock */ + static unsigned char buf[16]; + static unsigned long counter; + FIPS_get_timevec(buf, &counter); + *pout = buf; + return sizeof(buf); +} -/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is +/* + * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is * correctly seeded by RAND_poll(). */ static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, - double entropy) - { - RAND_SSLeay()->add(in, inlen, entropy); - return 1; - } + double entropy) +{ + RAND_SSLeay()->add(in, inlen, entropy); + return 1; +} static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) - { - RAND_SSLeay()->seed(in, inlen); - return 1; - } +{ + RAND_SSLeay()->seed(in, inlen); + return 1; +} -#ifndef OPENSSL_DRBG_DEFAULT_TYPE -#define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr -#endif -#ifndef OPENSSL_DRBG_DEFAULT_FLAGS -#define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF -#endif +# ifndef OPENSSL_DRBG_DEFAULT_TYPE +# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr +# endif +# ifndef OPENSSL_DRBG_DEFAULT_FLAGS +# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF +# endif static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; void RAND_set_fips_drbg_type(int type, int flags) - { - fips_drbg_type = type; - fips_drbg_flags = flags; - } +{ + fips_drbg_type = type; + fips_drbg_flags = flags; +} int RAND_init_fips(void) - { - DRBG_CTX *dctx; - size_t plen; - unsigned char pers[32], *p; -#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG - if (fips_drbg_type >> 16) - { - RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); - return 0; - } -#endif - - dctx = FIPS_get_default_drbg(); - if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) - { - RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); - return 0; - } - - FIPS_drbg_set_callbacks(dctx, - drbg_get_entropy, drbg_free_entropy, 20, - drbg_get_entropy, drbg_free_entropy); - FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, - drbg_rand_seed, drbg_rand_add); - /* Personalisation string: a string followed by date time vector */ - strcpy((char *)pers, "OpenSSL DRBG2.0"); - plen = drbg_get_adin(dctx, &p); - memcpy(pers + 16, p, plen); +{ + DRBG_CTX *dctx; + size_t plen; + unsigned char pers[32], *p; +# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG + if (fips_drbg_type >> 16) { + RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); + return 0; + } +# endif + + dctx = FIPS_get_default_drbg(); + if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { + RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); + return 0; + } + + FIPS_drbg_set_callbacks(dctx, + drbg_get_entropy, drbg_free_entropy, 20, + drbg_get_entropy, drbg_free_entropy); + FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, + drbg_rand_seed, drbg_rand_add); + /* Personalisation string: a string followed by date time vector */ + strcpy((char *)pers, "OpenSSL DRBG2.0"); + plen = drbg_get_adin(dctx, &p); + memcpy(pers + 16, p, plen); - if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) - { - RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); - return 0; - } - FIPS_rand_set_method(FIPS_drbg_method()); - return 1; - } + if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { + RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); + return 0; + } + FIPS_rand_set_method(FIPS_drbg_method()); + return 1; +} #endif diff --git a/openssl/crypto/rand/rand_nw.c b/openssl/crypto/rand/rand_nw.c index 8d5b8d2e3..55ffe9ad5 100644 --- a/openssl/crypto/rand/rand_nw.c +++ b/openssl/crypto/rand/rand_nw.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -115,69 +115,65 @@ #if defined (OPENSSL_SYS_NETWARE) -#if defined(NETWARE_LIBC) -#include <nks/thread.h> -#else -#include <nwthread.h> -#endif +# if defined(NETWARE_LIBC) +# include <nks/thread.h> +# else +# include <nwthread.h> +# endif extern int GetProcessSwitchCount(void); -#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) -extern void *RunningProcess; /* declare here same as found in newer NDKs */ +# if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) +extern void *RunningProcess; /* declare here same as found in newer NDKs */ extern unsigned long GetSuperHighResolutionTimer(void); -#endif +# endif - /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed - */ + /* + * the FAQ indicates we need to provide at least 20 bytes (160 bits) of + * seed + */ int RAND_poll(void) { - unsigned long l; - unsigned long tsc; - int i; + unsigned long l; + unsigned long tsc; + int i; - /* There are several options to gather miscellaneous data - * but for now we will loop checking the time stamp counter (rdtsc) and - * the SuperHighResolutionTimer. Each iteration will collect 8 bytes - * of data but it is treated as only 1 byte of entropy. The call to - * ThreadSwitchWithDelay() will introduce additional variability into - * the data returned by rdtsc. - * - * Applications can agument the seed material by adding additional - * stuff with RAND_add() and should probably do so. - */ - l = GetProcessSwitchCount(); - RAND_add(&l,sizeof(l),1); - - /* need to cast the void* to unsigned long here */ - l = (unsigned long)RunningProcess; - RAND_add(&l,sizeof(l),1); + /* + * There are several options to gather miscellaneous data but for now we + * will loop checking the time stamp counter (rdtsc) and the + * SuperHighResolutionTimer. Each iteration will collect 8 bytes of data + * but it is treated as only 1 byte of entropy. The call to + * ThreadSwitchWithDelay() will introduce additional variability into the + * data returned by rdtsc. Applications can agument the seed material by + * adding additional stuff with RAND_add() and should probably do so. + */ + l = GetProcessSwitchCount(); + RAND_add(&l, sizeof(l), 1); - for( i=2; i<ENTROPY_NEEDED; i++) - { -#ifdef __MWERKS__ - asm - { - rdtsc - mov tsc, eax - } -#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) - asm volatile("rdtsc":"=a"(tsc)::"edx"); -#endif + /* need to cast the void* to unsigned long here */ + l = (unsigned long)RunningProcess; + RAND_add(&l, sizeof(l), 1); - RAND_add(&tsc, sizeof(tsc), 1); + for (i = 2; i < ENTROPY_NEEDED; i++) { +# ifdef __MWERKS__ + asm { + rdtsc mov tsc, eax} +# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + asm volatile ("rdtsc":"=a" (tsc)::"edx"); +# endif + + RAND_add(&tsc, sizeof(tsc), 1); - l = GetSuperHighResolutionTimer(); - RAND_add(&l, sizeof(l), 0); + l = GetSuperHighResolutionTimer(); + RAND_add(&l, sizeof(l), 0); # if defined(NETWARE_LIBC) - NXThreadYield(); -# else /* NETWARE_CLIB */ - ThreadSwitchWithDelay(); + NXThreadYield(); +# else /* NETWARE_CLIB */ + ThreadSwitchWithDelay(); # endif - } + } - return 1; + return 1; } -#endif - +#endif diff --git a/openssl/crypto/rand/rand_os2.c b/openssl/crypto/rand/rand_os2.c index fc1e78b17..9c4a137bb 100644 --- a/openssl/crypto/rand/rand_os2.c +++ b/openssl/crypto/rand/rand_os2.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,29 +59,32 @@ #ifdef OPENSSL_SYS_OS2 -#define INCL_DOSPROCESS -#define INCL_DOSPROFILE -#define INCL_DOSMISC -#define INCL_DOSMODULEMGR -#include <os2.h> +# define INCL_DOSPROCESS +# define INCL_DOSPROFILE +# define INCL_DOSMISC +# define INCL_DOSMODULEMGR +# include <os2.h> -#define CMD_KI_RDCNT (0x63) +# define CMD_KI_RDCNT (0x63) typedef struct _CPUUTIL { - ULONG ulTimeLow; /* Low 32 bits of time stamp */ - ULONG ulTimeHigh; /* High 32 bits of time stamp */ - ULONG ulIdleLow; /* Low 32 bits of idle time */ - ULONG ulIdleHigh; /* High 32 bits of idle time */ - ULONG ulBusyLow; /* Low 32 bits of busy time */ - ULONG ulBusyHigh; /* High 32 bits of busy time */ - ULONG ulIntrLow; /* Low 32 bits of interrupt time */ + ULONG ulTimeLow; /* Low 32 bits of time stamp */ + ULONG ulTimeHigh; /* High 32 bits of time stamp */ + ULONG ulIdleLow; /* Low 32 bits of idle time */ + ULONG ulIdleHigh; /* High 32 bits of idle time */ + ULONG ulBusyLow; /* Low 32 bits of busy time */ + ULONG ulBusyHigh; /* High 32 bits of busy time */ + ULONG ulIntrLow; /* Low 32 bits of interrupt time */ ULONG ulIntrHigh; /* High 32 bits of interrupt time */ } CPUUTIL; -#ifndef __KLIBC__ -APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL; -APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL; -#endif +# ifndef __KLIBC__ +APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, + ULONG ulParm2, ULONG ulParm3) = NULL; +APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, + ULONG _res_, PVOID buf, ULONG bufsz) = + NULL; +# endif HMODULE hDoscalls = 0; int RAND_poll(void) @@ -91,56 +94,67 @@ int RAND_poll(void) ULONG SysVars[QSV_FOREGROUND_PROCESS]; if (hDoscalls == 0) { - ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls); + ULONG rc = + DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", + &hDoscalls); -#ifndef __KLIBC__ +# ifndef __KLIBC__ if (rc == 0) { - rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall); + rc = DosQueryProcAddr(hDoscalls, 976, NULL, + (PFN *) & DosPerfSysCall); if (rc) DosPerfSysCall = NULL; - rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState); + rc = DosQueryProcAddr(hDoscalls, 368, NULL, + (PFN *) & DosQuerySysState); if (rc) DosQuerySysState = NULL; } -#endif +# endif } /* Sample the hi-res timer, runs at around 1.1 MHz */ DosTmrQueryTime(&qwTime); RAND_add(&qwTime, sizeof(qwTime), 2); - /* Sample a bunch of system variables, includes various process & memory statistics */ + /* + * Sample a bunch of system variables, includes various process & memory + * statistics + */ DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars)); RAND_add(SysVars, sizeof(SysVars), 4); - /* If available, sample CPU registers that count at CPU MHz - * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this + /* + * If available, sample CPU registers that count at CPU MHz Only fairly + * new CPUs (PPro & K6 onwards) & OS/2 versions support this */ if (DosPerfSysCall) { CPUUTIL util; - if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) { + if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG) & util, 0, 0) == 0) { RAND_add(&util, sizeof(util), 10); - } - else { -#ifndef __KLIBC__ + } else { +# ifndef __KLIBC__ DosPerfSysCall = NULL; -#endif +# endif } } - /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */ + /* + * DosQuerySysState() gives us a huge quantity of process, thread, memory + * & handle stats + */ if (DosQuerySysState) { char *buffer = OPENSSL_malloc(256 * 1024); if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { - /* First 4 bytes in buffer is a pointer to the thread count - * there should be at least 1 byte of entropy per thread + /* + * First 4 bytes in buffer is a pointer to the thread count there + * should be at least 1 byte of entropy per thread */ - RAND_add(buffer, 256 * 1024, **(ULONG **)buffer); + RAND_add(buffer, 256 * 1024, **(ULONG **) buffer); } OPENSSL_free(buffer); @@ -150,4 +164,4 @@ int RAND_poll(void) return 0; } -#endif /* OPENSSL_SYS_OS2 */ +#endif /* OPENSSL_SYS_OS2 */ diff --git a/openssl/crypto/rand/rand_unix.c b/openssl/crypto/rand/rand_unix.c index e3a65571c..266111edd 100644 --- a/openssl/crypto/rand/rand_unix.c +++ b/openssl/crypto/rand/rand_unix.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -118,314 +118,330 @@ #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) -#include <sys/types.h> -#include <sys/time.h> -#include <sys/times.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> -#include <time.h> -#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ -# include <poll.h> -#endif -#include <limits.h> -#ifndef FD_SETSIZE -# define FD_SETSIZE (8*sizeof(fd_set)) -#endif - -#if defined(OPENSSL_SYS_VOS) - -/* The following algorithm repeatedly samples the real-time clock - (RTC) to generate a sequence of unpredictable data. The algorithm - relies upon the uneven execution speed of the code (due to factors - such as cache misses, interrupts, bus activity, and scheduling) and - upon the rather large relative difference between the speed of the - clock and the rate at which it can be read. - - If this code is ported to an environment where execution speed is - more constant or where the RTC ticks at a much slower rate, or the - clock can be read with fewer instructions, it is likely that the - results would be far more predictable. - - As a precaution, we generate 4 times the minimum required amount of - seed data. */ +# include <sys/types.h> +# include <sys/time.h> +# include <sys/times.h> +# include <sys/stat.h> +# include <fcntl.h> +# include <unistd.h> +# include <time.h> +# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually + * everywhere */ +# include <poll.h> +# endif +# include <limits.h> +# ifndef FD_SETSIZE +# define FD_SETSIZE (8*sizeof(fd_set)) +# endif + +# if defined(OPENSSL_SYS_VOS) + +/* + * The following algorithm repeatedly samples the real-time clock (RTC) to + * generate a sequence of unpredictable data. The algorithm relies upon the + * uneven execution speed of the code (due to factors such as cache misses, + * interrupts, bus activity, and scheduling) and upon the rather large + * relative difference between the speed of the clock and the rate at which + * it can be read. + * + * If this code is ported to an environment where execution speed is more + * constant or where the RTC ticks at a much slower rate, or the clock can be + * read with fewer instructions, it is likely that the results would be far + * more predictable. + * + * As a precaution, we generate 4 times the minimum required amount of seed + * data. + */ int RAND_poll(void) { - short int code; - gid_t curr_gid; - pid_t curr_pid; - uid_t curr_uid; - int i, k; - struct timespec ts; - unsigned char v; - -#ifdef OPENSSL_SYS_VOS_HPPA - long duration; - extern void s$sleep (long *_duration, short int *_code); -#else -#ifdef OPENSSL_SYS_VOS_IA32 - long long duration; - extern void s$sleep2 (long long *_duration, short int *_code); -#else -#error "Unsupported Platform." -#endif /* OPENSSL_SYS_VOS_IA32 */ -#endif /* OPENSSL_SYS_VOS_HPPA */ - - /* Seed with the gid, pid, and uid, to ensure *some* - variation between different processes. */ - - curr_gid = getgid(); - RAND_add (&curr_gid, sizeof curr_gid, 1); - curr_gid = 0; - - curr_pid = getpid(); - RAND_add (&curr_pid, sizeof curr_pid, 1); - curr_pid = 0; - - curr_uid = getuid(); - RAND_add (&curr_uid, sizeof curr_uid, 1); - curr_uid = 0; - - for (i=0; i<(ENTROPY_NEEDED*4); i++) - { - /* burn some cpu; hope for interrupts, cache - collisions, bus interference, etc. */ - for (k=0; k<99; k++) - ts.tv_nsec = random (); - -#ifdef OPENSSL_SYS_VOS_HPPA - /* sleep for 1/1024 of a second (976 us). */ - duration = 1; - s$sleep (&duration, &code); -#else -#ifdef OPENSSL_SYS_VOS_IA32 - /* sleep for 1/65536 of a second (15 us). */ - duration = 1; - s$sleep2 (&duration, &code); -#endif /* OPENSSL_SYS_VOS_IA32 */ -#endif /* OPENSSL_SYS_VOS_HPPA */ - - /* get wall clock time. */ - clock_gettime (CLOCK_REALTIME, &ts); - - /* take 8 bits */ - v = (unsigned char) (ts.tv_nsec % 256); - RAND_add (&v, sizeof v, 1); - v = 0; - } - return 1; + short int code; + gid_t curr_gid; + pid_t curr_pid; + uid_t curr_uid; + int i, k; + struct timespec ts; + unsigned char v; + +# ifdef OPENSSL_SYS_VOS_HPPA + long duration; + extern void s$sleep(long *_duration, short int *_code); +# else +# ifdef OPENSSL_SYS_VOS_IA32 + long long duration; + extern void s$sleep2(long long *_duration, short int *_code); +# else +# error "Unsupported Platform." +# endif /* OPENSSL_SYS_VOS_IA32 */ +# endif /* OPENSSL_SYS_VOS_HPPA */ + + /* + * Seed with the gid, pid, and uid, to ensure *some* variation between + * different processes. + */ + + curr_gid = getgid(); + RAND_add(&curr_gid, sizeof curr_gid, 1); + curr_gid = 0; + + curr_pid = getpid(); + RAND_add(&curr_pid, sizeof curr_pid, 1); + curr_pid = 0; + + curr_uid = getuid(); + RAND_add(&curr_uid, sizeof curr_uid, 1); + curr_uid = 0; + + for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { + /* + * burn some cpu; hope for interrupts, cache collisions, bus + * interference, etc. + */ + for (k = 0; k < 99; k++) + ts.tv_nsec = random(); + +# ifdef OPENSSL_SYS_VOS_HPPA + /* sleep for 1/1024 of a second (976 us). */ + duration = 1; + s$sleep(&duration, &code); +# else +# ifdef OPENSSL_SYS_VOS_IA32 + /* sleep for 1/65536 of a second (15 us). */ + duration = 1; + s$sleep2(&duration, &code); +# endif /* OPENSSL_SYS_VOS_IA32 */ +# endif /* OPENSSL_SYS_VOS_HPPA */ + + /* get wall clock time. */ + clock_gettime(CLOCK_REALTIME, &ts); + + /* take 8 bits */ + v = (unsigned char)(ts.tv_nsec % 256); + RAND_add(&v, sizeof v, 1); + v = 0; + } + return 1; } -#elif defined __OpenBSD__ +# elif defined __OpenBSD__ int RAND_poll(void) { - u_int32_t rnd = 0, i; - unsigned char buf[ENTROPY_NEEDED]; - - for (i = 0; i < sizeof(buf); i++) { - if (i % 4 == 0) - rnd = arc4random(); - buf[i] = rnd; - rnd >>= 8; - } - RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); - memset(buf, 0, sizeof(buf)); - - return 1; + u_int32_t rnd = 0, i; + unsigned char buf[ENTROPY_NEEDED]; + + for (i = 0; i < sizeof(buf); i++) { + if (i % 4 == 0) + rnd = arc4random(); + buf[i] = rnd; + rnd >>= 8; + } + RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); + memset(buf, 0, sizeof(buf)); + + return 1; } -#else /* !defined(__OpenBSD__) */ +# else /* !defined(__OpenBSD__) */ int RAND_poll(void) { - unsigned long l; - pid_t curr_pid = getpid(); -#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - unsigned char tmpbuf[ENTROPY_NEEDED]; - int n = 0; -#endif -#ifdef DEVRANDOM - static const char *randomfiles[] = { DEVRANDOM }; - struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; - int fd; - unsigned int i; -#endif -#ifdef DEVRANDOM_EGD - static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; - const char **egdsocket = NULL; -#endif - -#ifdef DEVRANDOM - memset(randomstats,0,sizeof(randomstats)); - /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD - * have this. Use /dev/urandom if you can as /dev/random may block - * if it runs out of random entries. */ - - for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) && - (n < ENTROPY_NEEDED); i++) - { - if ((fd = open(randomfiles[i], O_RDONLY -#ifdef O_NONBLOCK - |O_NONBLOCK -#endif -#ifdef O_BINARY - |O_BINARY -#endif -#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it - our controlling tty */ - |O_NOCTTY -#endif - )) >= 0) - { - int usec = 10*1000; /* spend 10ms on each file */ - int r; - unsigned int j; - struct stat *st=&randomstats[i]; - - /* Avoid using same input... Used to be O_NOFOLLOW - * above, but it's not universally appropriate... */ - if (fstat(fd,st) != 0) { close(fd); continue; } - for (j=0;j<i;j++) - { - if (randomstats[j].st_ino==st->st_ino && - randomstats[j].st_dev==st->st_dev) - break; - } - if (j<i) { close(fd); continue; } - - do - { - int try_read = 0; - -#if defined(OPENSSL_SYS_BEOS_R5) - /* select() is broken in BeOS R5, so we simply - * try to read something and snooze if we couldn't */ - try_read = 1; - -#elif defined(OPENSSL_SYS_LINUX) - /* use poll() */ - struct pollfd pset; - - pset.fd = fd; - pset.events = POLLIN; - pset.revents = 0; - - if (poll(&pset, 1, usec / 1000) < 0) - usec = 0; - else - try_read = (pset.revents & POLLIN) != 0; - -#else - /* use select() */ - fd_set fset; - struct timeval t; - - t.tv_sec = 0; - t.tv_usec = usec; - - if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) - { - /* can't use select, so just try to read once anyway */ - try_read = 1; - } - else - { - FD_ZERO(&fset); - FD_SET(fd, &fset); - - if (select(fd+1,&fset,NULL,NULL,&t) >= 0) - { - usec = t.tv_usec; - if (FD_ISSET(fd, &fset)) - try_read = 1; - } - else - usec = 0; - } -#endif - - if (try_read) - { - r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n); - if (r > 0) - n += r; -#if defined(OPENSSL_SYS_BEOS_R5) - if (r == 0) - snooze(t.tv_usec); -#endif - } - else - r = -1; - - /* Some Unixen will update t in select(), some - won't. For those who won't, or if we - didn't use select() in the first place, - give up here, otherwise, we will do - this once again for the remaining - time. */ - if (usec == 10*1000) - usec = 0; - } - while ((r > 0 || - (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); - - close(fd); - } - } -#endif /* defined(DEVRANDOM) */ - -#ifdef DEVRANDOM_EGD - /* Use an EGD socket to read entropy from an EGD or PRNGD entropy - * collecting daemon. */ - - for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++) - { - int r; - - r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n, - ENTROPY_NEEDED-n); - if (r > 0) - n += r; - } -#endif /* defined(DEVRANDOM_EGD) */ - -#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - if (n > 0) - { - RAND_add(tmpbuf,sizeof tmpbuf,(double)n); - OPENSSL_cleanse(tmpbuf,n); - } -#endif - - /* put in some default random data, we need more than just this */ - l=curr_pid; - RAND_add(&l,sizeof(l),0.0); - l=getuid(); - RAND_add(&l,sizeof(l),0.0); - - l=time(NULL); - RAND_add(&l,sizeof(l),0.0); - -#if defined(OPENSSL_SYS_BEOS) - { - system_info sysInfo; - get_system_info(&sysInfo); - RAND_add(&sysInfo,sizeof(sysInfo),0); - } -#endif - -#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - return 1; -#else - return 0; -#endif + unsigned long l; + pid_t curr_pid = getpid(); +# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) + unsigned char tmpbuf[ENTROPY_NEEDED]; + int n = 0; +# endif +# ifdef DEVRANDOM + static const char *randomfiles[] = { DEVRANDOM }; + struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; + int fd; + unsigned int i; +# endif +# ifdef DEVRANDOM_EGD + static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; + const char **egdsocket = NULL; +# endif + +# ifdef DEVRANDOM + memset(randomstats, 0, sizeof(randomstats)); + /* + * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have + * this. Use /dev/urandom if you can as /dev/random may block if it runs + * out of random entries. + */ + + for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && + (n < ENTROPY_NEEDED); i++) { + if ((fd = open(randomfiles[i], O_RDONLY +# ifdef O_NONBLOCK + | O_NONBLOCK +# endif +# ifdef O_BINARY + | O_BINARY +# endif +# ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do + * not make it our controlling tty */ + | O_NOCTTY +# endif + )) >= 0) { + int usec = 10 * 1000; /* spend 10ms on each file */ + int r; + unsigned int j; + struct stat *st = &randomstats[i]; + + /* + * Avoid using same input... Used to be O_NOFOLLOW above, but + * it's not universally appropriate... + */ + if (fstat(fd, st) != 0) { + close(fd); + continue; + } + for (j = 0; j < i; j++) { + if (randomstats[j].st_ino == st->st_ino && + randomstats[j].st_dev == st->st_dev) + break; + } + if (j < i) { + close(fd); + continue; + } + + do { + int try_read = 0; + +# if defined(OPENSSL_SYS_BEOS_R5) + /* + * select() is broken in BeOS R5, so we simply try to read + * something and snooze if we couldn't + */ + try_read = 1; + +# elif defined(OPENSSL_SYS_LINUX) + /* use poll() */ + struct pollfd pset; + + pset.fd = fd; + pset.events = POLLIN; + pset.revents = 0; + + if (poll(&pset, 1, usec / 1000) < 0) + usec = 0; + else + try_read = (pset.revents & POLLIN) != 0; + +# else + /* use select() */ + fd_set fset; + struct timeval t; + + t.tv_sec = 0; + t.tv_usec = usec; + + if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) { + /* + * can't use select, so just try to read once anyway + */ + try_read = 1; + } else { + FD_ZERO(&fset); + FD_SET(fd, &fset); + + if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) { + usec = t.tv_usec; + if (FD_ISSET(fd, &fset)) + try_read = 1; + } else + usec = 0; + } +# endif + + if (try_read) { + r = read(fd, (unsigned char *)tmpbuf + n, + ENTROPY_NEEDED - n); + if (r > 0) + n += r; +# if defined(OPENSSL_SYS_BEOS_R5) + if (r == 0) + snooze(t.tv_usec); +# endif + } else + r = -1; + + /* + * Some Unixen will update t in select(), some won't. For + * those who won't, or if we didn't use select() in the first + * place, give up here, otherwise, we will do this once again + * for the remaining time. + */ + if (usec == 10 * 1000) + usec = 0; + } + while ((r > 0 || + (errno == EINTR || errno == EAGAIN)) && usec != 0 + && n < ENTROPY_NEEDED); + + close(fd); + } + } +# endif /* defined(DEVRANDOM) */ + +# ifdef DEVRANDOM_EGD + /* + * Use an EGD socket to read entropy from an EGD or PRNGD entropy + * collecting daemon. + */ + + for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; + egdsocket++) { + int r; + + r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n, + ENTROPY_NEEDED - n); + if (r > 0) + n += r; + } +# endif /* defined(DEVRANDOM_EGD) */ + +# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) + if (n > 0) { + RAND_add(tmpbuf, sizeof tmpbuf, (double)n); + OPENSSL_cleanse(tmpbuf, n); + } +# endif + + /* put in some default random data, we need more than just this */ + l = curr_pid; + RAND_add(&l, sizeof(l), 0.0); + l = getuid(); + RAND_add(&l, sizeof(l), 0.0); + + l = time(NULL); + RAND_add(&l, sizeof(l), 0.0); + +# if defined(OPENSSL_SYS_BEOS) + { + system_info sysInfo; + get_system_info(&sysInfo); + RAND_add(&sysInfo, sizeof(sysInfo), 0); + } +# endif + +# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) + return 1; +# else + return 0; +# endif } -#endif /* defined(__OpenBSD__) */ -#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ - +# endif /* defined(__OpenBSD__) */ +#endif /* !(defined(OPENSSL_SYS_WINDOWS) || + * defined(OPENSSL_SYS_WIN32) || + * defined(OPENSSL_SYS_VMS) || + * defined(OPENSSL_SYS_OS2) || + * defined(OPENSSL_SYS_VXWORKS) || + * defined(OPENSSL_SYS_NETWARE)) */ #if defined(OPENSSL_SYS_VXWORKS) int RAND_poll(void) - { - return 0; - } +{ + return 0; +} #endif diff --git a/openssl/crypto/rand/rand_vms.c b/openssl/crypto/rand/rand_vms.c index 0bfd8ff7e..a7179a4ba 100644 --- a/openssl/crypto/rand/rand_vms.c +++ b/openssl/crypto/rand/rand_vms.c @@ -1,6 +1,7 @@ /* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */ -/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL - * project 2000. +/* + * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project + * 2000. */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,88 +62,98 @@ #if defined(OPENSSL_SYS_VMS) -#include <descrip.h> -#include <jpidef.h> -#include <ssdef.h> -#include <starlet.h> -#ifdef __DECC -# pragma message disable DOLLARID -#endif +# include <descrip.h> +# include <jpidef.h> +# include <ssdef.h> +# include <starlet.h> +# ifdef __DECC +# pragma message disable DOLLARID +# endif -/* Use 32-bit pointers almost everywhere. Define the type to which to - * cast a pointer passed to an external function. +/* + * Use 32-bit pointers almost everywhere. Define the type to which to cast a + * pointer passed to an external function. */ -#if __INITIAL_POINTER_SIZE == 64 -# define PTR_T __void_ptr64 -# pragma pointer_size save -# pragma pointer_size 32 -#else /* __INITIAL_POINTER_SIZE == 64 */ -# define PTR_T void * -#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +# if __INITIAL_POINTER_SIZE == 64 +# define PTR_T __void_ptr64 +# pragma pointer_size save +# pragma pointer_size 32 +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_T void * +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + +static struct items_data_st { + short length, code; /* length is amount of bytes */ +} items_data[] = { + { + 4, JPI$_BUFIO + }, + { + 4, JPI$_CPUTIM + }, + { + 4, JPI$_DIRIO + }, + { + 8, JPI$_LOGINTIM + }, + { + 4, JPI$_PAGEFLTS + }, + { + 4, JPI$_PID + }, + { + 4, JPI$_WSSIZE + }, + { + 0, 0 + } +}; -static struct items_data_st - { - short length, code; /* length is amount of bytes */ - } items_data[] = - { { 4, JPI$_BUFIO }, - { 4, JPI$_CPUTIM }, - { 4, JPI$_DIRIO }, - { 8, JPI$_LOGINTIM }, - { 4, JPI$_PAGEFLTS }, - { 4, JPI$_PID }, - { 4, JPI$_WSSIZE }, - { 0, 0 } - }; - int RAND_poll(void) - { - long pid, iosb[2]; - int status = 0; - struct - { - short length, code; - long *buffer; - int *retlen; - } item[32], *pitem; - unsigned char data_buffer[256]; - short total_length = 0; - struct items_data_st *pitems_data; +{ + long pid, iosb[2]; + int status = 0; + struct { + short length, code; + long *buffer; + int *retlen; + } item[32], *pitem; + unsigned char data_buffer[256]; + short total_length = 0; + struct items_data_st *pitems_data; - pitems_data = items_data; - pitem = item; + pitems_data = items_data; + pitem = item; - /* Setup */ - while (pitems_data->length - && (total_length + pitems_data->length <= 256)) - { - pitem->length = pitems_data->length; - pitem->code = pitems_data->code; - pitem->buffer = (long *)&data_buffer[total_length]; - pitem->retlen = 0; - total_length += pitems_data->length; - pitems_data++; - pitem++; - } - pitem->length = pitem->code = 0; + /* Setup */ + while (pitems_data->length && (total_length + pitems_data->length <= 256)) { + pitem->length = pitems_data->length; + pitem->code = pitems_data->code; + pitem->buffer = (long *)&data_buffer[total_length]; + pitem->retlen = 0; + total_length += pitems_data->length; + pitems_data++; + pitem ++; + } + pitem->length = pitem->code = 0; - /* - * Scan through all the processes in the system and add entropy with - * results from the processes that were possible to look at. - * However, view the information as only half trustable. - */ - pid = -1; /* search context */ - while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0)) - != SS$_NOMOREPROC) - { - if (status == SS$_NORMAL) - { - RAND_add( (PTR_T)data_buffer, total_length, - total_length/2); - } - } - sys$gettim(iosb); - RAND_add( (PTR_T)iosb, sizeof(iosb), sizeof(iosb)/2); - return 1; + /* + * Scan through all the processes in the system and add entropy with + * results from the processes that were possible to look at. + * However, view the information as only half trustable. + */ + pid = -1; /* search context */ + while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0)) + != SS$_NOMOREPROC) { + if (status == SS$_NORMAL) { + RAND_add((PTR_T) data_buffer, total_length, total_length / 2); + } + } + sys$gettim(iosb); + RAND_add((PTR_T) iosb, sizeof(iosb), sizeof(iosb) / 2); + return 1; } #endif diff --git a/openssl/crypto/rand/rand_win.c b/openssl/crypto/rand/rand_win.c index 34ffcd23f..06670ae01 100644 --- a/openssl/crypto/rand/rand_win.c +++ b/openssl/crypto/rand/rand_win.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -114,607 +114,552 @@ #include "rand_lcl.h" #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -#include <windows.h> -#ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0400 -#endif -#include <wincrypt.h> -#include <tlhelp32.h> +# include <windows.h> +# ifndef _WIN32_WINNT +# define _WIN32_WINNT 0x0400 +# endif +# include <wincrypt.h> +# include <tlhelp32.h> -/* Limit the time spent walking through the heap, processes, threads and modules to - a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */ -#define MAXDELAY 1000 +/* + * Limit the time spent walking through the heap, processes, threads and + * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom + * failed + */ +# define MAXDELAY 1000 -/* Intel hardware RNG CSP -- available from +/* + * Intel hardware RNG CSP -- available from * http://developer.intel.com/design/security/rng/redist_license.htm */ -#define PROV_INTEL_SEC 22 -#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +# define PROV_INTEL_SEC 22 +# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" static void readtimer(void); static void readscreen(void); -/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined - when WINVER is 0x0500 and up, which currently only happens on Win2000. - Unfortunately, those are typedefs, so they're a little bit difficult to - detect properly. On the other hand, the macro CURSOR_SHOWING is defined - within the same conditional, so it can be use to detect the absence of said - typedefs. */ +/* + * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined + * when WINVER is 0x0500 and up, which currently only happens on Win2000. + * Unfortunately, those are typedefs, so they're a little bit difficult to + * detect properly. On the other hand, the macro CURSOR_SHOWING is defined + * within the same conditional, so it can be use to detect the absence of + * said typedefs. + */ -#ifndef CURSOR_SHOWING +# ifndef CURSOR_SHOWING /* * Information about the global cursor. */ -typedef struct tagCURSORINFO -{ - DWORD cbSize; - DWORD flags; +typedef struct tagCURSORINFO { + DWORD cbSize; + DWORD flags; HCURSOR hCursor; - POINT ptScreenPos; + POINT ptScreenPos; } CURSORINFO, *PCURSORINFO, *LPCURSORINFO; -#define CURSOR_SHOWING 0x00000001 -#endif /* CURSOR_SHOWING */ - -#if !defined(OPENSSL_SYS_WINCE) -typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, - DWORD, DWORD); -typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); -typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD); - -typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID); -typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); -typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); - -typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); -typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); -typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t); -typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); -typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); -typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); -typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); -typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); - -#include <lmcons.h> -#include <lmstats.h> -#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE - * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was - * was added to the Platform SDK to allow the NET API to be used in - * non-Unicode applications provided that Unicode strings were still - * used for input. LMSTR is defined as LPWSTR. - */ -typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) - (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); -typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); -#endif /* 1 */ -#endif /* !OPENSSL_SYS_WINCE */ +# define CURSOR_SHOWING 0x00000001 +# endif /* CURSOR_SHOWING */ + +# if !defined(OPENSSL_SYS_WINCE) +typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR, + DWORD, DWORD); +typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *); +typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD); + +typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID); +typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO); +typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT); + +typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); +typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); +typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t); +typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32); +typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32); +typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32); +typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32); +typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32); + +# include <lmcons.h> +# include <lmstats.h> +# if 1 +/* + * The NET API is Unicode only. It requires the use of the UNICODE macro. + * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the + * Platform SDK to allow the NET API to be used in non-Unicode applications + * provided that Unicode strings were still used for input. LMSTR is defined + * as LPWSTR. + */ +typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET) + (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *); +typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); +# endif /* 1 */ +# endif /* !OPENSSL_SYS_WINCE */ int RAND_poll(void) { - MEMORYSTATUS m; - HCRYPTPROV hProvider = 0; - DWORD w; - int good = 0; - - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; - -#if defined(OPENSSL_SYS_WINCE) -# if defined(_WIN32_WCE) && _WIN32_WCE>=300 -/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available - * in commonly available implementations prior 300... */ - { - BYTE buf[64]; - /* poll the CryptoAPI PRNG */ - /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT)) - { - if (CryptGenRandom(hProvider, sizeof(buf), buf)) - RAND_add(buf, sizeof(buf), sizeof(buf)); - CryptReleaseContext(hProvider, 0); - } - } -# endif -#else /* OPENSSL_SYS_WINCE */ - /* - * None of below libraries are present on Windows CE, which is - * why we #ifndef the whole section. This also excuses us from - * handling the GetProcAddress issue. The trouble is that in - * real Win32 API GetProcAddress is available in ANSI flavor - * only. In WinCE on the other hand GetProcAddress is a macro - * most commonly defined as GetProcAddressW, which accepts - * Unicode argument. If we were to call GetProcAddress under - * WinCE, I'd recommend to either redefine GetProcAddress as - * GetProcAddressA (there seem to be one in common CE spec) or - * implement own shim routine, which would accept ANSI argument - * and expand it to Unicode. - */ - { - /* load functions dynamically - not available on all systems */ - HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); - HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); - HMODULE user = NULL; - HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); - CRYPTACQUIRECONTEXTW acquire = NULL; - CRYPTGENRANDOM gen = NULL; - CRYPTRELEASECONTEXT release = NULL; - NETSTATGET netstatget = NULL; - NETFREE netfree = NULL; - BYTE buf[64]; - - if (netapi) - { - netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); - netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); - } - - if (netstatget && netfree) - { - LPBYTE outbuf; - /* NetStatisticsGet() is a Unicode only function - * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 - * contains 17 fields. We treat each field as a source of - * one byte of entropy. - */ - - if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) - { - RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); - netfree(outbuf); - } - if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) - { - RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); - netfree(outbuf); - } - } - - if (netapi) - FreeLibrary(netapi); - - /* It appears like this can cause an exception deep within ADVAPI32.DLL - * at random times on Windows 2000. Reported by Jeffrey Altman. - * Only use it on NT. - */ - /* Wolfgang Marczy <WMarczy@topcall.co.at> reports that - * the RegQueryValueEx call below can hang on NT4.0 (SP6). - * So we don't use this at all for now. */ -#if 0 - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - - /* Close the Registry Key to allow Windows to cleanup/close - * the open handle - * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened - * when the RegQueryValueEx above is done. However, if - * it is not explicitly closed, it can cause disk - * partition manipulation problems. - */ - RegCloseKey(HKEY_PERFORMANCE_DATA); - } - if (buf) - free(buf); - } -#endif - - if (advapi) - { - /* - * If it's available, then it's available in both ANSI - * and UNICODE flavors even in Win9x, documentation says. - * We favor Unicode... - */ - acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, - "CryptAcquireContextW"); - gen = (CRYPTGENRANDOM) GetProcAddress(advapi, - "CryptGenRandom"); - release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, - "CryptReleaseContext"); - } - - if (acquire && gen && release) - { - /* poll the CryptoAPI PRNG */ - /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT)) - { - if (gen(hProvider, sizeof(buf), buf) != 0) - { - RAND_add(buf, sizeof(buf), 0); - good = 1; -#if 0 - printf("randomness from PROV_RSA_FULL\n"); -#endif - } - release(hProvider, 0); - } - - /* poll the Pentium PRG with CryptoAPI */ - if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) - { - if (gen(hProvider, sizeof(buf), buf) != 0) - { - RAND_add(buf, sizeof(buf), sizeof(buf)); - good = 1; -#if 0 - printf("randomness from PROV_INTEL_SEC\n"); -#endif - } - release(hProvider, 0); - } - } + MEMORYSTATUS m; + HCRYPTPROV hProvider = 0; + DWORD w; + int good = 0; + +# if defined(OPENSSL_SYS_WINCE) +# if defined(_WIN32_WCE) && _WIN32_WCE>=300 + /* + * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available + * in commonly available implementations prior 300... + */ + { + BYTE buf[64]; + /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ + if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { + if (CryptGenRandom(hProvider, sizeof(buf), buf)) + RAND_add(buf, sizeof(buf), sizeof(buf)); + CryptReleaseContext(hProvider, 0); + } + } +# endif +# else /* OPENSSL_SYS_WINCE */ + /* + * None of below libraries are present on Windows CE, which is + * why we #ifndef the whole section. This also excuses us from + * handling the GetProcAddress issue. The trouble is that in + * real Win32 API GetProcAddress is available in ANSI flavor + * only. In WinCE on the other hand GetProcAddress is a macro + * most commonly defined as GetProcAddressW, which accepts + * Unicode argument. If we were to call GetProcAddress under + * WinCE, I'd recommend to either redefine GetProcAddress as + * GetProcAddressA (there seem to be one in common CE spec) or + * implement own shim routine, which would accept ANSI argument + * and expand it to Unicode. + */ + { + /* load functions dynamically - not available on all systems */ + HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); + HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + HMODULE user = NULL; + HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); + CRYPTACQUIRECONTEXTW acquire = NULL; + CRYPTGENRANDOM gen = NULL; + CRYPTRELEASECONTEXT release = NULL; + NETSTATGET netstatget = NULL; + NETFREE netfree = NULL; + BYTE buf[64]; + + if (netapi) { + netstatget = + (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet"); + netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree"); + } + + if (netstatget && netfree) { + LPBYTE outbuf; + /* + * NetStatisticsGet() is a Unicode only function + * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 + * contains 17 fields. We treat each field as a source of one + * byte of entropy. + */ + + if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { + RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); + netfree(outbuf); + } + if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { + RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); + netfree(outbuf); + } + } + + if (netapi) + FreeLibrary(netapi); + + /* + * It appears like this can cause an exception deep within + * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey + * Altman. Only use it on NT. + */ + + if (advapi) { + /* + * If it's available, then it's available in both ANSI + * and UNICODE flavors even in Win9x, documentation says. + * We favor Unicode... + */ + acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, + "CryptAcquireContextW"); + gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom"); + release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, + "CryptReleaseContext"); + } + + if (acquire && gen && release) { + /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ + if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { + if (gen(hProvider, sizeof(buf), buf) != 0) { + RAND_add(buf, sizeof(buf), 0); + good = 1; +# if 0 + printf("randomness from PROV_RSA_FULL\n"); +# endif + } + release(hProvider, 0); + } + + /* poll the Pentium PRG with CryptoAPI */ + if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) { + if (gen(hProvider, sizeof(buf), buf) != 0) { + RAND_add(buf, sizeof(buf), sizeof(buf)); + good = 1; +# if 0 + printf("randomness from PROV_INTEL_SEC\n"); +# endif + } + release(hProvider, 0); + } + } if (advapi) - FreeLibrary(advapi); - - if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || - !OPENSSL_isservice()) && - (user = LoadLibrary(TEXT("USER32.DLL")))) - { - GETCURSORINFO cursor; - GETFOREGROUNDWINDOW win; - GETQUEUESTATUS queue; - - win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); - cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); - queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); - - if (win) - { - /* window handle */ - HWND h = win(); - RAND_add(&h, sizeof(h), 0); - } - if (cursor) - { - /* unfortunately, its not safe to call GetCursorInfo() - * on NT4 even though it exists in SP3 (or SP6) and - * higher. - */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - cursor = 0; - } - if (cursor) - { - /* cursor position */ - /* assume 2 bytes of entropy */ - CURSORINFO ci; - ci.cbSize = sizeof(CURSORINFO); - if (cursor(&ci)) - RAND_add(&ci, ci.cbSize, 2); - } - - if (queue) - { - /* message queue status */ - /* assume 1 byte of entropy */ - w = queue(QS_ALLEVENTS); - RAND_add(&w, sizeof(w), 1); - } - - FreeLibrary(user); - } - - /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap - * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm - * (Win 9x and 2000 only, not available on NT) - * - * This seeding method was proposed in Peter Gutmann, Software - * Generation of Practically Strong Random Numbers, - * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html - * revised version at http://www.cryptoengines.com/~peter/06_random.pdf - * (The assignment of entropy estimates below is arbitrary, but based - * on Peter's analysis the full poll appears to be safe. Additional - * interactive seeding is encouraged.) - */ - - if (kernel) - { - CREATETOOLHELP32SNAPSHOT snap; - CLOSETOOLHELP32SNAPSHOT close_snap; - HANDLE handle; - - HEAP32FIRST heap_first; - HEAP32NEXT heap_next; - HEAP32LIST heaplist_first, heaplist_next; - PROCESS32 process_first, process_next; - THREAD32 thread_first, thread_next; - MODULE32 module_first, module_next; - - HEAPLIST32 hlist; - HEAPENTRY32 hentry; - PROCESSENTRY32 p; - THREADENTRY32 t; - MODULEENTRY32 m; - DWORD starttime = 0; - - snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CreateToolhelp32Snapshot"); - close_snap = (CLOSETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CloseToolhelp32Snapshot"); - heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); - heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); - heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); - heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); - process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); - process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); - thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); - thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); - module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); - module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); - - if (snap && heap_first && heap_next && heaplist_first && - heaplist_next && process_first && process_next && - thread_first && thread_next && module_first && - module_next && (handle = snap(TH32CS_SNAPALL,0)) - != INVALID_HANDLE_VALUE) - { - /* heap list and heap walking */ - /* HEAPLIST32 contains 3 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - * HEAPENTRY32 contains 5 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - */ - ZeroMemory(&hlist, sizeof(HEAPLIST32)); - hlist.dwSize = sizeof(HEAPLIST32); - if (good) starttime = GetTickCount(); -#ifdef _MSC_VER - if (heaplist_first(handle, &hlist)) - { - /* - following discussion on dev ML, exception on WinCE (or other Win - platform) is theoretically of unknown origin; prevent infinite - loop here when this theoretical case occurs; otherwise cope with - the expected (MSDN documented) exception-throwing behaviour of - Heap32Next() on WinCE. - - based on patch in original message by Tanguy Fautré (2009/03/02) - Subject: RAND_poll() and CreateToolhelp32Snapshot() stability - */ - int ex_cnt_limit = 42; - do - { - RAND_add(&hlist, hlist.dwSize, 3); - __try - { - ZeroMemory(&hentry, sizeof(HEAPENTRY32)); - hentry.dwSize = sizeof(HEAPENTRY32); - if (heap_first(&hentry, - hlist.th32ProcessID, - hlist.th32HeapID)) - { - int entrycnt = 80; - do - RAND_add(&hentry, - hentry.dwSize, 5); - while (heap_next(&hentry) - && (!good || (GetTickCount()-starttime)<MAXDELAY) - && --entrycnt > 0); - } - } - __except (EXCEPTION_EXECUTE_HANDLER) - { - /* ignore access violations when walking the heap list */ - ex_cnt_limit--; - } - } while (heaplist_next(handle, &hlist) - && (!good || (GetTickCount()-starttime)<MAXDELAY) - && ex_cnt_limit > 0); - } - -#else - if (heaplist_first(handle, &hlist)) - { - do - { - RAND_add(&hlist, hlist.dwSize, 3); - hentry.dwSize = sizeof(HEAPENTRY32); - if (heap_first(&hentry, - hlist.th32ProcessID, - hlist.th32HeapID)) - { - int entrycnt = 80; - do - RAND_add(&hentry, - hentry.dwSize, 5); - while (heap_next(&hentry) - && --entrycnt > 0); - } - } while (heaplist_next(handle, &hlist) - && (!good || (GetTickCount()-starttime)<MAXDELAY)); - } -#endif - - /* process walking */ - /* PROCESSENTRY32 contains 9 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ - p.dwSize = sizeof(PROCESSENTRY32); - - if (good) starttime = GetTickCount(); - if (process_first(handle, &p)) - do - RAND_add(&p, p.dwSize, 9); - while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY)); - - /* thread walking */ - /* THREADENTRY32 contains 6 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ - t.dwSize = sizeof(THREADENTRY32); - if (good) starttime = GetTickCount(); - if (thread_first(handle, &t)) - do - RAND_add(&t, t.dwSize, 6); - while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY)); - - /* module walking */ - /* MODULEENTRY32 contains 9 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ - m.dwSize = sizeof(MODULEENTRY32); - if (good) starttime = GetTickCount(); - if (module_first(handle, &m)) - do - RAND_add(&m, m.dwSize, 9); - while (module_next(handle, &m) - && (!good || (GetTickCount()-starttime)<MAXDELAY)); - if (close_snap) - close_snap(handle); - else - CloseHandle(handle); - - } - - FreeLibrary(kernel); - } - } -#endif /* !OPENSSL_SYS_WINCE */ - - /* timer data */ - readtimer(); - - /* memory usage statistics */ - GlobalMemoryStatus(&m); - RAND_add(&m, sizeof(m), 1); - - /* process ID */ - w = GetCurrentProcessId(); - RAND_add(&w, sizeof(w), 1); - -#if 0 - printf("Exiting RAND_poll\n"); -#endif - - return(1); -} - -int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) - { - double add_entropy=0; - - switch (iMsg) - { - case WM_KEYDOWN: - { - static WPARAM key; - if (key != wParam) - add_entropy = 0.05; - key = wParam; + FreeLibrary(advapi); + + if ((!check_winnt() || + !OPENSSL_isservice()) && + (user = LoadLibrary(TEXT("USER32.DLL")))) { + GETCURSORINFO cursor; + GETFOREGROUNDWINDOW win; + GETQUEUESTATUS queue; + + win = + (GETFOREGROUNDWINDOW) GetProcAddress(user, + "GetForegroundWindow"); + cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); + queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); + + if (win) { + /* window handle */ + HWND h = win(); + RAND_add(&h, sizeof(h), 0); + } + if (cursor) { + /* + * unfortunately, its not safe to call GetCursorInfo() on NT4 + * even though it exists in SP3 (or SP6) and higher. + */ + if (check_winnt() && !check_win_minplat(5)) + cursor = 0; + } + if (cursor) { + /* cursor position */ + /* assume 2 bytes of entropy */ + CURSORINFO ci; + ci.cbSize = sizeof(CURSORINFO); + if (cursor(&ci)) + RAND_add(&ci, ci.cbSize, 2); + } + + if (queue) { + /* message queue status */ + /* assume 1 byte of entropy */ + w = queue(QS_ALLEVENTS); + RAND_add(&w, sizeof(w), 1); + } + + FreeLibrary(user); + } + + /*- + * Toolhelp32 snapshot: enumerate processes, threads, modules and heap + * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm + * (Win 9x and 2000 only, not available on NT) + * + * This seeding method was proposed in Peter Gutmann, Software + * Generation of Practically Strong Random Numbers, + * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html + * revised version at http://www.cryptoengines.com/~peter/06_random.pdf + * (The assignment of entropy estimates below is arbitrary, but based + * on Peter's analysis the full poll appears to be safe. Additional + * interactive seeding is encouraged.) + */ + + if (kernel) { + CREATETOOLHELP32SNAPSHOT snap; + CLOSETOOLHELP32SNAPSHOT close_snap; + HANDLE handle; + + HEAP32FIRST heap_first; + HEAP32NEXT heap_next; + HEAP32LIST heaplist_first, heaplist_next; + PROCESS32 process_first, process_next; + THREAD32 thread_first, thread_next; + MODULE32 module_first, module_next; + + HEAPLIST32 hlist; + HEAPENTRY32 hentry; + PROCESSENTRY32 p; + THREADENTRY32 t; + MODULEENTRY32 m; + DWORD starttime = 0; + + snap = (CREATETOOLHELP32SNAPSHOT) + GetProcAddress(kernel, "CreateToolhelp32Snapshot"); + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(kernel, "CloseToolhelp32Snapshot"); + heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); + heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); + heaplist_first = + (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); + heaplist_next = + (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); + process_first = + (PROCESS32) GetProcAddress(kernel, "Process32First"); + process_next = + (PROCESS32) GetProcAddress(kernel, "Process32Next"); + thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); + thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); + module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); + module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); + + if (snap && heap_first && heap_next && heaplist_first && + heaplist_next && process_first && process_next && + thread_first && thread_next && module_first && + module_next && (handle = snap(TH32CS_SNAPALL, 0)) + != INVALID_HANDLE_VALUE) { + /* heap list and heap walking */ + /* + * HEAPLIST32 contains 3 fields that will change with each + * entry. Consider each field a source of 1 byte of entropy. + * HEAPENTRY32 contains 5 fields that will change with each + * entry. Consider each field a source of 1 byte of entropy. + */ + ZeroMemory(&hlist, sizeof(HEAPLIST32)); + hlist.dwSize = sizeof(HEAPLIST32); + if (good) + starttime = GetTickCount(); +# ifdef _MSC_VER + if (heaplist_first(handle, &hlist)) { + /* + * following discussion on dev ML, exception on WinCE (or + * other Win platform) is theoretically of unknown + * origin; prevent infinite loop here when this + * theoretical case occurs; otherwise cope with the + * expected (MSDN documented) exception-throwing + * behaviour of Heap32Next() on WinCE. + * + * based on patch in original message by Tanguy Fautré + * (2009/03/02) Subject: RAND_poll() and + * CreateToolhelp32Snapshot() stability + */ + int ex_cnt_limit = 42; + do { + RAND_add(&hlist, hlist.dwSize, 3); + __try { + ZeroMemory(&hentry, sizeof(HEAPENTRY32)); + hentry.dwSize = sizeof(HEAPENTRY32); + if (heap_first(&hentry, + hlist.th32ProcessID, + hlist.th32HeapID)) { + int entrycnt = 80; + do + RAND_add(&hentry, hentry.dwSize, 5); + while (heap_next(&hentry) + && (!good + || (GetTickCount() - starttime) < + MAXDELAY) + && --entrycnt > 0); + } } - break; - case WM_MOUSEMOVE: - { - static int lastx,lasty,lastdx,lastdy; - int x,y,dx,dy; - - x=LOWORD(lParam); - y=HIWORD(lParam); - dx=lastx-x; - dy=lasty-y; - if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) - add_entropy=.2; - lastx=x, lasty=y; - lastdx=dx, lastdy=dy; + __except(EXCEPTION_EXECUTE_HANDLER) { + /* + * ignore access violations when walking the heap + * list + */ + ex_cnt_limit--; } - break; - } - - readtimer(); - RAND_add(&iMsg, sizeof(iMsg), add_entropy); - RAND_add(&wParam, sizeof(wParam), 0); - RAND_add(&lParam, sizeof(lParam), 0); - - return (RAND_status()); - } + } while (heaplist_next(handle, &hlist) + && (!good + || (GetTickCount() - starttime) < MAXDELAY) + && ex_cnt_limit > 0); + } +# else + if (heaplist_first(handle, &hlist)) { + do { + RAND_add(&hlist, hlist.dwSize, 3); + hentry.dwSize = sizeof(HEAPENTRY32); + if (heap_first(&hentry, + hlist.th32ProcessID, + hlist.th32HeapID)) { + int entrycnt = 80; + do + RAND_add(&hentry, hentry.dwSize, 5); + while (heap_next(&hentry) + && --entrycnt > 0); + } + } while (heaplist_next(handle, &hlist) + && (!good + || (GetTickCount() - starttime) < MAXDELAY)); + } +# endif + + /* process walking */ + /* + * PROCESSENTRY32 contains 9 fields that will change with + * each entry. Consider each field a source of 1 byte of + * entropy. + */ + p.dwSize = sizeof(PROCESSENTRY32); + + if (good) + starttime = GetTickCount(); + if (process_first(handle, &p)) + do + RAND_add(&p, p.dwSize, 9); + while (process_next(handle, &p) + && (!good + || (GetTickCount() - starttime) < MAXDELAY)); + + /* thread walking */ + /* + * THREADENTRY32 contains 6 fields that will change with each + * entry. Consider each field a source of 1 byte of entropy. + */ + t.dwSize = sizeof(THREADENTRY32); + if (good) + starttime = GetTickCount(); + if (thread_first(handle, &t)) + do + RAND_add(&t, t.dwSize, 6); + while (thread_next(handle, &t) + && (!good + || (GetTickCount() - starttime) < MAXDELAY)); + + /* module walking */ + /* + * MODULEENTRY32 contains 9 fields that will change with each + * entry. Consider each field a source of 1 byte of entropy. + */ + m.dwSize = sizeof(MODULEENTRY32); + if (good) + starttime = GetTickCount(); + if (module_first(handle, &m)) + do + RAND_add(&m, m.dwSize, 9); + while (module_next(handle, &m) + && (!good + || (GetTickCount() - starttime) < MAXDELAY)); + if (close_snap) + close_snap(handle); + else + CloseHandle(handle); + + } + + FreeLibrary(kernel); + } + } +# endif /* !OPENSSL_SYS_WINCE */ + + /* timer data */ + readtimer(); + + /* memory usage statistics */ + GlobalMemoryStatus(&m); + RAND_add(&m, sizeof(m), 1); + + /* process ID */ + w = GetCurrentProcessId(); + RAND_add(&w, sizeof(w), 1); + +# if 0 + printf("Exiting RAND_poll\n"); +# endif + return (1); +} -void RAND_screen(void) /* function available for backward compatibility */ +int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { - RAND_poll(); - readscreen(); + double add_entropy = 0; + + switch (iMsg) { + case WM_KEYDOWN: + { + static WPARAM key; + if (key != wParam) + add_entropy = 0.05; + key = wParam; + } + break; + case WM_MOUSEMOVE: + { + static int lastx, lasty, lastdx, lastdy; + int x, y, dx, dy; + + x = LOWORD(lParam); + y = HIWORD(lParam); + dx = lastx - x; + dy = lasty - y; + if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0) + add_entropy = .2; + lastx = x, lasty = y; + lastdx = dx, lastdy = dy; + } + break; + } + + readtimer(); + RAND_add(&iMsg, sizeof(iMsg), add_entropy); + RAND_add(&wParam, sizeof(wParam), 0); + RAND_add(&lParam, sizeof(lParam), 0); + + return (RAND_status()); } +void RAND_screen(void) +{ /* function available for backward + * compatibility */ + RAND_poll(); + readscreen(); +} /* feed timing information to the PRNG */ static void readtimer(void) { - DWORD w; - LARGE_INTEGER l; - static int have_perfc = 1; -#if defined(_MSC_VER) && defined(_M_X86) - static int have_tsc = 1; - DWORD cyclecount; - - if (have_tsc) { - __try { - __asm { - _emit 0x0f - _emit 0x31 - mov cyclecount, eax - } - RAND_add(&cyclecount, sizeof(cyclecount), 1); - } __except(EXCEPTION_EXECUTE_HANDLER) { - have_tsc = 0; - } - } -#else -# define have_tsc 0 -#endif + DWORD w; + LARGE_INTEGER l; + static int have_perfc = 1; +# if defined(_MSC_VER) && defined(_M_X86) + static int have_tsc = 1; + DWORD cyclecount; + + if (have_tsc) { + __try { + __asm { + _emit 0x0f _emit 0x31 mov cyclecount, eax} + RAND_add(&cyclecount, sizeof(cyclecount), 1); + } + __except(EXCEPTION_EXECUTE_HANDLER) { + have_tsc = 0; + } + } +# else +# define have_tsc 0 +# endif - if (have_perfc) { - if (QueryPerformanceCounter(&l) == 0) - have_perfc = 0; - else - RAND_add(&l, sizeof(l), 0); - } - - if (!have_tsc && !have_perfc) { - w = GetTickCount(); - RAND_add(&w, sizeof(w), 0); - } + if (have_perfc) { + if (QueryPerformanceCounter(&l) == 0) + have_perfc = 0; + else + RAND_add(&l, sizeof(l), 0); + } + + if (!have_tsc && !have_perfc) { + w = GetTickCount(); + RAND_add(&w, sizeof(w), 0); + } } /* feed screen contents to PRNG */ @@ -737,71 +682,71 @@ static void readtimer(void) static void readscreen(void) { -#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) - HDC hScrDC; /* screen DC */ - HDC hMemDC; /* memory DC */ - HBITMAP hBitmap; /* handle for our bitmap */ - HBITMAP hOldBitmap; /* handle for previous bitmap */ - BITMAP bm; /* bitmap properties */ - unsigned int size; /* size of bitmap */ - char *bmbits; /* contents of bitmap */ - int w; /* screen width */ - int h; /* screen height */ - int y; /* y-coordinate of screen lines to grab */ - int n = 16; /* number of screen lines to grab at a time */ - - if (check_winnt() && OPENSSL_isservice()>0) - return; - - /* Create a screen DC and a memory DC compatible to screen DC */ - hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); - hMemDC = CreateCompatibleDC(hScrDC); - - /* Get screen resolution */ - w = GetDeviceCaps(hScrDC, HORZRES); - h = GetDeviceCaps(hScrDC, VERTRES); - - /* Create a bitmap compatible with the screen DC */ - hBitmap = CreateCompatibleBitmap(hScrDC, w, n); - - /* Select new bitmap into memory DC */ - hOldBitmap = SelectObject(hMemDC, hBitmap); - - /* Get bitmap properties */ - GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); - size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; - - bmbits = OPENSSL_malloc(size); - if (bmbits) { - /* Now go through the whole screen, repeatedly grabbing n lines */ - for (y = 0; y < h-n; y += n) - { - unsigned char md[MD_DIGEST_LENGTH]; - - /* Bitblt screen DC to memory DC */ - BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); - - /* Copy bitmap bits from memory DC to bmbits */ - GetBitmapBits(hBitmap, size, bmbits); - - /* Get the hash of the bitmap */ - MD(bmbits,size,md); - - /* Seed the random generator with the hash value */ - RAND_add(md, MD_DIGEST_LENGTH, 0); - } - - OPENSSL_free(bmbits); - } - - /* Select old bitmap back into memory DC */ - hBitmap = SelectObject(hMemDC, hOldBitmap); - - /* Clean up */ - DeleteObject(hBitmap); - DeleteDC(hMemDC); - DeleteDC(hScrDC); -#endif /* !OPENSSL_SYS_WINCE */ +# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) + HDC hScrDC; /* screen DC */ + HBITMAP hBitmap; /* handle for our bitmap */ + BITMAP bm; /* bitmap properties */ + unsigned int size; /* size of bitmap */ + char *bmbits; /* contents of bitmap */ + int w; /* screen width */ + int h; /* screen height */ + int y; /* y-coordinate of screen lines to grab */ + int n = 16; /* number of screen lines to grab at a time */ + BITMAPINFOHEADER bi; /* info about the bitmap */ + + if (check_winnt() && OPENSSL_isservice() > 0) + return; + + /* Get a reference to the screen DC */ + hScrDC = GetDC(NULL); + + /* Get screen resolution */ + w = GetDeviceCaps(hScrDC, HORZRES); + h = GetDeviceCaps(hScrDC, VERTRES); + + /* Create a bitmap compatible with the screen DC */ + hBitmap = CreateCompatibleBitmap(hScrDC, w, n); + + /* Get bitmap properties */ + GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm); + size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; + + bi.biSize = sizeof(BITMAPINFOHEADER); + bi.biWidth = bm.bmWidth; + bi.biHeight = bm.bmHeight; + bi.biPlanes = bm.bmPlanes; + bi.biBitCount = bm.bmBitsPixel; + bi.biCompression = BI_RGB; + bi.biSizeImage = 0; + bi.biXPelsPerMeter = 0; + bi.biYPelsPerMeter = 0; + bi.biClrUsed = 0; + bi.biClrImportant = 0; + + bmbits = OPENSSL_malloc(size); + if (bmbits) { + /* Now go through the whole screen, repeatedly grabbing n lines */ + for (y = 0; y < h - n; y += n) { + unsigned char md[MD_DIGEST_LENGTH]; + + /* Copy the bits of the current line range into the buffer */ + GetDIBits(hScrDC, hBitmap, y, n, + bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS); + + /* Get the hash of the bitmap */ + MD(bmbits, size, md); + + /* Seed the random generator with the hash value */ + RAND_add(md, MD_DIGEST_LENGTH, 0); + } + + OPENSSL_free(bmbits); + } + + /* Clean up */ + DeleteObject(hBitmap); + ReleaseDC(NULL, hScrDC); +# endif /* !OPENSSL_SYS_WINCE */ } #endif diff --git a/openssl/crypto/rand/randfile.c b/openssl/crypto/rand/randfile.c index 14ba69d4c..9537c56a7 100644 --- a/openssl/crypto/rand/randfile.c +++ b/openssl/crypto/rand/randfile.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -58,7 +58,7 @@ /* We need to define this to get macros like S_IFBLK and S_IFCHR */ #if !defined(OPENSSL_SYS_VXWORKS) -#define _XOPEN_SOURCE 500 +# define _XOPEN_SOURCE 500 #endif #include <errno.h> @@ -72,7 +72,7 @@ #include <openssl/buffer.h> #ifdef OPENSSL_SYS_VMS -#include <unixio.h> +# include <unixio.h> #endif #ifndef NO_SYS_TYPES_H # include <sys/types.h> @@ -83,247 +83,255 @@ #endif #ifdef _WIN32 -#define stat _stat -#define chmod _chmod -#define open _open -#define fdopen _fdopen +# define stat _stat +# define chmod _chmod +# define open _open +# define fdopen _fdopen #endif #undef BUFSIZE -#define BUFSIZE 1024 +#define BUFSIZE 1024 #define RAND_DATA 1024 #ifdef OPENSSL_SYS_VMS -/* This declaration is a nasty hack to get around vms' extension to fopen - * for passing in sharing options being disabled by our /STANDARD=ANSI89 */ +/* + * This declaration is a nasty hack to get around vms' extension to fopen for + * passing in sharing options being disabled by our /STANDARD=ANSI89 + */ static FILE *(*const vms_fopen)(const char *, const char *, ...) = (FILE *(*)(const char *, const char *, ...))fopen; -#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" +# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" #endif /* #define RFILE ".rnd" - defined in ../../e_os.h */ -/* Note that these functions are intended for seed files only. - * Entropy devices and EGD sockets are handled in rand_unix.c */ +/* + * Note that these functions are intended for seed files only. Entropy + * devices and EGD sockets are handled in rand_unix.c + */ int RAND_load_file(const char *file, long bytes) - { - /* If bytes >= 0, read up to 'bytes' bytes. - * if bytes == -1, read complete file. */ +{ + /*- + * If bytes >= 0, read up to 'bytes' bytes. + * if bytes == -1, read complete file. + */ - MS_STATIC unsigned char buf[BUFSIZE]; + MS_STATIC unsigned char buf[BUFSIZE]; #ifndef OPENSSL_NO_POSIX_IO - struct stat sb; + struct stat sb; #endif - int i,ret=0,n; - FILE *in; + int i, ret = 0, n; + FILE *in; - if (file == NULL) return(0); + if (file == NULL) + return (0); #ifndef OPENSSL_NO_POSIX_IO -#ifdef PURIFY - /* struct stat can have padding and unused fields that may not be - * initialized in the call to stat(). We need to clear the entire - * structure before calling RAND_add() to avoid complaints from - * applications such as Valgrind. - */ - memset(&sb, 0, sizeof(sb)); -#endif - if (stat(file,&sb) < 0) return(0); - RAND_add(&sb,sizeof(sb),0.0); +# ifdef PURIFY + /* + * struct stat can have padding and unused fields that may not be + * initialized in the call to stat(). We need to clear the entire + * structure before calling RAND_add() to avoid complaints from + * applications such as Valgrind. + */ + memset(&sb, 0, sizeof(sb)); +# endif + if (stat(file, &sb) < 0) + return (0); + RAND_add(&sb, sizeof(sb), 0.0); #endif - if (bytes == 0) return(ret); + if (bytes == 0) + return (ret); #ifdef OPENSSL_SYS_VMS - in=vms_fopen(file,"rb",VMS_OPEN_ATTRS); + in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); #else - in=fopen(file,"rb"); + in = fopen(file, "rb"); #endif - if (in == NULL) goto err; + if (in == NULL) + goto err; #if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO) - if (sb.st_mode & (S_IFBLK | S_IFCHR)) { - /* this file is a device. we don't want read an infinite number - * of bytes from a random device, nor do we want to use buffered - * I/O because we will waste system entropy. - */ - bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ -#ifndef OPENSSL_NO_SETVBUF_IONBF - setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ -#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ - } + if (sb.st_mode & (S_IFBLK | S_IFCHR)) { + /* + * this file is a device. we don't want read an infinite number of + * bytes from a random device, nor do we want to use buffered I/O + * because we will waste system entropy. + */ + bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ +# ifndef OPENSSL_NO_SETVBUF_IONBF + setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ +# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + } #endif - for (;;) - { - if (bytes > 0) - n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE; - else - n = BUFSIZE; - i=fread(buf,1,n,in); - if (i <= 0) break; + for (;;) { + if (bytes > 0) + n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE; + else + n = BUFSIZE; + i = fread(buf, 1, n, in); + if (i <= 0) + break; #ifdef PURIFY - RAND_add(buf,i,(double)i); + RAND_add(buf, i, (double)i); #else - /* even if n != i, use the full array */ - RAND_add(buf,n,(double)i); + /* even if n != i, use the full array */ + RAND_add(buf, n, (double)i); #endif - ret+=i; - if (bytes > 0) - { - bytes-=n; - if (bytes <= 0) break; - } - } - fclose(in); - OPENSSL_cleanse(buf,BUFSIZE); -err: - return(ret); - } + ret += i; + if (bytes > 0) { + bytes -= n; + if (bytes <= 0) + break; + } + } + fclose(in); + OPENSSL_cleanse(buf, BUFSIZE); + err: + return (ret); +} int RAND_write_file(const char *file) - { - unsigned char buf[BUFSIZE]; - int i,ret=0,rand_err=0; - FILE *out = NULL; - int n; +{ + unsigned char buf[BUFSIZE]; + int i, ret = 0, rand_err = 0; + FILE *out = NULL; + int n; #ifndef OPENSSL_NO_POSIX_IO - struct stat sb; - - i=stat(file,&sb); - if (i != -1) { -#if defined(S_ISBLK) && defined(S_ISCHR) - if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { - /* this file is a device. we don't write back to it. - * we "succeed" on the assumption this is some sort - * of random device. Otherwise attempting to write to - * and chmod the device causes problems. - */ - return(1); - } -#endif - } + struct stat sb; + + i = stat(file, &sb); + if (i != -1) { +# if defined(S_ISBLK) && defined(S_ISCHR) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { + /* + * this file is a device. we don't write back to it. we + * "succeed" on the assumption this is some sort of random + * device. Otherwise attempting to write to and chmod the device + * causes problems. + */ + return (1); + } +# endif + } #endif #if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) - { -#ifndef O_BINARY -#define O_BINARY 0 -#endif - /* chmod(..., 0600) is too late to protect the file, - * permissions should be restrictive from the start */ - int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600); - if (fd != -1) - out = fdopen(fd, "wb"); - } + { +# ifndef O_BINARY +# define O_BINARY 0 +# endif + /* + * chmod(..., 0600) is too late to protect the file, permissions + * should be restrictive from the start + */ + int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); + if (fd != -1) + out = fdopen(fd, "wb"); + } #endif #ifdef OPENSSL_SYS_VMS - /* VMS NOTE: Prior versions of this routine created a _new_ - * version of the rand file for each call into this routine, then - * deleted all existing versions named ;-1, and finally renamed - * the current version as ';1'. Under concurrent usage, this - * resulted in an RMS race condition in rename() which could - * orphan files (see vms message help for RMS$_REENT). With the - * fopen() calls below, openssl/VMS now shares the top-level - * version of the rand file. Note that there may still be - * conditions where the top-level rand file is locked. If so, this - * code will then create a new version of the rand file. Without - * the delete and rename code, this can result in ascending file - * versions that stop at version 32767, and this routine will then - * return an error. The remedy for this is to recode the calling - * application to avoid concurrent use of the rand file, or - * synchronize usage at the application level. Also consider - * whether or not you NEED a persistent rand file in a concurrent - * use situation. - */ + /* + * VMS NOTE: Prior versions of this routine created a _new_ version of + * the rand file for each call into this routine, then deleted all + * existing versions named ;-1, and finally renamed the current version + * as ';1'. Under concurrent usage, this resulted in an RMS race + * condition in rename() which could orphan files (see vms message help + * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares + * the top-level version of the rand file. Note that there may still be + * conditions where the top-level rand file is locked. If so, this code + * will then create a new version of the rand file. Without the delete + * and rename code, this can result in ascending file versions that stop + * at version 32767, and this routine will then return an error. The + * remedy for this is to recode the calling application to avoid + * concurrent use of the rand file, or synchronize usage at the + * application level. Also consider whether or not you NEED a persistent + * rand file in a concurrent use situation. + */ - out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS); - if (out == NULL) - out = vms_fopen(file,"wb",VMS_OPEN_ATTRS); + out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); + if (out == NULL) + out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); #else - if (out == NULL) - out = fopen(file,"wb"); + if (out == NULL) + out = fopen(file, "wb"); #endif - if (out == NULL) goto err; + if (out == NULL) + goto err; #ifndef NO_CHMOD - chmod(file,0600); + chmod(file, 0600); #endif - n=RAND_DATA; - for (;;) - { - i=(n > BUFSIZE)?BUFSIZE:n; - n-=BUFSIZE; - if (RAND_bytes(buf,i) <= 0) - rand_err=1; - i=fwrite(buf,1,i,out); - if (i <= 0) - { - ret=0; - break; - } - ret+=i; - if (n <= 0) break; - } + n = RAND_DATA; + for (;;) { + i = (n > BUFSIZE) ? BUFSIZE : n; + n -= BUFSIZE; + if (RAND_bytes(buf, i) <= 0) + rand_err = 1; + i = fwrite(buf, 1, i, out); + if (i <= 0) { + ret = 0; + break; + } + ret += i; + if (n <= 0) + break; + } - fclose(out); - OPENSSL_cleanse(buf,BUFSIZE); -err: - return (rand_err ? -1 : ret); - } + fclose(out); + OPENSSL_cleanse(buf, BUFSIZE); + err: + return (rand_err ? -1 : ret); +} const char *RAND_file_name(char *buf, size_t size) - { - char *s=NULL; +{ + char *s = NULL; #ifdef __OpenBSD__ - struct stat sb; + struct stat sb; #endif - if (OPENSSL_issetugid() == 0) - s=getenv("RANDFILE"); - if (s != NULL && *s && strlen(s) + 1 < size) - { - if (BUF_strlcpy(buf,s,size) >= size) - return NULL; - } - else - { - if (OPENSSL_issetugid() == 0) - s=getenv("HOME"); + if (OPENSSL_issetugid() == 0) + s = getenv("RANDFILE"); + if (s != NULL && *s && strlen(s) + 1 < size) { + if (BUF_strlcpy(buf, s, size) >= size) + return NULL; + } else { + if (OPENSSL_issetugid() == 0) + s = getenv("HOME"); #ifdef DEFAULT_HOME - if (s == NULL) - { - s = DEFAULT_HOME; - } + if (s == NULL) { + s = DEFAULT_HOME; + } #endif - if (s && *s && strlen(s)+strlen(RFILE)+2 < size) - { - BUF_strlcpy(buf,s,size); + if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) { + BUF_strlcpy(buf, s, size); #ifndef OPENSSL_SYS_VMS - BUF_strlcat(buf,"/",size); + BUF_strlcat(buf, "/", size); #endif - BUF_strlcat(buf,RFILE,size); - } - else - buf[0] = '\0'; /* no file name */ - } + BUF_strlcat(buf, RFILE, size); + } else + buf[0] = '\0'; /* no file name */ + } #ifdef __OpenBSD__ - /* given that all random loads just fail if the file can't be - * seen on a stat, we stat the file we're returning, if it - * fails, use /dev/arandom instead. this allows the user to - * use their own source for good random data, but defaults - * to something hopefully decent if that isn't available. - */ - - if (!buf[0]) - if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { - return(NULL); - } - if (stat(buf,&sb) == -1) - if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { - return(NULL); - } + /* + * given that all random loads just fail if the file can't be seen on a + * stat, we stat the file we're returning, if it fails, use /dev/arandom + * instead. this allows the user to use their own source for good random + * data, but defaults to something hopefully decent if that isn't + * available. + */ + if (!buf[0]) + if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { + return (NULL); + } + if (stat(buf, &sb) == -1) + if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { + return (NULL); + } #endif - return(buf); - } + return (buf); +} diff --git a/openssl/crypto/rand/randtest.c b/openssl/crypto/rand/randtest.c index 9e92a70b0..91bcac990 100644 --- a/openssl/crypto/rand/randtest.c +++ b/openssl/crypto/rand/randtest.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,155 +65,145 @@ /* some FIPS 140-1 random number test */ /* some simple tests */ -int main(int argc,char **argv) - { - unsigned char buf[2500]; - int i,j,k,s,sign,nsign,err=0; - unsigned long n1; - unsigned long n2[16]; - unsigned long runs[2][34]; - /*double d; */ - long d; +int main(int argc, char **argv) +{ + unsigned char buf[2500]; + int i, j, k, s, sign, nsign, err = 0; + unsigned long n1; + unsigned long n2[16]; + unsigned long runs[2][34]; + /* + * double d; + */ + long d; - i = RAND_pseudo_bytes(buf,2500); - if (i < 0) - { - printf ("init failed, the rand method is not properly installed\n"); - err++; - goto err; - } + i = RAND_pseudo_bytes(buf, 2500); + if (i < 0) { + printf("init failed, the rand method is not properly installed\n"); + err++; + goto err; + } - n1=0; - for (i=0; i<16; i++) n2[i]=0; - for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0; + n1 = 0; + for (i = 0; i < 16; i++) + n2[i] = 0; + for (i = 0; i < 34; i++) + runs[0][i] = runs[1][i] = 0; - /* test 1 and 2 */ - sign=0; - nsign=0; - for (i=0; i<2500; i++) - { - j=buf[i]; + /* test 1 and 2 */ + sign = 0; + nsign = 0; + for (i = 0; i < 2500; i++) { + j = buf[i]; - n2[j&0x0f]++; - n2[(j>>4)&0x0f]++; + n2[j & 0x0f]++; + n2[(j >> 4) & 0x0f]++; - for (k=0; k<8; k++) - { - s=(j&0x01); - if (s == sign) - nsign++; - else - { - if (nsign > 34) nsign=34; - if (nsign != 0) - { - runs[sign][nsign-1]++; - if (nsign > 6) - runs[sign][5]++; - } - sign=s; - nsign=1; - } + for (k = 0; k < 8; k++) { + s = (j & 0x01); + if (s == sign) + nsign++; + else { + if (nsign > 34) + nsign = 34; + if (nsign != 0) { + runs[sign][nsign - 1]++; + if (nsign > 6) + runs[sign][5]++; + } + sign = s; + nsign = 1; + } - if (s) n1++; - j>>=1; - } - } - if (nsign > 34) nsign=34; - if (nsign != 0) runs[sign][nsign-1]++; + if (s) + n1++; + j >>= 1; + } + } + if (nsign > 34) + nsign = 34; + if (nsign != 0) + runs[sign][nsign - 1]++; - /* test 1 */ - if (!((9654 < n1) && (n1 < 10346))) - { - printf("test 1 failed, X=%lu\n",n1); - err++; - } - printf("test 1 done\n"); + /* test 1 */ + if (!((9654 < n1) && (n1 < 10346))) { + printf("test 1 failed, X=%lu\n", n1); + err++; + } + printf("test 1 done\n"); - /* test 2 */ + /* test 2 */ #ifdef undef - d=0; - for (i=0; i<16; i++) - d+=n2[i]*n2[i]; - d=d*16.0/5000.0-5000.0; - if (!((1.03 < d) && (d < 57.4))) - { - printf("test 2 failed, X=%.2f\n",d); - err++; - } + d = 0; + for (i = 0; i < 16; i++) + d += n2[i] * n2[i]; + d = d * 16.0 / 5000.0 - 5000.0; + if (!((1.03 < d) && (d < 57.4))) { + printf("test 2 failed, X=%.2f\n", d); + err++; + } #endif - d=0; - for (i=0; i<16; i++) - d+=n2[i]*n2[i]; - d=(d*8)/25-500000; - if (!((103 < d) && (d < 5740))) - { - printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L); - err++; - } - printf("test 2 done\n"); + d = 0; + for (i = 0; i < 16; i++) + d += n2[i] * n2[i]; + d = (d * 8) / 25 - 500000; + if (!((103 < d) && (d < 5740))) { + printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L); + err++; + } + printf("test 2 done\n"); + + /* test 3 */ + for (i = 0; i < 2; i++) { + if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 1, runs[i][0]); + err++; + } + if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 2, runs[i][1]); + err++; + } + if (!((502 < runs[i][2]) && (runs[i][2] < 748))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 3, runs[i][2]); + err++; + } + if (!((223 < runs[i][3]) && (runs[i][3] < 402))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 4, runs[i][3]); + err++; + } + if (!((90 < runs[i][4]) && (runs[i][4] < 223))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 5, runs[i][4]); + err++; + } + if (!((90 < runs[i][5]) && (runs[i][5] < 223))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 6, runs[i][5]); + err++; + } + } + printf("test 3 done\n"); - /* test 3 */ - for (i=0; i<2; i++) - { - if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,1,runs[i][0]); - err++; - } - if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,2,runs[i][1]); - err++; - } - if (!(( 502 < runs[i][2]) && (runs[i][2] < 748))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,3,runs[i][2]); - err++; - } - if (!(( 223 < runs[i][3]) && (runs[i][3] < 402))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,4,runs[i][3]); - err++; - } - if (!(( 90 < runs[i][4]) && (runs[i][4] < 223))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,5,runs[i][4]); - err++; - } - if (!(( 90 < runs[i][5]) && (runs[i][5] < 223))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,6,runs[i][5]); - err++; - } - } - printf("test 3 done\n"); - - /* test 4 */ - if (runs[0][33] != 0) - { - printf("test 4 failed, bit=%d run=%d num=%lu\n", - 0,34,runs[0][33]); - err++; - } - if (runs[1][33] != 0) - { - printf("test 4 failed, bit=%d run=%d num=%lu\n", - 1,34,runs[1][33]); - err++; - } - printf("test 4 done\n"); + /* test 4 */ + if (runs[0][33] != 0) { + printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]); + err++; + } + if (runs[1][33] != 0) { + printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]); + err++; + } + printf("test 4 done\n"); err: - err=((err)?1:0); + err = ((err) ? 1 : 0); #ifdef OPENSSL_SYS_NETWARE - if (err) printf("ERROR: %d\n", err); + if (err) + printf("ERROR: %d\n", err); #endif - EXIT(err); - return(err); - } + EXIT(err); + return (err); +} |