Upgrade to openssl-0.9.8k.
The source tree (and the size of the compiled library)
can be reduced further. This will be done in a future
commit.
diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile
index 3c1ab5b..3079430 100644
--- a/crypto/rand/Makefile
+++ b/crypto/rand/Makefile
@@ -17,9 +17,9 @@
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \
rand_win.c rand_unix.c rand_os2.c rand_nw.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \
rand_win.o rand_unix.o rand_os2.o rand_nw.o
SRC= $(LIBSRC)
@@ -35,7 +35,7 @@
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -79,17 +79,34 @@
md_rand.o: ../../e_os.h ../../include/openssl/asn1.h
md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-md_rand.o: md_rand.c rand_lcl.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h
rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
rand_egd.o: ../../include/openssl/opensslconf.h
rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
rand_egd.o: rand_egd.c
+rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h
rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
@@ -97,31 +114,41 @@
rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rand_err.o: rand_err.c
-rand_lib.o: ../../e_os.h ../../include/openssl/bio.h
-rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rand_lib.o: ../../include/openssl/opensslconf.h
+rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rand_lib.o: ../cryptlib.h rand_lib.c
+rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c
rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c
+rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c
rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h
rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/opensslconf.h
rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -131,8 +158,8 @@
rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_unix.o: ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
rand_unix.o: ../../include/openssl/opensslconf.h
rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -143,8 +170,9 @@
rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/opensslconf.h
rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 9783d0c..0f8dd3e 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -126,6 +126,10 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#ifdef BN_DEBUG
# define PREDICT
@@ -332,6 +336,14 @@
#endif
int do_stir_pool = 0;
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode())
+ {
+ FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
+
#ifdef PREDICT
if (rand_predictable)
{
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
index ac6c021..ea89153 100644
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -72,7 +72,7 @@
#endif
#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
+#define FIPS_RAND_SIZE_T int
#endif
/* Already defined in ossl_typ.h */
@@ -111,6 +111,15 @@
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path,int bytes);
int RAND_poll(void);
+#ifndef OPENSSL_NO_ENGINE
+#ifdef OPENSSL_FIPS
+void int_RAND_init_engine_callbacks(void);
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
+#endif
+#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@@ -128,11 +137,29 @@
/* Error codes for the RAND functions. */
/* Function codes. */
+#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
+#define RAND_F_FIPS_RAND 103
+#define RAND_F_FIPS_RAND_BYTES 102
+#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
+#define RAND_F_FIPS_RAND_SET_DT 106
+#define RAND_F_FIPS_SET_DT 104
+#define RAND_F_FIPS_SET_PRNG_SEED 107
+#define RAND_F_FIPS_SET_TEST_MODE 105
#define RAND_F_RAND_GET_RAND_METHOD 101
#define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */
+#define RAND_R_NON_FIPS_METHOD 105
+#define RAND_R_NOT_IN_TEST_MODE 106
+#define RAND_R_NO_KEY_SET 107
+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
+#define RAND_R_PRNG_ERROR 108
+#define RAND_R_PRNG_KEYED 109
+#define RAND_R_PRNG_NOT_REKEYED 102
+#define RAND_R_PRNG_NOT_RESEEDED 103
#define RAND_R_PRNG_NOT_SEEDED 100
+#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
+#define RAND_R_PRNG_STUCK 104
#ifdef __cplusplus
}
diff --git a/crypto/rand/rand_eng.c b/crypto/rand/rand_eng.c
new file mode 100644
index 0000000..1669cef
--- /dev/null
+++ b/crypto/rand/rand_eng.c
@@ -0,0 +1,152 @@
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "rand_lcl.h"
+#include <openssl/rand.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+#if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE)
+
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+
+int eng_RAND_set_rand_method(const RAND_METHOD *meth, const RAND_METHOD **pmeth)
+ {
+ if(funct_ref)
+ {
+ ENGINE_finish(funct_ref);
+ funct_ref = NULL;
+ }
+ *pmeth = meth;
+ return 1;
+ }
+
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
+ {
+ if (!*pmeth)
+ {
+ ENGINE *e = ENGINE_get_default_RAND();
+ if(e)
+ {
+ *pmeth = ENGINE_get_RAND(e);
+ if(!*pmeth)
+ {
+ ENGINE_finish(e);
+ e = NULL;
+ }
+ }
+ if(e)
+ funct_ref = e;
+ else
+ if(FIPS_mode())
+ *pmeth=FIPS_rand_method();
+ else
+ *pmeth = RAND_SSLeay();
+ }
+
+ if(FIPS_mode()
+ && *pmeth != FIPS_rand_check())
+ {
+ RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+
+ return *pmeth;
+ }
+
+int RAND_set_rand_engine(ENGINE *engine)
+ {
+ const RAND_METHOD *tmp_meth = NULL;
+ if(engine)
+ {
+ if(!ENGINE_init(engine))
+ return 0;
+ tmp_meth = ENGINE_get_RAND(engine);
+ if(!tmp_meth)
+ {
+ ENGINE_finish(engine);
+ return 0;
+ }
+ }
+ /* This function releases any prior ENGINE so call it first */
+ RAND_set_rand_method(tmp_meth);
+ funct_ref = engine;
+ return 1;
+ }
+
+void int_RAND_init_engine_callbacks(void)
+ {
+ static int done = 0;
+ if (done)
+ return;
+ int_RAND_set_callbacks(eng_RAND_set_rand_method,
+ eng_RAND_get_rand_method);
+ done = 1;
+ }
+
+#endif
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index 386934d..829fb44 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
/* crypto/rand/rand_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -70,6 +70,14 @@
static ERR_STRING_DATA RAND_str_functs[]=
{
+{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
+{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
+{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
+{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
{0,NULL}
@@ -77,7 +85,17 @@
static ERR_STRING_DATA RAND_str_reasons[]=
{
+{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
+{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"},
+{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"},
+{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
+{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"},
+{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
+{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
+{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
{0,NULL}
};
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 618a8ec..18cc9b1 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -154,5 +154,16 @@
#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
#endif
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth));
+int eng_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth);
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
+#endif
+
#endif
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 513e338..da6b4e0 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -60,15 +60,82 @@
#include <time.h>
#include "cryptlib.h"
#include <openssl/rand.h>
+#include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
+
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+static const RAND_METHOD *default_RAND_meth = NULL;
+
+#ifdef OPENSSL_FIPS
+
+static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+ {
+ *pmeth = meth;
+ return 1;
+ }
+
+static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
+ {
+ if (!*pmeth)
+ {
+ if(FIPS_mode())
+ *pmeth=FIPS_rand_method();
+ else
+ *pmeth = RAND_SSLeay();
+ }
+
+ if(FIPS_mode()
+ && *pmeth != FIPS_rand_check())
+ {
+ RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+
+ return *pmeth;
+ }
+
+static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+ = fips_RAND_set_rand_method;
+static const RAND_METHOD *(*RAND_get_rand_method_func)
+ (const RAND_METHOD **pmeth)
+ = fips_RAND_get_rand_method;
+
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth))
+ {
+ RAND_set_rand_method_func = set_rand_func;
+ RAND_get_rand_method_func = get_rand_func;
+ }
+#endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+ {
+ return RAND_set_rand_method_func(meth, &default_RAND_meth);
+ }
+
+const RAND_METHOD *RAND_get_rand_method(void)
+ {
+ return RAND_get_rand_method_func(&default_RAND_meth);
+ }
+
+#else
+
#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static ENGINE *funct_ref =NULL;
#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
int RAND_set_rand_method(const RAND_METHOD *meth)
{
@@ -129,6 +196,8 @@
}
#endif
+#endif
+
void RAND_cleanup(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 6c2be5c..71b98ec 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -232,7 +232,7 @@
t.tv_sec = 0;
t.tv_usec = usec;
- if (FD_SETSIZE > 0 && fd >= FD_SETSIZE)
+ if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE)
{
/* can't use select, so just try to read once anyway */
try_read = 1;
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 6c0ec9a..d108353 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -81,10 +81,25 @@
# include <sys/stat.h>
#endif
+#ifdef _WIN32
+#define stat _stat
+#define chmod _chmod
+#define open _open
+#define fdopen _fdopen
+#endif
+
#undef BUFSIZE
#define BUFSIZE 1024
#define RAND_DATA 1024
+#ifdef OPENSSL_SYS_VMS
+/* This declaration is a nasty hack to get around vms' extension to fopen
+ * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
+static FILE *(*const vms_fopen)(const char *, const char *, ...) =
+ (FILE *(*)(const char *, const char *, ...))fopen;
+#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+#endif
+
/* #define RFILE ".rnd" - defined in ../../e_os.h */
/* Note that these functions are intended for seed files only.
@@ -106,7 +121,11 @@
RAND_add(&sb,sizeof(sb),0.0);
if (bytes == 0) return(ret);
+#ifdef OPENSSL_SYS_VMS
+ in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
+#else
in=fopen(file,"rb");
+#endif
if (in == NULL) goto err;
#if defined(S_IFBLK) && defined(S_IFCHR)
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
@@ -167,7 +186,7 @@
#endif
}
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
{
/* For some reason Win32 can't write to files created this way */
@@ -178,8 +197,34 @@
out = fdopen(fd, "wb");
}
#endif
+
+#ifdef OPENSSL_SYS_VMS
+ /* VMS NOTE: Prior versions of this routine created a _new_
+ * version of the rand file for each call into this routine, then
+ * deleted all existing versions named ;-1, and finally renamed
+ * the current version as ';1'. Under concurrent usage, this
+ * resulted in an RMS race condition in rename() which could
+ * orphan files (see vms message help for RMS$_REENT). With the
+ * fopen() calls below, openssl/VMS now shares the top-level
+ * version of the rand file. Note that there may still be
+ * conditions where the top-level rand file is locked. If so, this
+ * code will then create a new version of the rand file. Without
+ * the delete and rename code, this can result in ascending file
+ * versions that stop at version 32767, and this routine will then
+ * return an error. The remedy for this is to recode the calling
+ * application to avoid concurrent use of the rand file, or
+ * synchronize usage at the application level. Also consider
+ * whether or not you NEED a persistent rand file in a concurrent
+ * use situation.
+ */
+
+ out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
+ if (out == NULL)
+ out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
+#else
if (out == NULL)
out = fopen(file,"wb");
+#endif
if (out == NULL) goto err;
#ifndef NO_CHMOD
@@ -201,25 +246,6 @@
ret+=i;
if (n <= 0) break;
}
-#ifdef OPENSSL_SYS_VMS
- /* Try to delete older versions of the file, until there aren't
- any */
- {
- char *tmpf;
-
- tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */
- if (tmpf)
- {
- strcpy(tmpf, file);
- strcat(tmpf, ";-1");
- while(delete(tmpf) == 0)
- ;
- rename(file,";1"); /* Make sure it's version 1, or we
- will reach the limit (32767) at
- some point... */
- }
- }
-#endif /* OPENSSL_SYS_VMS */
fclose(out);
OPENSSL_cleanse(buf,BUFSIZE);