diff options
Diffstat (limited to 'usr/src/common/openssl/crypto/rand')
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/md_rand.c | 6 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/rand.h | 11 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/rand_egd.c | 10 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/rand_err.c | 16 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/rand_nw.c | 176 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/rand_unix.c | 72 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/rand_vms.c | 5 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/rand_win.c | 191 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/randfile.c | 17 | ||||
| -rw-r--r-- | usr/src/common/openssl/crypto/rand/randtest.c | 5 |
10 files changed, 379 insertions, 130 deletions
diff --git a/usr/src/common/openssl/crypto/rand/md_rand.c b/usr/src/common/openssl/crypto/rand/md_rand.c index eeffc0df4c..6e10f6ef67 100644 --- a/usr/src/common/openssl/crypto/rand/md_rand.c +++ b/usr/src/common/openssl/crypto/rand/md_rand.c @@ -300,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) * other thread's seeding remains without effect (except for * the incremented counter). By XORing it we keep at least as * much entropy as fits into md. */ - for (k = 0; k < sizeof md; k++) + for (k = 0; k < (int)sizeof(md); k++) { md[k] ^= local_md[k]; } @@ -315,7 +315,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) static void ssleay_rand_seed(const void *buf, int num) { - ssleay_rand_add(buf, num, num); + ssleay_rand_add(buf, num, (double)num); } static int ssleay_rand_bytes(unsigned char *buf, int num) @@ -520,7 +520,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) - (void)ERR_get_error(); + ERR_clear_error(); } return (ret); } diff --git a/usr/src/common/openssl/crypto/rand/rand.h b/usr/src/common/openssl/crypto/rand/rand.h index 606382dd21..ac6c021763 100644 --- a/usr/src/common/openssl/crypto/rand/rand.h +++ b/usr/src/common/openssl/crypto/rand/rand.h @@ -71,7 +71,14 @@ extern "C" { #endif -typedef struct rand_meth_st +#if defined(OPENSSL_FIPS) +#define FIPS_RAND_SIZE_T size_t +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct rand_meth_st RAND_METHOD; */ + +struct rand_meth_st { void (*seed)(const void *buf, int num); int (*bytes)(unsigned char *buf, int num); @@ -79,7 +86,7 @@ typedef struct rand_meth_st void (*add)(const void *buf, int num, double entropy); int (*pseudorand)(unsigned char *buf, int num); int (*status)(void); - } RAND_METHOD; + }; #ifdef BN_DEBUG extern int rand_predictable; diff --git a/usr/src/common/openssl/crypto/rand/rand_egd.c b/usr/src/common/openssl/crypto/rand/rand_egd.c index 6f742900a0..50bce6caba 100644 --- a/usr/src/common/openssl/crypto/rand/rand_egd.c +++ b/usr/src/common/openssl/crypto/rand/rand_egd.c @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); @@ -216,7 +216,9 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) while (numbytes != 1) { num = read(fd, egdbuf, 1); - if (num >= 0) + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) numbytes += num; else { @@ -246,7 +248,9 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) while (numbytes != egdbuf[0]) { num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); - if (num >= 0) + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) numbytes += num; else { diff --git a/usr/src/common/openssl/crypto/rand/rand_err.c b/usr/src/common/openssl/crypto/rand/rand_err.c index b77267e213..b2f2448b66 100644 --- a/usr/src/common/openssl/crypto/rand/rand_err.c +++ b/usr/src/common/openssl/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,16 +64,20 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) + static ERR_STRING_DATA RAND_str_functs[]= { -{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, -{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, +{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, +{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} }; static ERR_STRING_DATA RAND_str_reasons[]= { -{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, +{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, {0,NULL} }; @@ -87,8 +91,8 @@ void ERR_load_RAND_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); - ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); + ERR_load_strings(0,RAND_str_functs); + ERR_load_strings(0,RAND_str_reasons); #endif } diff --git a/usr/src/common/openssl/crypto/rand/rand_nw.c b/usr/src/common/openssl/crypto/rand/rand_nw.c new file mode 100644 index 0000000000..ba57812788 --- /dev/null +++ b/usr/src/common/openssl/crypto/rand/rand_nw.c @@ -0,0 +1,176 @@ +/* crypto/rand/rand_nw.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include <openssl/rand.h> +#include "rand_lcl.h" + +#if defined (OPENSSL_SYS_NETWARE) + +#if defined(NETWARE_LIBC) +#include <nks/thread.h> +#endif + +extern long RunningProcess; + + /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed + */ +int RAND_poll(void) +{ + unsigned long l; + unsigned long tsc; + int i; + + /* There are several options to gather miscellaneous data + * but for now we will loop checking the time stamp counter (rdtsc) and + * the SuperHighResolutionTimer. Each iteration will collect 8 bytes + * of data but it is treated as only 1 byte of entropy. The call to + * ThreadSwitchWithDelay() will introduce additional variability into + * the data returned by rdtsc. + * + * Applications can agument the seed material by adding additional + * stuff with RAND_add() and should probably do so. + */ + l = GetProcessSwitchCount(); + RAND_add(&l,sizeof(l),1); + + l=RunningProcess; + RAND_add(&l,sizeof(l),1); + + for( i=2; i<ENTROPY_NEEDED; i++) + { +#ifdef __MWERKS__ + asm + { + rdtsc + mov tsc, eax + } +#else + asm volatile("rdtsc":"=A" (tsc)); +#endif + + RAND_add(&tsc, sizeof(tsc), 1); + + l = GetSuperHighResolutionTimer(); + RAND_add(&l, sizeof(l), 0); + +# if defined(NETWARE_LIBC) + NXThreadYield(); +# else /* NETWARE_CLIB */ + ThreadSwitchWithDelay(); +# endif + } + + return 1; +} + +#endif + diff --git a/usr/src/common/openssl/crypto/rand/rand_unix.c b/usr/src/common/openssl/crypto/rand/rand_unix.c index ea93fcb95b..197d50645e 100644 --- a/usr/src/common/openssl/crypto/rand/rand_unix.c +++ b/usr/src/common/openssl/crypto/rand/rand_unix.c @@ -108,29 +108,34 @@ * Hudson (tjh@cryptsoft.com). * */ + /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ + #pragma ident "%Z%%M% %I% %E% SMI" +#include <stdio.h> + #define USE_SOCKETS #include "e_os.h" #include "cryptlib.h" #include <openssl/rand.h> #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) -#include <sys/types.h> -#include <sys/time.h> -#include <sys/times.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/times.h> +#include <sys/stat.h> #ifdef _BOOT #include <sys/fcntl.h> #else #include <fcntl.h> #endif -#include <unistd.h> +#include <unistd.h> #include <time.h> #ifdef __OpenBSD__ @@ -160,9 +165,10 @@ int RAND_poll(void) int n = 0; #endif #ifdef DEVRANDOM - static const char *randomfiles[] = { DEVRANDOM, NULL }; - const char **randomfile = NULL; + static const char *randomfiles[] = { DEVRANDOM }; + struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; int fd; + size_t i; #endif #ifdef DEVRANDOM_EGD static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; @@ -170,36 +176,43 @@ int RAND_poll(void) #endif #ifdef DEVRANDOM + memset(randomstats,0,sizeof(randomstats)); /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD * have this. Use /dev/urandom if you can as /dev/random may block * if it runs out of random entries. */ - for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++) + for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++) { - int oflag = O_RDONLY|O_NONBLOCK; + if ((fd = open(randomfiles[i], O_RDONLY +#ifdef O_NONBLOCK + |O_NONBLOCK +#endif +#ifdef O_BINARY + |O_BINARY +#endif #ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it our controlling tty */ - oflag|=O_NOCTTY; + |O_NOCTTY #endif -#ifdef O_NOFOLLOW - /* - * Fail if the file is a symbolic link, but only if it - * isn't in /dev/. The /dev/ test is neccessary because - * some systems have symlinks in /dev that point to the - * real device char device - * eg on Solaris - * /dev/random -> ../devices/pseudo/random@0:random - * /dev/urandom -> ../devices/pseudo/random@0:urandom - */ - if (strncmp(*randomfile, "/dev/", 5) != 0) - oflag|=O_NOFOLLOW; -#endif - if ((fd = open(*randomfile, oflag)) >= 0) + )) >= 0) { struct timeval t = { 0, 10*1000 }; /* Spend 10ms on each file. */ int r; + size_t j; fd_set fset; + struct stat *st=&randomstats[i]; + + /* Avoid using same input... Used to be O_NOFOLLOW + * above, but it's not universally appropriate... */ + if (fstat(fd,st) != 0) { close(fd); continue; } + for (j=0;j<i;j++) + { + if (randomstats[j].st_ino==st->st_ino && + randomstats[j].st_dev==st->st_dev) + break; + } + if (j<i) { close(fd); continue; } do { @@ -207,6 +220,7 @@ int RAND_poll(void) FD_ZERO(&fset); FD_SET(fd, &fset); r = -1; + if (select(fd+1,&fset,NULL,NULL,&t) < 0) t.tv_usec=0; else if (FD_ISSET(fd, &fset)) @@ -257,7 +271,7 @@ int RAND_poll(void) #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) if (n > 0) { - RAND_add(tmpbuf,sizeof tmpbuf,n); + RAND_add(tmpbuf,sizeof tmpbuf,(double)n); OPENSSL_cleanse(tmpbuf,n); } #endif @@ -265,12 +279,12 @@ int RAND_poll(void) #ifndef _BOOT /* put in some default random data, we need more than just this */ l=curr_pid; - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); l=getuid(); - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); l=time(NULL); - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); #endif /* !_BOOT */ #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) diff --git a/usr/src/common/openssl/crypto/rand/rand_vms.c b/usr/src/common/openssl/crypto/rand/rand_vms.c index 29b2d7af0b..1267a3acae 100644 --- a/usr/src/common/openssl/crypto/rand/rand_vms.c +++ b/usr/src/common/openssl/crypto/rand/rand_vms.c @@ -101,11 +101,12 @@ int RAND_poll(void) pitem = item; /* Setup */ - while (pitems_data->length) + while (pitems_data->length + && (total_length + pitems_data->length <= 256)) { pitem->length = pitems_data->length; pitem->code = pitems_data->code; - pitem->buffer = (long *)data_buffer[total_length]; + pitem->buffer = (long *)&data_buffer[total_length]; pitem->retlen = 0; total_length += pitems_data->length; pitems_data++; diff --git a/usr/src/common/openssl/crypto/rand/rand_win.c b/usr/src/common/openssl/crypto/rand/rand_win.c index 3584842224..692a13eac5 100644 --- a/usr/src/common/openssl/crypto/rand/rand_win.c +++ b/usr/src/common/openssl/crypto/rand/rand_win.c @@ -121,11 +121,15 @@ #include <wincrypt.h> #include <tlhelp32.h> +/* Limit the time spent walking through the heap, processes, threads and modules to + a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */ +#define MAXDELAY 1000 + /* Intel hardware RNG CSP -- available from * http://developer.intel.com/design/security/rng/redist_license.htm */ #define PROV_INTEL_SEC 22 -#define INTEL_DEF_PROV TEXT("Intel Hardware Cryptographic Service Provider") +#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" static void readtimer(void); static void readscreen(void); @@ -152,7 +156,8 @@ typedef struct tagCURSORINFO #define CURSOR_SHOWING 0x00000001 #endif /* CURSOR_SHOWING */ -typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR, +#if !defined(OPENSSL_SYS_WINCE) +typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, DWORD, DWORD); typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD); @@ -163,7 +168,7 @@ typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); -typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); +typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, SIZE_T); typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); @@ -171,9 +176,7 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include <lmcons.h> -#ifndef OPENSSL_SYS_WINCE #include <lmstats.h> -#endif #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was * was added to the Platform SDK to allow the NET API to be used in @@ -184,26 +187,14 @@ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); #endif /* 1 */ +#endif /* !OPENSSL_SYS_WINCE */ int RAND_poll(void) { MEMORYSTATUS m; HCRYPTPROV hProvider = 0; - BYTE buf[64]; DWORD w; - HWND h; - - HMODULE advapi, kernel, user, netapi; - CRYPTACQUIRECONTEXT acquire = 0; - CRYPTGENRANDOM gen = 0; - CRYPTRELEASECONTEXT release = 0; -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ - NETSTATGET netstatget = 0; - NETFREE netfree = 0; -#endif /* 1 */ + int good = 0; /* Determine the OS version we are on so we can turn off things * that do not work properly. @@ -212,32 +203,54 @@ int RAND_poll(void) osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; GetVersionEx( &osverinfo ) ; -#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO +#if defined(OPENSSL_SYS_WINCE) +# if defined(_WIN32_WCE) && _WIN32_WCE>=300 +/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available + * in commonly available implementations prior 300... */ + { + BYTE buf[64]; /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) + if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { if (CryptGenRandom(hProvider, sizeof(buf), buf)) RAND_add(buf, sizeof(buf), sizeof(buf)); CryptReleaseContext(hProvider, 0); } -#endif - + } +# endif +#else /* OPENSSL_SYS_WINCE */ + /* + * None of below libraries are present on Windows CE, which is + * why we #ifndef the whole section. This also excuses us from + * handling the GetProcAddress issue. The trouble is that in + * real Win32 API GetProcAddress is available in ANSI flavor + * only. In WinCE on the other hand GetProcAddress is a macro + * most commonly defined as GetProcAddressW, which accepts + * Unicode argument. If we were to call GetProcAddress under + * WinCE, I'd recommend to either redefine GetProcAddress as + * GetProcAddressA (there seem to be one in common CE spec) or + * implement own shim routine, which would accept ANSI argument + * and expand it to Unicode. + */ + { /* load functions dynamically - not available on all systems */ - advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); - kernel = LoadLibrary(TEXT("KERNEL32.DLL")); - user = LoadLibrary(TEXT("USER32.DLL")); - netapi = LoadLibrary(TEXT("NETAPI32.DLL")); - -#ifndef OPENSSL_SYS_WINCE -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ + HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); + HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + HMODULE user = NULL; + HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); + CRYPTACQUIRECONTEXTW acquire = NULL; + CRYPTGENRANDOM gen = NULL; + CRYPTRELEASECONTEXT release = NULL; + NETSTATGET netstatget = NULL; + NETFREE netfree = NULL; + BYTE buf[64]; + if (netapi) { - netstatget = (NETSTATGET) GetProcAddress(netapi,TEXT("NetStatisticsGet")); - netfree = (NETFREE) GetProcAddress(netapi,TEXT("NetApiBufferFree")); + netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); + netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); } if (netstatget && netfree) @@ -263,10 +276,7 @@ int RAND_poll(void) if (netapi) FreeLibrary(netapi); -#endif /* 1 */ -#endif /* !OPENSSL_SYS_WINCE */ - -#ifndef OPENSSL_SYS_WINCE + /* It appears like this can cause an exception deep within ADVAPI32.DLL * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. @@ -321,28 +331,33 @@ int RAND_poll(void) free(buf); } #endif -#endif /* !OPENSSL_SYS_WINCE */ if (advapi) { - acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi, - TEXT("CryptAcquireContextA")); + /* + * If it's available, then it's available in both ANSI + * and UNICODE flavors even in Win9x, documentation says. + * We favor Unicode... + */ + acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, + "CryptAcquireContextW"); gen = (CRYPTGENRANDOM) GetProcAddress(advapi, - TEXT("CryptGenRandom")); + "CryptGenRandom"); release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, - TEXT("CryptReleaseContext")); + "CryptReleaseContext"); } if (acquire && gen && release) { /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, + if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), 0); + good = 1; #if 0 printf("randomness from PROV_RSA_FULL\n"); #endif @@ -356,6 +371,7 @@ int RAND_poll(void) if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), sizeof(buf)); + good = 1; #if 0 printf("randomness from PROV_INTEL_SEC\n"); #endif @@ -367,31 +383,22 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - /* timer data */ - readtimer(); - - /* memory usage statistics */ - GlobalMemoryStatus(&m); - RAND_add(&m, sizeof(m), 1); - - /* process ID */ - w = GetCurrentProcessId(); - RAND_add(&w, sizeof(w), 1); - - if (user) + if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + !OPENSSL_isservice()) && + (user = LoadLibrary(TEXT("USER32.DLL")))) { GETCURSORINFO cursor; GETFOREGROUNDWINDOW win; GETQUEUESTATUS queue; - win = (GETFOREGROUNDWINDOW) GetProcAddress(user, TEXT("GetForegroundWindow")); - cursor = (GETCURSORINFO) GetProcAddress(user, TEXT("GetCursorInfo")); - queue = (GETQUEUESTATUS) GetProcAddress(user, TEXT("GetQueueStatus")); + win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); + cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); + queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); if (win) { /* window handle */ - h = win(); + HWND h = win(); RAND_add(&h, sizeof(h), 0); } if (cursor) @@ -456,21 +463,22 @@ int RAND_poll(void) PROCESSENTRY32 p; THREADENTRY32 t; MODULEENTRY32 m; + DWORD stoptime = 0; snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); + GetProcAddress(kernel, "CreateToolhelp32Snapshot"); close_snap = (CLOSETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot")); - heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); - heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); - heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); - heaplist_next = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListNext")); - process_first = (PROCESS32) GetProcAddress(kernel, TEXT("Process32First")); - process_next = (PROCESS32) GetProcAddress(kernel, TEXT("Process32Next")); - thread_first = (THREAD32) GetProcAddress(kernel, TEXT("Thread32First")); - thread_next = (THREAD32) GetProcAddress(kernel, TEXT("Thread32Next")); - module_first = (MODULE32) GetProcAddress(kernel, TEXT("Module32First")); - module_next = (MODULE32) GetProcAddress(kernel, TEXT("Module32Next")); + GetProcAddress(kernel, "CloseToolhelp32Snapshot"); + heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); + heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); + heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); + heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); + process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); + process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); + thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); + thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); + module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); + module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); if (snap && heap_first && heap_next && heaplist_first && heaplist_next && process_first && process_next && @@ -487,6 +495,7 @@ int RAND_poll(void) * of entropy. */ hlist.dwSize = sizeof(HEAPLIST32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (heaplist_first(handle, &hlist)) do { @@ -504,18 +513,20 @@ int RAND_poll(void) && --entrycnt > 0); } } while (heaplist_next(handle, - &hlist)); - + &hlist) && GetTickCount() < stoptime); + /* process walking */ /* PROCESSENTRY32 contains 9 fields that will change * with each entry. Consider each field a source of * 1 byte of entropy. */ p.dwSize = sizeof(PROCESSENTRY32); + + if (good) stoptime = GetTickCount() + MAXDELAY; if (process_first(handle, &p)) do RAND_add(&p, p.dwSize, 9); - while (process_next(handle, &p)); + while (process_next(handle, &p) && GetTickCount() < stoptime); /* thread walking */ /* THREADENTRY32 contains 6 fields that will change @@ -523,10 +534,11 @@ int RAND_poll(void) * 1 byte of entropy. */ t.dwSize = sizeof(THREADENTRY32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (thread_first(handle, &t)) do RAND_add(&t, t.dwSize, 6); - while (thread_next(handle, &t)); + while (thread_next(handle, &t) && GetTickCount() < stoptime); /* module walking */ /* MODULEENTRY32 contains 9 fields that will change @@ -534,18 +546,34 @@ int RAND_poll(void) * 1 byte of entropy. */ m.dwSize = sizeof(MODULEENTRY32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (module_first(handle, &m)) do RAND_add(&m, m.dwSize, 9); - while (module_next(handle, &m)); + while (module_next(handle, &m) + && (GetTickCount() < stoptime)); if (close_snap) close_snap(handle); else CloseHandle(handle); + } FreeLibrary(kernel); } + } +#endif /* !OPENSSL_SYS_WINCE */ + + /* timer data */ + readtimer(); + + /* memory usage statistics */ + GlobalMemoryStatus(&m); + RAND_add(&m, sizeof(m), 1); + + /* process ID */ + w = GetCurrentProcessId(); + RAND_add(&w, sizeof(w), 1); #if 0 printf("Exiting RAND_poll\n"); @@ -607,7 +635,7 @@ static void readtimer(void) DWORD w; LARGE_INTEGER l; static int have_perfc = 1; -#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE) +#if defined(_MSC_VER) && defined(_M_X86) static int have_tsc = 1; DWORD cyclecount; @@ -660,7 +688,7 @@ static void readtimer(void) static void readscreen(void) { -#ifndef OPENSSL_SYS_WINCE +#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) HDC hScrDC; /* screen DC */ HDC hMemDC; /* memory DC */ HBITMAP hBitmap; /* handle for our bitmap */ @@ -673,6 +701,9 @@ static void readscreen(void) int y; /* y-coordinate of screen lines to grab */ int n = 16; /* number of screen lines to grab at a time */ + if (GetVersion() >= 0x80000000 || !OPENSSL_isservice()) + return; + /* Create a screen DC and a memory DC compatible to screen DC */ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); hMemDC = CreateCompatibleDC(hScrDC); diff --git a/usr/src/common/openssl/crypto/rand/randfile.c b/usr/src/common/openssl/crypto/rand/randfile.c index 44ddf21750..b52d9e836b 100644 --- a/usr/src/common/openssl/crypto/rand/randfile.c +++ b/usr/src/common/openssl/crypto/rand/randfile.c @@ -56,9 +56,16 @@ * [including the GNU Public Licence.] */ -/* We need to define this to get macros like S_ISBLK and S_ISCHR */ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* We need to define this to get macros like S_IFBLK and S_IFCHR */ #ifndef _BOOT -#define _XOPEN_SOURCE 1 +#define _XOPEN_SOURCE 500 #endif /* _BOOT */ #include <errno.h> @@ -106,7 +113,7 @@ int RAND_load_file(const char *file, long bytes) i=stat(file,&sb); /* If the state fails, put some crap in anyway */ - RAND_add(&sb,sizeof(sb),0); + RAND_add(&sb,sizeof(sb),0.0); if (i < 0) return(0); if (bytes == 0) return(ret); @@ -131,7 +138,7 @@ int RAND_load_file(const char *file, long bytes) i=fread(buf,1,n,in); if (i <= 0) break; /* even if n != i, use the full array */ - RAND_add(buf,n,i); + RAND_add(buf,n,(double)i); ret+=i; if (bytes > 0) { @@ -168,6 +175,7 @@ int RAND_write_file(const char *file) } #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) + { /* For some reason Win32 can't write to files created this way */ /* chmod(..., 0600) is too late to protect the file, @@ -175,6 +183,7 @@ int RAND_write_file(const char *file) int fd = open(file, O_CREAT, 0600); if (fd != -1) out = fdopen(fd, "wb"); + } #endif if (out == NULL) out = fopen(file,"wb"); diff --git a/usr/src/common/openssl/crypto/rand/randtest.c b/usr/src/common/openssl/crypto/rand/randtest.c index 701932e6ee..9e92a70b03 100644 --- a/usr/src/common/openssl/crypto/rand/randtest.c +++ b/usr/src/common/openssl/crypto/rand/randtest.c @@ -65,7 +65,7 @@ /* some FIPS 140-1 random number test */ /* some simple tests */ -int main() +int main(int argc,char **argv) { unsigned char buf[2500]; int i,j,k,s,sign,nsign,err=0; @@ -211,6 +211,9 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } |