*
*/
+#define OPENSSL_FIPSEVP
+
#ifdef MD_RAND_DEBUG
# ifndef NDEBUG
# define NDEBUG
const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
static void ssleay_rand_cleanup(void);
-static void ssleay_rand_seed(const void *buf, int num);
-static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_seed(const void *buf, int num);
+static int ssleay_rand_add(const void *buf, int num, double add_entropy);
+static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo);
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
static int ssleay_rand_status(void);
RAND_METHOD rand_ssleay_meth={
ssleay_rand_seed,
- ssleay_rand_bytes,
+ ssleay_rand_nopseudo_bytes,
ssleay_rand_cleanup,
ssleay_rand_add,
ssleay_rand_pseudo_bytes,
initialized=0;
}
-static void ssleay_rand_add(const void *buf, int num, double add)
+static int ssleay_rand_add(const void *buf, int num, double add)
{
int i,j,k,st_idx;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
EVP_MD_CTX m;
int do_not_lock;
+ int rv = 0;
/*
* (Based on the rand(3) manpage)
* hash function.
*/
+ EVP_MD_CTX_init(&m);
/* check if we already have the lock */
if (crypto_lock_rand)
{
if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- EVP_MD_CTX_init(&m);
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
{
j=(num-i);
j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
- MD_Init(&m);
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+ if (!MD_Init(&m))
+ goto err;
+ if (!MD_Update(&m,local_md,MD_DIGEST_LENGTH))
+ goto err;
k=(st_idx+j)-STATE_SIZE;
if (k > 0)
{
- MD_Update(&m,&(state[st_idx]),j-k);
- MD_Update(&m,&(state[0]),k);
+ if (!MD_Update(&m,&(state[st_idx]),j-k))
+ goto err;
+ if (!MD_Update(&m,&(state[0]),k))
+ goto err;
}
else
- MD_Update(&m,&(state[st_idx]),j);
+ if (!MD_Update(&m,&(state[st_idx]),j))
+ goto err;
/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
- MD_Update(&m,buf,j);
+ if (!MD_Update(&m,buf,j))
+ goto err;
/* We know that line may cause programs such as
purify and valgrind to complain about use of
uninitialized data. The problem is not, it's
sure you get really bad randomness and thereby
other problems such as very insecure keys. */
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- MD_Final(&m,local_md);
+ if (!MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)))
+ goto err;
+ if (!MD_Final(&m,local_md))
+ goto err;
md_c[1]++;
buf=(const char *)buf + j;
st_idx=0;
}
}
- EVP_MD_CTX_cleanup(&m);
if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* Don't just copy back local_md into md -- this could mean that
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
assert(md_c[1] == md_count[1]);
#endif
+ rv = 1;
+ err:
+ EVP_MD_CTX_cleanup(&m);
+ return rv;
}
-static void ssleay_rand_seed(const void *buf, int num)
+static int ssleay_rand_seed(const void *buf, int num)
{
- ssleay_rand_add(buf, num, (double)num);
+ return ssleay_rand_add(buf, num, (double)num);
}
-static int ssleay_rand_bytes(unsigned char *buf, int num)
+static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
{
static volatile int stirred_pool = 0;
int i,j,k,st_num,st_idx;
/* num_ceil -= MD_DIGEST_LENGTH/2 */
j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
num-=j;
- MD_Init(&m);
+ if (!MD_Init(&m))
+ goto err;
#ifndef GETPID_IS_MEANINGLESS
if (curr_pid) /* just in the first iteration to save time */
{
- MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
+ if (!MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid))
+ goto err;
curr_pid = 0;
}
#endif
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+ if (!MD_Update(&m,local_md,MD_DIGEST_LENGTH))
+ goto err;
+ if (!MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)))
+ goto err;
#ifndef PURIFY /* purify complains */
- /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
- MD_Update(&m,buf,j);
- /* We know that line may cause programs such as
- purify and valgrind to complain about use of
- uninitialized data. */
+ /* The following line uses the supplied buffer as a small
+ * source of entropy: since this buffer is often uninitialised
+ * it may cause programs such as purify or valgrind to
+ * complain. So for those builds it is not used: the removal
+ * of such a small source of entropy has negligible impact on
+ * security.
+ */
+ if (!MD_Update(&m,buf,j))
+ goto err;
#endif
k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
if (k > 0)
{
- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
- MD_Update(&m,&(state[0]),k);
+ if (!MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k))
+ goto err;
+ if (!MD_Update(&m,&(state[0]),k))
+ goto err;
}
else
- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
- MD_Final(&m,local_md);
+ if (!MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2))
+ goto err;
+ if (!MD_Final(&m,local_md))
+ goto err;
for (i=0; i<MD_DIGEST_LENGTH/2; i++)
{
}
}
- MD_Init(&m);
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+ if (!MD_Init(&m)
+ || !MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c))
+ || !MD_Update(&m,local_md,MD_DIGEST_LENGTH))
+ goto err;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- MD_Update(&m,md,MD_DIGEST_LENGTH);
- MD_Final(&m,md);
+ if (!MD_Update(&m,md,MD_DIGEST_LENGTH) || !MD_Final(&m,md))
+ {
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ goto err;
+ }
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
EVP_MD_CTX_cleanup(&m);
if (ok)
return(1);
- else
+ else if (pseudo)
+ return 0;
+ else
{
RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
"http://www.openssl.org/support/faq.html");
return(0);
}
+ err:
+ EVP_MD_CTX_cleanup(&m);
+ RANDerr(RAND_F_SSLEAY_RAND_BYTES,ERR_R_EVP_LIB);
+ return 0;
+
+ }
+
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
+ {
+ return ssleay_rand_bytes(buf, num, 0);
}
/* pseudo-random bytes that are guaranteed to be unique but not
unpredictable */
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
{
- int ret;
- unsigned long err;
-
- ret = RAND_bytes(buf, num);
- if (ret == 0)
- {
- err = ERR_peek_error();
- if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
- ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
- ERR_clear_error();
- }
- return (ret);
+ return ssleay_rand_bytes(buf, num, 1);
}
static int ssleay_rand_status(void)