X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Frand%2Fmd_rand.c;h=0f8dd3e00faf3d8afcfc11944577ea579af08d67;hb=e852835da62e256c9e9873467ab8d9d174c4f2d6;hp=6d7f37e15e648c659de7c3d88bf49d95f75bfbe5;hpb=daba492c3a461bbcc0df69d609124936a19205f6;p=oweals%2Fopenssl.git

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 6d7f37e15e..0f8dd3e00f 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -126,6 +126,10 @@
 
 #include <openssl/crypto.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 
 #ifdef BN_DEBUG
 # define PREDICT
@@ -152,7 +156,7 @@ static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
 int rand_predictable=0;
 #endif
 
-const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
+const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
 
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
@@ -177,10 +181,10 @@ RAND_METHOD *RAND_SSLeay(void)
 
 static void ssleay_rand_cleanup(void)
 	{
-	memset(state,0,sizeof(state));
+	OPENSSL_cleanse(state,sizeof(state));
 	state_num=0;
 	state_index=0;
-	memset(md,0,MD_DIGEST_LENGTH);
+	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
 	md_count[0]=0;
 	md_count[1]=0;
 	entropy=0;
@@ -192,7 +196,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 	int i,j,k,st_idx;
 	long md_c[2];
 	unsigned char local_md[MD_DIGEST_LENGTH];
-	MD_CTX m;
+	EVP_MD_CTX m;
 	int do_not_lock;
 
 	/*
@@ -254,6 +258,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 
 	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
+	EVP_MD_CTX_init(&m);
 	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
 		{
 		j=(num-i);
@@ -292,14 +297,14 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 				st_idx=0;
 			}
 		}
-	memset((char *)&m,0,sizeof(m));
+	EVP_MD_CTX_cleanup(&m);
 
 	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	/* Don't just copy back local_md into md -- this could mean that
 	 * other thread's seeding remains without effect (except for
 	 * the incremented counter).  By XORing it we keep at least as
 	 * much entropy as fits into md. */
-	for (k = 0; k < sizeof md; k++)
+	for (k = 0; k < (int)sizeof(md); k++)
 		{
 		md[k] ^= local_md[k];
 		}
@@ -314,7 +319,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 
 static void ssleay_rand_seed(const void *buf, int num)
 	{
-	ssleay_rand_add(buf, num, num);
+	ssleay_rand_add(buf, num, (double)num);
 	}
 
 static int ssleay_rand_bytes(unsigned char *buf, int num)
@@ -325,12 +330,20 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	int ok;
 	long md_c[2];
 	unsigned char local_md[MD_DIGEST_LENGTH];
-	MD_CTX m;
+	EVP_MD_CTX m;
 #ifndef GETPID_IS_MEANINGLESS
 	pid_t curr_pid = getpid();
 #endif
 	int do_stir_pool = 0;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_mode())
+	    {
+	    FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
+	    return 0;
+	    }
+#endif
+
 #ifdef PREDICT
 	if (rand_predictable)
 		{
@@ -344,7 +357,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 
 	if (num <= 0)
 		return 1;
-	
+
+	EVP_MD_CTX_init(&m);
 	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
 	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
 
@@ -493,7 +507,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	MD_Final(&m,md);
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
-	memset(&m,0,sizeof(m));
+	EVP_MD_CTX_cleanup(&m);
 	if (ok)
 		return(1);
 	else
@@ -518,7 +532,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
 		err = ERR_peek_error();
 		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
 		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
-			(void)ERR_get_error();
+			ERR_clear_error();
 		}
 	return (ret);
 	}