Upgrade chrome's OpenSSL to same version Android ships with.

openssl/crypto/rand/md_rand.c

 /* crypto/rand/md_rand.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
  * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
@@ skipping 108 matching lines @@
 #include <stdio.h>
 #include <string.h>
 
 #include "e_os.h"
 
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 
 #ifdef BN_DEBUG
 # define PREDICT
 #endif
 
 /* #define PREDICT      1 */
 
 #define STATE_SIZE      1023
 static int state_num=0,state_index=0;
 static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
 static long md_count[2]={0,0};
 static double entropy=0;
 static int initialized=0;
 
 static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
                                            * holds CRYPTO_LOCK_RAND
                                            * (to prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
 
 
 #ifdef PREDICT
 int rand_predictable=0;
 #endif
 
 const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
 
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
@@ skipping 47 matching lines @@
          * the current 'block', the new key data 'block', and 'count'
          * (which is incremented after each use).
          * The result of this is kept in 'md' and also xored into the
          * 'state' at the same locations that were used as input into the
          * hash function.
          */
 
         /* check if we already have the lock */
         if (crypto_lock_rand)
                 {
+                CRYPTO_THREADID cur;
+                CRYPTO_THREADID_current(&cur);
                 CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                 CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                 }
         else
                 do_not_lock = 0;
 
         if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
         st_idx=state_index;
 
         /* use our own copies of the counters so that even
          * if a concurrent thread seeds with exactly the
@@ skipping 35 matching lines @@
                 MD_Init(&m);
                 MD_Update(&m,local_md,MD_DIGEST_LENGTH);
                 k=(st_idx+j)-STATE_SIZE;
                 if (k > 0)
                         {
                         MD_Update(&m,&(state[st_idx]),j-k);
                         MD_Update(&m,&(state[0]),k);
                         }
                 else
                         MD_Update(&m,&(state[st_idx]),j);
-                        
+
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
                 MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  The problem is not, it's
+                   with the caller.  Removing that line will make
+                   sure you get really bad randomness and thereby
+                   other problems such as very insecure keys. */
+
                 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
                 MD_Final(&m,local_md);
                 md_c[1]++;
 
                 buf=(const char *)buf + j;
 
                 for (k=0; k<j; k++)
                         {
                         /* Parallel threads may interfere with this,
                          * but always each byte of the new state is
@@ skipping 40 matching lines @@
         int num_ceil;
         int ok;
         long md_c[2];
         unsigned char local_md[MD_DIGEST_LENGTH];
         EVP_MD_CTX m;
 #ifndef GETPID_IS_MEANINGLESS
         pid_t curr_pid = getpid();
 #endif
         int do_stir_pool = 0;
 
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode())
-            {
-            FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
-            return 0;
-            }
-#endif
-
 #ifdef PREDICT
         if (rand_predictable)
                 {
                 static unsigned char val=0;
 
                 for (i=0; i<num; i++)
                         buf[i]=val++;
                 return(1);
                 }
 #endif
@@ skipping 20 matching lines @@
          * Finally, after we have finished 'num' random bytes for the
          * caller, 'count' (which is incremented) and the local and global 'md'
          * are fed into the hash function and the results are kept in the
          * global 'md'.
          */
 
         CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
         /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
         CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-        locking_thread = CRYPTO_thread_id();
+        CRYPTO_THREADID_current(&locking_threadid);
         CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
         crypto_lock_rand = 1;
 
         if (!initialized)
                 {
                 RAND_poll();
                 initialized = 1;
                 }
         
         if (!stirred_pool)
@@ skipping 71 matching lines @@
                 MD_Init(&m);
 #ifndef GETPID_IS_MEANINGLESS
                 if (curr_pid) /* just in the first iteration to save time */
                         {
                         MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
                         curr_pid = 0;
                         }
 #endif
                 MD_Update(&m,local_md,MD_DIGEST_LENGTH);
                 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-#ifndef PURIFY
-                MD_Update(&m,buf,j); /* purify complains */
+
+#ifndef PURIFY /* purify complains */
+                /* The following line uses the supplied buffer as a small
+                 * source of entropy: since this buffer is often uninitialised
+                 * it may cause programs such as purify or valgrind to
+                 * complain. So for those builds it is not used: the removal
+                 * of such a small source of entropy has negligible impact on
+                 * security.
+                 */
+                MD_Update(&m,buf,j);
 #endif
+
                 k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
                 if (k > 0)
                         {
                         MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
                         MD_Update(&m,&(state[0]),k);
                         }
                 else
                         MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
                 MD_Final(&m,local_md);
 
@@ skipping 40 matching lines @@
                 err = ERR_peek_error();
                 if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
                     ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
                         ERR_clear_error();
                 }
         return (ret);
         }
 
 static int ssleay_rand_status(void)
         {
+        CRYPTO_THREADID cur;
         int ret;
         int do_not_lock;
 
+        CRYPTO_THREADID_current(&cur);
         /* check if we already have the lock
          * (could happen if a RAND_poll() implementation calls RAND_status()) */
         if (crypto_lock_rand)
                 {
                 CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                 CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                 }
         else
                 do_not_lock = 0;
         
         if (!do_not_lock)
                 {
                 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
                 
                 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
                 CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-                locking_thread = CRYPTO_thread_id();
+                CRYPTO_THREADID_cpy(&locking_threadid, &cur);
                 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
                 crypto_lock_rand = 1;
                 }
         
         if (!initialized)
                 {
                 RAND_poll();
                 initialized = 1;
                 }
 
         ret = entropy >= ENTROPY_NEEDED;
 
         if (!do_not_lock)
                 {
                 /* before unlocking, we must clear 'crypto_lock_rand' */
                 crypto_lock_rand = 0;
                 
                 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
                 }
         
         return ret;
         }