diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-10-29 13:48:53 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-10-30 23:25:30 +0100 |
commit | 4011bab1f85d4429bad1e9388bed90a8d0da5639 (patch) | |
tree | e1e49d24670bd8221c5d702a6c0509d6c3f4bf31 /crypto/rand/drbg_lib.c | |
parent | 6e46c065b9b97212d63ef1f321b08fb7fa6b320d (diff) | |
download | openssl-4011bab1f85d4429bad1e9388bed90a8d0da5639.tar.gz |
Fix a race condition in drbg_add
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7523)
Diffstat (limited to 'crypto/rand/drbg_lib.c')
-rw-r--r-- | crypto/rand/drbg_lib.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 4a666040c8..c4ecf0c97e 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1079,6 +1079,7 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; + rand_drbg_lock(drbg); seedlen = rand_drbg_seedlen(drbg); buflen = (size_t)num; @@ -1090,10 +1091,13 @@ static int drbg_add(const void *buf, int num, double randomness) * inevitably. So we use a trick to mix the buffer contents into * the DRBG state without forcing a reseeding: we generate a * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. */ unsigned char dummy[1]; - return RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); + ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); + rand_drbg_unlock(drbg); + return ret; #else /* * If an os entropy source is avaible then we declare the buffer content @@ -1117,7 +1121,6 @@ static int drbg_add(const void *buf, int num, double randomness) randomness = (double)seedlen; } - rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); rand_drbg_unlock(drbg); |