[openssl-commits] [openssl] master update

Kurt Roeckx kurt at openssl.org
Wed Feb 21 19:46:09 UTC 2018


The branch master has been updated
       via  60595292ae83b112a1854a59379a51f210c04b6c (commit)
      from  32bda2b2e4900308cb025020d8c8692e1d3c2ba9 (commit)


- Log -----------------------------------------------------------------
commit 60595292ae83b112a1854a59379a51f210c04b6c
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sun Feb 18 18:39:19 2018 +0100

    Check return value of time() when getting additional data for the DRBG
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    GH: #5400

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/rand_lib.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7b8b8fc..b8b7b6e 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -229,9 +229,11 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
 }
 
 /*
- * Find a suitable system time.  Start with the highest resolution source
+ * Find a suitable source of time.  Start with the highest resolution source
  * and work down to the slower ones.  This is added as additional data and
  * isn't counted as randomness, so any result is acceptable.
+ *
+ * Returns 0 when we weren't able to find any time source
  */
 static uint64_t get_timer_bits(void)
 {
@@ -260,7 +262,7 @@ static uint64_t get_timer_bits(void)
     }
 #else
 
-#if defined(OSSL_POSIX_TIMER_OKAY)
+# if defined(OSSL_POSIX_TIMER_OKAY)
     {
         struct timespec ts;
         clockid_t cid;
@@ -286,7 +288,12 @@ static uint64_t get_timer_bits(void)
             return TWO32TO64(tv.tv_sec, tv.tv_usec);
     }
 # endif
-    return time(NULL);
+    {
+        time_t t = time(NULL);
+        if (t == (time_t)-1)
+            return 0;
+        return t;
+    }
 #endif
 }
 
@@ -329,7 +336,8 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
         RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
 
     tbits = get_timer_bits();
-    RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
+    if (tbits != 0)
+        RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
 
     /* TODO: Use RDSEED? */
 


More information about the openssl-commits mailing list