[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Wed Feb 21 19:46:09 UTC 2018
The branch master has been updated
via 60595292ae83b112a1854a59379a51f210c04b6c (commit)
from 32bda2b2e4900308cb025020d8c8692e1d3c2ba9 (commit)
- Log -----------------------------------------------------------------
commit 60595292ae83b112a1854a59379a51f210c04b6c
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sun Feb 18 18:39:19 2018 +0100
Check return value of time() when getting additional data for the DRBG
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
GH: #5400
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/rand_lib.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7b8b8fc..b8b7b6e 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -229,9 +229,11 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
}
/*
- * Find a suitable system time. Start with the highest resolution source
+ * Find a suitable source of time. Start with the highest resolution source
* and work down to the slower ones. This is added as additional data and
* isn't counted as randomness, so any result is acceptable.
+ *
+ * Returns 0 when we weren't able to find any time source
*/
static uint64_t get_timer_bits(void)
{
@@ -260,7 +262,7 @@ static uint64_t get_timer_bits(void)
}
#else
-#if defined(OSSL_POSIX_TIMER_OKAY)
+# if defined(OSSL_POSIX_TIMER_OKAY)
{
struct timespec ts;
clockid_t cid;
@@ -286,7 +288,12 @@ static uint64_t get_timer_bits(void)
return TWO32TO64(tv.tv_sec, tv.tv_usec);
}
# endif
- return time(NULL);
+ {
+ time_t t = time(NULL);
+ if (t == (time_t)-1)
+ return 0;
+ return t;
+ }
#endif
}
@@ -329,7 +336,8 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
tbits = get_timer_bits();
- RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
+ if (tbits != 0)
+ RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
/* TODO: Use RDSEED? */
More information about the openssl-commits
mailing list