[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Mon Oct 22 12:49:32 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  bd04577743ec3b1e605039ee31e10616fee5f05f (commit)
      from  f2828a14fbe2ce56b5090f45b2a9a6e749d33b22 (commit)


- Log -----------------------------------------------------------------
commit bd04577743ec3b1e605039ee31e10616fee5f05f
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Thu Oct 18 23:04:32 2018 +0200

    md_rand.c: don't stop polling until properly initialized
    
    Previously, the RNG sets `initialized=1` after the first call to
    RAND_poll(), although its criterion for being initialized actually
    is whether condition `entropy >= ENTROPY_NEEDED` is true.
    
    This commit now assigns `initialized=(entropy >= ENTROPY_NEEDED)`,
    which has the effect that on the next call, RAND_poll() will be
    called again, if it previously failed to obtain enough entropy.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7438)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/md_rand.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 7d5fcb7..bc1b6fb 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -275,7 +275,6 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
     static volatile int stirred_pool = 0;
     int i, j, k;
     size_t num_ceil, st_idx, st_num;
-    int ok;
     long md_c[2];
     unsigned char local_md[MD_DIGEST_LENGTH];
     EVP_MD_CTX *m;
@@ -362,14 +361,13 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
 
     if (!initialized) {
         RAND_poll();
-        initialized = 1;
+        initialized = (entropy >= ENTROPY_NEEDED);
     }
 
     if (!stirred_pool)
         do_stir_pool = 1;
 
-    ok = (entropy >= ENTROPY_NEEDED);
-    if (!ok) {
+    if (!initialized) {
         /*
          * If the PRNG state is not yet unpredictable, then seeing the PRNG
          * output may help attackers to determine the new state; thus we have
@@ -408,7 +406,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
             rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
             n -= MD_DIGEST_LENGTH;
         }
-        if (ok)
+        if (initialized)
             stirred_pool = 1;
     }
 
@@ -500,7 +498,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
     CRYPTO_THREAD_unlock(rand_lock);
 
     EVP_MD_CTX_free(m);
-    if (ok)
+    if (initialized)
         return (1);
     else if (pseudo)
         return 0;

More information about the openssl-commits mailing list