[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Mon Oct 22 12:51:44 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 896e8c5713b50ff2ef1478d5c6709874ce57cf05 (commit)
from 35cf781c20b65e51c6d0d3e9a199e74534b60b4a (commit)
- Log -----------------------------------------------------------------
commit 896e8c5713b50ff2ef1478d5c6709874ce57cf05
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date: Thu Oct 18 23:17:46 2018 +0200
md_rand.c: don't stop polling until properly initialized
Previously, the RNG sets `initialized=1` after the first call to
RAND_poll(), although its criterion for being initialized actually
is whether condition `entropy >= ENTROPY_NEEDED` is true.
This commit now assigns `initialized=(entropy >= ENTROPY_NEEDED)`,
which has the effect that on the next call, RAND_poll() will be
called again, if it previously failed to obtain enough entropy.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7439)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/md_rand.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index abca70f..0c273ad 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -345,7 +345,6 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
static volatile int stirred_pool = 0;
int i, j, k;
size_t num_ceil, st_idx, st_num;
- int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
EVP_MD_CTX m;
@@ -400,14 +399,13 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
if (!initialized) {
RAND_poll();
- initialized = 1;
+ initialized = (entropy >= ENTROPY_NEEDED);
}
if (!stirred_pool)
do_stir_pool = 1;
- ok = (entropy >= ENTROPY_NEEDED);
- if (!ok) {
+ if (!initialized) {
/*
* If the PRNG state is not yet unpredictable, then seeing the PRNG
* output may help attackers to determine the new state; thus we have
@@ -446,7 +444,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
n -= MD_DIGEST_LENGTH;
}
- if (ok)
+ if (initialized)
stirred_pool = 1;
}
@@ -539,7 +537,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
EVP_MD_CTX_cleanup(&m);
- if (ok)
+ if (initialized)
return (1);
else if (pseudo)
return 0;
@@ -612,10 +610,10 @@ static int ssleay_rand_status(void)
if (!initialized) {
RAND_poll();
- initialized = 1;
+ initialized = (entropy >= ENTROPY_NEEDED);
}
- ret = entropy >= ENTROPY_NEEDED;
+ ret = initialized;
if (!do_not_lock) {
/* before unlocking, we must clear 'crypto_lock_rand' */
More information about the openssl-commits
mailing list