[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Tue Oct 30 22:28:28 UTC 2018 

The branch OpenSSL_1_1_1-stable has been updated
       via  faca6bfac3b0c5a657cd01dcf6cb306d61cebd0f (commit)
      from  de8848aeafd4210bcbbc6742b8947b37cb7ed8cb (commit)


- Log -----------------------------------------------------------------
commit faca6bfac3b0c5a657cd01dcf6cb306d61cebd0f
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Mon Oct 29 13:48:53 2018 +0100

    Fix a race condition in drbg_add
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7523)
    
    (cherry picked from commit 4011bab1f85d4429bad1e9388bed90a8d0da5639)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/drbg_lib.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 4795213..43e7509 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -1003,6 +1003,7 @@ static int drbg_add(const void *buf, int num, double randomness)
     if (num < 0 || randomness < 0.0)
         return 0;
 
+    rand_drbg_lock(drbg);
     seedlen = rand_drbg_seedlen(drbg);
 
     buflen = (size_t)num;
@@ -1014,10 +1015,13 @@ static int drbg_add(const void *buf, int num, double randomness)
          * inevitably. So we use a trick to mix the buffer contents into
          * the DRBG state without forcing a reseeding: we generate a
          * dummy random byte, using the buffer content as additional data.
+         * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF.
          */
         unsigned char dummy[1];
 
-        return RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen);
+        ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen);
+        rand_drbg_unlock(drbg);
+        return ret;
 #else
         /*
          * If an os entropy source is avaible then we declare the buffer content
@@ -1041,7 +1045,6 @@ static int drbg_add(const void *buf, int num, double randomness)
         randomness = (double)seedlen;
     }
 
-    rand_drbg_lock(drbg);
     ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness));
     rand_drbg_unlock(drbg);

More information about the openssl-commits mailing list