[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Dec 9 12:30:41 UTC 2020
The branch master has been updated
via 1d180bbe8e2103f35328cf82fbde7fd23602735a (commit)
via a678506e2fa1826fc3a836b66fe9110f29306a32 (commit)
via 8389eeea2cf31ecf8d4ad3e579261cb46151f20a (commit)
via e37b307e02a7dded027ef08ed6b66645a9d0af73 (commit)
from 81aef6ba720971c09ad68f89d418c8d3d3f904f7 (commit)
- Log -----------------------------------------------------------------
commit 1d180bbe8e2103f35328cf82fbde7fd23602735a
Author: Pauli <paul.dale at oracle.com>
Date: Wed Dec 9 19:55:08 2020 +1000
rand: allow seed-src to be missing
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)
commit a678506e2fa1826fc3a836b66fe9110f29306a32
Author: Pauli <paul.dale at oracle.com>
Date: Wed Dec 9 21:43:21 2020 +1000
rand: don't leak memory
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)
commit 8389eeea2cf31ecf8d4ad3e579261cb46151f20a
Author: Pauli <paul.dale at oracle.com>
Date: Wed Dec 9 19:39:27 2020 +1000
rand seed: include lock and unlock functions.
This satisfies EVP's RAND layer.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)
commit e37b307e02a7dded027ef08ed6b66645a9d0af73
Author: Pauli <paul.dale at oracle.com>
Date: Wed Dec 9 14:29:44 2020 +1000
Fix error clash in build
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 2 +-
crypto/rand/rand_lib.c | 5 ++++-
providers/common/include/prov/providercommonerr.h | 2 +-
providers/implementations/rands/seed_src.c | 15 ++++++++++++++-
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 73f551a3e5..273400e3c4 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2933,7 +2933,7 @@ PROV_R_REQUIRE_CTR_MODE_CIPHER:206:require ctr mode cipher
PROV_R_RESEED_ERROR:197:reseed error
PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:222:\
search only supported for directories
-PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT:200:\
+PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT:229:\
seed sources must not have a parent
PROV_R_SELF_TEST_KAT_FAILURE:215:self test kat failure
PROV_R_SELF_TEST_POST_FAILURE:216:self test post failure
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 2ad3cf776f..f0284aab08 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -561,8 +561,11 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx)
if (!CRYPTO_THREAD_write_lock(dgbl->lock))
return NULL;
#ifndef FIPS_MODULE
- if (dgbl->seed == NULL)
+ if (dgbl->seed == NULL) {
+ ERR_set_mark();
dgbl->seed = rand_new_seed(ctx);
+ ERR_pop_to_mark();
+ }
#endif
if (dgbl->primary == NULL)
dgbl->primary = rand_new_drbg(ctx, dgbl->seed,
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h
index f044e7b7c7..ac87f190cb 100644
--- a/providers/common/include/prov/providercommonerr.h
+++ b/providers/common/include/prov/providercommonerr.h
@@ -154,7 +154,7 @@ int err_load_PROV_strings_int(void);
# define PROV_R_REQUIRE_CTR_MODE_CIPHER 206
# define PROV_R_RESEED_ERROR 197
# define PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 222
-# define PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT 200
+# define PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT 229
# define PROV_R_SELF_TEST_KAT_FAILURE 215
# define PROV_R_SELF_TEST_POST_FAILURE 216
# define PROV_R_TAG_NOTSET 119
diff --git a/providers/implementations/rands/seed_src.c b/providers/implementations/rands/seed_src.c
index 7080e95fbf..0a533d016f 100644
--- a/providers/implementations/rands/seed_src.c
+++ b/providers/implementations/rands/seed_src.c
@@ -32,6 +32,8 @@ static OSSL_FUNC_rand_gettable_ctx_params_fn seed_src_gettable_ctx_params;
static OSSL_FUNC_rand_get_ctx_params_fn seed_src_get_ctx_params;
static OSSL_FUNC_rand_verify_zeroization_fn seed_src_verify_zeroization;
static OSSL_FUNC_rand_enable_locking_fn seed_src_enable_locking;
+static OSSL_FUNC_rand_lock_fn seed_src_lock;
+static OSSL_FUNC_rand_unlock_fn seed_src_unlock;
typedef struct {
void *provctx;
@@ -109,7 +111,7 @@ static int seed_src_generate(void *vseed, unsigned char *out, size_t outlen,
entropy_available = ossl_pool_acquire_entropy(pool);
if (entropy_available > 0)
- memcpy(out, rand_pool_detach(pool), rand_pool_length(pool));
+ memcpy(out, rand_pool_buffer(pool), rand_pool_length(pool));
rand_pool_free(pool);
return entropy_available > 0;
@@ -173,6 +175,15 @@ static int seed_src_enable_locking(ossl_unused void *vseed)
return 1;
}
+int seed_src_lock(ossl_unused void *vctx)
+{
+ return 1;
+}
+
+void seed_src_unlock(ossl_unused void *vctx)
+{
+}
+
const OSSL_DISPATCH ossl_seed_src_functions[] = {
{ OSSL_FUNC_RAND_NEWCTX, (void(*)(void))seed_src_new },
{ OSSL_FUNC_RAND_FREECTX, (void(*)(void))seed_src_free },
@@ -183,6 +194,8 @@ const OSSL_DISPATCH ossl_seed_src_functions[] = {
{ OSSL_FUNC_RAND_GENERATE, (void(*)(void))seed_src_generate },
{ OSSL_FUNC_RAND_RESEED, (void(*)(void))seed_src_reseed },
{ OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))seed_src_enable_locking },
+ { OSSL_FUNC_RAND_LOCK, (void(*)(void))seed_src_lock },
+ { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))seed_src_unlock },
{ OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
(void(*)(void))seed_src_gettable_ctx_params },
{ OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))seed_src_get_ctx_params },
More information about the openssl-commits
mailing list