From: Bernd Edlinger Date: Mon, 29 Oct 2018 12:48:53 +0000 (+0100) Subject: Fix a race condition in drbg_add X-Git-Tag: openssl-3.0.0-alpha1~2974 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4011bab1f85d4429bad1e9388bed90a8d0da5639;p=oweals%2Fopenssl.git Fix a race condition in drbg_add Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7523) --- diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 4a666040c8..c4ecf0c97e 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1079,6 +1079,7 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; + rand_drbg_lock(drbg); seedlen = rand_drbg_seedlen(drbg); buflen = (size_t)num; @@ -1090,10 +1091,13 @@ static int drbg_add(const void *buf, int num, double randomness) * inevitably. So we use a trick to mix the buffer contents into * the DRBG state without forcing a reseeding: we generate a * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. */ unsigned char dummy[1]; - return RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); + ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); + rand_drbg_unlock(drbg); + return ret; #else /* * If an os entropy source is avaible then we declare the buffer content @@ -1117,7 +1121,6 @@ static int drbg_add(const void *buf, int num, double randomness) randomness = (double)seedlen; } - rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); rand_drbg_unlock(drbg);