diff options
Diffstat (limited to 'src/lib/libcrypto/rand/md_rand.c')
-rw-r--r-- | src/lib/libcrypto/rand/md_rand.c | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index 88088ce73c..0f8dd3e00f 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c | |||
@@ -126,6 +126,10 @@ | |||
126 | 126 | ||
127 | #include <openssl/crypto.h> | 127 | #include <openssl/crypto.h> |
128 | #include <openssl/err.h> | 128 | #include <openssl/err.h> |
129 | #ifdef OPENSSL_FIPS | ||
130 | #include <openssl/fips.h> | ||
131 | #endif | ||
132 | |||
129 | 133 | ||
130 | #ifdef BN_DEBUG | 134 | #ifdef BN_DEBUG |
131 | # define PREDICT | 135 | # define PREDICT |
@@ -145,7 +149,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread | |||
145 | * holds CRYPTO_LOCK_RAND | 149 | * holds CRYPTO_LOCK_RAND |
146 | * (to prevent double locking) */ | 150 | * (to prevent double locking) */ |
147 | /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ | 151 | /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ |
148 | static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ | 152 | static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ |
149 | 153 | ||
150 | 154 | ||
151 | #ifdef PREDICT | 155 | #ifdef PREDICT |
@@ -213,10 +217,8 @@ static void ssleay_rand_add(const void *buf, int num, double add) | |||
213 | /* check if we already have the lock */ | 217 | /* check if we already have the lock */ |
214 | if (crypto_lock_rand) | 218 | if (crypto_lock_rand) |
215 | { | 219 | { |
216 | CRYPTO_THREADID cur; | ||
217 | CRYPTO_THREADID_current(&cur); | ||
218 | CRYPTO_r_lock(CRYPTO_LOCK_RAND2); | 220 | CRYPTO_r_lock(CRYPTO_LOCK_RAND2); |
219 | do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); | 221 | do_not_lock = (locking_thread == CRYPTO_thread_id()); |
220 | CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); | 222 | CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); |
221 | } | 223 | } |
222 | else | 224 | else |
@@ -272,16 +274,8 @@ static void ssleay_rand_add(const void *buf, int num, double add) | |||
272 | } | 274 | } |
273 | else | 275 | else |
274 | MD_Update(&m,&(state[st_idx]),j); | 276 | MD_Update(&m,&(state[st_idx]),j); |
275 | 277 | ||
276 | /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ | ||
277 | MD_Update(&m,buf,j); | 278 | MD_Update(&m,buf,j); |
278 | /* We know that line may cause programs such as | ||
279 | purify and valgrind to complain about use of | ||
280 | uninitialized data. The problem is not, it's | ||
281 | with the caller. Removing that line will make | ||
282 | sure you get really bad randomness and thereby | ||
283 | other problems such as very insecure keys. */ | ||
284 | |||
285 | MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); | 279 | MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); |
286 | MD_Final(&m,local_md); | 280 | MD_Final(&m,local_md); |
287 | md_c[1]++; | 281 | md_c[1]++; |
@@ -342,6 +336,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) | |||
342 | #endif | 336 | #endif |
343 | int do_stir_pool = 0; | 337 | int do_stir_pool = 0; |
344 | 338 | ||
339 | #ifdef OPENSSL_FIPS | ||
340 | if(FIPS_mode()) | ||
341 | { | ||
342 | FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); | ||
343 | return 0; | ||
344 | } | ||
345 | #endif | ||
346 | |||
345 | #ifdef PREDICT | 347 | #ifdef PREDICT |
346 | if (rand_predictable) | 348 | if (rand_predictable) |
347 | { | 349 | { |
@@ -382,7 +384,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) | |||
382 | 384 | ||
383 | /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ | 385 | /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ |
384 | CRYPTO_w_lock(CRYPTO_LOCK_RAND2); | 386 | CRYPTO_w_lock(CRYPTO_LOCK_RAND2); |
385 | CRYPTO_THREADID_current(&locking_threadid); | 387 | locking_thread = CRYPTO_thread_id(); |
386 | CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); | 388 | CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); |
387 | crypto_lock_rand = 1; | 389 | crypto_lock_rand = 1; |
388 | 390 | ||
@@ -474,15 +476,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) | |||
474 | #endif | 476 | #endif |
475 | MD_Update(&m,local_md,MD_DIGEST_LENGTH); | 477 | MD_Update(&m,local_md,MD_DIGEST_LENGTH); |
476 | MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); | 478 | MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); |
477 | 479 | #ifndef PURIFY | |
478 | #ifndef PURIFY /* purify complains */ | 480 | MD_Update(&m,buf,j); /* purify complains */ |
479 | /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ | ||
480 | MD_Update(&m,buf,j); | ||
481 | /* We know that line may cause programs such as | ||
482 | purify and valgrind to complain about use of | ||
483 | uninitialized data. */ | ||
484 | #endif | 481 | #endif |
485 | |||
486 | k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; | 482 | k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; |
487 | if (k > 0) | 483 | if (k > 0) |
488 | { | 484 | { |
@@ -543,17 +539,15 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) | |||
543 | 539 | ||
544 | static int ssleay_rand_status(void) | 540 | static int ssleay_rand_status(void) |
545 | { | 541 | { |
546 | CRYPTO_THREADID cur; | ||
547 | int ret; | 542 | int ret; |
548 | int do_not_lock; | 543 | int do_not_lock; |
549 | 544 | ||
550 | CRYPTO_THREADID_current(&cur); | ||
551 | /* check if we already have the lock | 545 | /* check if we already have the lock |
552 | * (could happen if a RAND_poll() implementation calls RAND_status()) */ | 546 | * (could happen if a RAND_poll() implementation calls RAND_status()) */ |
553 | if (crypto_lock_rand) | 547 | if (crypto_lock_rand) |
554 | { | 548 | { |
555 | CRYPTO_r_lock(CRYPTO_LOCK_RAND2); | 549 | CRYPTO_r_lock(CRYPTO_LOCK_RAND2); |
556 | do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); | 550 | do_not_lock = (locking_thread == CRYPTO_thread_id()); |
557 | CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); | 551 | CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); |
558 | } | 552 | } |
559 | else | 553 | else |
@@ -565,7 +559,7 @@ static int ssleay_rand_status(void) | |||
565 | 559 | ||
566 | /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ | 560 | /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ |
567 | CRYPTO_w_lock(CRYPTO_LOCK_RAND2); | 561 | CRYPTO_w_lock(CRYPTO_LOCK_RAND2); |
568 | CRYPTO_THREADID_cpy(&locking_threadid, &cur); | 562 | locking_thread = CRYPTO_thread_id(); |
569 | CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); | 563 | CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); |
570 | crypto_lock_rand = 1; | 564 | crypto_lock_rand = 1; |
571 | } | 565 | } |