summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rand/md_rand.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rand/md_rand.c')
-rw-r--r--src/lib/libcrypto/rand/md_rand.c46
1 files changed, 20 insertions, 26 deletions
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index 88088ce73c..0f8dd3e00f 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -126,6 +126,10 @@
126 126
127#include <openssl/crypto.h> 127#include <openssl/crypto.h>
128#include <openssl/err.h> 128#include <openssl/err.h>
129#ifdef OPENSSL_FIPS
130#include <openssl/fips.h>
131#endif
132
129 133
130#ifdef BN_DEBUG 134#ifdef BN_DEBUG
131# define PREDICT 135# define PREDICT
@@ -145,7 +149,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
145 * holds CRYPTO_LOCK_RAND 149 * holds CRYPTO_LOCK_RAND
146 * (to prevent double locking) */ 150 * (to prevent double locking) */
147/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ 151/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
148static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ 152static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
149 153
150 154
151#ifdef PREDICT 155#ifdef PREDICT
@@ -213,10 +217,8 @@ static void ssleay_rand_add(const void *buf, int num, double add)
213 /* check if we already have the lock */ 217 /* check if we already have the lock */
214 if (crypto_lock_rand) 218 if (crypto_lock_rand)
215 { 219 {
216 CRYPTO_THREADID cur;
217 CRYPTO_THREADID_current(&cur);
218 CRYPTO_r_lock(CRYPTO_LOCK_RAND2); 220 CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
219 do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); 221 do_not_lock = (locking_thread == CRYPTO_thread_id());
220 CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); 222 CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
221 } 223 }
222 else 224 else
@@ -272,16 +274,8 @@ static void ssleay_rand_add(const void *buf, int num, double add)
272 } 274 }
273 else 275 else
274 MD_Update(&m,&(state[st_idx]),j); 276 MD_Update(&m,&(state[st_idx]),j);
275 277
276 /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
277 MD_Update(&m,buf,j); 278 MD_Update(&m,buf,j);
278 /* We know that line may cause programs such as
279 purify and valgrind to complain about use of
280 uninitialized data. The problem is not, it's
281 with the caller. Removing that line will make
282 sure you get really bad randomness and thereby
283 other problems such as very insecure keys. */
284
285 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); 279 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
286 MD_Final(&m,local_md); 280 MD_Final(&m,local_md);
287 md_c[1]++; 281 md_c[1]++;
@@ -342,6 +336,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
342#endif 336#endif
343 int do_stir_pool = 0; 337 int do_stir_pool = 0;
344 338
339#ifdef OPENSSL_FIPS
340 if(FIPS_mode())
341 {
342 FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
343 return 0;
344 }
345#endif
346
345#ifdef PREDICT 347#ifdef PREDICT
346 if (rand_predictable) 348 if (rand_predictable)
347 { 349 {
@@ -382,7 +384,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
382 384
383 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ 385 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
384 CRYPTO_w_lock(CRYPTO_LOCK_RAND2); 386 CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
385 CRYPTO_THREADID_current(&locking_threadid); 387 locking_thread = CRYPTO_thread_id();
386 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); 388 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
387 crypto_lock_rand = 1; 389 crypto_lock_rand = 1;
388 390
@@ -474,15 +476,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
474#endif 476#endif
475 MD_Update(&m,local_md,MD_DIGEST_LENGTH); 477 MD_Update(&m,local_md,MD_DIGEST_LENGTH);
476 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); 478 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
477 479#ifndef PURIFY
478#ifndef PURIFY /* purify complains */ 480 MD_Update(&m,buf,j); /* purify complains */
479 /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
480 MD_Update(&m,buf,j);
481 /* We know that line may cause programs such as
482 purify and valgrind to complain about use of
483 uninitialized data. */
484#endif 481#endif
485
486 k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; 482 k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
487 if (k > 0) 483 if (k > 0)
488 { 484 {
@@ -543,17 +539,15 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
543 539
544static int ssleay_rand_status(void) 540static int ssleay_rand_status(void)
545 { 541 {
546 CRYPTO_THREADID cur;
547 int ret; 542 int ret;
548 int do_not_lock; 543 int do_not_lock;
549 544
550 CRYPTO_THREADID_current(&cur);
551 /* check if we already have the lock 545 /* check if we already have the lock
552 * (could happen if a RAND_poll() implementation calls RAND_status()) */ 546 * (could happen if a RAND_poll() implementation calls RAND_status()) */
553 if (crypto_lock_rand) 547 if (crypto_lock_rand)
554 { 548 {
555 CRYPTO_r_lock(CRYPTO_LOCK_RAND2); 549 CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
556 do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); 550 do_not_lock = (locking_thread == CRYPTO_thread_id());
557 CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); 551 CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
558 } 552 }
559 else 553 else
@@ -565,7 +559,7 @@ static int ssleay_rand_status(void)
565 559
566 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ 560 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
567 CRYPTO_w_lock(CRYPTO_LOCK_RAND2); 561 CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
568 CRYPTO_THREADID_cpy(&locking_threadid, &cur); 562 locking_thread = CRYPTO_thread_id();
569 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); 563 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
570 crypto_lock_rand = 1; 564 crypto_lock_rand = 1;
571 } 565 }