1 files changed, 26 insertions, 20 deletions
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index 0f8dd3e00f..88088ce73c 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -126,10 +126,6 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #ifdef BN_DEBUG
 # define PREDICT
@@ -149,7 +145,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
                                           * holds CRYPTO_LOCK_RAND
                                           * (to prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
 #ifdef PREDICT
@@ -217,8 +213,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
        /* check if we already have the lock */
        if (crypto_lock_rand)
                {
+                CRYPTO_THREADID cur;
+                CRYPTO_THREADID_current(&cur);
                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                }
        else
@@ -274,8 +272,16 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                        }
                else
                        MD_Update(&m,&(state[st_idx]),j);
-                        
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
                MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  The problem is not, it's
+                   with the caller.  Removing that line will make
+                   sure you get really bad randomness and thereby
+                   other problems such as very insecure keys. */
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
                MD_Final(&m,local_md);
                md_c[1]++;
@@ -336,14 +342,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
        int do_stir_pool = 0;
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode())
-            {
-            FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
-            return 0;
-            }
-#endif
 #ifdef PREDICT
        if (rand_predictable)
                {
@@ -384,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
        /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-        locking_thread = CRYPTO_thread_id();
+        CRYPTO_THREADID_current(&locking_threadid);
        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
        crypto_lock_rand = 1;
@@ -476,9 +474,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-#ifndef PURIFY
-                MD_Update(&m,buf,j); /* purify complains */
+#ifndef PURIFY /* purify complains */
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+                MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  */
 #endif
                k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
                if (k > 0)
                        {
@@ -539,15 +543,17 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
 static int ssleay_rand_status(void)
        {
+        CRYPTO_THREADID cur;
        int ret;
        int do_not_lock;
+        CRYPTO_THREADID_current(&cur);
        /* check if we already have the lock
         * (could happen if a RAND_poll() implementation calls RAND_status()) */
        if (crypto_lock_rand)
                {
                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                }
        else
@@ -559,7 +565,7 @@ static int ssleay_rand_status(void)
                
                /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
                CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-                locking_thread = CRYPTO_thread_id();
+                CRYPTO_THREADID_cpy(&locking_threadid, &cur);
                CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
                crypto_lock_rand = 1;
                }

diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index 0f8dd3e00f..88088ce73c 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c
@@ -126,10 +126,6 @@
126		126
127	#include <openssl/crypto.h>	127	#include <openssl/crypto.h>
128	#include <openssl/err.h>	128	#include <openssl/err.h>
129	#ifdef OPENSSL_FIPS
130	#include <openssl/fips.h>
131	#endif
132
133		129
134	#ifdef BN_DEBUG	130	#ifdef BN_DEBUG
135	# define PREDICT	131	# define PREDICT
@@ -149,7 +145,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
149	* holds CRYPTO_LOCK_RAND	145	* holds CRYPTO_LOCK_RAND
150	* (to prevent double locking) */	146	* (to prevent double locking) */
151	/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */	147	/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
152	static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */	148	static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
153		149
154		150
155	#ifdef PREDICT	151	#ifdef PREDICT
@@ -217,8 +213,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
217	/* check if we already have the lock */	213	/* check if we already have the lock */
218	if (crypto_lock_rand)	214	if (crypto_lock_rand)
219	{	215	{
		216	CRYPTO_THREADID cur;
		217	CRYPTO_THREADID_current(&cur);
220	CRYPTO_r_lock(CRYPTO_LOCK_RAND2);	218	CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
221	do_not_lock = (locking_thread == CRYPTO_thread_id());	219	do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
222	CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);	220	CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
223	}	221	}
224	else	222	else
@@ -274,8 +272,16 @@ static void ssleay_rand_add(const void *buf, int num, double add)
274	}	272	}
275	else	273	else
276	MD_Update(&m,&(state[st_idx]),j);	274	MD_Update(&m,&(state[st_idx]),j);
277		275
		276	/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
278	MD_Update(&m,buf,j);	277	MD_Update(&m,buf,j);
		278	/* We know that line may cause programs such as
		279	purify and valgrind to complain about use of
		280	uninitialized data. The problem is not, it's
		281	with the caller. Removing that line will make
		282	sure you get really bad randomness and thereby
		283	other problems such as very insecure keys. */
		284
279	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));	285	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
280	MD_Final(&m,local_md);	286	MD_Final(&m,local_md);
281	md_c[1]++;	287	md_c[1]++;
@@ -336,14 +342,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
336	#endif	342	#endif
337	int do_stir_pool = 0;	343	int do_stir_pool = 0;
338		344
339	#ifdef OPENSSL_FIPS
340	if(FIPS_mode())
341	{
342	FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
343	return 0;
344	}
345	#endif
346
347	#ifdef PREDICT	345	#ifdef PREDICT
348	if (rand_predictable)	346	if (rand_predictable)
349	{	347	{
@@ -384,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
384		382
385	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */	383	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
386	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);	384	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
387	locking_thread = CRYPTO_thread_id();	385	CRYPTO_THREADID_current(&locking_threadid);
388	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);	386	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
389	crypto_lock_rand = 1;	387	crypto_lock_rand = 1;
390		388
@@ -476,9 +474,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
476	#endif	474	#endif
477	MD_Update(&m,local_md,MD_DIGEST_LENGTH);	475	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
478	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));	476	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
479	#ifndef PURIFY	477
480	MD_Update(&m,buf,j); /* purify complains */	478	#ifndef PURIFY /* purify complains */
		479	/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
		480	MD_Update(&m,buf,j);
		481	/* We know that line may cause programs such as
		482	purify and valgrind to complain about use of
		483	uninitialized data. */
481	#endif	484	#endif
		485
482	k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;	486	k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
483	if (k > 0)	487	if (k > 0)
484	{	488	{
@@ -539,15 +543,17 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
539		543
540	static int ssleay_rand_status(void)	544	static int ssleay_rand_status(void)
541	{	545	{
		546	CRYPTO_THREADID cur;
542	int ret;	547	int ret;
543	int do_not_lock;	548	int do_not_lock;
544		549
		550	CRYPTO_THREADID_current(&cur);
545	/* check if we already have the lock	551	/* check if we already have the lock
546	* (could happen if a RAND_poll() implementation calls RAND_status()) */	552	* (could happen if a RAND_poll() implementation calls RAND_status()) */
547	if (crypto_lock_rand)	553	if (crypto_lock_rand)
548	{	554	{
549	CRYPTO_r_lock(CRYPTO_LOCK_RAND2);	555	CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
550	do_not_lock = (locking_thread == CRYPTO_thread_id());	556	do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
551	CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);	557	CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
552	}	558	}
553	else	559	else
@@ -559,7 +565,7 @@ static int ssleay_rand_status(void)
559		565
560	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */	566	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
561	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);	567	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
562	locking_thread = CRYPTO_thread_id();	568	CRYPTO_THREADID_cpy(&locking_threadid, &cur);
563	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);	569	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
564	crypto_lock_rand = 1;	570	crypto_lock_rand = 1;
565	}	571	}