diff options
Diffstat (limited to 'crypto/rand/md_rand.c')
-rw-r--r-- | crypto/rand/md_rand.c | 124 |
1 files changed, 86 insertions, 38 deletions
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 87fd9455e2..4e581f3917 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -145,18 +145,18 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ +static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ #ifdef PREDICT int rand_predictable=0; #endif -const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; +const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; static void ssleay_rand_cleanup(void); -static void ssleay_rand_seed(const void *buf, int num); -static void ssleay_rand_add(const void *buf, int num, double add_entropy); +static int ssleay_rand_seed(const void *buf, int num); +static int ssleay_rand_add(const void *buf, int num, double add_entropy); static int ssleay_rand_bytes(unsigned char *buf, int num); static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); static int ssleay_rand_status(void); @@ -187,13 +187,14 @@ static void ssleay_rand_cleanup(void) initialized=0; } -static void ssleay_rand_add(const void *buf, int num, double add) +static int ssleay_rand_add(const void *buf, int num, double add) { int i,j,k,st_idx; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; EVP_MD_CTX m; int do_not_lock; + int rv = 0; /* * (Based on the rand(3) manpage) @@ -210,11 +211,14 @@ static void ssleay_rand_add(const void *buf, int num, double add) * hash function. */ + EVP_MD_CTX_init(&m); /* check if we already have the lock */ if (crypto_lock_rand) { + CRYPTO_THREADID cur; + CRYPTO_THREADID_current(&cur); CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); } else @@ -254,26 +258,41 @@ static void ssleay_rand_add(const void *buf, int num, double add) if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - EVP_MD_CTX_init(&m); for (i=0; i<num; i+=MD_DIGEST_LENGTH) { j=(num-i); j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j; - MD_Init(&m); - MD_Update(&m,local_md,MD_DIGEST_LENGTH); + if (!MD_Init(&m)) + goto err; + if (!MD_Update(&m,local_md,MD_DIGEST_LENGTH)) + goto err; k=(st_idx+j)-STATE_SIZE; if (k > 0) { - MD_Update(&m,&(state[st_idx]),j-k); - MD_Update(&m,&(state[0]),k); + if (!MD_Update(&m,&(state[st_idx]),j-k)) + goto err; + if (!MD_Update(&m,&(state[0]),k)) + goto err; } else - MD_Update(&m,&(state[st_idx]),j); - - MD_Update(&m,buf,j); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Final(&m,local_md); + if (!MD_Update(&m,&(state[st_idx]),j)) + goto err; + + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + if (!MD_Update(&m,buf,j)) + goto err; + /* We know that line may cause programs such as + purify and valgrind to complain about use of + uninitialized data. The problem is not, it's + with the caller. Removing that line will make + sure you get really bad randomness and thereby + other problems such as very insecure keys. */ + + if (!MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c))) + goto err; + if (!MD_Final(&m,local_md)) + goto err; md_c[1]++; buf=(const char *)buf + j; @@ -293,7 +312,6 @@ static void ssleay_rand_add(const void *buf, int num, double add) st_idx=0; } } - EVP_MD_CTX_cleanup(&m); if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* Don't just copy back local_md into md -- this could mean that @@ -311,11 +329,15 @@ static void ssleay_rand_add(const void *buf, int num, double add) #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) assert(md_c[1] == md_count[1]); #endif + rv = 1; + err: + EVP_MD_CTX_cleanup(&m); + return rv; } -static void ssleay_rand_seed(const void *buf, int num) +static int ssleay_rand_seed(const void *buf, int num) { - ssleay_rand_add(buf, num, (double)num); + return ssleay_rand_add(buf, num, (double)num); } static int ssleay_rand_bytes(unsigned char *buf, int num) @@ -372,7 +394,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - locking_thread = CRYPTO_thread_id(); + CRYPTO_THREADID_current(&locking_threadid); CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -454,28 +476,43 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) /* num_ceil -= MD_DIGEST_LENGTH/2 */ j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; num-=j; - MD_Init(&m); + if (!MD_Init(&m)) + goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) /* just in the first iteration to save time */ { - MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid); + if (!MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid)) + goto err; curr_pid = 0; } #endif - MD_Update(&m,local_md,MD_DIGEST_LENGTH); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); -#ifndef PURIFY - MD_Update(&m,buf,j); /* purify complains */ + if (!MD_Update(&m,local_md,MD_DIGEST_LENGTH)) + goto err; + if (!MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c))) + goto err; + +#ifndef PURIFY /* purify complains */ + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + if (!MD_Update(&m,buf,j)) + goto err; + /* We know that line may cause programs such as + purify and valgrind to complain about use of + uninitialized data. */ #endif + k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; if (k > 0) { - MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); - MD_Update(&m,&(state[0]),k); + if (!MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k)) + goto err; + if (!MD_Update(&m,&(state[0]),k)) + goto err; } else - MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2); - MD_Final(&m,local_md); + if (!MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2)) + goto err; + if (!MD_Final(&m,local_md)) + goto err; for (i=0; i<MD_DIGEST_LENGTH/2; i++) { @@ -487,12 +524,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) } } - MD_Init(&m); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Update(&m,local_md,MD_DIGEST_LENGTH); + if (!MD_Init(&m) + || !MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)) + || !MD_Update(&m,local_md,MD_DIGEST_LENGTH)) + goto err; CRYPTO_w_lock(CRYPTO_LOCK_RAND); - MD_Update(&m,md,MD_DIGEST_LENGTH); - MD_Final(&m,md); + if (!MD_Update(&m,md,MD_DIGEST_LENGTH) || !MD_Final(&m,md)) + { + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + goto err; + } CRYPTO_w_unlock(CRYPTO_LOCK_RAND); EVP_MD_CTX_cleanup(&m); @@ -505,6 +546,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) "http://www.openssl.org/support/faq.html"); return(0); } + err: + EVP_MD_CTX_cleanup(&m); + RANDerr(RAND_F_SSLEAY_RAND_BYTES,ERR_R_EVP_LIB); + return 0; + } /* pseudo-random bytes that are guaranteed to be unique but not @@ -520,22 +566,24 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) - (void)ERR_get_error(); + ERR_clear_error(); } return (ret); } static int ssleay_rand_status(void) { + CRYPTO_THREADID cur; int ret; int do_not_lock; + CRYPTO_THREADID_current(&cur); /* check if we already have the lock * (could happen if a RAND_poll() implementation calls RAND_status()) */ if (crypto_lock_rand) { CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); } else @@ -547,7 +595,7 @@ static int ssleay_rand_status(void) /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - locking_thread = CRYPTO_thread_id(); + CRYPTO_THREADID_cpy(&locking_threadid, &cur); CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; } |