diff options
author | Pauli <paul.dale@oracle.com> | 2020-06-30 09:36:47 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-07-05 13:17:43 +1000 |
commit | 132abb21f977c31477387c0585a4384e99f45b5c (patch) | |
tree | 1f83f0fbca872d72b61114316faf5a4d8f7d2d7d /crypto | |
parent | 8c1cbc72105ffd493b48e65f8f5fd3657dedb28c (diff) |
rand: fix recursive locking issue.
The calls to query the DRBG strength, state and maximum output size all used
nested locks. This removes the nesting.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12321)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/evp_rand.c | 29 |
1 files changed, 11 insertions, 18 deletions
diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 6e3541481a..a2c59ee947 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -194,6 +194,7 @@ static void *evp_rand_from_dispatch(int name_id, if (rand->get_ctx_params != NULL) break; rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns); + fnctxcnt++; break; case OSSL_FUNC_RAND_SET_CTX_PARAMS: if (rand->set_ctx_params != NULL) @@ -220,7 +221,7 @@ static void *evp_rand_from_dispatch(int name_id, * locking functions. */ if (fnrandcnt != 3 - || fnctxcnt != 2 + || fnctxcnt != 3 || (fnlockcnt != 0 && fnlockcnt != 3) #ifdef FIPS_MODULE || fnzeroizecnt != 1 @@ -340,14 +341,12 @@ EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx) int EVP_RAND_get_ctx_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]) { - int res = 1; + int res; - if (ctx->meth->get_ctx_params != NULL) { - if (!evp_rand_lock(ctx)) - return 0; - res = ctx->meth->get_ctx_params(ctx->data, params); - evp_rand_unlock(ctx); - } + if (!evp_rand_lock(ctx)) + return 0; + res = ctx->meth->get_ctx_params(ctx->data, params); + evp_rand_unlock(ctx); return res; } @@ -440,7 +439,8 @@ int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, &chunk); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_RAND_get_ctx_params(ctx, params) || chunk == 0) { + /* Cannot call EVP_RAND_get_ctx_params() since we have the lock */ + if (!ctx->meth->get_ctx_params(ctx->data, params) || chunk == 0) { EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); goto err; } @@ -497,19 +497,15 @@ int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx) { OSSL_PARAM params[2]; - unsigned int t; int res; if (ctx->strength == 0) { - params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &t); + params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, + &ctx->strength); params[1] = OSSL_PARAM_construct_end(); - if (!evp_rand_lock(ctx)) - return 0; res = EVP_RAND_get_ctx_params(ctx, params); - evp_rand_unlock(ctx); if (!res) return 0; - ctx->strength = t; } return ctx->strength; } @@ -521,10 +517,7 @@ int EVP_RAND_state(EVP_RAND_CTX *ctx) params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &status); - if (!evp_rand_lock(ctx)) - return 0; res = EVP_RAND_get_ctx_params(ctx, params); - evp_rand_unlock(ctx); if (!res) status = EVP_RAND_STATE_ERROR; return status; |