]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 526cf60) | patch
Fix the DRBG seed propagation
authorDr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
Mon, 31 Aug 2020 21:36:22 +0000 (23:36 +0200)
committerDr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
Thu, 10 Sep 2020 20:57:34 +0000 (22:57 +0200)
commit958fec77928a28350f6af252ac5e8d0e6e081faa
tree9ce5e0770b69c76d26cab6a9ffd452c8c2496ec7tree
parent526cf60408e1a356ec712b6c88a88864fdbe73afcommit | diff
Fix the DRBG seed propagation

In a nutshell, reseed propagation is a compatibility feature with the sole
purpose to support the traditional way of (re-)seeding manually by calling
'RAND_add()' before 'RAND_bytes(). It ensures that the former has an immediate
effect on the latter *within the same thread*, but it does not care about
immediate reseed propagation to other threads. The implementation is lock-free,
i.e., it works without taking the lock of the primary DRBG.

Pull request #7399 not only fixed the data race issue #7394 but also changed
the original implementation of the seed propagation unnecessarily.
This commit reverts most of the changes of commit 1f98527659b8 and intends to
fix the data race while retaining the original simplicity of the seed propagation.

- use atomics with relaxed semantics to load and store the seed counter
- add a new member drbg->enable_reseed_propagation to simplify the
  overflow treatment of the seed propagation counter
- don't handle races between different threads

This partially reverts commit 1f98527659b8290d442c4e1532452b9ba6463f1e.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12759)
crypto/rand/drbg_lib.c diff | blob | blame | history
crypto/rand/rand_lib.c diff | blob | blame | history
crypto/rand/rand_local.h diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git