Skip to content

Commit a339c35

Browse files
Lock globalRNGMutex around all shared globalRNG access in OpenSSL-compat RNG
1 parent 076dc5a commit a339c35

2 files changed

Lines changed: 53 additions & 21 deletions

File tree

src/ssl.c

Lines changed: 43 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -15723,13 +15723,22 @@ int wolfSSL_RAND_write_file(const char* fname)
1572315723
return 0;
1572415724
}
1572515725

15726+
if (wc_LockMutex(&globalRNGMutex) != 0) {
15727+
WOLFSSL_MSG("Bad Lock Mutex rng");
15728+
WC_FREE_VAR_EX(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
15729+
return 0;
15730+
}
15731+
1572615732
if (wc_RNG_GenerateBlock(&globalRNG, buf, (word32)bytes) != 0) {
15733+
wc_UnLockMutex(&globalRNGMutex);
1572715734
WOLFSSL_MSG("Error generating random buffer");
1572815735
bytes = 0;
1572915736
}
1573015737
else {
1573115738
XFILE f;
1573215739

15740+
wc_UnLockMutex(&globalRNGMutex);
15741+
1573315742
#ifdef WOLFSSL_CHECK_MEM_ZERO
1573415743
wc_MemZero_Add("wolfSSL_RAND_write_file buf", buf, bytes);
1573515744
#endif
@@ -15745,7 +15754,9 @@ int wolfSSL_RAND_write_file(const char* fname)
1574515754
XFCLOSE(f);
1574615755
}
1574715756
}
15748-
ForceZero(buf, (word32)bytes);
15757+
/* wipe the whole buffer, not just (word32)bytes: error paths set
15758+
* bytes = 0 but the buffer may still hold generated random data */
15759+
ForceZero(buf, 1024);
1574915760
#ifdef WOLFSSL_SMALL_STACK
1575015761
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1575115762
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
@@ -15879,21 +15890,30 @@ int wolfSSL_RAND_egd(const char* nm)
1587915890
WOLFSSL_MSG("Error with initializing global RNG structure");
1588015891
ret = WOLFSSL_FATAL_ERROR;
1588115892
}
15882-
else if (wc_RNG_DRBG_Reseed(&globalRNG, (const byte*) buf, bytes)
15883-
!= 0) {
15884-
WOLFSSL_MSG("Error with reseeding DRBG structure");
15893+
else if (wc_LockMutex(&globalRNGMutex) != 0) {
15894+
WOLFSSL_MSG("Bad Lock Mutex rng");
1588515895
ret = WOLFSSL_FATAL_ERROR;
1588615896
}
15887-
#ifdef SHOW_SECRETS
15888-
else { /* print out entropy found only when no error occurred */
15889-
word32 i;
15890-
printf("EGD Entropy = ");
15891-
for (i = 0; i < bytes; i++) {
15892-
printf("%02X", buf[i]);
15897+
else {
15898+
if (wc_RNG_DRBG_Reseed(&globalRNG, (const byte*) buf, bytes)
15899+
!= 0) {
15900+
WOLFSSL_MSG("Error with reseeding DRBG structure");
15901+
ret = WOLFSSL_FATAL_ERROR;
15902+
}
15903+
wc_UnLockMutex(&globalRNGMutex);
15904+
15905+
#ifdef SHOW_SECRETS
15906+
/* print out entropy found only when no error occurred */
15907+
if (ret == WOLFSSL_SUCCESS) {
15908+
word32 i;
15909+
printf("EGD Entropy = ");
15910+
for (i = 0; i < bytes; i++) {
15911+
printf("%02X", buf[i]);
15912+
}
15913+
printf("\n");
1589315914
}
15894-
printf("\n");
15915+
#endif
1589515916
}
15896-
#endif
1589715917
}
1589815918

1589915919
ForceZero(buf, bytes);
@@ -16121,18 +16141,21 @@ int wolfSSL_RAND_poll(void)
1612116141
WOLFSSL_MSG("Global RNG no Init");
1612216142
return WOLFSSL_FAILURE;
1612316143
}
16144+
16145+
/* lock intentionally covers wc_GenerateSeed as well, since it writes
16146+
* globalRNG.seed; do not narrow this scope or the seed write races */
16147+
if (wc_LockMutex(&globalRNGMutex) != 0) {
16148+
WOLFSSL_MSG("Bad Lock Mutex rng");
16149+
return WOLFSSL_FAILURE;
16150+
}
16151+
1612416152
ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz);
1612516153
if (ret != 0) {
16126-
WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
16154+
WOLFSSL_MSG("Bad wc_GenerateSeed");
1612716155
ret = WOLFSSL_FAILURE;
1612816156
}
1612916157
else {
1613016158
#ifdef HAVE_HASHDRBG
16131-
if (wc_LockMutex(&globalRNGMutex) != 0) {
16132-
WOLFSSL_MSG("Bad Lock Mutex rng");
16133-
return ret;
16134-
}
16135-
1613616159
ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz);
1613716160
if (ret != 0) {
1613816161
WOLFSSL_MSG("Error reseeding DRBG");
@@ -16141,7 +16164,6 @@ int wolfSSL_RAND_poll(void)
1614116164
else {
1614216165
ret = WOLFSSL_SUCCESS;
1614316166
}
16144-
wc_UnLockMutex(&globalRNGMutex);
1614516167
#elif defined(HAVE_INTEL_RDRAND)
1614616168
WOLFSSL_MSG("Not polling with RAND_poll, RDRAND used without "
1614716169
"HAVE_HASHDRBG");
@@ -16152,6 +16174,8 @@ int wolfSSL_RAND_poll(void)
1615216174
#endif
1615316175
}
1615416176

16177+
wc_UnLockMutex(&globalRNGMutex);
16178+
1615516179
return ret;
1615616180
}
1615716181

src/ssl_p7p12.c

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1560,11 +1560,19 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
15601560
ret = 0;
15611561
}
15621562

1563+
if ((ret > 0) && (wc_LockMutex(&globalRNGMutex) != 0)) {
1564+
WOLFSSL_MSG("Bad Lock Mutex rng");
1565+
ret = 0;
1566+
}
1567+
15631568
/* no need to generate random byte for null terminator (size-1) */
1564-
if ((ret > 0) && (wc_RNG_GenerateBlock(&globalRNG, (byte*)boundary,
1565-
sizeof(boundary) - 1 ) != 0)) {
1569+
if (ret > 0) {
1570+
if (wc_RNG_GenerateBlock(&globalRNG, (byte*)boundary,
1571+
sizeof(boundary) - 1 ) != 0) {
15661572
WOLFSSL_MSG("Error in wc_RNG_GenerateBlock");
15671573
ret = 0;
1574+
}
1575+
wc_UnLockMutex(&globalRNGMutex);
15681576
}
15691577

15701578
if (ret > 0) {

0 commit comments

Comments
 (0)