@@ -15723,13 +15723,22 @@ int wolfSSL_RAND_write_file(const char* fname)
1572315723 return 0 ;
1572415724 }
1572515725
15726+ if (wc_LockMutex (& globalRNGMutex ) != 0 ) {
15727+ WOLFSSL_MSG ("Bad Lock Mutex rng" );
15728+ WC_FREE_VAR_EX (buf , NULL , DYNAMIC_TYPE_TMP_BUFFER );
15729+ return 0 ;
15730+ }
15731+
1572615732 if (wc_RNG_GenerateBlock (& globalRNG , buf , (word32 )bytes ) != 0 ) {
15733+ wc_UnLockMutex (& globalRNGMutex );
1572715734 WOLFSSL_MSG ("Error generating random buffer" );
1572815735 bytes = 0 ;
1572915736 }
1573015737 else {
1573115738 XFILE f ;
1573215739
15740+ wc_UnLockMutex (& globalRNGMutex );
15741+
1573315742 #ifdef WOLFSSL_CHECK_MEM_ZERO
1573415743 wc_MemZero_Add ("wolfSSL_RAND_write_file buf" , buf , bytes );
1573515744 #endif
@@ -15879,21 +15888,28 @@ int wolfSSL_RAND_egd(const char* nm)
1587915888 WOLFSSL_MSG ("Error with initializing global RNG structure" );
1588015889 ret = WOLFSSL_FATAL_ERROR ;
1588115890 }
15882- else if (wc_RNG_DRBG_Reseed (& globalRNG , (const byte * ) buf , bytes )
15883- != 0 ) {
15884- WOLFSSL_MSG ("Error with reseeding DRBG structure" );
15891+ else if (wc_LockMutex (& globalRNGMutex ) != 0 ) {
15892+ WOLFSSL_MSG ("Bad Lock Mutex rng" );
1588515893 ret = WOLFSSL_FATAL_ERROR ;
1588615894 }
15887- #ifdef SHOW_SECRETS
15888- else { /* print out entropy found only when no error occurred */
15889- word32 i ;
15890- printf ("EGD Entropy = " );
15891- for (i = 0 ; i < bytes ; i ++ ) {
15892- printf ("%02X" , buf [i ]);
15895+ else {
15896+ if (wc_RNG_DRBG_Reseed (& globalRNG , (const byte * ) buf , bytes )
15897+ != 0 ) {
15898+ WOLFSSL_MSG ("Error with reseeding DRBG structure" );
15899+ ret = WOLFSSL_FATAL_ERROR ;
15900+ }
15901+ #ifdef SHOW_SECRETS
15902+ else { /* print out entropy found only when no error occurred */
15903+ word32 i ;
15904+ printf ("EGD Entropy = " );
15905+ for (i = 0 ; i < bytes ; i ++ ) {
15906+ printf ("%02X" , buf [i ]);
15907+ }
15908+ printf ("\n" );
1589315909 }
15894- printf ("\n" );
15910+ #endif
15911+ wc_UnLockMutex (& globalRNGMutex );
1589515912 }
15896- #endif
1589715913 }
1589815914
1589915915 ForceZero (buf , bytes );
@@ -16121,18 +16137,21 @@ int wolfSSL_RAND_poll(void)
1612116137 WOLFSSL_MSG ("Global RNG no Init" );
1612216138 return WOLFSSL_FAILURE ;
1612316139 }
16140+
16141+ /* lock intentionally covers wc_GenerateSeed as well, since it writes
16142+ * globalRNG.seed; do not narrow this scope or the seed write races */
16143+ if (wc_LockMutex (& globalRNGMutex ) != 0 ) {
16144+ WOLFSSL_MSG ("Bad Lock Mutex rng" );
16145+ return WOLFSSL_FAILURE ;
16146+ }
16147+
1612416148 ret = wc_GenerateSeed (& globalRNG .seed , entropy , entropy_sz );
1612516149 if (ret != 0 ) {
1612616150 WOLFSSL_MSG ("Bad wc_RNG_GenerateBlock" );
1612716151 ret = WOLFSSL_FAILURE ;
1612816152 }
1612916153 else {
1613016154#ifdef HAVE_HASHDRBG
16131- if (wc_LockMutex (& globalRNGMutex ) != 0 ) {
16132- WOLFSSL_MSG ("Bad Lock Mutex rng" );
16133- return ret ;
16134- }
16135-
1613616155 ret = wc_RNG_DRBG_Reseed (& globalRNG , entropy , entropy_sz );
1613716156 if (ret != 0 ) {
1613816157 WOLFSSL_MSG ("Error reseeding DRBG" );
@@ -16141,7 +16160,6 @@ int wolfSSL_RAND_poll(void)
1614116160 else {
1614216161 ret = WOLFSSL_SUCCESS ;
1614316162 }
16144- wc_UnLockMutex (& globalRNGMutex );
1614516163#elif defined(HAVE_INTEL_RDRAND )
1614616164 WOLFSSL_MSG ("Not polling with RAND_poll, RDRAND used without "
1614716165 "HAVE_HASHDRBG" );
@@ -16152,6 +16170,8 @@ int wolfSSL_RAND_poll(void)
1615216170#endif
1615316171 }
1615416172
16173+ wc_UnLockMutex (& globalRNGMutex );
16174+
1615516175 return ret ;
1615616176}
1615716177
0 commit comments