summaryrefslogtreecommitdiffstats
path: root/crypto/init.c
diff options
context:
space:
mode:
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>2017-08-31 23:16:22 +0200
committerBen Kaduk <kaduk@mit.edu>2017-10-18 15:39:20 +0200
commitc16de9d8329d41a2433d0f273c080d9d06ad7a87 (patch)
tree3bdcf5e354efd8991aa1f7d83921655e81db726b /crypto/init.c
parents390x assembly pack: remove capability double-checking. (diff)
downloadopenssl-c16de9d8329d41a2433d0f273c080d9d06ad7a87.tar.xz
openssl-c16de9d8329d41a2433d0f273c080d9d06ad7a87.zip
Fix reseeding issues of the public RAND_DRBG
Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when the new RAND_DRBG was made the default OpenSSL RNG. In particular, RAND_add() did not work as expected anymore. These issues are discussed on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API' and in Pull Request #4328. This commit fixes the mentioned issues, introducing the following changes: - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which facilitates collecting entropy by the get_entropy() callback. - Don't use RAND_poll()/RAND_add() for collecting entropy from the get_entropy() callback anymore. Instead, replace RAND_poll() by RAND_POOL_acquire_entropy(). - Add a new function rand_drbg_restart() which tries to get the DRBG in an instantiated state by all means, regardless of the current state (uninstantiated, error, ...) the DRBG is in. If the caller provides entropy or additional input, it will be used for reseeding. - Restore the original documented behaviour of RAND_add() and RAND_poll() (namely to reseed the DRBG immediately) by a new implementation based on rand_drbg_restart(). - Add automatic error recovery from temporary failures of the entropy source to RAND_DRBG_generate() using the rand_drbg_restart() function. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4328)
Diffstat (limited to 'crypto/init.c')
-rw-r--r--crypto/init.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/init.c b/crypto/init.c
index 3eda1c987d..8daf4e31cf 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -503,7 +503,7 @@ void OPENSSL_cleanup(void)
* obj_cleanup_int() must be called last
*/
rand_cleanup_int();
- rand_cleanup_drbg_int();
+ rand_drbg_cleanup_int();
conf_modules_free_int();
#ifndef OPENSSL_NO_ENGINE
engine_cleanup_int();