The fips_drbg_bytes() function calls CRYPTO_w_lock(CRYPTO_LOCK_RAND);
unfortunately the FIPS_drbg_generate() function can eventually call
drbg_reseed() if sufficiently enough bytes are pulled out of the DRBG.
This function in turn pulls bytes from the MD rand using the
RAND_SSLeay()->bytes(). However MD rand uses
CRYPTO_w_lock(CRYPTO_LOCK_RAND); in ssleay_rand_bytes().
This leads to double locking the CRYPTO_LOCK_RAND which can mean
undefined behavior unless for example in case of pthreads the mutex type
used is PTHREAD_MUTEX_RECURSIVE.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
