Commit 9d951a78 authored by Rich Salz's avatar Rich Salz
Browse files

Move randomness to allocated buffer 



Don't keep it in the DRBG object, just allocate/free as needed.

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4226)
parent 27c6d63d

crypto/rand/drbg_lib.c

+1 −6
Original line number Diff line number Diff line
@@ -64,14 +64,12 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int nid, unsigned int flags) 
RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent)

{

    RAND_DRBG *drbg = OPENSSL_zalloc(sizeof(*drbg));

    unsigned char *ucp = OPENSSL_zalloc(RANDOMNESS_NEEDED);



    if (drbg == NULL || ucp == NULL) {

    if (drbg == NULL) {

        RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);

        goto err;

    }

    drbg->size = RANDOMNESS_NEEDED;

    drbg->randomness = ucp;

    drbg->fork_count = rand_fork_count;

    drbg->parent = parent;

    if (RAND_DRBG_set(drbg, type, flags) < 0)
@@ -96,7 +94,6 @@ RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) 
    return drbg;



err:

    OPENSSL_free(ucp);

    OPENSSL_free(drbg);

    return NULL;

}
@@ -116,8 +113,6 @@ void RAND_DRBG_free(RAND_DRBG *drbg) 
        return;



    ctr_uninstantiate(drbg);

    OPENSSL_cleanse(drbg->randomness, drbg->size);

    OPENSSL_free(drbg->randomness);

    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);

    OPENSSL_clear_free(drbg, sizeof(*drbg));

}

crypto/rand/rand_lib.c

+13 −10
Original line number Diff line number Diff line 
/*

 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy
@@ -118,6 +118,9 @@ size_t drbg_entropy_from_system(RAND_DRBG *drbg, 
        return drbg->size;

    }



    drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)

                                    : OPENSSL_malloc(drbg->size);



    /* If we don't have enough, try to get more. */

    CRYPTO_THREAD_write_lock(rand_bytes.lock);

    for (i = RAND_POLL_RETRIES; rand_bytes.curr < min_len && --i >= 0; ) {
@@ -153,6 +156,9 @@ size_t drbg_entropy_from_parent(RAND_DRBG *drbg, 
        min_len = drbg->size;

    }



    drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)

                                    : OPENSSL_malloc(drbg->size);



    /* Get random from parent, include our state as additional input. */

    st = RAND_DRBG_generate(drbg->parent, drbg->randomness, min_len, 0,

                            (unsigned char *)drbg, sizeof(*drbg));
@@ -166,7 +172,11 @@ size_t drbg_entropy_from_parent(RAND_DRBG *drbg, 
void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out)

{

    drbg->filled = 0;

    OPENSSL_cleanse(drbg->randomness, drbg->size);

    if (drbg->secure)

        OPENSSL_secure_clear_free(drbg->randomness, drbg->size);

    else

        OPENSSL_clear_free(drbg->randomness, drbg->size);

    drbg->randomness = NULL;

}
@@ -181,10 +191,7 @@ static int setup_drbg(RAND_DRBG *drbg) 
    ret &= drbg->lock != NULL;

    drbg->size = RANDOMNESS_NEEDED;

    drbg->secure = CRYPTO_secure_malloc_initialized();

    drbg->randomness = drbg->secure

        ? OPENSSL_secure_malloc(drbg->size)

        : OPENSSL_malloc(drbg->size);

    ret &= drbg->randomness != NULL;

    drbg->randomness = NULL;

    /* If you change these parameters, see RANDOMNESS_NEEDED */

    ret &= RAND_DRBG_set(drbg,

                         NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF) == 1;
@@ -196,10 +203,6 @@ static int setup_drbg(RAND_DRBG *drbg) 
static void free_drbg(RAND_DRBG *drbg)

{

    CRYPTO_THREAD_lock_free(drbg->lock);

    if (drbg->secure)

        OPENSSL_secure_clear_free(drbg->randomness, drbg->size);

    else

        OPENSSL_clear_free(drbg->randomness, drbg->size);

    RAND_DRBG_uninstantiate(drbg);

}