Commit 4c75ee85 authored Jul 19, 2017 by Rich Salz

Add range-checking to RAND_DRBG_set_reseed_interval



As suggested by Kurt.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3970)

parent d76f646a

crypto/rand/drbg_lib.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -328,11 +328,14 @@ int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
		}

		/*
		* Set the reseed internal. Used mainly for the KATs.
		* Set the reseed interval. Used mainly for the KATs.
		*/
		void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
		int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
		{
		if (interval < 0 \|\| interval > MAX_RESEED)
		return 0;
		dctx->reseed_interval = interval;
		return 1;
		}

		/*

crypto/rand/drbg_rand.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -372,7 +372,7 @@ int ctr_init(DRBG_CTX *dctx)
		}

		dctx->max_request = 1 << 16;
		dctx->reseed_interval = 1 << 24;
		dctx->reseed_interval = MAX_RESEED;
		return 1;
		}

crypto/rand/rand_lcl.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -20,6 +20,9 @@
		/* we require 256 bits of randomness */
		# define RANDOMNESS_NEEDED (256 / 8)

		/* Maximum count allowed in reseeding */
		#define MAX_RESEED (1 << 24)

		/* DRBG status values */
		#define DRBG_STATUS_UNINITIALISED 0
		#define DRBG_STATUS_READY 1

include/internal/rand.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -35,7 +35,7 @@ int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
		void (cleanup_nonce)(DRBG_CTX ctx, unsigned char *out, size_t olen)
		);

		void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);
		int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);

		#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
		CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)