From 1d0671b81f18385ee6e73eed12b27fb25f27c67d Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Sun, 21 Oct 2018 18:49:19 +0200 Subject: [PATCH] RAND_load_file(): avoid adding small chunks to RAND_add() Increase the load buffer size such that it exceeds the chunk size by a comfortable amount. This is done to avoid calling RAND_add() with a small final chunk. Instead, such a small final chunk will be added together with the previous chunk (unless it's the only one). Related-to: #7449 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7456) --- crypto/rand/randfile.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 028c1281c0..45d20e5c03 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -16,6 +16,7 @@ #include #include +#include #include #ifdef OPENSSL_SYS_VMS @@ -48,7 +49,7 @@ # define S_ISREG(m) ((m) & S_IFREG) # endif -#define RAND_FILE_SIZE 1024 +#define RAND_BUF_SIZE 1024 #define RFILE ".rnd" #ifdef OPENSSL_SYS_VMS @@ -74,7 +75,16 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = */ int RAND_load_file(const char *file, long bytes) { - unsigned char buf[RAND_FILE_SIZE]; + /* + * The load buffer size exceeds the chunk size by the comfortable amount + * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose + * to avoid calling RAND_add() with a small final chunk. Instead, such + * a small final chunk will be added together with the previous chunk + * (unless it's the only one). + */ +#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH) + unsigned char buf[RAND_LOAD_BUF_SIZE]; + #ifndef OPENSSL_NO_POSIX_IO struct stat sb; #endif @@ -98,8 +108,12 @@ int RAND_load_file(const char *file, long bytes) return -1; } - if (!S_ISREG(sb.st_mode) && bytes < 0) - bytes = 256; + if (bytes < 0) { + if (S_ISREG(sb.st_mode)) + bytes = (sb.st_size <= LONG_MAX) ? sb.st_size : LONG_MAX; + else + bytes = RAND_DRBG_STRENGTH; + } #endif /* * On VMS, setbuf() will only take 32-bit pointers, and a compilation @@ -124,9 +138,9 @@ int RAND_load_file(const char *file, long bytes) for ( ; ; ) { if (bytes > 0) - n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE; + n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; else - n = RAND_FILE_SIZE; + n = RAND_LOAD_BUF_SIZE; i = fread(buf, 1, n, in); #ifdef EINTR if (ferror(in) && errno == EINTR){ @@ -159,7 +173,7 @@ int RAND_load_file(const char *file, long bytes) int RAND_write_file(const char *file) { - unsigned char buf[RAND_FILE_SIZE]; + unsigned char buf[RAND_BUF_SIZE]; int ret = -1; FILE *out = NULL; #ifndef OPENSSL_NO_POSIX_IO @@ -228,9 +242,9 @@ int RAND_write_file(const char *file) chmod(file, 0600); #endif - ret = fwrite(buf, 1, RAND_FILE_SIZE, out); + ret = fwrite(buf, 1, RAND_BUF_SIZE, out); fclose(out); - OPENSSL_cleanse(buf, RAND_FILE_SIZE); + OPENSSL_cleanse(buf, RAND_BUF_SIZE); return ret; }