DRBG: Remove 'randomness' buffer from 'RAND_DRBG'
The DRBG callbacks 'get_entropy()' and 'cleanup_entropy()' are designed in such a way that the randomness buffer does not have to be allocated by the calling function. It receives the address of a dynamically allocated buffer from get_entropy() and returns this address to cleanup_entropy(), where it is freed. If these two calls are properly paired, the address can be stored in a stack local variable of the calling function, so there is no need for having a 'randomness' member (and a 'filled' member) in 'RAND_DRBG'. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4266)
This commit is contained in:
Dr. Matthias St. Pierre
Rich Salz
parent
4871fa49cd
commit
6969a3f49a
5 changed files with 24 additions and 33 deletions
|
|
@ -168,9 +168,9 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
|
||||||
|
|
||||||
end:
|
end:
|
||||||
if (entropy != NULL && drbg->cleanup_entropy != NULL)
|
if (entropy != NULL && drbg->cleanup_entropy != NULL)
|
||||||
drbg->cleanup_entropy(drbg, entropy);
|
drbg->cleanup_entropy(drbg, entropy, entropylen);
|
||||||
if (nonce != NULL && drbg->cleanup_nonce!= NULL )
|
if (nonce != NULL && drbg->cleanup_nonce!= NULL )
|
||||||
drbg->cleanup_nonce(drbg, nonce);
|
drbg->cleanup_nonce(drbg, nonce, noncelen);
|
||||||
if (drbg->state == DRBG_READY)
|
if (drbg->state == DRBG_READY)
|
||||||
return 1;
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -229,7 +229,7 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
|
||||||
|
|
||||||
end:
|
end:
|
||||||
if (entropy != NULL && drbg->cleanup_entropy != NULL)
|
if (entropy != NULL && drbg->cleanup_entropy != NULL)
|
||||||
drbg->cleanup_entropy(drbg, entropy);
|
drbg->cleanup_entropy(drbg, entropy, entropylen);
|
||||||
if (drbg->state == DRBG_READY)
|
if (drbg->state == DRBG_READY)
|
||||||
return 1;
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -94,14 +94,12 @@ struct rand_drbg_st {
|
||||||
int nid; /* the underlying algorithm */
|
int nid; /* the underlying algorithm */
|
||||||
int fork_count;
|
int fork_count;
|
||||||
unsigned short flags; /* various external flags */
|
unsigned short flags; /* various external flags */
|
||||||
char filled;
|
|
||||||
char secure;
|
char secure;
|
||||||
/*
|
/*
|
||||||
* This is a fixed-size buffer, but we malloc to make it a little
|
* This is a fixed-size buffer, but we malloc to make it a little
|
||||||
* harder to find; a classic security/performance trade-off.
|
* harder to find; a classic security/performance trade-off.
|
||||||
*/
|
*/
|
||||||
int size;
|
int size;
|
||||||
unsigned char *randomness;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The following parameters are setup by the per-type "init" function.
|
* The following parameters are setup by the per-type "init" function.
|
||||||
|
|
@ -157,7 +155,7 @@ void rand_read_tsc(RAND_poll_cb rand_add, void *arg);
|
||||||
int rand_read_cpu(RAND_poll_cb rand_add, void *arg);
|
int rand_read_cpu(RAND_poll_cb rand_add, void *arg);
|
||||||
|
|
||||||
/* DRBG entropy callbacks. */
|
/* DRBG entropy callbacks. */
|
||||||
void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out);
|
void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
|
||||||
size_t drbg_entropy_from_parent(RAND_DRBG *drbg,
|
size_t drbg_entropy_from_parent(RAND_DRBG *drbg,
|
||||||
unsigned char **pout,
|
unsigned char **pout,
|
||||||
int entropy, size_t min_len, size_t max_len);
|
int entropy, size_t min_len, size_t max_len);
|
||||||
|
|
|
||||||
|
|
@ -105,20 +105,14 @@ size_t drbg_entropy_from_system(RAND_DRBG *drbg,
|
||||||
int entropy, size_t min_len, size_t max_len)
|
int entropy, size_t min_len, size_t max_len)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
unsigned char *randomness;
|
||||||
|
|
||||||
if (min_len > (size_t)drbg->size) {
|
if (min_len > (size_t)drbg->size) {
|
||||||
/* Should not happen. See comment near RANDOMNESS_NEEDED. */
|
/* Should not happen. See comment near RANDOMNESS_NEEDED. */
|
||||||
min_len = drbg->size;
|
min_len = drbg->size;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (drbg->filled) {
|
randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
|
||||||
/* Re-use what we have. */
|
|
||||||
*pout = drbg->randomness;
|
|
||||||
return drbg->size;
|
|
||||||
}
|
|
||||||
|
|
||||||
drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
|
|
||||||
: OPENSSL_malloc(drbg->size);
|
: OPENSSL_malloc(drbg->size);
|
||||||
|
|
||||||
/* If we don't have enough, try to get more. */
|
/* If we don't have enough, try to get more. */
|
||||||
|
|
@ -133,15 +127,14 @@ size_t drbg_entropy_from_system(RAND_DRBG *drbg,
|
||||||
if (min_len > rand_bytes.curr)
|
if (min_len > rand_bytes.curr)
|
||||||
min_len = rand_bytes.curr;
|
min_len = rand_bytes.curr;
|
||||||
if (min_len != 0) {
|
if (min_len != 0) {
|
||||||
memcpy(drbg->randomness, rand_bytes.buff, min_len);
|
memcpy(randomness, rand_bytes.buff, min_len);
|
||||||
drbg->filled = 1;
|
|
||||||
/* Update amount left and shift it down. */
|
/* Update amount left and shift it down. */
|
||||||
rand_bytes.curr -= min_len;
|
rand_bytes.curr -= min_len;
|
||||||
if (rand_bytes.curr != 0)
|
if (rand_bytes.curr != 0)
|
||||||
memmove(rand_bytes.buff, &rand_bytes.buff[min_len], rand_bytes.curr);
|
memmove(rand_bytes.buff, &rand_bytes.buff[min_len], rand_bytes.curr);
|
||||||
}
|
}
|
||||||
CRYPTO_THREAD_unlock(rand_bytes.lock);
|
CRYPTO_THREAD_unlock(rand_bytes.lock);
|
||||||
*pout = drbg->randomness;
|
*pout = randomness;
|
||||||
return min_len;
|
return min_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -150,33 +143,33 @@ size_t drbg_entropy_from_parent(RAND_DRBG *drbg,
|
||||||
int entropy, size_t min_len, size_t max_len)
|
int entropy, size_t min_len, size_t max_len)
|
||||||
{
|
{
|
||||||
int st;
|
int st;
|
||||||
|
unsigned char *randomness;
|
||||||
|
|
||||||
if (min_len > (size_t)drbg->size) {
|
if (min_len > (size_t)drbg->size) {
|
||||||
/* Should not happen. See comment near RANDOMNESS_NEEDED. */
|
/* Should not happen. See comment near RANDOMNESS_NEEDED. */
|
||||||
min_len = drbg->size;
|
min_len = drbg->size;
|
||||||
}
|
}
|
||||||
|
|
||||||
drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
|
randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
|
||||||
: OPENSSL_malloc(drbg->size);
|
: OPENSSL_malloc(drbg->size);
|
||||||
|
|
||||||
/* Get random from parent, include our state as additional input. */
|
/* Get random from parent, include our state as additional input. */
|
||||||
st = RAND_DRBG_generate(drbg->parent, drbg->randomness, min_len, 0,
|
st = RAND_DRBG_generate(drbg->parent, randomness, min_len, 0,
|
||||||
(unsigned char *)drbg, sizeof(*drbg));
|
(unsigned char *)drbg, sizeof(*drbg));
|
||||||
if (st == 0)
|
if (st == 0) {
|
||||||
|
drbg_release_entropy(drbg, randomness, min_len);
|
||||||
return 0;
|
return 0;
|
||||||
drbg->filled = 1;
|
}
|
||||||
*pout = drbg->randomness;
|
*pout = randomness;
|
||||||
return min_len;
|
return min_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out)
|
void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
|
||||||
{
|
{
|
||||||
drbg->filled = 0;
|
|
||||||
if (drbg->secure)
|
if (drbg->secure)
|
||||||
OPENSSL_secure_clear_free(drbg->randomness, drbg->size);
|
OPENSSL_secure_clear_free(out, outlen);
|
||||||
else
|
else
|
||||||
OPENSSL_clear_free(drbg->randomness, drbg->size);
|
OPENSSL_clear_free(out, outlen);
|
||||||
drbg->randomness = NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -191,7 +184,6 @@ static int setup_drbg(RAND_DRBG *drbg)
|
||||||
ret &= drbg->lock != NULL;
|
ret &= drbg->lock != NULL;
|
||||||
drbg->size = RANDOMNESS_NEEDED;
|
drbg->size = RANDOMNESS_NEEDED;
|
||||||
drbg->secure = CRYPTO_secure_malloc_initialized();
|
drbg->secure = CRYPTO_secure_malloc_initialized();
|
||||||
drbg->randomness = NULL;
|
|
||||||
/* If you change these parameters, see RANDOMNESS_NEEDED */
|
/* If you change these parameters, see RANDOMNESS_NEEDED */
|
||||||
ret &= RAND_DRBG_set(drbg,
|
ret &= RAND_DRBG_set(drbg,
|
||||||
NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF) == 1;
|
NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF) == 1;
|
||||||
|
|
|
||||||
|
|
@ -178,11 +178,11 @@ int RAND_poll_ex(RAND_poll_cb rand_add, void *arg)
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
# ifdef OPENSSL_RAND_SEED_RDTSC
|
# ifdef OPENSSL_RAND_SEED_RDTSC
|
||||||
rand_read_tsc(cb, arg);
|
rand_read_tsc(rand_add, arg);
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
# ifdef OPENSSL_RAND_SEED_RDCPU
|
# ifdef OPENSSL_RAND_SEED_RDCPU
|
||||||
if (rand_read_cpu(cb, arg))
|
if (rand_read_cpu(rand_add, arg))
|
||||||
goto done;
|
goto done;
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,11 +50,12 @@ typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
|
||||||
int entropy, size_t min_len,
|
int entropy, size_t min_len,
|
||||||
size_t max_len);
|
size_t max_len);
|
||||||
typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
|
typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
|
||||||
unsigned char *out);
|
unsigned char *out, size_t outlen);
|
||||||
typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout,
|
typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout,
|
||||||
int entropy, size_t min_len,
|
int entropy, size_t min_len,
|
||||||
size_t max_len);
|
size_t max_len);
|
||||||
typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx, unsigned char *out);
|
typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx,
|
||||||
|
unsigned char *out, size_t outlen);
|
||||||
|
|
||||||
int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
|
int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
|
||||||
RAND_DRBG_get_entropy_fn get_entropy,
|
RAND_DRBG_get_entropy_fn get_entropy,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue