return 0;
memset(&data, 0, sizeof(data));
- pool = rand_pool_new(0, min_len, max_len);
+ pool = rand_pool_new(0, 0, min_len, max_len);
if (pool == NULL)
return 0;
void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- OPENSSL_secure_clear_free(out, outlen);
+ OPENSSL_clear_free(out, outlen);
}
/*
if (drbg->adin_pool == NULL) {
if (drbg->type == 0)
goto err;
- drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen);
+ drbg->adin_pool = rand_pool_new(0, 0, 0, drbg->max_adinlen);
if (drbg->adin_pool == NULL)
goto err;
}
return NULL;
if ((crngt_glob->crngt_pool
- = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) {
+ = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) {
OPENSSL_free(crngt_glob);
return NULL;
}
if (crngt_glob == NULL)
return 0;
- if ((pool = rand_pool_new(entropy, min_len, max_len)) == NULL)
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
return 0;
while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
pool = drbg->seed_pool;
pool->entropy_requested = entropy;
} else {
- pool = rand_pool_new(entropy, min_len, max_len);
+ pool = rand_pool_new(entropy, drbg->secure, min_len, max_len);
if (pool == NULL)
return 0;
}
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- if (drbg->seed_pool == NULL)
- OPENSSL_secure_clear_free(out, outlen);
+ if (drbg->seed_pool == NULL) {
+ if (drbg->secure)
+ OPENSSL_secure_clear_free(out, outlen);
+ else
+ OPENSSL_clear_free(out, outlen);
+ }
}
/*
RAND_POOL *pool = NULL;
/* fill random pool and seed the current legacy RNG */
- pool = rand_pool_new(RAND_DRBG_STRENGTH,
+ pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
(RAND_DRBG_STRENGTH + 7) / 8,
RAND_POOL_MAX_LENGTH);
if (pool == NULL)
* Allocate memory and initialize a new random pool
*/
-RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+ size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
RAND_POOL_MAX_LENGTH : max_len;
- pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+ if (secure)
+ pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+ else
+ pool->buffer = OPENSSL_zalloc(pool->max_len);
+
if (pool->buffer == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
goto err;
}
pool->entropy_requested = entropy_requested;
+ pool->secure = secure;
return pool;
* to rand_pool_attach() as `const unsigned char*`.
* (see corresponding comment in rand_pool_attach()).
*/
- if (!pool->attached)
- OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+ if (!pool->attached) {
+ if (pool->secure)
+ OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+ else
+ OPENSSL_clear_free(pool->buffer, pool->max_len);
+ }
+
OPENSSL_free(pool);
}