RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent)
{
RAND_DRBG *drbg = OPENSSL_zalloc(sizeof(*drbg));
- unsigned char *ucp = OPENSSL_zalloc(RANDOMNESS_NEEDED);
- if (drbg == NULL || ucp == NULL) {
+ if (drbg == NULL) {
RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
goto err;
}
drbg->size = RANDOMNESS_NEEDED;
- drbg->randomness = ucp;
drbg->fork_count = rand_fork_count;
drbg->parent = parent;
if (RAND_DRBG_set(drbg, type, flags) < 0)
return drbg;
err:
- OPENSSL_free(ucp);
OPENSSL_free(drbg);
return NULL;
}
return;
ctr_uninstantiate(drbg);
- OPENSSL_cleanse(drbg->randomness, drbg->size);
- OPENSSL_free(drbg->randomness);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
OPENSSL_clear_free(drbg, sizeof(*drbg));
}
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return drbg->size;
}
+ drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
+ : OPENSSL_malloc(drbg->size);
+
/* If we don't have enough, try to get more. */
CRYPTO_THREAD_write_lock(rand_bytes.lock);
for (i = RAND_POLL_RETRIES; rand_bytes.curr < min_len && --i >= 0; ) {
min_len = drbg->size;
}
+ drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
+ : OPENSSL_malloc(drbg->size);
+
/* Get random from parent, include our state as additional input. */
st = RAND_DRBG_generate(drbg->parent, drbg->randomness, min_len, 0,
(unsigned char *)drbg, sizeof(*drbg));
void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out)
{
drbg->filled = 0;
- OPENSSL_cleanse(drbg->randomness, drbg->size);
+ if (drbg->secure)
+ OPENSSL_secure_clear_free(drbg->randomness, drbg->size);
+ else
+ OPENSSL_clear_free(drbg->randomness, drbg->size);
+ drbg->randomness = NULL;
}
ret &= drbg->lock != NULL;
drbg->size = RANDOMNESS_NEEDED;
drbg->secure = CRYPTO_secure_malloc_initialized();
- drbg->randomness = drbg->secure
- ? OPENSSL_secure_malloc(drbg->size)
- : OPENSSL_malloc(drbg->size);
- ret &= drbg->randomness != NULL;
+ drbg->randomness = NULL;
/* If you change these parameters, see RANDOMNESS_NEEDED */
ret &= RAND_DRBG_set(drbg,
NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF) == 1;
static void free_drbg(RAND_DRBG *drbg)
{
CRYPTO_THREAD_lock_free(drbg->lock);
- if (drbg->secure)
- OPENSSL_secure_clear_free(drbg->randomness, drbg->size);
- else
- OPENSSL_clear_free(drbg->randomness, drbg->size);
RAND_DRBG_uninstantiate(drbg);
}