From 1648338ba1a63c19c7bae32170cd1d825b48eaee Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Sat, 3 Feb 2018 22:32:47 +0100 Subject: [PATCH] Fix size limitation of RAND_DRBG_bytes() When comparing the implementations of drbg_bytes() and RAND_DRBG_bytes(), it was noticed that the former split the buffer into chunks when calling RAND_DRBG_generate() to circumvent the size limitation of the buffer to outlen <= drb->max_request. This loop was missing in RAND_DRBG_bytes(), so it was adopted from drbg_bytes(). Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/5251) --- crypto/rand/drbg_lib.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 974e3bbd11..c0c0b91cfd 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -546,10 +546,22 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { unsigned char *additional = NULL; size_t additional_len; + size_t chunk; size_t ret; additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen); - ret = RAND_DRBG_generate(drbg, out, outlen, 0, additional, additional_len); + + for ( ; outlen > 0; outlen -= chunk, out += chunk) { + chunk = outlen; + if (chunk > drbg->max_request) + chunk = drbg->max_request; + ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len); + if (!ret) + goto err; + } + ret = 1; + +err: if (additional_len != 0) OPENSSL_secure_clear_free(additional, additional_len); -- 2.25.1