From 9d951a7872e5fa2b2a83fe8cfda3af5c52581172 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 22 Aug 2017 18:24:23 -0400 Subject: [PATCH] Move randomness to allocated buffer Don't keep it in the DRBG object, just allocate/free as needed. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/4226) --- crypto/rand/drbg_lib.c | 7 +------ crypto/rand/rand_lib.c | 23 +++++++++++++---------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 0da4d48f55..6aced40fd4 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -64,14 +64,12 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int nid, unsigned int flags) RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) { RAND_DRBG *drbg = OPENSSL_zalloc(sizeof(*drbg)); - unsigned char *ucp = OPENSSL_zalloc(RANDOMNESS_NEEDED); - if (drbg == NULL || ucp == NULL) { + if (drbg == NULL) { RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE); goto err; } drbg->size = RANDOMNESS_NEEDED; - drbg->randomness = ucp; drbg->fork_count = rand_fork_count; drbg->parent = parent; if (RAND_DRBG_set(drbg, type, flags) < 0) @@ -96,7 +94,6 @@ RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) return drbg; err: - OPENSSL_free(ucp); OPENSSL_free(drbg); return NULL; } @@ -116,8 +113,6 @@ void RAND_DRBG_free(RAND_DRBG *drbg) return; ctr_uninstantiate(drbg); - OPENSSL_cleanse(drbg->randomness, drbg->size); - OPENSSL_free(drbg->randomness); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data); OPENSSL_clear_free(drbg, sizeof(*drbg)); } diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 489b5380c9..0d1e3f6a07 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -118,6 +118,9 @@ size_t drbg_entropy_from_system(RAND_DRBG *drbg, return drbg->size; } + drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size) + : OPENSSL_malloc(drbg->size); + /* If we don't have enough, try to get more. */ CRYPTO_THREAD_write_lock(rand_bytes.lock); for (i = RAND_POLL_RETRIES; rand_bytes.curr < min_len && --i >= 0; ) { @@ -153,6 +156,9 @@ size_t drbg_entropy_from_parent(RAND_DRBG *drbg, min_len = drbg->size; } + drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size) + : OPENSSL_malloc(drbg->size); + /* Get random from parent, include our state as additional input. */ st = RAND_DRBG_generate(drbg->parent, drbg->randomness, min_len, 0, (unsigned char *)drbg, sizeof(*drbg)); @@ -166,7 +172,11 @@ size_t drbg_entropy_from_parent(RAND_DRBG *drbg, void drbg_release_entropy(RAND_DRBG *drbg, unsigned char *out) { drbg->filled = 0; - OPENSSL_cleanse(drbg->randomness, drbg->size); + if (drbg->secure) + OPENSSL_secure_clear_free(drbg->randomness, drbg->size); + else + OPENSSL_clear_free(drbg->randomness, drbg->size); + drbg->randomness = NULL; } @@ -181,10 +191,7 @@ static int setup_drbg(RAND_DRBG *drbg) ret &= drbg->lock != NULL; drbg->size = RANDOMNESS_NEEDED; drbg->secure = CRYPTO_secure_malloc_initialized(); - drbg->randomness = drbg->secure - ? OPENSSL_secure_malloc(drbg->size) - : OPENSSL_malloc(drbg->size); - ret &= drbg->randomness != NULL; + drbg->randomness = NULL; /* If you change these parameters, see RANDOMNESS_NEEDED */ ret &= RAND_DRBG_set(drbg, NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF) == 1; @@ -196,10 +203,6 @@ static int setup_drbg(RAND_DRBG *drbg) static void free_drbg(RAND_DRBG *drbg) { CRYPTO_THREAD_lock_free(drbg->lock); - if (drbg->secure) - OPENSSL_secure_clear_free(drbg->randomness, drbg->size); - else - OPENSSL_clear_free(drbg->randomness, drbg->size); RAND_DRBG_uninstantiate(drbg); } -- 2.25.1