Add range-checking to RAND_DRBG_set_reseed_interval

author Rich Salz <rsalz@openssl.org>

Wed, 19 Jul 2017 21:41:26 +0000 (17:41 -0400)

committer Rich Salz <rsalz@openssl.org>

Thu, 20 Jul 2017 09:49:09 +0000 (05:49 -0400)
author Rich Salz <rsalz@openssl.org>
Wed, 19 Jul 2017 21:41:26 +0000 (17:41 -0400)
committer Rich Salz <rsalz@openssl.org>
Thu, 20 Jul 2017 09:49:09 +0000 (05:49 -0400)
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c

index b9161ab23cec1264a07672a9fb9d583e21d06efb..1588515441d2589e634e637d95683230c73eae74 100644 (file)
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -328,11 +328,14 @@ int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
  }
  
  /*
- * Set the reseed internal. Used mainly for the KATs.
+ * Set the reseed interval. Used mainly for the KATs.
   */
-void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
+int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
  {
+    if (interval < 0 || interval > MAX_RESEED)
+        return 0;
      dctx->reseed_interval = interval;
+    return 1;
  }
  
  /*
diff --git a/crypto/rand/drbg_rand.c b/crypto/rand/drbg_rand.c

index 858f74a45e65e53a6ffc464e0cebdc4985200930..4ff347c7ea901faabb0e614090ef7c67744ee86e 100644 (file)
--- a/crypto/rand/drbg_rand.c
+++ b/crypto/rand/drbg_rand.c
@@ -372,7 +372,7 @@ int ctr_init(DRBG_CTX *dctx)
      }
  
      dctx->max_request = 1 << 16;
-    dctx->reseed_interval = 1 << 24;
+    dctx->reseed_interval = MAX_RESEED;
      return 1;
  }
  
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h

index d65d49f3ac8413637daef986a10f2e695c555027..689e3a34fd00575f7a8da448f071f944c1e56ddb 100644 (file)
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -20,6 +20,9 @@
  /* we require 256 bits of randomness */
  # define RANDOMNESS_NEEDED (256 / 8)
  
+/* Maximum count allowed in reseeding */
+#define MAX_RESEED (1 << 24)
+
  /* DRBG status values */
  #define DRBG_STATUS_UNINITIALISED      0
  #define DRBG_STATUS_READY              1
diff --git a/include/internal/rand.h b/include/internal/rand.h

index 95ad7125733452e30e151408dbbf2d7a55071352..0d386f6ee843d5c01ff16dcc86cd606146f6dcfb 100644 (file)
--- a/include/internal/rand.h
+++ b/include/internal/rand.h
@@ -35,7 +35,7 @@ int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
      void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen)
      );
  
-void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);
+int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);
  
  #define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
      CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
author	Rich Salz <rsalz@openssl.org>
	Wed, 19 Jul 2017 21:41:26 +0000 (17:41 -0400)
committer	Rich Salz <rsalz@openssl.org>
	Thu, 20 Jul 2017 09:49:09 +0000 (05:49 -0400)
crypto/rand/drbg_lib.c		patch \| blob \| history
crypto/rand/drbg_rand.c		patch \| blob \| history
crypto/rand/rand_lcl.h		patch \| blob \| history
include/internal/rand.h		patch \| blob \| history