From: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Date: Sat, 3 Feb 2018 21:32:47 +0000 (+0100)
Subject: Fix size limitation of RAND_DRBG_bytes()
X-Git-Tag: OpenSSL_1_1_1-pre1~54
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=1648338ba1a63c19c7bae32170cd1d825b48eaee

Fix size limitation of RAND_DRBG_bytes()

When comparing the implementations of drbg_bytes() and RAND_DRBG_bytes(),
it was noticed that the former split the buffer into chunks when calling
RAND_DRBG_generate() to circumvent the size limitation of the buffer
to outlen <= drb->max_request. This loop was missing in RAND_DRBG_bytes(),
so it was adopted from drbg_bytes().

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5251)
---

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 974e3bbd11..c0c0b91cfd 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -546,10 +546,22 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
 {
     unsigned char *additional = NULL;
     size_t additional_len;
+    size_t chunk;
     size_t ret;
 
     additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen);
-    ret = RAND_DRBG_generate(drbg, out, outlen, 0, additional, additional_len);
+
+    for ( ; outlen > 0; outlen -= chunk, out += chunk) {
+        chunk = outlen;
+        if (chunk > drbg->max_request)
+            chunk = drbg->max_request;
+        ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len);
+        if (!ret)
+            goto err;
+    }
+    ret = 1;
+
+err:
     if (additional_len != 0)
         OPENSSL_secure_clear_free(additional, additional_len);