#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/opensslconf.h>
-#include "internal/rand_int.h"
+#include "crypto/rand.h"
#include <openssl/engine.h>
#include "internal/thread_once.h"
-#include "rand_lcl.h"
+#include "rand_local.h"
#include "e_os.h"
#ifndef FIPS_MODE
static int rand_inited = 0;
#endif /* FIPS_MODE */
-int rand_fork_count;
-
#ifdef OPENSSL_RAND_SEED_RDTSC
/*
* IMPORTANT NOTE: It is not currently possible to use this code
size_t bytes = 0;
/*
- * Get random from parent, include our state as additional input.
+ * Get random data from parent. Include our address as additional input,
+ * in order to provide some additional distinction between different
+ * DRBG child instances.
* Our lock is already held, but we need to lock our parent before
* generating bits from it. (Note: taking the lock will be a no-op
* if locking if drbg->parent->lock == NULL.)
if (RAND_DRBG_generate(drbg->parent,
buffer, bytes_needed,
prediction_resistance,
- NULL, 0) != 0)
+ (unsigned char *)&drbg, sizeof(drbg)) != 0)
bytes = bytes_needed;
drbg->reseed_next_counter
= tsan_load(&drbg->parent->reseed_prop_counter);
rand_pool_reattach(pool, out);
}
-void rand_fork(void)
-{
- rand_fork_count++;
-}
-
#ifndef FIPS_MODE
DEFINE_RUN_ONCE_STATIC(do_rand_init)
{
return 0;
}
+/* Increase the allocation size -- not usable for an attached pool */
+static int rand_pool_grow(RAND_POOL *pool, size_t len)
+{
+ if (len > pool->alloc_len - pool->len) {
+ unsigned char *p;
+ const size_t limit = pool->max_len / 2;
+ size_t newlen = pool->alloc_len;
+
+ if (pool->attached || len > pool->max_len - pool->len) {
+ RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ do
+ newlen = newlen < limit ? newlen * 2 : pool->max_len;
+ while (len > newlen - pool->len);
+
+ if (pool->secure)
+ p = OPENSSL_secure_zalloc(newlen);
+ else
+ p = OPENSSL_zalloc(newlen);
+ if (p == NULL) {
+ RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memcpy(p, pool->buffer, pool->len);
+ if (pool->secure)
+ OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
+ else
+ OPENSSL_clear_free(pool->buffer, pool->alloc_len);
+ pool->buffer = p;
+ pool->alloc_len = newlen;
+ }
+ return 1;
+}
+
/*
* Returns the number of bytes needed to fill the pool, assuming
* the input has 1 / |entropy_factor| entropy bits per data bit.
/* to meet the min_len requirement */
bytes_needed = pool->min_len - pool->len;
+ /*
+ * Make sure the buffer is large enough for the requested amount
+ * of data. This guarantees that existing code patterns where
+ * rand_pool_add_begin, rand_pool_add_end or rand_pool_add
+ * are used to collect entropy data without any error handling
+ * whatsoever, continue to be valid.
+ * Furthermore if the allocation here fails once, make sure that
+ * we don't fall back to a less secure or even blocking random source,
+ * as that could happen by the existing code patterns.
+ * This is not a concern for additional data, therefore that
+ * is not needed if rand_pool_grow fails in other places.
+ */
+ if (!rand_pool_grow(pool, bytes_needed)) {
+ /* persistent error for this pool */
+ pool->max_len = pool->len = 0;
+ return 0;
+ }
+
return bytes_needed;
}
return pool->max_len - pool->len;
}
-static int rand_pool_grow(RAND_POOL *pool, size_t len)
-{
- if (len > pool->alloc_len - pool->len) {
- unsigned char *p;
- const size_t limit = pool->max_len / 2;
- size_t newlen = pool->alloc_len;
-
- do
- newlen = newlen < limit ? newlen * 2 : pool->max_len;
- while (len > newlen - pool->len);
-
- if (pool->secure)
- p = OPENSSL_secure_zalloc(newlen);
- else
- p = OPENSSL_zalloc(newlen);
- if (p == NULL) {
- RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memcpy(p, pool->buffer, pool->len);
- if (pool->secure)
- OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
- else
- OPENSSL_clear_free(pool->buffer, pool->alloc_len);
- pool->buffer = p;
- pool->alloc_len = newlen;
- }
- return 1;
-}
-
/*
* Add random bytes to the random pool.
*
}
if (len > 0) {
+ /*
+ * This is to protect us from accidentally passing the buffer
+ * returned from rand_pool_add_begin.
+ * The check for alloc_len makes sure we do not compare the
+ * address of the end of the allocated memory to something
+ * different, since that comparison would have an
+ * indeterminate result.
+ */
+ if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) {
+ RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /*
+ * We have that only for cases when a pool is used to collect
+ * additional data.
+ * For entropy data, as long as the allocation request stays within
+ * the limits given by rand_pool_bytes_needed this rand_pool_grow
+ * below is guaranteed to succeed, thus no allocation happens.
+ */
if (!rand_pool_grow(pool, len))
return 0;
memcpy(pool->buffer + pool->len, buffer, len);
return NULL;
}
+ /*
+ * As long as the allocation request stays within the limits given
+ * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed
+ * to succeed, thus no allocation happens.
+ * We have that only for cases when a pool is used to collect
+ * additional data. Then the buffer might need to grow here,
+ * and of course the caller is responsible to check the return
+ * value of this function.
+ */
if (!rand_pool_grow(pool, len))
return NULL;
+
return pool->buffer + pool->len;
}
*/
int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
{
- if (len > pool->max_len - pool->len) {
+ if (len > pool->alloc_len - pool->len) {
RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
return 0;
}
projects / openssl.git / blobdiff