[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Jul 20 09:50:06 UTC 2017
The branch master has been updated
via 4c75ee858893dee3c978ff2295fb5ef106797574 (commit)
from d76f646adeea13c14d15ee6c659b3a5785fdad33 (commit)
- Log -----------------------------------------------------------------
commit 4c75ee858893dee3c978ff2295fb5ef106797574
Author: Rich Salz <rsalz at openssl.org>
Date: Wed Jul 19 17:41:26 2017 -0400
Add range-checking to RAND_DRBG_set_reseed_interval
As suggested by Kurt.
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3970)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/drbg_lib.c | 7 +++++--
crypto/rand/drbg_rand.c | 2 +-
crypto/rand/rand_lcl.h | 3 +++
include/internal/rand.h | 2 +-
4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index b9161ab..1588515 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -328,11 +328,14 @@ int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
}
/*
- * Set the reseed internal. Used mainly for the KATs.
+ * Set the reseed interval. Used mainly for the KATs.
*/
-void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
+int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
{
+ if (interval < 0 || interval > MAX_RESEED)
+ return 0;
dctx->reseed_interval = interval;
+ return 1;
}
/*
diff --git a/crypto/rand/drbg_rand.c b/crypto/rand/drbg_rand.c
index 858f74a..4ff347c 100644
--- a/crypto/rand/drbg_rand.c
+++ b/crypto/rand/drbg_rand.c
@@ -372,7 +372,7 @@ int ctr_init(DRBG_CTX *dctx)
}
dctx->max_request = 1 << 16;
- dctx->reseed_interval = 1 << 24;
+ dctx->reseed_interval = MAX_RESEED;
return 1;
}
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index d65d49f..689e3a3 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -20,6 +20,9 @@
/* we require 256 bits of randomness */
# define RANDOMNESS_NEEDED (256 / 8)
+/* Maximum count allowed in reseeding */
+#define MAX_RESEED (1 << 24)
+
/* DRBG status values */
#define DRBG_STATUS_UNINITIALISED 0
#define DRBG_STATUS_READY 1
diff --git a/include/internal/rand.h b/include/internal/rand.h
index 95ad712..0d386f6 100644
--- a/include/internal/rand.h
+++ b/include/internal/rand.h
@@ -35,7 +35,7 @@ int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen)
);
-void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);
+int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);
#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
More information about the openssl-commits
mailing list