[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Mon Oct 29 11:31:59 UTC 2018

The branch OpenSSL_1_1_1-stable has been updated
       via  6101850bafeb28fd5d752576037812c2672321e6 (commit)
      from  c7a7ed3870e51a91379aaddad2da3be0aba1daf6 (commit)


- Log -----------------------------------------------------------------
commit 6101850bafeb28fd5d752576037812c2672321e6
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Fri Oct 26 21:06:14 2018 +0200

    Rework and simplify resource flow in drbg_add
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7504)
    
    (cherry picked from commit f9e43929c46b38667f67e02765fe0f1c0d3061d6)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/drbg_lib.c | 19 ++-----------------
 crypto/rand/rand_lib.c | 11 ++++-------
 2 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index e7f383a..4795213 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -357,15 +357,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
         drbg->cleanup_entropy(drbg, entropy, entropylen);
     if (nonce != NULL && drbg->cleanup_nonce != NULL)
         drbg->cleanup_nonce(drbg, nonce, noncelen);
-    if (drbg->pool != NULL) {
-        if (drbg->state == DRBG_READY) {
-            RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
-                    RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
-            drbg->state = DRBG_ERROR;
-        }
-        rand_pool_free(drbg->pool);
-        drbg->pool = NULL;
-    }
     if (drbg->state == DRBG_READY)
         return 1;
     return 0;
@@ -555,14 +546,8 @@ int rand_drbg_restart(RAND_DRBG *drbg,
         }
     }
 
-    /* check whether a given entropy pool was cleared properly during reseed */
-    if (drbg->pool != NULL) {
-        drbg->state = DRBG_ERROR;
-        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
-        rand_pool_free(drbg->pool);
-        drbg->pool = NULL;
-        return 0;
-    }
+    rand_pool_free(drbg->pool);
+    drbg->pool = NULL;
 
     return drbg->state == DRBG_READY;
 }
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 440c19c..555fea3 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -204,11 +204,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
     }
 
  err:
-    /* we need to reset drbg->pool in the error case */
-    if (ret == 0 && drbg->pool != NULL)
-        drbg->pool = NULL;
-
-    rand_pool_free(pool);
+    if (drbg->pool == NULL)
+        rand_pool_free(pool);
     return ret;
 }
 
@@ -221,8 +218,6 @@ void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
 {
     if (drbg->pool == NULL)
         OPENSSL_secure_clear_free(out, outlen);
-    else
-        drbg->pool = NULL;
 }
 
 
@@ -547,6 +542,8 @@ unsigned char *rand_pool_detach(RAND_POOL *pool)
 {
     unsigned char *ret = pool->buffer;
     pool->buffer = NULL;
+    pool->len = 0;
+    pool->entropy = 0;
     return ret;
 }
 
