[openssl] OpenSSL_1_1_1-stable update
Dr. Paul Dale
pauli at openssl.org
Wed Jul 24 22:14:10 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via e8d866dcb170dbe22dcda418cd5df655f67dbc0b (commit)
from 77cb24344dd522b4b7882be50aa199b1ecf4711f (commit)
- Log -----------------------------------------------------------------
commit e8d866dcb170dbe22dcda418cd5df655f67dbc0b
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Tue Jul 23 23:14:14 2019 +1000
Allocate DRBG additional data pool from non-secure memory
The additional data allocates 12K per DRBG instance in the
secure memory, which is not necessary. Also nonces are not
considered secret.
[extended tests]
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9424)
-----------------------------------------------------------------------
Summary of changes:
crypto/include/internal/rand_int.h | 3 ++-
crypto/rand/drbg_lib.c | 2 +-
crypto/rand/rand_lcl.h | 1 +
crypto/rand/rand_lib.c | 35 +++++++++++++++++++++++++----------
4 files changed, 29 insertions(+), 12 deletions(-)
diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h
index 888cab1..ea3b1a4 100644
--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -52,7 +52,8 @@ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
/*
* RAND_POOL functions
*/
-RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+ size_t min_len, size_t max_len);
RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
size_t entropy);
void rand_pool_free(RAND_POOL *pool);
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index abbe0a8..df1e260 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -664,7 +664,7 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
if (drbg->adin_pool == NULL) {
if (drbg->type == 0)
goto err;
- drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen);
+ drbg->adin_pool = rand_pool_new(0, 0, 0, drbg->max_adinlen);
if (drbg->adin_pool == NULL)
goto err;
}
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index c3e9804..a48e08a 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -150,6 +150,7 @@ struct rand_pool_st {
size_t len; /* current number of random bytes contained in the pool */
int attached; /* true pool was attached to existing buffer */
+ int secure; /* 1: allocated on the secure heap, 0: otherwise */
size_t min_len; /* minimum number of random bytes requested */
size_t max_len; /* maximum number of random bytes (allocated buffer size) */
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index b666381..f658634 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -150,7 +150,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
pool = drbg->seed_pool;
pool->entropy_requested = entropy;
} else {
- pool = rand_pool_new(entropy, min_len, max_len);
+ pool = rand_pool_new(entropy, drbg->secure, min_len, max_len);
if (pool == NULL)
return 0;
}
@@ -216,8 +216,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- if (drbg->seed_pool == NULL)
- OPENSSL_secure_clear_free(out, outlen);
+ if (drbg->seed_pool == NULL) {
+ if (drbg->secure)
+ OPENSSL_secure_clear_free(out, outlen);
+ else
+ OPENSSL_clear_free(out, outlen);
+ }
}
@@ -238,7 +242,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
} data;
memset(&data, 0, sizeof(data));
- pool = rand_pool_new(0, min_len, max_len);
+ pool = rand_pool_new(0, 0, min_len, max_len);
if (pool == NULL)
return 0;
@@ -267,7 +271,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- OPENSSL_secure_clear_free(out, outlen);
+ OPENSSL_clear_free(out, outlen);
}
/*
@@ -402,7 +406,7 @@ int RAND_poll(void)
} else {
/* fill random pool and seed the current legacy RNG */
- pool = rand_pool_new(RAND_DRBG_STRENGTH,
+ pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
(RAND_DRBG_STRENGTH + 7) / 8,
RAND_POOL_MAX_LENGTH);
if (pool == NULL)
@@ -429,7 +433,8 @@ err:
* Allocate memory and initialize a new random pool
*/
-RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+ size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
@@ -442,13 +447,18 @@ RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
RAND_POOL_MAX_LENGTH : max_len;
- pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+ if (secure)
+ pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+ else
+ pool->buffer = OPENSSL_zalloc(pool->max_len);
+
if (pool->buffer == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
goto err;
}
pool->entropy_requested = entropy_requested;
+ pool->secure = secure;
return pool;
@@ -503,8 +513,13 @@ void rand_pool_free(RAND_POOL *pool)
* to rand_pool_attach() as `const unsigned char*`.
* (see corresponding comment in rand_pool_attach()).
*/
- if (!pool->attached)
- OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+ if (!pool->attached) {
+ if (pool->secure)
+ OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+ else
+ OPENSSL_clear_free(pool->buffer, pool->max_len);
+ }
+
OPENSSL_free(pool);
}
More information about the openssl-commits
mailing list