root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Make rand_pool buffers more dynamic in their sizing. 

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9428)
This commit is contained in:
Pauli 2019-07-23 18:07:19 +10:00
parent 82925f9dd0
commit a6a66e4511
5 changed files with 67 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -19,6 +19,9 @@
The macro SYSerr() is deprecated. The macro SYSerr() is deprecated.
[Rich Salz] [Rich Salz]
*) Significantly reduce secure memory usage by the randomness pools.
[Paul Dale]
*) {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been *) {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been
deprecated. deprecated.
[Rich Salz] [Rich Salz]

1
crypto/err/openssl.txt
View File

@ -1177,6 +1177,7 @@ RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
RAND_F_RAND_POOL_GROW:127:
RAND_F_RAND_POOL_NEW:116:rand_pool_new RAND_F_RAND_POOL_NEW:116:rand_pool_new
RAND_F_RAND_WRITE_FILE:112:RAND_write_file RAND_F_RAND_WRITE_FILE:112:RAND_write_file
RSA_F_CHECK_PADDING_MD:140:check_padding_md RSA_F_CHECK_PADDING_MD:140:check_padding_md

19
crypto/rand/rand_lcl.h
View File

@ -82,6 +82,24 @@
* 1.5 * (RAND_DRBG_STRENGTH / 8)) * 1.5 * (RAND_DRBG_STRENGTH / 8))
*/ */
/*
* Initial allocation minimum.
*
* There is a distinction between the secure and normal allocation minimums.
* Ideally, the secure allocation size should be a power of two. The normal
* allocation size doesn't have any such restriction.
*
* The secure value is based on 128 bits of secure material, which is 16 bytes.
* Typically, the DRBGs will set a minimum larger than this so optimal
* allocation ought to take place (for full quality seed material).
*
* The normal value has been chosed by noticing that the rand_drbg_get_nonce
* function is usually the largest of the built in allocation (twenty four
* bytes and then appending another sixteen bytes). This means the buffer ends
* with 40 bytes. The value of forty eight is comfortably above this which
* allows some slack in the platform specific values used.
*/
# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48)
/* DRBG status values */ /* DRBG status values */
typedef enum drbg_status_e { typedef enum drbg_status_e {
@ -184,6 +202,7 @@ struct rand_pool_st {
size_t min_len; /* minimum number of random bytes requested */ size_t min_len; /* minimum number of random bytes requested */
size_t max_len; /* maximum number of random bytes (allocated buffer size) */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */
size_t alloc_len; /* current number of bytes allocated */
size_t entropy; /* current entropy count in bits */ size_t entropy; /* current entropy count in bits */
size_t entropy_requested; /* requested entropy count in bits */ size_t entropy_requested; /* requested entropy count in bits */
}; };

48
crypto/rand/rand_lib.c
View File

@ -368,6 +368,7 @@ RAND_POOL *rand_pool_new(int entropy_requested, int secure,
size_t min_len, size_t max_len) size_t min_len, size_t max_len)
{ {
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
if (pool == NULL) { if (pool == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
@ -377,11 +378,14 @@ RAND_POOL *rand_pool_new(int entropy_requested, int secure,
pool->min_len = min_len; pool->min_len = min_len;
pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
RAND_POOL_MAX_LENGTH : max_len; RAND_POOL_MAX_LENGTH : max_len;
pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len;
if (pool->alloc_len > pool->max_len)
pool->alloc_len = pool->max_len;
if (secure) if (secure)
pool->buffer = OPENSSL_secure_zalloc(pool->max_len); pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len);
else else
pool->buffer = OPENSSL_zalloc(pool->max_len); pool->buffer = OPENSSL_zalloc(pool->alloc_len);
if (pool->buffer == NULL) { if (pool->buffer == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
@ -424,7 +428,7 @@ RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
pool->attached = 1; pool->attached = 1;
pool->min_len = pool->max_len = pool->len; pool->min_len = pool->max_len = pool->alloc_len = pool->len;
pool->entropy = entropy; pool->entropy = entropy;
return pool; return pool;
@ -446,9 +450,9 @@ void rand_pool_free(RAND_POOL *pool)
*/ */
if (!pool->attached) { if (!pool->attached) {
if (pool->secure) if (pool->secure)
OPENSSL_secure_clear_free(pool->buffer, pool->max_len); OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
else else
OPENSSL_clear_free(pool->buffer, pool->max_len); OPENSSL_clear_free(pool->buffer, pool->alloc_len);
} }
OPENSSL_free(pool); OPENSSL_free(pool);
@ -581,6 +585,36 @@ size_t rand_pool_bytes_remaining(RAND_POOL *pool)
return pool->max_len - pool->len; return pool->max_len - pool->len;
} }
static int rand_pool_grow(RAND_POOL *pool, size_t len)
{
if (len > pool->alloc_len - pool->len) {
unsigned char *p;
const size_t limit = pool->max_len / 2;
size_t newlen = pool->alloc_len;
do
newlen = newlen < limit ? newlen * 2 : pool->max_len;
while (len > newlen - pool->len);
if (pool->secure)
p = OPENSSL_secure_zalloc(newlen);
else
p = OPENSSL_zalloc(newlen);
if (p == NULL) {
RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
return 0;
}
memcpy(p, pool->buffer, pool->len);
if (pool->secure)
OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
else
OPENSSL_clear_free(pool->buffer, pool->alloc_len);
pool->buffer = p;
pool->alloc_len = newlen;
}
return 1;
}
/* /*
* Add random bytes to the random pool. * Add random bytes to the random pool.
* *
@ -604,6 +638,8 @@ int rand_pool_add(RAND_POOL *pool,
} }
if (len > 0) { if (len > 0) {
if (!rand_pool_grow(pool, len))
return 0;
memcpy(pool->buffer + pool->len, buffer, len); memcpy(pool->buffer + pool->len, buffer, len);
pool->len += len; pool->len += len;
pool->entropy += entropy; pool->entropy += entropy;
@ -639,6 +675,8 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
return NULL; return NULL;
} }
if (!rand_pool_grow(pool, len))
return NULL;
return pool->buffer + pool->len; return pool->buffer + pool->len;
} }

1
include/openssl/randerr.h
View File

@ -49,6 +49,7 @@ int ERR_load_RAND_strings(void);
# define RAND_F_RAND_POOL_ADD_END 0 # define RAND_F_RAND_POOL_ADD_END 0
# define RAND_F_RAND_POOL_ATTACH 0 # define RAND_F_RAND_POOL_ATTACH 0
# define RAND_F_RAND_POOL_BYTES_NEEDED 0 # define RAND_F_RAND_POOL_BYTES_NEEDED 0
# define RAND_F_RAND_POOL_GROW 0
# define RAND_F_RAND_POOL_NEW 0 # define RAND_F_RAND_POOL_NEW 0
# define RAND_F_RAND_WRITE_FILE 0 # define RAND_F_RAND_WRITE_FILE 0
# endif # endif