diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-20 11:22:46 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-22 13:37:13 +0200 |
commit | 1372560f64c9a7cfad1979fa8c41bee335a04373 (patch) | |
tree | 0e36898357cc623e3d0904921d091ba2c4b38ff8 /crypto/rand/drbg_lib.c | |
parent | a8f1aabd4b44db668bca638c111598b2e0688cc4 (diff) | |
download | openssl-1372560f64c9a7cfad1979fa8c41bee335a04373.tar.gz |
Allocate DRBG additional data pool from non-secure memory
The additional data allocates 12K per DRBG instance in the
secure memory, which is not necessary. Also nonces are not
considered secret.
[extended tests]
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9423)
Diffstat (limited to 'crypto/rand/drbg_lib.c')
-rw-r--r-- | crypto/rand/drbg_lib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index c1b9b3b251..825e90d48e 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -265,7 +265,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, return 0; memset(&data, 0, sizeof(data)); - pool = rand_pool_new(0, min_len, max_len); + pool = rand_pool_new(0, 0, min_len, max_len); if (pool == NULL) return 0; @@ -295,7 +295,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - OPENSSL_secure_clear_free(out, outlen); + OPENSSL_clear_free(out, outlen); } /* @@ -909,7 +909,7 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) if (drbg->adin_pool == NULL) { if (drbg->type == 0) goto err; - drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen); + drbg->adin_pool = rand_pool_new(0, 0, 0, drbg->max_adinlen); if (drbg->adin_pool == NULL) goto err; } |