aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs/openssl/crypto/rand/rand_lib.c
diff options
context:
space:
mode:
authororivej <orivej@yandex-team.ru>2022-02-10 16:44:49 +0300
committerDaniil Cherednik <dcherednik@yandex-team.ru>2022-02-10 16:44:49 +0300
commit718c552901d703c502ccbefdfc3c9028d608b947 (patch)
tree46534a98bbefcd7b1f3faa5b52c138ab27db75b7 /contrib/libs/openssl/crypto/rand/rand_lib.c
parente9656aae26e0358d5378e5b63dcac5c8dbe0e4d0 (diff)
downloadydb-718c552901d703c502ccbefdfc3c9028d608b947.tar.gz
Restoring authorship annotation for <orivej@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/openssl/crypto/rand/rand_lib.c')
-rw-r--r--contrib/libs/openssl/crypto/rand/rand_lib.c260
1 files changed, 130 insertions, 130 deletions
diff --git a/contrib/libs/openssl/crypto/rand/rand_lib.c b/contrib/libs/openssl/crypto/rand/rand_lib.c
index 5c72fad8ca..18a6635df3 100644
--- a/contrib/libs/openssl/crypto/rand/rand_lib.c
+++ b/contrib/libs/openssl/crypto/rand/rand_lib.c
@@ -135,7 +135,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
size_t entropy_available = 0;
RAND_POOL *pool;
- if (drbg->parent != NULL && drbg->strength > drbg->parent->strength) {
+ if (drbg->parent != NULL && drbg->strength > drbg->parent->strength) {
/*
* We currently don't support the algorithm from NIST SP 800-90C
* 10.1.2 to use a weaker DRBG as source
@@ -148,12 +148,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
pool = drbg->seed_pool;
pool->entropy_requested = entropy;
} else {
- pool = rand_pool_new(entropy, drbg->secure, min_len, max_len);
+ pool = rand_pool_new(entropy, drbg->secure, min_len, max_len);
if (pool == NULL)
return 0;
}
- if (drbg->parent != NULL) {
+ if (drbg->parent != NULL) {
size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
@@ -161,9 +161,9 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
size_t bytes = 0;
/*
- * Get random data from parent. Include our address as additional input,
- * in order to provide some additional distinction between different
- * DRBG child instances.
+ * Get random data from parent. Include our address as additional input,
+ * in order to provide some additional distinction between different
+ * DRBG child instances.
* Our lock is already held, but we need to lock our parent before
* generating bits from it. (Note: taking the lock will be a no-op
* if locking if drbg->parent->lock == NULL.)
@@ -172,7 +172,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
if (RAND_DRBG_generate(drbg->parent,
buffer, bytes_needed,
prediction_resistance,
- (unsigned char *)&drbg, sizeof(drbg)) != 0)
+ (unsigned char *)&drbg, sizeof(drbg)) != 0)
bytes = bytes_needed;
rand_drbg_unlock(drbg->parent);
@@ -214,12 +214,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- if (drbg->seed_pool == NULL) {
- if (drbg->secure)
- OPENSSL_secure_clear_free(out, outlen);
- else
- OPENSSL_clear_free(out, outlen);
- }
+ if (drbg->seed_pool == NULL) {
+ if (drbg->secure)
+ OPENSSL_secure_clear_free(out, outlen);
+ else
+ OPENSSL_clear_free(out, outlen);
+ }
}
@@ -237,10 +237,10 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
struct {
void * instance;
int count;
- } data;
+ } data;
- memset(&data, 0, sizeof(data));
- pool = rand_pool_new(0, 0, min_len, max_len);
+ memset(&data, 0, sizeof(data));
+ pool = rand_pool_new(0, 0, min_len, max_len);
if (pool == NULL)
return 0;
@@ -269,7 +269,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- OPENSSL_clear_free(out, outlen);
+ OPENSSL_clear_free(out, outlen);
}
/*
@@ -360,7 +360,7 @@ void rand_cleanup_int(void)
}
/*
- * RAND_close_seed_files() ensures that any seed file descriptors are
+ * RAND_close_seed_files() ensures that any seed file descriptors are
* closed after use.
*/
void RAND_keep_random_devices_open(int keep)
@@ -402,8 +402,8 @@ int RAND_poll(void)
} else {
/* fill random pool and seed the current legacy RNG */
- pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
- (RAND_DRBG_STRENGTH + 7) / 8,
+ pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
+ (RAND_DRBG_STRENGTH + 7) / 8,
RAND_POOL_MAX_LENGTH);
if (pool == NULL)
return 0;
@@ -429,11 +429,11 @@ err:
* Allocate memory and initialize a new random pool
*/
-RAND_POOL *rand_pool_new(int entropy_requested, int secure,
- size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+ size_t min_len, size_t max_len)
{
RAND_POOL *pool;
- size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
+ size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
if (!RUN_ONCE(&rand_init, do_rand_init))
return NULL;
@@ -447,22 +447,22 @@ RAND_POOL *rand_pool_new(int entropy_requested, int secure,
pool->min_len = min_len;
pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
RAND_POOL_MAX_LENGTH : max_len;
- pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len;
- if (pool->alloc_len > pool->max_len)
- pool->alloc_len = pool->max_len;
-
- if (secure)
- pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len);
- else
- pool->buffer = OPENSSL_zalloc(pool->alloc_len);
-
+ pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len;
+ if (pool->alloc_len > pool->max_len)
+ pool->alloc_len = pool->max_len;
+
+ if (secure)
+ pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len);
+ else
+ pool->buffer = OPENSSL_zalloc(pool->alloc_len);
+
if (pool->buffer == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
goto err;
}
pool->entropy_requested = entropy_requested;
- pool->secure = secure;
+ pool->secure = secure;
return pool;
@@ -497,7 +497,7 @@ RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
pool->attached = 1;
- pool->min_len = pool->max_len = pool->alloc_len = pool->len;
+ pool->min_len = pool->max_len = pool->alloc_len = pool->len;
pool->entropy = entropy;
return pool;
@@ -517,13 +517,13 @@ void rand_pool_free(RAND_POOL *pool)
* to rand_pool_attach() as `const unsigned char*`.
* (see corresponding comment in rand_pool_attach()).
*/
- if (!pool->attached) {
- if (pool->secure)
- OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
- else
- OPENSSL_clear_free(pool->buffer, pool->alloc_len);
- }
-
+ if (!pool->attached) {
+ if (pool->secure)
+ OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
+ else
+ OPENSSL_clear_free(pool->buffer, pool->alloc_len);
+ }
+
OPENSSL_free(pool);
}
@@ -616,42 +616,42 @@ size_t rand_pool_entropy_needed(RAND_POOL *pool)
return 0;
}
-/* Increase the allocation size -- not usable for an attached pool */
-static int rand_pool_grow(RAND_POOL *pool, size_t len)
-{
- if (len > pool->alloc_len - pool->len) {
- unsigned char *p;
- const size_t limit = pool->max_len / 2;
- size_t newlen = pool->alloc_len;
-
- if (pool->attached || len > pool->max_len - pool->len) {
- RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- do
- newlen = newlen < limit ? newlen * 2 : pool->max_len;
- while (len > newlen - pool->len);
-
- if (pool->secure)
- p = OPENSSL_secure_zalloc(newlen);
- else
- p = OPENSSL_zalloc(newlen);
- if (p == NULL) {
- RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memcpy(p, pool->buffer, pool->len);
- if (pool->secure)
- OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
- else
- OPENSSL_clear_free(pool->buffer, pool->alloc_len);
- pool->buffer = p;
- pool->alloc_len = newlen;
- }
- return 1;
-}
-
+/* Increase the allocation size -- not usable for an attached pool */
+static int rand_pool_grow(RAND_POOL *pool, size_t len)
+{
+ if (len > pool->alloc_len - pool->len) {
+ unsigned char *p;
+ const size_t limit = pool->max_len / 2;
+ size_t newlen = pool->alloc_len;
+
+ if (pool->attached || len > pool->max_len - pool->len) {
+ RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ do
+ newlen = newlen < limit ? newlen * 2 : pool->max_len;
+ while (len > newlen - pool->len);
+
+ if (pool->secure)
+ p = OPENSSL_secure_zalloc(newlen);
+ else
+ p = OPENSSL_zalloc(newlen);
+ if (p == NULL) {
+ RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memcpy(p, pool->buffer, pool->len);
+ if (pool->secure)
+ OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
+ else
+ OPENSSL_clear_free(pool->buffer, pool->alloc_len);
+ pool->buffer = p;
+ pool->alloc_len = newlen;
+ }
+ return 1;
+}
+
/*
* Returns the number of bytes needed to fill the pool, assuming
* the input has 1 / |entropy_factor| entropy bits per data bit.
@@ -681,24 +681,24 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
/* to meet the min_len requirement */
bytes_needed = pool->min_len - pool->len;
- /*
- * Make sure the buffer is large enough for the requested amount
- * of data. This guarantees that existing code patterns where
- * rand_pool_add_begin, rand_pool_add_end or rand_pool_add
- * are used to collect entropy data without any error handling
- * whatsoever, continue to be valid.
- * Furthermore if the allocation here fails once, make sure that
- * we don't fall back to a less secure or even blocking random source,
- * as that could happen by the existing code patterns.
- * This is not a concern for additional data, therefore that
- * is not needed if rand_pool_grow fails in other places.
- */
- if (!rand_pool_grow(pool, bytes_needed)) {
- /* persistent error for this pool */
- pool->max_len = pool->len = 0;
- return 0;
- }
-
+ /*
+ * Make sure the buffer is large enough for the requested amount
+ * of data. This guarantees that existing code patterns where
+ * rand_pool_add_begin, rand_pool_add_end or rand_pool_add
+ * are used to collect entropy data without any error handling
+ * whatsoever, continue to be valid.
+ * Furthermore if the allocation here fails once, make sure that
+ * we don't fall back to a less secure or even blocking random source,
+ * as that could happen by the existing code patterns.
+ * This is not a concern for additional data, therefore that
+ * is not needed if rand_pool_grow fails in other places.
+ */
+ if (!rand_pool_grow(pool, bytes_needed)) {
+ /* persistent error for this pool */
+ pool->max_len = pool->len = 0;
+ return 0;
+ }
+
return bytes_needed;
}
@@ -731,27 +731,27 @@ int rand_pool_add(RAND_POOL *pool,
}
if (len > 0) {
- /*
- * This is to protect us from accidentally passing the buffer
- * returned from rand_pool_add_begin.
- * The check for alloc_len makes sure we do not compare the
- * address of the end of the allocated memory to something
- * different, since that comparison would have an
- * indeterminate result.
- */
- if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) {
- RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- /*
- * We have that only for cases when a pool is used to collect
- * additional data.
- * For entropy data, as long as the allocation request stays within
- * the limits given by rand_pool_bytes_needed this rand_pool_grow
- * below is guaranteed to succeed, thus no allocation happens.
- */
- if (!rand_pool_grow(pool, len))
- return 0;
+ /*
+ * This is to protect us from accidentally passing the buffer
+ * returned from rand_pool_add_begin.
+ * The check for alloc_len makes sure we do not compare the
+ * address of the end of the allocated memory to something
+ * different, since that comparison would have an
+ * indeterminate result.
+ */
+ if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) {
+ RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /*
+ * We have that only for cases when a pool is used to collect
+ * additional data.
+ * For entropy data, as long as the allocation request stays within
+ * the limits given by rand_pool_bytes_needed this rand_pool_grow
+ * below is guaranteed to succeed, thus no allocation happens.
+ */
+ if (!rand_pool_grow(pool, len))
+ return 0;
memcpy(pool->buffer + pool->len, buffer, len);
pool->len += len;
pool->entropy += entropy;
@@ -784,21 +784,21 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
if (pool->buffer == NULL) {
RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
- return NULL;
+ return NULL;
}
- /*
- * As long as the allocation request stays within the limits given
- * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed
- * to succeed, thus no allocation happens.
- * We have that only for cases when a pool is used to collect
- * additional data. Then the buffer might need to grow here,
- * and of course the caller is responsible to check the return
- * value of this function.
- */
- if (!rand_pool_grow(pool, len))
- return NULL;
-
+ /*
+ * As long as the allocation request stays within the limits given
+ * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed
+ * to succeed, thus no allocation happens.
+ * We have that only for cases when a pool is used to collect
+ * additional data. Then the buffer might need to grow here,
+ * and of course the caller is responsible to check the return
+ * value of this function.
+ */
+ if (!rand_pool_grow(pool, len))
+ return NULL;
+
return pool->buffer + pool->len;
}
@@ -813,7 +813,7 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
*/
int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
{
- if (len > pool->alloc_len - pool->len) {
+ if (len > pool->alloc_len - pool->len) {
RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
return 0;
}