sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

drbg: Don't generate more than 2^16 bytes

Browse Source
This commit is contained in:
Andreas Steffen 2019-11-28 21:29:26 +01:00
parent 8b6aadae9c
commit a43407df52
2 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/libstrongswan/plugins/drbg/drbg_ctr.c
View File

@ -15,7 +15,8 @@
#include "drbg_ctr.h"
#define MAX_DRBG_REQUESTS 0xfffffffe
#define MAX_DRBG_REQUESTS 0xfffffffe /* 2^32 - 2 */
#define MAX_DRBG_BYTES 0x00010000 /* 2^19 bits = 2^16 bytes */
typedef struct private_drbg_ctr_t private_drbg_ctr_t;
@ -190,6 +191,12 @@ METHOD(drbg_t, generate, bool,
{
chunk_t output;
if (len > MAX_DRBG_BYTES)
{
DBG1(DBG_LIB, "DRBG cannot generate more than %d bytes", MAX_DRBG_BYTES);
return FALSE;
}
if (this->reseed_counter > this->max_requests)
{
if (!reseed(this))

16
src/libstrongswan/plugins/drbg/drbg_hmac.c
View File

@ -15,7 +15,8 @@
#include "drbg_hmac.h"
#define MAX_DRBG_REQUESTS 0xfffffffe
#define MAX_DRBG_REQUESTS 0xfffffffe /* 2^32 - 2 */
#define MAX_DRBG_BYTES 0x00010000 /* 2^19 bits = 2^16 bytes */
typedef struct private_drbg_hmac_t private_drbg_hmac_t;
@ -158,12 +159,11 @@ METHOD(drbg_t, generate, bool,
size_t delta;
chunk_t output;
DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
if (!out || len == 0)
if (len > MAX_DRBG_BYTES)
{
DBG1(DBG_LIB, "DRBG cannot generate more than %d bytes", MAX_DRBG_BYTES);
return FALSE;
}
output = chunk_create(out, len);
if (this->reseed_counter > this->max_requests)
{
@ -172,6 +172,14 @@ METHOD(drbg_t, generate, bool,
return FALSE;
}
}
DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
if (!out || len == 0)
{
return FALSE;
}
output = chunk_create(out, len);
while (len)
{
if (!this->prf->get_bytes(this->prf, this->value, this->value.ptr))