Skip to content
Permalink
Browse files

Always DPURIFY

The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
  • Loading branch information
ekasper committed Jan 29, 2016
1 parent a01dab9 commit d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6
@@ -4,6 +4,10 @@

Changes between 1.0.2f and 1.1.0 [xx XXX xxxx]

*) Always DPURIFY. Remove the use of uninitialized memory in the
RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
[Emilia Käsper]

*) Removed many obsolete configuration items, including
DES_PTR, DES_RISC1, DES_RISC2, DES_INT
MD2_CHAR, MD2_INT, MD2_LONG
@@ -8,7 +8,7 @@
%targets = (
"purify" => {
cc => "purify gcc",
cflags => "-g -DPURIFY -Wall",
cflags => "-g -Wall",
thread_cflag => "(unknown)",
lflags => "-lsocket -lnsl",
},
@@ -8,7 +8,7 @@
%targets = (
"debug-geoff32" => {
cc => "gcc",
cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "BN_LLONG",
@@ -19,7 +19,7 @@
},
"debug-geoff64" => {
cc => "gcc",
cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
@@ -313,22 +313,13 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
return (NULL);
}
if (BN_get_flags(b,BN_FLG_SECURE))
a = A = OPENSSL_secure_malloc(words * sizeof(*a));
a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
else
a = A = OPENSSL_malloc(words * sizeof(*a));
a = A = OPENSSL_zalloc(words * sizeof(*a));
if (A == NULL) {
BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
return (NULL);
}
#ifdef PURIFY
/*
* Valgrind complains in BN_consttime_swap because we process the whole
* array even if it's not initialised yet. This doesn't matter in that
* function - what's important is constant time operation (we're not
* actually going to use the data)
*/
memset(a, 0, sizeof(*a) * words);
#endif

#if 1
B = b->d;
@@ -5647,4 +5647,3 @@ static const unsigned int obj_objs[NUM_OBJ]={
956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
};

@@ -551,18 +551,6 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
goto err;

#ifndef PURIFY /* purify complains */
/*
* The following line uses the supplied buffer as a small source of
* entropy: since this buffer is often uninitialised it may cause
* programs such as purify or valgrind to complain. So for those
* builds it is not used: the removal of such a small source of
* entropy has negligible impact on security.
*/
if (!MD_Update(m, buf, j))
goto err;
#endif

k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
if (k > 0) {
if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
@@ -128,15 +128,13 @@ int RAND_load_file(const char *file, long bytes)
return (0);

#ifndef OPENSSL_NO_POSIX_IO
# ifdef PURIFY
/*
* struct stat can have padding and unused fields that may not be
* initialized in the call to stat(). We need to clear the entire
* structure before calling RAND_add() to avoid complaints from
* applications such as Valgrind.
*/
memset(&sb, 0, sizeof(sb));
# endif
if (stat(file, &sb) < 0)
return (0);
RAND_add(&sb, sizeof(sb), 0.0);
@@ -170,12 +168,8 @@ int RAND_load_file(const char *file, long bytes)
i = fread(buf, 1, n, in);
if (i <= 0)
break;
#ifdef PURIFY

RAND_add(buf, i, (double)i);
#else
/* even if n != i, use the full array */
RAND_add(buf, n, (double)i);
#endif
ret += i;
if (bytes > 0) {
bytes -= n;

0 comments on commit d8ca44b

Please sign in to comment.
You can’t perform that action at this time.