Skip to content

Commit

Permalink
Add NULL check for rand
Browse files Browse the repository at this point in the history
Signed-off-by: Songling Han <[email protected]>
  • Loading branch information
songlingatpan committed Sep 22, 2024
1 parent 38a9a00 commit 4b23d10
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 9 deletions.
14 changes: 10 additions & 4 deletions src/common/rand/rand.c
Original file line number Diff line number Diff line change
Expand Up @@ -50,16 +50,21 @@ OQS_API void OQS_randombytes_custom_algorithm(void (*algorithm_ptr)(uint8_t *, s
}

OQS_API void OQS_randombytes(uint8_t *random_array, size_t bytes_to_read) {
oqs_randombytes_algorithm(random_array, bytes_to_read);
if (random_array != NULL && bytes_to_read > 0) {
oqs_randombytes_algorithm(random_array, bytes_to_read);
}
}

// Select the implementation for OQS_randombytes_system
#if defined(_WIN32)
void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) {
HCRYPTPROV hCryptProv;
if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) ||
!CryptGenRandom(hCryptProv, (DWORD) bytes_to_read, random_array)) {
return; /* TODO: better error handling */ // better to fail than to return bad random data
if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
return; /* TODO: better error handling */
}
if (!CryptGenRandom(hCryptProv, (DWORD) bytes_to_read, random_array)) {
CryptReleaseContext(hCryptProv, 0);
return; /* TODO: better error handling */
}
CryptReleaseContext(hCryptProv, 0);
}
Expand Down Expand Up @@ -100,6 +105,7 @@ void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) {
bytes_read = fread(random_array, 1, bytes_to_read, handle);
if (bytes_read < bytes_to_read || ferror(handle)) {
perror("OQS_randombytes");
fclose(handle);
return; /* TODO: better error handling */
}

Expand Down
17 changes: 12 additions & 5 deletions src/common/rand/rand_nist.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,24 +38,31 @@ static void AES256_CTR_DRBG_Update(unsigned char *provided_data, unsigned char *
// buffer - a 128-bit ciphertext value
static void AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *buffer) {
#ifdef OQS_USE_OPENSSL
EVP_CIPHER_CTX *ctx;
EVP_CIPHER_CTX *ctx = NULL;

int len;

/* Create and initialise the context */
ctx = OSSL_FUNC(EVP_CIPHER_CTX_new)();
OQS_EXIT_IF_NULLPTR(ctx, "OpenSSL");

OQS_OPENSSL_GUARD(OSSL_FUNC(EVP_EncryptInit_ex)(ctx, oqs_aes_256_ecb(), NULL, key, NULL));
OQS_OPENSSL_GUARD(OSSL_FUNC(EVP_EncryptUpdate)(ctx, buffer, &len, ctr, 16));
if (OSSL_FUNC(EVP_EncryptInit_ex)(ctx, oqs_aes_256_ecb(), NULL, key, NULL) != 1 ||
OSSL_FUNC(EVP_EncryptUpdate)(ctx, buffer, &len, ctr, 16) != 1) {
OSSL_FUNC(EVP_CIPHER_CTX_free)(ctx);
OQS_EXIT("AES256_ECB");
}

/* Clean up */
OSSL_FUNC(EVP_CIPHER_CTX_free)(ctx);
#else
void *schedule = NULL;
OQS_AES256_ECB_load_schedule(key, &schedule);
OQS_AES256_ECB_enc(ctr, 16, key, buffer);
OQS_AES256_free_schedule(schedule);
if (schedule != NULL) {
OQS_AES256_ECB_enc(ctr, 16, key, buffer);
OQS_AES256_free_schedule(schedule);
} else {
OQS_EXIT("AES256_ECB");
}
#endif
}

Expand Down

0 comments on commit 4b23d10

Please sign in to comment.