Always return multiple of block length bytes from default DRBG seed

callback. Handle case where no multiple of the block size is in the interval [min_len, max_len].
2011-04-23 20:05:19 +00:00
parent cac4fb58e0
commit e0d1a2f80a
3 changed files with 14 additions and 1 deletions
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -201,6 +201,8 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 	*pout = OPENSSL_malloc(min_len);
 	if (!*pout)
 		return 0;
+	/* Round up request to multiple of block size */
+	min_len = ((min_len + 19) / 20) * 20;
 	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
 		{
 		OPENSSL_free(*pout);