[PATCH] random-drbg: do not use calloc for zero ctr

Jussi Kivilinna jussi.kivilinna at iki.fi
Sun Mar 24 09:26:46 CET 2019 

* random/random-drbg.c (DRBG_CTR_NULL_LEN): Move to 'constants'
section.
(drbg_state_s): Remove 'ctr_null' member.
(drbg_ctr_generate): Add 'drbg_ctr_null'.
(drbg_sym_fini, drbg_sym_init): Remove 'drbg->ctr_null' usage.
--

GnuPG-bug-id: 3878
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 0 files changed

diff --git a/random/random-drbg.c b/random/random-drbg.c
index 7f66997be..e0b4230e6 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -235,6 +235,8 @@
 #define DRBG_DEFAULT_TYPE    DRBG_NOPR_HMACSHA256
 
 
+#define DRBG_CTR_NULL_LEN 128
+
 

 /******************************************************************
  * Common data structures
@@ -313,8 +315,6 @@ struct drbg_state_s
 				 * operation -- allocated during init */
   void *priv_data;		/* Cipher handle */
   gcry_cipher_hd_t ctr_handle;	/* CTR mode cipher handle */
-#define DRBG_CTR_NULL_LEN 128
-  unsigned char *ctr_null;	/* CTR mode zero buffer */
   int seeded:1;			/* DRBG fully seeded? */
   int pr:1;			/* Prediction resistance enabled? */
   /* Taken from libgcrypt ANSI X9.31 DRNG: We need to keep track of the
@@ -951,6 +951,7 @@ drbg_ctr_generate (drbg_state_t drbg,
                    unsigned char *buf, unsigned int buflen,
                    drbg_string_t *addtl)
 {
+  static const unsigned char drbg_ctr_null[DRBG_CTR_NULL_LEN] = { 0, };
   gpg_err_code_t ret = 0;
 
   memset (drbg->scratchpad, 0, drbg_blocklen (drbg));
@@ -965,7 +966,7 @@ drbg_ctr_generate (drbg_state_t drbg,
     }
 
   /* 10.2.1.5.2 step 4.1 */
-  ret = drbg_sym_ctr (drbg, drbg->ctr_null, DRBG_CTR_NULL_LEN, buf, buflen);
+  ret = drbg_sym_ctr (drbg, drbg_ctr_null, sizeof(drbg_ctr_null), buf, buflen);
   if (ret)
     goto out;
 
@@ -2582,8 +2583,6 @@ drbg_sym_fini (drbg_state_t drbg)
     _gcry_cipher_close (hd);
   if (drbg->ctr_handle)
     _gcry_cipher_close (drbg->ctr_handle);
-  if (drbg->ctr_null)
-    free(drbg->ctr_null);
 }
 
 static gpg_err_code_t
@@ -2592,10 +2591,6 @@ drbg_sym_init (drbg_state_t drbg)
   gcry_cipher_hd_t hd;
   gpg_error_t err;
 
-  drbg->ctr_null = calloc(1, DRBG_CTR_NULL_LEN);
-  if (!drbg->ctr_null)
-    return GPG_ERR_ENOMEM;
-
   err = _gcry_cipher_open (&hd, drbg->core->backend_cipher,
 			   GCRY_CIPHER_MODE_ECB, 0);
   if (err)

More information about the Gcrypt-devel mailing list