[Crypto] Fix generate_random_bytes for large chunks
Properly handle mbedtls errors, ensure we don't ask more bytes than
allowed for each iteration.
(cherry picked from commit e0140601a5
)
This commit is contained in:
parent
33b965367c
commit
52e2bde16f
|
@ -419,9 +419,19 @@ Ref<X509Certificate> CryptoMbedTLS::generate_self_signed_certificate(Ref<CryptoK
|
|||
}
|
||||
|
||||
PackedByteArray CryptoMbedTLS::generate_random_bytes(int p_bytes) {
|
||||
ERR_FAIL_COND_V(p_bytes < 0, PackedByteArray());
|
||||
PackedByteArray out;
|
||||
out.resize(p_bytes);
|
||||
mbedtls_ctr_drbg_random(&ctr_drbg, out.ptrw(), p_bytes);
|
||||
int left = p_bytes;
|
||||
int pos = 0;
|
||||
// Ensure we generate random in chunks of no more than MBEDTLS_CTR_DRBG_MAX_REQUEST bytes or mbedtls_ctr_drbg_random will fail.
|
||||
while (left > 0) {
|
||||
int to_read = MIN(left, MBEDTLS_CTR_DRBG_MAX_REQUEST);
|
||||
int ret = mbedtls_ctr_drbg_random(&ctr_drbg, out.ptrw() + pos, to_read);
|
||||
ERR_FAIL_COND_V_MSG(ret != 0, PackedByteArray(), vformat("Failed to generate %d random bytes(s). Error: %d.", p_bytes, ret));
|
||||
left -= to_read;
|
||||
pos += to_read;
|
||||
}
|
||||
return out;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue