[Crypto] Fix generate_random_bytes for large chunks

Properly handle mbedtls errors, ensure we don't ask more bytes than
allowed for each iteration.
This commit is contained in:
Fabio Alessandrelli 2023-09-18 21:06:15 +02:00
parent fcbc50ec14
commit e0140601a5

View file

@ -419,9 +419,19 @@ Ref<X509Certificate> CryptoMbedTLS::generate_self_signed_certificate(Ref<CryptoK
}
PackedByteArray CryptoMbedTLS::generate_random_bytes(int p_bytes) {
ERR_FAIL_COND_V(p_bytes < 0, PackedByteArray());
PackedByteArray out;
out.resize(p_bytes);
mbedtls_ctr_drbg_random(&ctr_drbg, out.ptrw(), p_bytes);
int left = p_bytes;
int pos = 0;
// Ensure we generate random in chunks of no more than MBEDTLS_CTR_DRBG_MAX_REQUEST bytes or mbedtls_ctr_drbg_random will fail.
while (left > 0) {
int to_read = MIN(left, MBEDTLS_CTR_DRBG_MAX_REQUEST);
int ret = mbedtls_ctr_drbg_random(&ctr_drbg, out.ptrw() + pos, to_read);
ERR_FAIL_COND_V_MSG(ret != 0, PackedByteArray(), vformat("Failed to generate %d random bytes(s). Error: %d.", p_bytes, ret));
left -= to_read;
pos += to_read;
}
return out;
}