wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto/rand
History
Dr. Matthias St. Pierre 8817215d5c RAND_add()/RAND_seed(): fix failure on short input or low entropy 
Commit 5b4cb385c1 (#7382) introduced a bug which had the effect
that RAND_add()/RAND_seed() failed for buffer sizes less than
32 bytes. The reason was that now the added random data was used
exlusively as entropy source for reseeding. When the random input
was too short or contained not enough entropy, the DRBG failed
without querying the available entropy sources.

This commit makes drbg_add() act smarter: it checks the entropy
requirements explicitely. If the random input fails this check,
it won't be added as entropy input, but only as additional data.
More precisely, the behaviour depends on whether an os entropy
source was configured (which is the default on most os):

- If an os entropy source is avaible then we declare the buffer
  content as additional data by setting randomness to zero and
  trigger a regular   reseeding.

- If no os entropy source is available, a reseeding will fail
  inevitably. So drbg_add() uses a trick to mix the buffer contents
  into the DRBG state without forcing a reseeding: it generates a
  dummy random byte, using the buffer content as additional data.

Related-to: #7449

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7456)
2018-10-26 08:38:19 +02:00
..
build.info Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests 2018-09-28 07:22:13 +10:00
drbg_ctr.c DRBG: fix reseeding via RAND_add()/RAND_seed() with large input 2018-10-16 22:15:43 +02:00
drbg_hash.c DRBG: fix reseeding via RAND_add()/RAND_seed() with large input 2018-10-16 22:15:43 +02:00
drbg_hmac.c DRBG: fix reseeding via RAND_add()/RAND_seed() with large input 2018-10-16 22:15:43 +02:00
drbg_lib.c RAND_add()/RAND_seed(): fix failure on short input or low entropy 2018-10-26 08:38:19 +02:00
rand_egd.c Update copyright year 2018-05-29 13:16:04 +01:00
rand_err.c DRBG: fix reseeding via RAND_add()/RAND_seed() with large input 2018-10-16 22:15:43 +02:00
rand_lcl.h RAND: ensure INT32_MAX is defined 2018-10-23 10:56:07 +02:00
rand_lib.c RAND_add(): fix heap corruption in error path 2018-10-22 14:54:55 +02:00
rand_unix.c DRBG: fix reseeding via RAND_add()/RAND_seed() with large input 2018-10-16 22:15:43 +02:00
rand_vms.c VMS: only use the high precision on VMS v8.4 and up 2018-09-15 15:44:45 +02:00
rand_win.c crypto/rand: fix some style nit's 2018-10-10 14:00:43 +02:00
randfile.c RAND_load_file(): avoid adding small chunks to RAND_add() 2018-10-26 08:38:08 +02:00