wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Dr. Matthias St. Pierre d597a9a877 RAND_add()/RAND_seed(): fix failure on short input or low entropy 
Commit 5b4cb385c1 (#7382) introduced a bug which had the effect
that RAND_add()/RAND_seed() failed for buffer sizes less than
32 bytes. The reason was that now the added random data was used
exlusively as entropy source for reseeding. When the random input
was too short or contained not enough entropy, the DRBG failed
without querying the available entropy sources.

This commit makes drbg_add() act smarter: it checks the entropy
requirements explicitely. If the random input fails this check,
it won't be added as entropy input, but only as additional data.
More precisely, the behaviour depends on whether an os entropy
source was configured (which is the default on most os):

- If an os entropy source is avaible then we declare the buffer
  content as additional data by setting randomness to zero and
  trigger a regular   reseeding.

- If no os entropy source is available, a reseeding will fail
  inevitably. So drbg_add() uses a trick to mix the buffer contents
  into the DRBG state without forcing a reseeding: it generates a
  dummy random byte, using the buffer content as additional data.

Related-to: #7449

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7456)

(cherry picked from commit 8817215d5c)
2018-10-27 13:03:35 +02:00
..
aes Update copyright year 2018-09-11 13:45:17 +01:00
aria
asn1 ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes 2018-09-09 03:39:37 +02:00
async arch/async_posix.h: improve portability. 2018-10-19 10:31:04 +02:00
bf
bio Fix the BIO callback return code handling 2018-10-04 14:20:27 +01:00
blake2
bn crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG 2018-09-21 11:35:14 +02:00
buffer Update copyright year 2018-04-03 13:57:12 +01:00
camellia Update copyright year 2018-09-11 13:45:17 +01:00
cast
chacha chacha/asm/chacha-x86_64.pl: add dedicated path for 128-byte inputs. 2018-07-03 19:02:02 +02:00
cmac Update copyright year 2018-04-17 15:18:40 +02:00
cms Update copyright year 2018-09-11 13:45:17 +01:00
comp Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
conf Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
ct Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
des Update copyright year 2018-04-03 13:57:12 +01:00
dh Harmonize the error handling codepath 2018-09-05 15:22:35 +03:00
dsa Update copyright year 2018-09-11 13:45:17 +01:00
dso Extend dladdr() for AIX, consequence from changes for openssl#6368. 2018-08-22 21:50:33 +02:00
ec EVP module documentation pass 2018-10-17 13:31:59 +03:00
engine /dev/crypto engine: give CIOCFSESSION the actual sess-id 2018-10-05 21:55:38 +02:00
err DRBG: fix reseeding via RAND_add()/RAND_seed() with large input 2018-10-16 22:32:42 +02:00
evp Fix some Coverity warnings 2018-10-02 10:58:05 +01:00
hmac Fix HMAC SHA3-224 and HMAC SHA3-256. 2018-09-04 08:09:12 +10:00
idea
include/internal EVP module documentation pass 2018-10-17 13:31:59 +03:00
kdf hkdf zeroization fix 2018-09-05 05:21:46 +10:00
lhash Update copyright year 2018-09-11 13:45:17 +01:00
md2
md4
md5
mdc2
modes Update copyright year 2018-09-11 13:45:17 +01:00
objects Make OBJ_NAME case insensitive. 2018-09-04 07:35:45 +10:00
ocsp Update copyright year 2018-09-11 13:45:17 +01:00
pem key zeroisation for pvkfmt now done on all branch paths 2018-09-05 05:14:02 +10:00
perlasm Update copyright year 2018-09-11 13:45:17 +01:00
pkcs7 Update copyright year 2018-09-11 13:45:17 +01:00
pkcs12 Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
poly1305 Fix a nit of copyright date range 2018-10-10 09:51:03 +08:00
rand RAND_add()/RAND_seed(): fix failure on short input or low entropy 2018-10-27 13:03:35 +02:00
rc2
rc4 Update copyright year 2018-09-11 13:45:17 +01:00
rc5
ripemd
rsa Safer memory cleanup in (crypto/rsa/rsa_lib.c) 2018-10-13 21:19:24 +08:00
seed Update copyright year 2018-09-11 13:45:17 +01:00
sha sha/asm/keccak1600-s390x.pl: resolve -march=z900 portability issue. 2018-10-12 20:53:57 +02:00
siphash Update copyright year 2018-09-11 13:45:17 +01:00
sm2 EVP module documentation pass 2018-10-17 13:31:59 +03:00
sm3
sm4
srp Make ck_errf.pl ignore commented out error generation 2018-06-12 12:31:45 +02:00
stack Revert "stack/stack.c: omit redundant NULL checks." 2018-08-09 14:37:10 +01:00
store crypto/*: address standard-compilance nits. 2018-07-20 13:40:30 +02:00
ts Check conversion return in ASN1_INTEGER_print_bio. 2018-07-31 11:37:05 +10:00
txt_db Update copyright year 2018-04-03 13:57:12 +01:00
ui crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too 2018-09-20 06:40:52 +02:00
whrlpool
x509 Apply self-imposed path length also to root CAs 2018-10-18 00:10:04 -04:00
x509v3 Update copyright year 2018-09-11 13:45:17 +01:00
alphacpuid.pl
arm64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
arm_arch.h Fix building linux-armv4 with --strict-warnings 2018-04-20 15:49:33 +02:00
armcap.c
armv4cpuid.pl Update copyright year 2018-05-01 13:34:30 +01:00
build.info Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
c64xpluscpuid.pl
cpt_err.c Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
cryptlib.c minor fixes for Windows 2018-09-12 09:18:25 +02:00
ctype.c
cversion.c
dllmain.c Update copyright year 2018-09-11 13:45:17 +01:00
ebcdic.c
ex_data.c Ensure the thread keys are always allocated in the same order 2018-04-20 15:45:06 +02:00
getenv.c Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
ia64cpuid.S
init.c crypto/init.c: improve destructor_key's portability. 2018-08-22 21:46:01 +02:00
LPdir_nyi.c
LPdir_unix.c typo-fixes: miscellaneous typo fixes 2018-09-21 23:59:02 +02:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
mem.c crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG. 2018-08-07 09:08:50 +02:00
mem_clr.c
mem_dbg.c
mem_sec.c test/secmemtest: test secure memory only if it is implemented 2018-10-05 12:23:34 +02:00
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c Add missing include file. 2018-09-17 12:54:20 +10:00
o_init.c
o_str.c
o_time.c Update copyright year 2018-04-03 13:57:12 +01:00
pariscid.pl PA-RISC assembly pack: make it work with GNU assembler for HP-UX. 2018-06-25 16:45:48 +02:00
ppc_arch.h
ppccap.c crypto/ppccap.c: wire new ChaCha20_ctr32_vsx. 2018-06-06 22:14:15 +02:00
ppccpuid.pl
s390x_arch.h s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
s390xcap.c
s390xcpuid.pl s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_pthread.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_win.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
uid.c Update copyright year 2018-09-11 13:45:17 +01:00
vms_rms.h
x86_64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
x86cpuid.pl