diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 20:05:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 20:05:19 +0000 |
commit | e0d1a2f80a020bd019b017c52e0d724248731788 (patch) | |
tree | 8a68772a04b5115a51788f6a13f45388c48f62f1 | |
parent | cac4fb58e02d8cf799d75212179f56c69e652ec7 (diff) |
Always return multiple of block length bytes from default DRBG seed
callback.
Handle case where no multiple of the block size is in the interval
[min_len, max_len].
-rw-r--r-- | CHANGES | 8 | ||||
-rw-r--r-- | crypto/rand/rand_lib.c | 2 | ||||
-rw-r--r-- | fips/rand/fips_drbg_lib.c | 5 |
3 files changed, 14 insertions, 1 deletions
@@ -4,6 +4,14 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Minor change to DRBG entropy callback semantics. In some cases + there is no mutiple of the block length between min_len and + max_len. Allow the callback to return more than max_len bytes + of entropy but discard any extra: it is the callback's responsibility + to ensure that the extra data discarded does not impact the + requested amount of entropy. + [Steve Henson] + *) Add PRNG security strength checks to RSA, DSA and ECDSA using information in FIPS186-3, SP800-57 and SP800-131A. [Steve Henson] diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 0e82013163..f3bd4e632e 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -201,6 +201,8 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, *pout = OPENSSL_malloc(min_len); if (!*pout) return 0; + /* Round up request to multiple of block size */ + min_len = ((min_len + 19) / 20) * 20; if (RAND_SSLeay()->bytes(*pout, min_len) <= 0) { OPENSSL_free(*pout); diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c index 46e42e2947..7892a02b60 100644 --- a/fips/rand/fips_drbg_lib.c +++ b/fips/rand/fips_drbg_lib.c @@ -153,7 +153,10 @@ static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout, return 0; } } - return rv - bl; + rv -= bl; + if (rv > max_len) + return max_len; + return rv; } static void fips_cleanup_entropy(DRBG_CTX *dctx, |