From e0d1a2f80a020bd019b017c52e0d724248731788 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Apr 2011 20:05:19 +0000 Subject: [PATCH] Always return multiple of block length bytes from default DRBG seed callback. Handle case where no multiple of the block size is in the interval [min_len, max_len]. --- CHANGES | 8 ++++++++ crypto/rand/rand_lib.c | 2 ++ fips/rand/fips_drbg_lib.c | 5 ++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 6e54214b40..aa0fe51e19 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Minor change to DRBG entropy callback semantics. In some cases + there is no mutiple of the block length between min_len and + max_len. Allow the callback to return more than max_len bytes + of entropy but discard any extra: it is the callback's responsibility + to ensure that the extra data discarded does not impact the + requested amount of entropy. + [Steve Henson] + *) Add PRNG security strength checks to RSA, DSA and ECDSA using information in FIPS186-3, SP800-57 and SP800-131A. [Steve Henson] diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 0e82013163..f3bd4e632e 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -201,6 +201,8 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, *pout = OPENSSL_malloc(min_len); if (!*pout) return 0; + /* Round up request to multiple of block size */ + min_len = ((min_len + 19) / 20) * 20; if (RAND_SSLeay()->bytes(*pout, min_len) <= 0) { OPENSSL_free(*pout); diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c index 46e42e2947..7892a02b60 100644 --- a/fips/rand/fips_drbg_lib.c +++ b/fips/rand/fips_drbg_lib.c @@ -153,7 +153,10 @@ static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout, return 0; } } - return rv - bl; + rv -= bl; + if (rv > max_len) + return max_len; + return rv; } static void fips_cleanup_entropy(DRBG_CTX *dctx, -- 2.40.0