1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

* random.c (add_randomness): Xor new data into the pool and not

just copy it.  This avoids any choosen input attacks which are not
serious in our setting because an outsider won't be able to mix
data in and even then we keep going with a PRNG.  Thanks to Stefan
Keller for pointing this out.
* random.c (mix_pool): Carry an extra failsafe_digest buffer
around to make the function more robust.
This commit is contained in:
Werner Koch 2002-02-10 21:34:27 +00:00
parent 22f32c9472
commit 35aec9eee2
2 changed files with 29 additions and 2 deletions

View File

@ -1,3 +1,16 @@
2002-02-10 Werner Koch <wk@gnupg.org>
* random.c (mix_pool): Carry an extra failsafe_digest buffer
around to make the function more robust.
2002-02-08 Werner Koch <wk@gnupg.org>
* random.c (add_randomness): Xor new data into the pool and not
just copy it. This avoids any choosen input attacks which are not
serious in our setting because an outsider won't be able to mix
data in and even then we keep going with a PRNG. Thanks to Stefan
Keller for pointing this out.
2002-01-02 Stefan Bellon <sbellon@sbellon.de> 2002-01-02 Stefan Bellon <sbellon@sbellon.de>
* rndriscos.c [__riscos__]: Updated include file name. * rndriscos.c [__riscos__]: Updated include file name.

View File

@ -57,6 +57,7 @@
#include "random.h" #include "random.h"
#include "rand-internal.h" #include "rand-internal.h"
#include "dynload.h" #include "dynload.h"
#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
#ifndef RAND_MAX /* for SunOS */ #ifndef RAND_MAX /* for SunOS */
@ -100,6 +101,9 @@ static int did_initial_extra_seeding;
static char *seed_file_name; static char *seed_file_name;
static int allow_seed_file_update; static int allow_seed_file_update;
static unsigned char failsafe_digest[DIGESTLEN];
static int failsafe_digest_valid;
static int secure_alloc; static int secure_alloc;
static int quick_test; static int quick_test;
static int faked_rng; static int faked_rng;
@ -259,6 +263,11 @@ mix_pool(byte *pool)
memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
rmd160_mixblock( &md, hashbuf); rmd160_mixblock( &md, hashbuf);
memcpy(pool, hashbuf, 20 ); memcpy(pool, hashbuf, 20 );
if (failsafe_digest_valid && (char*)pool == rndpool)
{
for (i=0; i < 20; i++)
pool[i] ^= failsafe_digest[i];
}
p = pool; p = pool;
for( n=1; n < POOLBLOCKS; n++ ) { for( n=1; n < POOLBLOCKS; n++ ) {
@ -279,7 +288,12 @@ mix_pool(byte *pool)
rmd160_mixblock( &md, hashbuf); rmd160_mixblock( &md, hashbuf);
memcpy(p, hashbuf, 20 ); memcpy(p, hashbuf, 20 );
} }
burn_stack (200); /* for the rmd160_mixblock() */ if ((char*)pool == rndpool)
{
rmd160_hash_buffer (failsafe_digest, pool, POOLSIZE);
failsafe_digest_valid = 1;
}
burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */
} }
@ -528,7 +542,7 @@ add_randomness( const void *buffer, size_t length, int source )
rndstats.addbytes += length; rndstats.addbytes += length;
rndstats.naddbytes++; rndstats.naddbytes++;
while( length-- ) { while( length-- ) {
rndpool[pool_writepos++] = *p++; rndpool[pool_writepos++] ^= *p++;
if( pool_writepos >= POOLSIZE ) { if( pool_writepos >= POOLSIZE ) {
if( source > 1 ) if( source > 1 )
pool_filled = 1; pool_filled = 1;