mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
* random.c (add_randomness): Xor new data into the pool and not
just copy it. This avoids any choosen input attacks which are not serious in our setting because an outsider won't be able to mix data in and even then we keep going with a PRNG. Thanks to Stefan Keller for pointing this out. * random.c (mix_pool): Carry an extra failsafe_digest buffer around to make the function more robust.
This commit is contained in:
parent
22f32c9472
commit
35aec9eee2
@ -1,3 +1,16 @@
|
||||
2002-02-10 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* random.c (mix_pool): Carry an extra failsafe_digest buffer
|
||||
around to make the function more robust.
|
||||
|
||||
2002-02-08 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* random.c (add_randomness): Xor new data into the pool and not
|
||||
just copy it. This avoids any choosen input attacks which are not
|
||||
serious in our setting because an outsider won't be able to mix
|
||||
data in and even then we keep going with a PRNG. Thanks to Stefan
|
||||
Keller for pointing this out.
|
||||
|
||||
2002-01-02 Stefan Bellon <sbellon@sbellon.de>
|
||||
|
||||
* rndriscos.c [__riscos__]: Updated include file name.
|
||||
|
@ -57,6 +57,7 @@
|
||||
#include "random.h"
|
||||
#include "rand-internal.h"
|
||||
#include "dynload.h"
|
||||
#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
|
||||
|
||||
|
||||
#ifndef RAND_MAX /* for SunOS */
|
||||
@ -100,6 +101,9 @@ static int did_initial_extra_seeding;
|
||||
static char *seed_file_name;
|
||||
static int allow_seed_file_update;
|
||||
|
||||
static unsigned char failsafe_digest[DIGESTLEN];
|
||||
static int failsafe_digest_valid;
|
||||
|
||||
static int secure_alloc;
|
||||
static int quick_test;
|
||||
static int faked_rng;
|
||||
@ -259,6 +263,11 @@ mix_pool(byte *pool)
|
||||
memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
|
||||
rmd160_mixblock( &md, hashbuf);
|
||||
memcpy(pool, hashbuf, 20 );
|
||||
if (failsafe_digest_valid && (char*)pool == rndpool)
|
||||
{
|
||||
for (i=0; i < 20; i++)
|
||||
pool[i] ^= failsafe_digest[i];
|
||||
}
|
||||
|
||||
p = pool;
|
||||
for( n=1; n < POOLBLOCKS; n++ ) {
|
||||
@ -279,7 +288,12 @@ mix_pool(byte *pool)
|
||||
rmd160_mixblock( &md, hashbuf);
|
||||
memcpy(p, hashbuf, 20 );
|
||||
}
|
||||
burn_stack (200); /* for the rmd160_mixblock() */
|
||||
if ((char*)pool == rndpool)
|
||||
{
|
||||
rmd160_hash_buffer (failsafe_digest, pool, POOLSIZE);
|
||||
failsafe_digest_valid = 1;
|
||||
}
|
||||
burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */
|
||||
}
|
||||
|
||||
|
||||
@ -528,7 +542,7 @@ add_randomness( const void *buffer, size_t length, int source )
|
||||
rndstats.addbytes += length;
|
||||
rndstats.naddbytes++;
|
||||
while( length-- ) {
|
||||
rndpool[pool_writepos++] = *p++;
|
||||
rndpool[pool_writepos++] ^= *p++;
|
||||
if( pool_writepos >= POOLSIZE ) {
|
||||
if( source > 1 )
|
||||
pool_filled = 1;
|
||||
|
Loading…
x
Reference in New Issue
Block a user