diff options
| author | Werner Koch <[email protected]> | 2002-02-10 21:34:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2002-02-10 21:34:27 +0000 |
| commit | 35aec9eee20ce171162bd40cd06ce831197ad970 (patch) | |
| tree | 47d45ecfa21fa4215ded0555cdd9440c6bfb477e | |
| parent | For --sig-policy-url and --cert-policy-url, clarify what is a sig and what (diff) | |
| download | gnupg-35aec9eee20ce171162bd40cd06ce831197ad970.tar.gz gnupg-35aec9eee20ce171162bd40cd06ce831197ad970.zip | |
* random.c (add_randomness): Xor new data into the pool and not
just copy it. This avoids any choosen input attacks which are not
serious in our setting because an outsider won't be able to mix
data in and even then we keep going with a PRNG. Thanks to Stefan
Keller for pointing this out.
* random.c (mix_pool): Carry an extra failsafe_digest buffer
around to make the function more robust.
| -rw-r--r-- | cipher/ChangeLog | 13 | ||||
| -rw-r--r-- | cipher/random.c | 18 |
2 files changed, 29 insertions, 2 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog index b94deee9b..9e0de9aea 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,16 @@ +2002-02-10 Werner Koch <[email protected]> + + * random.c (mix_pool): Carry an extra failsafe_digest buffer + around to make the function more robust. + +2002-02-08 Werner Koch <[email protected]> + + * random.c (add_randomness): Xor new data into the pool and not + just copy it. This avoids any choosen input attacks which are not + serious in our setting because an outsider won't be able to mix + data in and even then we keep going with a PRNG. Thanks to Stefan + Keller for pointing this out. + 2002-01-02 Stefan Bellon <[email protected]> * rndriscos.c [__riscos__]: Updated include file name. diff --git a/cipher/random.c b/cipher/random.c index 14ca87f4d..c263f7d68 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -57,6 +57,7 @@ #include "random.h" #include "rand-internal.h" #include "dynload.h" +#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */ #ifndef RAND_MAX /* for SunOS */ @@ -100,6 +101,9 @@ static int did_initial_extra_seeding; static char *seed_file_name; static int allow_seed_file_update; +static unsigned char failsafe_digest[DIGESTLEN]; +static int failsafe_digest_valid; + static int secure_alloc; static int quick_test; static int faked_rng; @@ -259,6 +263,11 @@ mix_pool(byte *pool) memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); rmd160_mixblock( &md, hashbuf); memcpy(pool, hashbuf, 20 ); + if (failsafe_digest_valid && (char*)pool == rndpool) + { + for (i=0; i < 20; i++) + pool[i] ^= failsafe_digest[i]; + } p = pool; for( n=1; n < POOLBLOCKS; n++ ) { @@ -279,7 +288,12 @@ mix_pool(byte *pool) rmd160_mixblock( &md, hashbuf); memcpy(p, hashbuf, 20 ); } - burn_stack (200); /* for the rmd160_mixblock() */ + if ((char*)pool == rndpool) + { + rmd160_hash_buffer (failsafe_digest, pool, POOLSIZE); + failsafe_digest_valid = 1; + } + burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */ } @@ -528,7 +542,7 @@ add_randomness( const void *buffer, size_t length, int source ) rndstats.addbytes += length; rndstats.naddbytes++; while( length-- ) { - rndpool[pool_writepos++] = *p++; + rndpool[pool_writepos++] ^= *p++; if( pool_writepos >= POOLSIZE ) { if( source > 1 ) pool_filled = 1; |