diff options
| -rw-r--r-- | cipher/ChangeLog | 13 | ||||
| -rw-r--r-- | cipher/random.c | 18 |
2 files changed, 29 insertions, 2 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog index b94deee9b..9e0de9aea 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,16 @@ +2002-02-10 Werner Koch <[email protected]> + + * random.c (mix_pool): Carry an extra failsafe_digest buffer + around to make the function more robust. + +2002-02-08 Werner Koch <[email protected]> + + * random.c (add_randomness): Xor new data into the pool and not + just copy it. This avoids any choosen input attacks which are not + serious in our setting because an outsider won't be able to mix + data in and even then we keep going with a PRNG. Thanks to Stefan + Keller for pointing this out. + 2002-01-02 Stefan Bellon <[email protected]> * rndriscos.c [__riscos__]: Updated include file name. diff --git a/cipher/random.c b/cipher/random.c index 14ca87f4d..c263f7d68 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -57,6 +57,7 @@ #include "random.h" #include "rand-internal.h" #include "dynload.h" +#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */ #ifndef RAND_MAX /* for SunOS */ @@ -100,6 +101,9 @@ static int did_initial_extra_seeding; static char *seed_file_name; static int allow_seed_file_update; +static unsigned char failsafe_digest[DIGESTLEN]; +static int failsafe_digest_valid; + static int secure_alloc; static int quick_test; static int faked_rng; @@ -259,6 +263,11 @@ mix_pool(byte *pool) memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); rmd160_mixblock( &md, hashbuf); memcpy(pool, hashbuf, 20 ); + if (failsafe_digest_valid && (char*)pool == rndpool) + { + for (i=0; i < 20; i++) + pool[i] ^= failsafe_digest[i]; + } p = pool; for( n=1; n < POOLBLOCKS; n++ ) { @@ -279,7 +288,12 @@ mix_pool(byte *pool) rmd160_mixblock( &md, hashbuf); memcpy(p, hashbuf, 20 ); } - burn_stack (200); /* for the rmd160_mixblock() */ + if ((char*)pool == rndpool) + { + rmd160_hash_buffer (failsafe_digest, pool, POOLSIZE); + failsafe_digest_valid = 1; + } + burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */ } @@ -528,7 +542,7 @@ add_randomness( const void *buffer, size_t length, int source ) rndstats.addbytes += length; rndstats.naddbytes++; while( length-- ) { - rndpool[pool_writepos++] = *p++; + rndpool[pool_writepos++] ^= *p++; if( pool_writepos >= POOLSIZE ) { if( source > 1 ) pool_filled = 1; |