Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libgcrypt.13597
libgcrypt-CVE-2016-6313-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgcrypt-CVE-2016-6313-1.patch of Package libgcrypt.13597
From 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@gnupg.org> Date: Mon, 8 Aug 2016 12:08:43 +0200 Subject: [PATCH] random: Improve the diagram showing the random mixing * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20. Signed-off-by: Werner Koch <wk@gnupg.org> --- random/random-csprng.c | 88 +++++++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 40 deletions(-) diff --git a/random/random-csprng.c b/random/random-csprng.c index a0bfc78..54ec277 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -548,41 +548,49 @@ _gcry_rngcsprng_randomize (void *buffer, size_t length, /* - Mix the pool: - - |........blocks*20byte........|20byte|..44byte..| - <..44byte..> <20byte> - | | - | +------+ - +---------------------------|----------+ - v v - |........blocks*20byte........|20byte|..44byte..| - <.....64bytes.....> - | - +----------------------------------+ - Hash - v - |.............................|20byte|..44byte..| - <20byte><20byte><..44byte..> - | | - | +---------------------+ - +-----------------------------+ | - v v - |.............................|20byte|..44byte..| - <.....64byte......> - | - +-------------------------+ - Hash - v - |.............................|20byte|..44byte..| - <20byte><20byte><..44byte..> - - and so on until we did this for all blocks. - - To better protect against implementation errors in this code, we - xor a digest of the entire pool into the pool before mixing. - - Note: this function must only be called with a locked pool. + * Mix the 600 byte pool. Note that the 64 byte scratch area directly + * follows the pool. The numbers in the diagram give the number of + * bytes. + * <................600...............> <.64.> + * pool |------------------------------------| |------| + * <..44..> <20> + * | | + * | +-----+ + * +-----------------------------------|--+ + * v v + * |------| + * <hash> + * | + * +---------------------------------------+ + * v + * <20> + * pool' |------------------------------------| + * <20><20><..44..> + * | | + * | +------------------------------+ + * +-------------------------------------+ | + * v v + * |------| + * <hash> + * | + * +-----------------------------------+ + * v + * <20> + * pool'' |------------------------------------| + * <20><20><20><..44..> + * | | + * | +--------------------------+ + * +---------------------------------+ | + * v v + * |------| + * <hash> + * + * and so on until we did this for all 30 blocks. + * + * To better protect against implementation errors in this code, we + * xor a digest of the entire pool into the pool before mixing. + * + * Note: this function must only be called with a locked pool. */ static void mix_pool(unsigned char *pool) @@ -605,14 +613,14 @@ mix_pool(unsigned char *pool) /* Loop over the pool. */ pend = pool + POOLSIZE; - memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN ); - memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); + memcpy (hashbuf, pend - DIGESTLEN, DIGESTLEN ); + memcpy (hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); _gcry_rmd160_mixblock( &md, hashbuf); - memcpy(pool, hashbuf, 20 ); + memcpy (pool, hashbuf, DIGESTLEN); if (failsafe_digest_valid && pool == rndpool) { - for (i=0; i < 20; i++) + for (i=0; i < DIGESTLEN; i++) pool[i] ^= failsafe_digest[i]; } @@ -637,7 +645,7 @@ mix_pool(unsigned char *pool) } _gcry_rmd160_mixblock ( &md, hashbuf); - memcpy(p, hashbuf, 20 ); + memcpy(p, hashbuf, DIGESTLEN); } /* Our hash implementation does only leave small parts (64 bytes) -- 2.8.0.rc3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor