Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
openssl
openssl-urandom-reseeding.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-urandom-reseeding.patch of Package openssl
Index: openssl-1.0.1i/crypto/rand/rand_unix.c =================================================================== --- openssl-1.0.1i.orig/crypto/rand/rand_unix.c +++ openssl-1.0.1i/crypto/rand/rand_unix.c @@ -239,7 +239,8 @@ int RAND_poll(void) unsigned long l; pid_t curr_pid = getpid(); #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - unsigned char tmpbuf[ENTROPY_NEEDED]; + /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */ + unsigned char tmpbuf[1024]; int n = 0; #endif #ifdef DEVRANDOM @@ -260,7 +261,7 @@ int RAND_poll(void) * if it runs out of random entries. */ for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) && - (n < ENTROPY_NEEDED); i++) + (n < sizeof(tmpbuf)); i++) { if ((fd = open(randomfiles[i], O_RDONLY | O_CLOEXEC #ifdef O_NONBLOCK @@ -344,7 +345,7 @@ int RAND_poll(void) if (try_read) { - r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n); + r = read(fd,(unsigned char *)tmpbuf+n, sizeof(tmpbuf)-n); if (r > 0) n += r; #if defined(OPENSSL_SYS_BEOS_R5) @@ -365,7 +366,7 @@ int RAND_poll(void) usec = 0; } while ((r > 0 || - (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); + (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < sizeof(tmpbuf)); close(fd); } Index: openssl-1.0.1i/crypto/rand/md_rand.c =================================================================== --- openssl-1.0.1i.orig/crypto/rand/md_rand.c +++ openssl-1.0.1i/crypto/rand/md_rand.c @@ -347,6 +347,10 @@ int ssleay_rand_bytes(unsigned char *buf if (num <= 0) return 1; + /* special rule for /dev/urandom seeding ... seed with as much bytes + * from /dev/urandom as you get out */ + RAND_load_file("/dev/urandom", num); + EVP_MD_CTX_init(&m); /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); Index: openssl-1.0.1i/crypto/fips/fips_drbg_rand.c =================================================================== --- openssl-1.0.1i.orig/crypto/fips/fips_drbg_rand.c +++ openssl-1.0.1i/crypto/fips/fips_drbg_rand.c @@ -78,6 +78,11 @@ static int fips_drbg_bytes(unsigned char unsigned char *adin = NULL; size_t adinlen = 0; int locked; + + /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */ + if (count > dctx->min_entropy) + RAND_load_file("/dev/urandom", count - dctx->min_entropy); + locked = private_RAND_lock(1); do { Index: openssl-1.0.1i/crypto/rand/rand_lib.c =================================================================== --- openssl-1.0.1i.orig/crypto/rand/rand_lib.c +++ openssl-1.0.1i/crypto/rand/rand_lib.c @@ -278,7 +278,7 @@ static int drbg_rand_add(DRBG_CTX *ctx, if (FIPS_rand_status()) { int locked = private_RAND_lock(1); - FIPS_drbg_reseed(ctx, NULL, 0); + FIPS_drbg_reseed(ctx, in, inlen); if (locked) private_RAND_lock(0); } return 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor