Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.1
openssl-1_1
openssl-urandom-reseeding.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-urandom-reseeding.patch of Package openssl-1_1
Index: openssl-1.1.0c/crypto/rand/rand_unix.c =================================================================== --- openssl-1.1.0c.orig/crypto/rand/rand_unix.c 2016-12-12 17:33:05.654295693 +0100 +++ openssl-1.1.0c/crypto/rand/rand_unix.c 2016-12-12 17:44:44.608814886 +0100 @@ -144,7 +144,8 @@ int RAND_poll(void) unsigned long l; pid_t curr_pid = getpid(); # if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD)) - unsigned char tmpbuf[ENTROPY_NEEDED]; + /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */ + unsigned char tmpbuf[1024]; int n = 0; # endif # ifdef DEVRANDOM @@ -166,7 +167,7 @@ int RAND_poll(void) * out of random entries. */ - for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) { + for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < sizeof(tmpbuf)); i++) { if ((fd = open(randomfiles[i], O_RDONLY # ifdef O_NONBLOCK | O_NONBLOCK @@ -246,7 +247,7 @@ int RAND_poll(void) if (try_read) { r = read(fd, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); + sizeof(tmpbuf) - n); if (r > 0) n += r; } else @@ -263,7 +264,7 @@ int RAND_poll(void) } while ((r > 0 || (errno == EINTR || errno == EAGAIN)) && usec != 0 - && n < ENTROPY_NEEDED); + && n < sizeof(tmpbuf)); close(fd); } @@ -276,12 +277,12 @@ int RAND_poll(void) * collecting daemon. */ - for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; + for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf); egdsocket++) { int r; r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); + sizeof(tmpbuf) - n); if (r > 0) n += r; } Index: openssl-1.1.0c/crypto/rand/md_rand.c =================================================================== --- openssl-1.1.0c.orig/crypto/rand/md_rand.c 2016-12-12 17:33:05.690296235 +0100 +++ openssl-1.1.0c/crypto/rand/md_rand.c 2016-12-12 18:01:49.036286763 +0100 @@ -318,6 +318,10 @@ static int rand_bytes(unsigned char *buf if (num <= 0) return 1; + /* special rule for /dev/urandom seeding ... seed with as much bytes + * from /dev/urandom as you get out */ + RAND_load_file("/dev/urandom", num); + m = EVP_MD_CTX_new(); if (m == NULL) goto err_mem; Index: openssl-1.1.0c/crypto/fips/fips_drbg_rand.c =================================================================== --- openssl-1.1.0c.orig/crypto/fips/fips_drbg_rand.c 2016-12-12 17:33:05.690296235 +0100 +++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c 2016-12-12 18:05:52.779971206 +0100 @@ -90,6 +90,11 @@ static int fips_drbg_bytes(unsigned char int rv = 0; unsigned char *adin = NULL; size_t adinlen = 0; + + /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */ + if (count > dctx->min_entropy) + RAND_load_file("/dev/urandom", count - dctx->min_entropy); + CRYPTO_THREAD_write_lock(fips_rand_lock); do { size_t rcnt; Index: openssl-1.1.0c/crypto/rand/rand_lib.c =================================================================== --- openssl-1.1.0c.orig/crypto/rand/rand_lib.c 2016-12-12 17:33:05.690296235 +0100 +++ openssl-1.1.0c/crypto/rand/rand_lib.c 2016-12-12 18:05:01.499195179 +0100 @@ -188,7 +188,7 @@ static int drbg_rand_add(DRBG_CTX *ctx, { RAND_OpenSSL()->add(in, inlen, entropy); if (FIPS_rand_status()) { - FIPS_drbg_reseed(ctx, NULL, 0); + FIPS_drbg_reseed(ctx, in, inlen); } return 1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor