File libgcrypt-CVE-2016-6313-1.patch of Package libgcrypt

Overview Repositories Revisions Requests Users Attributes Meta

File libgcrypt-CVE-2016-6313-1.patch of Package libgcrypt

From 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 8 Aug 2016 12:08:43 +0200
Subject: [PATCH] random: Improve the diagram showing the random mixing

* random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 random/random-csprng.c | 88 +++++++++++++++++++++++++++-----------------------
 1 file changed, 48 insertions(+), 40 deletions(-)

diff --git a/random/random-csprng.c b/random/random-csprng.c
index a0bfc78..54ec277 100644
--- a/random/random-csprng.c
+++ b/random/random-csprng.c
@@ -548,41 +548,49 @@ _gcry_rngcsprng_randomize (void *buffer, size_t length,
 
 
 /*
-   Mix the pool:
-
-   |........blocks*20byte........|20byte|..44byte..|
-   <..44byte..>           <20byte>
-        |                    |
-        |                    +------+
-        +---------------------------|----------+
-                                    v          v
-   |........blocks*20byte........|20byte|..44byte..|
-                                 <.....64bytes.....>
-                                         |
-      +----------------------------------+
-     Hash
-      v
-   |.............................|20byte|..44byte..|
-   <20byte><20byte><..44byte..>
-      |                |
-      |                +---------------------+
-      +-----------------------------+        |
-                                    v        v
-   |.............................|20byte|..44byte..|
-                                 <.....64byte......>
-                                        |
-              +-------------------------+
-             Hash
-              v
-   |.............................|20byte|..44byte..|
-   <20byte><20byte><..44byte..>
-
-   and so on until we did this for all blocks.
-
-   To better protect against implementation errors in this code, we
-   xor a digest of the entire pool into the pool before mixing.
-
-   Note: this function must only be called with a locked pool.
+ * Mix the 600 byte pool.  Note that the 64 byte scratch area directly
+ * follows the pool.  The numbers in the diagram give the number of
+ * bytes.
+ *         <................600...............>   <.64.>
+ * pool   |------------------------------------| |------|
+ *         <..44..>                        <20>
+ *            |                             |
+ *            |                             +-----+
+ *            +-----------------------------------|--+
+ *                                                v  v
+ *                                               |------|
+ *                                                <hash>
+ *                                                  |
+ *          +---------------------------------------+
+ *          v
+ *         <20>
+ * pool'  |------------------------------------|
+ *         <20><20><..44..>
+ *          |         |
+ *          |         +------------------------------+
+ *          +-------------------------------------+  |
+ *                                                v  v
+ *                                               |------|
+ *                                                <hash>
+ *                                                  |
+ *              +-----------------------------------+
+ *              v
+ *             <20>
+ * pool'' |------------------------------------|
+ *         <20><20><20><..44..>
+ *              |         |
+ *              |         +--------------------------+
+ *              +---------------------------------+  |
+ *                                                v  v
+ *                                               |------|
+ *                                                <hash>
+ *
+ * and so on until we did this for all 30 blocks.
+ *
+ * To better protect against implementation errors in this code, we
+ * xor a digest of the entire pool into the pool before mixing.
+ *
+ * Note: this function must only be called with a locked pool.
  */
 static void
 mix_pool(unsigned char *pool)
@@ -605,14 +613,14 @@ mix_pool(unsigned char *pool)
 
   /* Loop over the pool.  */
   pend = pool + POOLSIZE;
-  memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
-  memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
+  memcpy (hashbuf, pend - DIGESTLEN, DIGESTLEN );
+  memcpy (hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
   _gcry_rmd160_mixblock( &md, hashbuf);
-  memcpy(pool, hashbuf, 20 );
+  memcpy (pool, hashbuf, DIGESTLEN);
 
   if (failsafe_digest_valid && pool == rndpool)
     {
-      for (i=0; i < 20; i++)
+      for (i=0; i < DIGESTLEN; i++)
         pool[i] ^= failsafe_digest[i];
     }
 
@@ -637,7 +645,7 @@ mix_pool(unsigned char *pool)
 	}
 
       _gcry_rmd160_mixblock ( &md, hashbuf);
-      memcpy(p, hashbuf, 20 );
+      memcpy(p, hashbuf, DIGESTLEN);
     }
 
     /* Our hash implementation does only leave small parts (64 bytes)
-- 
2.8.0.rc3

Places

File libgcrypt-CVE-2016-6313-1.patch of Package libgcrypt

Places