[openssl-commits] [openssl] master update
kaduk at mit.edu
kaduk at mit.edu
Thu Jul 20 17:18:51 UTC 2017
The branch master has been updated
via b8a437ffa09bbf22c04a55015a6d2743cd0b7529 (commit)
via 16960a9b17ebc39498d113cd6dd1f83784f018a4 (commit)
via 4468b6ed59a7e2afc145b3d260dfa096cb7eb2eb (commit)
from 63f483e10d4e04158be234ed431e9f03d707ad82 (commit)
- Log -----------------------------------------------------------------
commit b8a437ffa09bbf22c04a55015a6d2743cd0b7529
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Wed Jul 19 17:59:52 2017 -0500
Fix out-of-bounds read in ctr_XOR
Looking at
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
we see that in the CTR_DRBG_Update() algorithm (internal page number 51),
the provided input data is (after truncation to seedlen) xor-d with the
key and V vector (of length keylen and blocklen respectively). The comment
in ctr_XOR notes that xor-ing with 0 is the identity function, so we can
just ignore the case when the provided input is shorter than seedlen.
The code in ctr_XOR() then proceeds to xor the key with the input, up
to the amount of input present, and computes the remaining input that
could be used to xor with the V vector, before accessing a full 16-byte
stretch of the input vector and ignoring the calculated length. The correct
behavior is to respect the supplied input length and only xor the
indicated number of bytes.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3971)
commit 16960a9b17ebc39498d113cd6dd1f83784f018a4
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Wed Jul 19 17:32:08 2017 -0500
typedef's for RAND_DRBG methods
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3971)
commit 4468b6ed59a7e2afc145b3d260dfa096cb7eb2eb
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Wed Jul 19 17:18:16 2017 -0500
Remove trailing whitespace from drbgtest.c
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3971)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/drbg_rand.c | 2 +-
crypto/rand/rand_lcl.h | 11 ++++-------
include/internal/rand.h | 22 +++++++++++++++-------
test/drbgtest.c | 4 ++--
4 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/crypto/rand/drbg_rand.c b/crypto/rand/drbg_rand.c
index 4ff347c..77d59ec 100644
--- a/crypto/rand/drbg_rand.c
+++ b/crypto/rand/drbg_rand.c
@@ -77,7 +77,7 @@ static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen)
/* Should never happen */
n = 16;
}
- for (i = 0; i < 16; i++)
+ for (i = 0; i < n; i++)
cctx->V[i] ^= in[i + cctx->keylen];
}
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 0c1aa72..de1f2cd 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -71,16 +71,13 @@ struct drbg_ctx_st {
DRBG_CTR_CTX ctr;
/* entropy gathering function */
- size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len);
+ RAND_DRBG_get_entropy_fn get_entropy;
/* Indicates we have finished with entropy buffer */
- void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
-
+ RAND_DRBG_cleanup_entropy_fn cleanup_entropy;
/* nonce gathering function */
- size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len);
+ RAND_DRBG_get_nonce_fn get_nonce;
/* Indicates we have finished with nonce buffer */
- void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
+ RAND_DRBG_cleanup_nonce_fn cleanup_nonce;
};
diff --git a/include/internal/rand.h b/include/internal/rand.h
index 0d386f6..07568ea 100644
--- a/include/internal/rand.h
+++ b/include/internal/rand.h
@@ -26,14 +26,22 @@ int RAND_DRBG_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adinlen);
void RAND_DRBG_free(DRBG_CTX *dctx);
+typedef size_t (*RAND_DRBG_get_entropy_fn)(DRBG_CTX *ctx, unsigned char **pout,
+ int entropy, size_t min_len,
+ size_t max_len);
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(DRBG_CTX *ctx, unsigned char *out,
+ size_t olen);
+typedef size_t (*RAND_DRBG_get_nonce_fn)(DRBG_CTX *ctx, unsigned char **pout,
+ int entropy, size_t min_len,
+ size_t max_len);
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(DRBG_CTX *ctx, unsigned char *out,
+ size_t olen);
+
int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
- size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len),
- void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
- size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len),
- void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen)
- );
+ RAND_DRBG_get_entropy_fn get_entropy,
+ RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+ RAND_DRBG_get_nonce_fn get_nonce,
+ RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 80d0b8b..37c5bde 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -323,7 +323,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
*/
/* Test too small nonce */
- if (dctx->min_nonce) {
+ if (dctx->min_nonce) {
t.noncelen = dctx->min_nonce - 1;
if (!init(dctx, td, &t)
|| RAND_DRBG_instantiate(dctx, td->pers, td->perslen) > 0
@@ -366,7 +366,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
|| !uninstantiate(dctx))
goto err;
- /* Instantiate again with valid data */
+ /* Instantiate again with valid data */
if (!instantiate(dctx, td, &t))
goto err;
reseed_counter_tmp = dctx->reseed_counter;
More information about the openssl-commits
mailing list