[openssl-dev] [openssl.org #4055] FIPS Object Module User Guide corrections needed for (*get_entropy)()
Gibbons, Lee D via RT
rt at openssl.org
Tue Sep 22 00:00:45 UTC 2015
This is to highlight a bug in the FIPS Object Module 2.10 and corrective documentation in its User Guide.
The User Guide for the FIPS Object Module 2.10 describes the (*get_entropy)() callback:
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
"A call to this function requests entropy bits of entropy in a buffer of between min_len and
max_len size bytes inclusive. The values of these are mechanism specific and taken from
SP800-90 tables. This callback should then return the amount of data in the buffer *pout and the
length in the return value, or zero in case of being unable to retrieve sufficient entropy."
The caller of (*get_entropy)() is the static function fips_get_entropy(). Notice how it constructs the <entropy> value, which should be in bits:
rv = dctx->get_entropy(dctx, &tout, entropy + bl,
min_len + bl, max_len + bl);
*pout = tout + bl;
if (rv < (min_len + bl) || (rv % bl))
return 0;
The "entropy + bl" expression is mixing types, adding bits and bytes together. Anyone defining a (*get_entropy)() callback had better ignore the <entropy> parameter. What's more, the callback had better return <min_len> rounded up to a dctx->entropy_blocklen boundary or face failure. The User Guide mentions none of this.
I realize the FIPS Object Module is frozen. The documentation should be corrected to expose the real restrictions on the callback.
Doug Gibbons | Consulting Engineer | Avaya Inc. | 12121 Grant St | 2S-237 | Thornton, CO 80241 | 303-538-3538 | ldgibbons at avaya.com<mailto:ldgibbons at avaya.com>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list