drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) (63180182) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit 63180182 authored May 30, 2019 by

Dr. Matthias St. Pierre Committed by Matt Caswell Sep 09, 2019

drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt)

Since commit 7c226dfc

 a chained DRBG does not add additional
data anymore when reseeding from its parent. The reason is that
the size of the additional data exceeded the allowed size when
no derivation function was used.

This commit provides an alternative fix: instead of adding the
entire DRBG's complete state, we just add the DRBG's address
in memory, thereby providing some distinction between the different
DRBG instances.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9802)

parent 5520695c

Hide whitespace changes

Inline Side-by-side

Please register or to comment