Commit e0d1a2f8 authored Apr 23, 2011 by Dr. Stephen Henson

Always return multiple of block length bytes from default DRBG seed

callback.

Handle case where no multiple of the block size is in the interval
[min_len, max_len].

parent cac4fb58

CHANGES

+8 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,14 @@

		Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]

		*) Minor change to DRBG entropy callback semantics. In some cases
		there is no mutiple of the block length between min_len and
		max_len. Allow the callback to return more than max_len bytes
		of entropy but discard any extra: it is the callback's responsibility
		to ensure that the extra data discarded does not impact the
		requested amount of entropy.
		[Steve Henson]

		*) Add PRNG security strength checks to RSA, DSA and ECDSA using
		information in FIPS186-3, SP800-57 and SP800-131A.
		[Steve Henson]

crypto/rand/rand_lib.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -201,6 +201,8 @@ static size_t drbg_get_entropy(DRBG_CTX ctx, unsigned char *pout,
		*pout = OPENSSL_malloc(min_len);
		if (!*pout)
		return 0;
		/* Round up request to multiple of block size */
		min_len = ((min_len + 19) / 20) * 20;
		if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
		{
		OPENSSL_free(*pout);

fips/rand/fips_drbg_lib.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -153,7 +153,10 @@ static size_t fips_get_entropy(DRBG_CTX dctx, unsigned char *pout,
		return 0;
		}
		}
		return rv - bl;
		rv -= bl;
		if (rv > max_len)
		return max_len;
		return rv;
		}

		static void fips_cleanup_entropy(DRBG_CTX *dctx,