Skip to content
  1. Mar 08, 2018
    • Bryan Donlan's avatar
      Fix issues in ia32 RDRAND asm leading to reduced entropy · 082193ef
      Bryan Donlan authored
      This patch fixes two issues in the ia32 RDRAND assembly code that result in a
      (possibly significant) loss of entropy.
      
      The first, less significant, issue is that, by returning success as 0 from
      OPENSSL_ia32_rdrand() and OPENSSL_ia32_rdseed(), a subtle bias was introduced.
      Specifically, because the assembly routine copied the remaining number of
      retries over the result when RDRAND/RDSEED returned 'successful but zero', a
      bias towards values 1-8 (primarily 8) was introduced.
      
      The second, more worrying issue was that, due to a mixup in registers, when a
      buffer that was not size 0 or 1 mod 8 was passed to OPENSSL_ia32_rdrand_bytes
      or OPENSSL_ia32_rdseed_bytes, the last (n mod 8) bytes were all the same value.
      This issue impacts only the 64-bit variant of the assembly.
      
      This change fixes both issues by first eliminating the only use of
      OPENSSL_ia32_rdrand, replacing it with OPENSSL_ia32_rdrand_bytes, and fixes the
      register mixup in OPENSSL_ia32_rdrand_by...
      082193ef
    • Alex Gaynor's avatar
  2. Mar 07, 2018
  3. Mar 06, 2018
  4. Mar 05, 2018
  5. Mar 04, 2018
  6. Mar 03, 2018
  7. Mar 02, 2018
  8. Mar 01, 2018