Skip to content
  1. Oct 16, 2018
    • Dr. Matthias St. Pierre's avatar
      DRBG: fix reseeding via RAND_add()/RAND_seed() with large input · dbf0a496
      Dr. Matthias St. Pierre authored
      
      
      In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
      was implemented by buffering the data in a random pool where it is
      picked up later by the rand_drbg_get_entropy() callback. This buffer
      was limited to the size of 4096 bytes.
      
      When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
      the reseeding failed, but the error returned by the DRBG was ignored
      by the two calling functions, which both don't return an error code.
      As a consequence, the data provided by the application was effectively
      ignored.
      
      This commit fixes the problem by a more efficient implementation which
      does not copy the data in memory and by raising the buffer the size limit
      to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
      but it was chosen intentionally to avoid platform dependent problems
      like integer sizes and/or signed/unsigned conversion.
      
      Additionally, the DRBG is now less permissive on errors: In addition to
      pushing a message to the openssl error stack, it enters the error state,
      which forces a reinstantiation on next call.
      
      Thanks go to Dr. Falko Strenzke for reporting this issue to the
      openssl-security mailing list. After internal discussion the issue
      has been categorized as not being security relevant, because the DRBG
      reseeds automatically and is fully functional even without additional
      randomness provided by the application.
      
      Fixes #7381
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7382)
      
      (cherry picked from commit 3064b55134434a0b2850f07eff57120f35bb269a)
      dbf0a496
  2. Oct 15, 2018
  3. Oct 13, 2018
  4. Oct 12, 2018
  5. Oct 11, 2018
  6. Oct 10, 2018
  7. Oct 08, 2018
  8. Oct 05, 2018
  9. Oct 04, 2018
  10. Oct 02, 2018
  11. Sep 26, 2018
  12. Sep 25, 2018
  13. Sep 24, 2018
  14. Sep 23, 2018
    • Bernd Edlinger's avatar
      Create the .rnd file it it does not exist · 1fd6afb5
      Bernd Edlinger authored
      
      
      It's a bit annoying, since some commands try to read a .rnd file,
      and print an error message if the file does not exist.
      
      But previously a .rnd file was created on exit, and that does no longer
      happen.
      
      Fixed by continuing in app_RAND_load_conf regardless of the error in
      RAND_load_file.
      
      If the random number generator is still not initalized on exit, the
      function RAND_write_file will fail and no .rnd file would be created.
      
      Remove RANDFILE from openssl.cnf
      
      Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
      (Merged from https://github.com/openssl/openssl/pull/7217)
      
      (cherry picked from commit 0f58220973a02248ca5c69db59e615378467b9c8)
      1fd6afb5
  15. Sep 21, 2018
  16. Sep 20, 2018