List Info

Thread: OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/fips-1.0/rand/ fips_...
OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/fips-1.0/rand/ fips_...
country flaguser name
Germany		 2007-08-14 08:17:30 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
14-Aug-2007 15:17:29
  Branch: OpenSSL-fips-0_9_8-stable        Handle:
2007081414172800

  Modified files:           (Branch:
OpenSSL-fips-0_9_8-stable)
    openssl/fips-1.0/rand   fips_rand.c

  Log:
    Ensure seed does not match key and fixup error codes.

  Summary:
    Revision    Changes     Path
    1.1.4.6     +24 -2     
openssl/fips-1.0/rand/fips_rand.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/fips-1.0/rand/fips_rand.c
 
============================================================
================
  $ cvs diff -u -r1.1.4.5 -r1.1.4.6 fips_rand.c
  --- openssl/fips-1.0/rand/fips_rand.c	2 Jul 2007 11:27:52
-0000	1.1.4.5
  +++ openssl/fips-1.0/rand/fips_rand.c	14 Aug 2007 13:17:28
-0000	1.1.4.6
   -97,6 +97,8 
   	unsigned long counter;
   	AES_KEY ks;
   	int vpos;
  +	/* Temporary storage for key if it equals seed length
*/
  +	unsigned char tmp_key[AES_BLOCK_LENGTH];
   	unsigned char V[AES_BLOCK_LENGTH];
   	unsigned char DT[AES_BLOCK_LENGTH];
   	unsigned char last[AES_BLOCK_LENGTH];
   -128,7 +130,13 
   		return 0;
   		}
   	AES_set_encrypt_key(key, keylen << 3,
&ctx->ks);
  -	ctx->keyed = 1;
  +	if (keylen == 16)
  +		{
  +		memcpy(ctx->tmp_key, key, 16);
  +		ctx->keyed = 2;
  +		}
  +	else
  +		ctx->keyed = 1;
   	ctx->seeded = 0;
   	ctx->second = 0;
   	return 1;
   -156,6 +164,20 
   		if (ctx->vpos == AES_BLOCK_LENGTH)
   			{
   			ctx->vpos = 0;
  +			/* Special case if first seed and key length equals
  + 			 * block size check key and seed do not match.
  + 			 */ 
  +			if (ctx->keyed == 2)
  +				{
  +				if (!memcmp(ctx->tmp_key, ctx->V, 16))
  +					{
  +					RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
  +						RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
  +					return 0;
  +					}
  +				OPENSSL_cleanse(ctx->tmp_key, 16);
  +				ctx->keyed = 1;
  +				}
   			ctx->seeded = 1;
   			}
   		}
   -182,7 +204,7 
   	{
   	if (!sctx.test_mode)
   		{
  -		RANDerr(RAND_F_FIPS_SET_DT,RAND_R_NOT_IN_TEST_MODE);
 
+		RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);

   		return 0;
   		}
   	memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )