Always return multiple of block length bytes from default DRBG seed

callback. Handle case where no multiple of the block size is in the interval [min_len, max_len].
2011-04-23 20:05:19 +00:00 · 2011-04-23 20:05:19 +00:00 · e0d1a2f80a
commit e0d1a2f80a
parent cac4fb58e0
3 changed files with 14 additions and 1 deletions
--- a/8
+++ b/8
@ -4,6 +4,14 @@

 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]

+  *) Minor change to DRBG entropy callback semantics. In some cases
+     there is no mutiple of the block length between min_len and
+     max_len. Allow the callback to return more than max_len bytes
+     of entropy but discard any extra: it is the callback's responsibility
+     to ensure that the extra data discarded does not impact the
+     requested amount of entropy.
+     [Steve Henson]
+
  *) Add PRNG security strength checks to RSA, DSA and ECDSA using 
     information in FIPS186-3, SP800-57 and SP800-131A.
     [Steve Henson]
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@ -201,6 +201,8 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 	*pout = OPENSSL_malloc(min_len);
 	if (!*pout)
 		return 0;
+	/* Round up request to multiple of block size */
+	min_len = ((min_len + 19) / 20) * 20;
 	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
 		{
 		OPENSSL_free(*pout);
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@ -153,7 +153,10 @@ static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
 			return 0;
 			}
 		}
-	return rv - bl;
+	rv -= bl;
+	if (rv > max_len)
+		return max_len;
+	return rv;
 	}

 static void fips_cleanup_entropy(DRBG_CTX *dctx,