Tree - rpms/libgcrypt - CentOS Git server

gentleknife / rpms / libgcrypt

Forked from rpms/libgcrypt 4 years ago

Source
Stats

Files

Commit: 66e42de22104b6135ee74c9dc45ec2795c7c6bcf

Blob Blame History Raw

diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest	2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/random/random-drbg.c	2019-06-03 13:19:44.035516400 +0200
@@ -610,6 +610,8 @@ drbg_get_entropy (drbg_state_t drbg, uns
 		       size_t len)
 {
   int rc = 0;
+  static unsigned char oldhash[64] = { 0 };
+  unsigned char newhash[64];
 
   /* Perform testing as defined in 11.3.2 */
   if (drbg->test_data && drbg->test_data->fail_seed_source)
@@ -634,6 +636,17 @@ drbg_get_entropy (drbg_state_t drbg, uns
 #else
   rc = -1;
 #endif
+
+  /* to avoid storing the actual entropy obtained for indefinite
+     time, we just store the SHA-512 hash of the entropy gathered
+   */
+  _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
+
+  if (memcmp (newhash, oldhash, sizeof (oldhash)) == 0)
+    return -1;  /* continous entropy test failed */
+
+  memcpy (oldhash, newhash, sizeof (oldhash));
+
   return rc;
 }

gentleknife / rpms / libgcrypt

Source Code

Files