git.openssl.org Git - openssl.git/commit

author	Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
	Sun, 15 Oct 2023 23:35:48 +0000 (01:35 +0200)
committer	Matt Caswell <matt@openssl.org>
	Tue, 24 Oct 2023 10:14:11 +0000 (11:14 +0100)
commit	7998e7dc07d8f1f516af32887f2490c03cd8c594
tree	47fb9ebc7a356181874d8423dda1c4643d6c78ce	tree \| snapshot
parent	0a8faac3c7cc2e88f46a8bdce5bd039dc22abdec	commit \| diff

rand: fix seeding from a weak entropy source

The 'rand_generate' method is not well suited for being used with
weak entropy sources in the 'get_entropy' callback, because the
caller needs to provide a preallocated buffer without knowing
how much bytes are actually needed to collect the required entropy.

Instead we use the 'rand_get_seed' and 'rand_clear_seed' methods
which were exactly designed for this purpose: it's the callee who
allocates and fills the buffer, and finally cleans it up again.

The 'rand_get_seed' and 'rand_clear_seed' methods are currently
optional for a provided random generator. We could fall back to
using 'rand_generate' if those methods are not implemented.
However, imo it would be better to simply make them an officially
documented requirement for seed sources.

Fixes #22332

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22394)

crypto/evp/evp_rand.c		diff \| blob \| history
crypto/rand/prov_seed.c		diff \| blob \| history
include/crypto/evp.h		diff \| blob \| history
providers/implementations/rands/seed_src.c		diff \| blob \| history