31 lines
1.0 KiB
Diff
31 lines
1.0 KiB
Diff
diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
|
|
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100
|
|
+++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-03 13:19:44.035516400 +0200
|
|
@@ -610,6 +610,8 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
|
size_t len)
|
|
{
|
|
int rc = 0;
|
|
+ static unsigned char oldhash[64] = { 0 };
|
|
+ unsigned char newhash[64];
|
|
|
|
/* Perform testing as defined in 11.3.2 */
|
|
if (drbg->test_data && drbg->test_data->fail_seed_source)
|
|
@@ -634,6 +636,17 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
|
#else
|
|
rc = -1;
|
|
#endif
|
|
+
|
|
+ /* to avoid storing the actual entropy obtained for indefinite
|
|
+ time, we just store the SHA-512 hash of the entropy gathered
|
|
+ */
|
|
+ _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
|
|
+
|
|
+ if (memcmp (newhash, oldhash, sizeof (oldhash)) == 0)
|
|
+ return -1; /* continous entropy test failed */
|
|
+
|
|
+ memcpy (oldhash, newhash, sizeof (oldhash));
|
|
+
|
|
return rc;
|
|
}
|
|
|