rpms/openssl
6
1
Fork 1
Code Issues Pull Requests Releases Activity

Increase RNG seeding buffer size to 32

Browse Source 
Related: rhbz#2168224
This commit is contained in:
Dmitry Belyavskiy 2023-03-13 12:35:42 +01:00 committed by Clemens Lang
parent fb4b72ff2f
commit 6eb72dd621
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
0076-FIPS-140-3-DRBG.patch
View File

@ -143,3 +143,15 @@ diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-
if (bytes_needed < min_len) if (bytes_needed < min_len)
bytes_needed = min_len; bytes_needed = min_len;
if (bytes_needed > max_len) if (bytes_needed > max_len)
diff -up openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg openssl-3.0.7/providers/implementations/rands/drbg_local.h
--- openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg 2023-03-13 12:17:47.705538612 +0100
+++ openssl-3.0.7/providers/implementations/rands/drbg_local.h 2023-03-13 12:18:03.060702092 +0100
@@ -38,7 +38,7 @@
*
* The value is in bytes.
*/
-#define CRNGT_BUFSIZ 16
+#define CRNGT_BUFSIZ 32
/*
* Maximum input size for the DRBG (entropy, nonce, personalization string)

2
openssl.spec
View File

@ -523,6 +523,8 @@ install -m644 %{SOURCE9} \
Resolves: rhbz#2178030 Resolves: rhbz#2178030
- DH PCT should abort on failure - DH PCT should abort on failure
Resolves: rhbz#2178039 Resolves: rhbz#2178039
- Increase RNG seeding buffer size to 32
Related: rhbz#2168224
* Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6 * Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6
- Fixes RNG slowdown in FIPS mode - Fixes RNG slowdown in FIPS mode