mbedtls/library
Hanno Becker eab304caf5 HMAC DRBG: Split entropy-gathering requests to reduce request sizes
According to SP800-90A, the DRBG seeding process should use a nonce
of length `security_strength / 2` bits as part of the DRBG seed. It
further notes that this nonce may be drawn from the same source of
entropy that is used for the first `security_strength` bits of the
DRBG seed. The present HMAC DRBG implementation does that, requesting
`security_strength * 3 / 2` bits of entropy from the configured entropy
source in total to form the initial part of the DRBG seed.

However, some entropy sources may have thresholds in terms of how much
entropy they can provide in a single call to their entropy gathering
function which may be exceeded by the present HMAC DRBG implementation
even if the threshold is not smaller than `security_strength` bits.
Specifically, this is the case for our own entropy module implementation
which only allows requesting at most 32 Bytes of entropy at a time
in configurations disabling SHA-512, and this leads to runtime failure
of HMAC DRBG when used with Mbed TLS' own entropy callbacks in such
configurations.

This commit fixes this by splitting the seed entropy acquisition into
two calls, one requesting `security_strength` bits first, and another
one requesting `security_strength / 2` bits for the nonce.
2019-08-26 15:39:23 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
aesni.c Warn if using a memory sanitizer on AESNI 2018-04-05 15:37:38 +02:00
arc4.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
aria.c Implement parameter validation for ARIA module 2018-12-19 12:51:00 +00:00
asn1parse.c [FIXUP] Fix bug in ASN.1 traversal of silently ignored tag 2019-06-25 10:41:34 +01:00
asn1write.c Fix ASN1 bitstring writing 2019-02-11 21:13:33 +00:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
blowfish.c Implement parameter validation for Blowfish module 2018-12-19 12:52:59 +00:00
camellia.c Minor improvements to Camellia module and documentation 2018-12-19 13:42:05 +00:00
ccm.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
certs.c Re-generate library/certs.c from script 2019-05-30 10:58:12 +01:00
chacha20.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
chachapoly.c Fix wrong conditional in free() functions 2018-12-18 15:30:30 +00:00
cipher.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
cipher_wrap.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
cmac.c Merge remote-tracking branch 'public/pr/1390' into development 2018-06-27 10:51:47 +01:00
CMakeLists.txt Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
ctr_drbg.c Streamline mbedtls_xxx_drbg_update_seed_file 2018-11-26 19:26:22 +01:00
debug.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
des.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
dhm.c Allow DHM self test to run without MBEDTLS_PEM_PARSE_C 2019-05-30 10:58:12 +01:00
ecdh.c Fix mbedtls_ecdh_get_params with new ECDH context 2019-02-22 12:51:51 +01:00
ecdsa.c ECP restart: Don't calculate address of sub ctx if ctx is NULL 2019-07-19 14:56:09 +01:00
ecjpake.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
ecp.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ecp_curves.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
entropy.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
entropy_poll.c Add missing bracket 2018-11-06 13:12:47 +00:00
error.c Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
gcm.c Improve parameter validation in mbedtls_gcm_free() 2018-12-19 17:32:19 +01:00
havege.c Prevent building the HAVEGE module on platforms where it doesn't work 2019-06-17 15:12:51 +02:00
hkdf.c Fix issue if salt = NULL and salt_len !=0 in mbedtls_hkdf_extract() 2018-07-23 10:34:47 -07:00
hmac_drbg.c HMAC DRBG: Split entropy-gathering requests to reduce request sizes 2019-08-26 15:39:23 +01:00
Makefile Clean generated *.su file and gitignore them 2019-07-30 16:56:58 +02:00
md.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
md2.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
md4.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
md5.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
md_wrap.c New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
memory_buffer_alloc.c Fix braces in mbedtls_memory_buffer_alloc_status() 2018-06-12 16:56:04 +01:00
net_sockets.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
nist_kw.c Remove faulty cipher_finish calls from nist_kw 2018-12-20 12:15:40 +01:00
oid.c Address review comments 2019-06-18 11:05:44 +01:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Clear pk context and other minor changes in *_free() procedures 2018-06-12 18:25:09 +03:00
pk.c Merge remote-tracking branch 'public/pr/1721' into development-restricted 2018-12-20 12:37:13 +00:00
pk_wrap.c Fix or improve some comments (and whitespace) 2018-10-15 15:27:49 +02:00
pkcs5.c Guard mbedtls_pkcs5_pbes2() by MBEDTLS_ASN1_PARSE_C 2018-10-16 13:39:40 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Make PBE-related parts of PKCS12 depend on MBEDTLS_ASN1_PARSE_C 2018-10-16 13:39:40 +01:00
pkparse.c Fix unused variable warnings in pkparse.c 2019-06-18 11:31:59 +02:00
pkwrite.c PK parse/write: support keylen=0 correctly 2018-12-19 17:03:28 +01:00
platform.c Omit runtime configuration of calloc/free if macro config enabled 2018-10-11 11:04:20 +01:00
platform_util.c Remove the library provided function of MBEDTLS_PARAM_FAILED 2018-12-11 12:28:56 +01:00
poly1305.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ripemd160.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
rsa.c Merge remote-tracking branch 'public/pr/1721' into development-restricted 2018-12-20 12:37:13 +00:00
rsa_internal.c Bignum: Deprecate mbedtls_mpi_is_prime() 2018-10-09 16:36:53 +01:00
sha1.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha256.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha512.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
ssl_cache.c Remove compression field from SSL session if compression disabled 2019-08-01 10:11:20 +02:00
ssl_ciphersuites.c Restore static inline qualif'n of some helpers in ssl_ciphersuites.h 2019-07-08 11:23:25 +01:00
ssl_cli.c Merge remote-tracking branch 'origin/pr/630' into baremetal 2019-08-14 16:53:38 +01:00
ssl_cookie.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
ssl_srv.c Merge remote-tracking branch 'origin/pr/630' into baremetal 2019-08-14 16:53:38 +01:00
ssl_ticket.c Move session save/load function to ssl_tls.c 2019-06-03 09:51:08 +02:00
ssl_tls.c Merge remote-tracking branch 'origin/pr/633' into baremetal 2019-08-21 13:46:18 +01:00
threading.c Don't declare and define gmtime()-mutex on Windows platforms 2018-09-06 12:09:56 +01:00
timing.c timing: Remove redundant include file 2019-06-20 16:33:02 +01:00
version.c Fix missing void argument declarations #678 2016-11-04 23:05:56 +01:00
version_features.c Update version_features.c 2019-07-30 16:33:40 +03:00
x509.c Move def'n of X.509 time-verif funcs to hdr if no time available 2019-07-04 14:03:26 +01:00
x509_create.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509_crl.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509_crt.c Fix bug in MBEDTLS_X509_CRT_REMOVE_TIME 2019-07-30 16:56:58 +02:00
x509_csr.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509write_crt.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509write_csr.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
xtea.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00