mbedtls/library
Hanno Becker b98e326455 HMAC DRBG: Split entropy-gathering requests to reduce request sizes
According to SP800-90A, the DRBG seeding process should use a nonce
of length `security_strength / 2` bits as part of the DRBG seed. It
further notes that this nonce may be drawn from the same source of
entropy that is used for the first `security_strength` bits of the
DRBG seed. The present HMAC DRBG implementation does that, requesting
`security_strength * 3 / 2` bits of entropy from the configured entropy
source in total to form the initial part of the DRBG seed.

However, some entropy sources may have thresholds in terms of how much
entropy they can provide in a single call to their entropy gathering
function which may be exceeded by the present HMAC DRBG implementation
even if the threshold is not smaller than `security_strength` bits.
Specifically, this is the case for our own entropy module implementation
which only allows requesting at most 32 Bytes of entropy at a time
in configurations disabling SHA-512, and this leads to runtime failure
of HMAC DRBG when used with Mbed Crypto' own entropy callbacks in such
configurations.

This commit fixes this by splitting the seed entropy acquisition into
two calls, one requesting `security_strength` bits first, and another
one requesting `security_strength / 2` bits for the nonce.

Fixes #237.
2019-08-30 12:16:55 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Add missing MBEDTLS_DEPRECATED_REMOVED guards 2018-02-21 19:16:20 +01:00
aesni.c Fix build errors on x32 by using the generic 'add' instruction 2016-05-23 14:29:28 +01:00
arc4.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
asn1write.c Fix ASN1 bitstring writing 2019-02-11 21:10:48 +00:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Fix typo 2019-03-06 14:00:44 +00:00
blowfish.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
camellia.c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
ccm.c enforce input and output of ccm selftest on stack 2018-07-30 11:43:08 +03:00
certs.c Update certificates to expire in 2029 2019-07-10 17:23:06 +03:00
cipher.c Merge remote-tracking branch 'public/pr/1763' into mbedtls-2.7-proposed 2018-10-28 18:13:46 +00:00
cipher_wrap.c Fix after PR comments 2018-06-21 14:03:14 +03:00
cmac.c Merge remote-tracking branch 'public/pr/1390' into mbedtls-2.7 2018-06-27 11:11:34 +01:00
CMakeLists.txt Update library version to 2.7.11 2019-06-11 17:31:57 +01:00
ctr_drbg.c CTR_DRBG: add mbedtls_ctr_drbg_update_ret 2018-09-13 22:19:31 +02:00
debug.c Return from debugging functions if SSL context is unset 2018-08-23 14:57:39 +01:00
des.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
dhm.c Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted 2018-01-26 18:43:04 +00:00
ecdh.c Fix ecdh_get_params with mismatching group 2019-02-21 18:17:05 +01:00
ecdsa.c Return error code of underlying function. 2018-12-17 10:22:19 +02:00
ecjpake.c Fix #2370, minor typos and spelling mistakes 2019-02-18 15:57:54 +00:00
ecp.c typo fix 2018-10-23 07:40:13 -07:00
ecp_curves.c ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
entropy.c Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
entropy_poll.c Add missing bracket 2018-11-05 12:17:15 +00:00
error.c Fix #2370, minor typos and spelling mistakes 2019-02-18 15:57:54 +00:00
gcm.c Merge remote-tracking branch 'upstream-public/pr/964' into development 2018-01-02 16:24:29 +01:00
havege.c Prevent building the HAVEGE module on platforms where it doesn't work 2019-07-05 11:33:10 +02:00
hmac_drbg.c HMAC DRBG: Split entropy-gathering requests to reduce request sizes 2019-08-30 12:16:55 +01:00
Makefile Fix #2370, minor typos and spelling mistakes 2019-02-18 15:57:54 +00:00
md.c Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
md2.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
md4.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
md5.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
md_wrap.c New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
memory_buffer_alloc.c Fix braces in mbedtls_memory_buffer_alloc_status() 2018-05-23 16:32:33 +01:00
net_sockets.c net_sockets: Fix typo in net_would_block() 2019-06-20 16:28:10 +01:00
oid.c pkcs5v2: add support for additional hmacSHA algorithms 2018-02-08 17:18:15 +08:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed 2018-03-12 23:44:56 +01:00
pk.c Change PK module preprocessor check on word size 2017-08-04 13:32:15 +01:00
pk_wrap.c Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH 2018-03-30 18:43:16 +02:00
pkcs5.c Guard mbedtls_pkcs5_pbes2() by MBEDTLS_ASN1_PARSE_C 2018-10-16 13:53:58 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Make PBE-related parts of PKCS12 depend on MBEDTLS_ASN1_PARSE_C 2018-10-16 13:53:50 +01:00
pkparse.c Reinitialize PK ctx in mbedtls_pk_parse_key before reuse are free 2018-10-25 15:24:21 +01:00
pkwrite.c Adapt PK test suite to use new interface 2017-08-23 16:17:27 +01:00
platform.c Omit runtime configuration of calloc/free if macro config enabled 2018-10-11 11:10:14 +01:00
ripemd160.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
rsa.c Fix undefined behavior in unsigned-to-signed conversion 2018-10-12 19:19:12 +02:00
rsa_internal.c Add explicit type cast to avoid truncation warning 2018-01-03 09:27:40 +00:00
sha1.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
sha256.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
sha512.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
ssl_cache.c Address PR review comments 2017-10-29 17:53:52 +02:00
ssl_ciphersuites.c Reduce priority of 3DES ciphersuites 2019-02-13 09:52:46 +00:00
ssl_cli.c Add explicit unsigned-to-signed integer conversion 2018-10-10 15:50:05 +01:00
ssl_cookie.c Fix resource leak when using mutex and ssl_cookie 2017-03-02 12:26:11 +00:00
ssl_srv.c Fix #2370, minor typos and spelling mistakes 2019-02-18 15:57:54 +00:00
ssl_ticket.c Indentation fix 2018-10-26 10:08:29 +01:00
ssl_tls.c Merge remote-tracking branch 'origin/pr/2713' into mbedtls-2.7 2019-06-21 15:58:02 +01:00
threading.c Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:13:08 +00:00
timing.c timing: Remove redundant include file 2019-06-20 16:28:10 +01:00
version.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
version_features.c Reduce priority of 3DES ciphersuites 2019-02-13 09:52:46 +00:00
x509.c Merge remote-tracking branch 'origin/pr/2451' into mbedtls-2.7 2019-06-21 15:55:21 +01:00
x509_create.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
x509_crl.c Always return a high-level error code from X.509 module 2019-06-04 14:03:27 +01:00
x509_crt.c Always return a high-level error code from X.509 module 2019-06-04 14:03:27 +01:00
x509_csr.c Fix CSR parsing header call 2018-12-05 23:23:39 +00:00
x509write_crt.c Fix ASN1 bitstring writing 2019-02-11 21:10:48 +00:00
x509write_csr.c Fix ASN1 bitstring writing 2019-02-11 21:10:48 +00:00
xtea.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00