Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern cprng(9): Fix accidental 4x seed size.

details:   https://anonhg.NetBSD.org/src/rev/5c9d048ff42d
branches:  trunk
changeset: 366067:5c9d048ff42d
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri May 13 09:40:25 2022 +0000

description:
cprng(9): Fix accidental 4x seed size.

With SHA-256, NIST Hash_DRBG takes an preferred 440-bit/55-byte seed.
It's a weird number, and I'm not sure where it comes from (a quick
skim of SP800-90A doesn't turn anything up), but it's certainly
sufficient (256-bit/32-byte seed is almost certainly enough) so it's
not a problem to use something larger; Hash_DRBG can absorb seeds of
arbitrary lengths and larger seeds can't really hurt security (with
minor caveats like HMAC RO quirks that don't apply here).

Except -- owing to a typo, we actually used a 1760-bit/220-byte seed,
because I wrote `uint32_t seed[...]' instead of `uint8_t seed[...]'.
Again: not a problem to use a seed larger than needed.  But let's
draw no more than we need out of the entropy pool!

Verified with CTASSERT(sizeof(seed) == 55).  (Assertion omitted from
this commit because we might swap out Hash_DRBG for something else
with a different seed size like 32 bytes.)

diffstat:

 sys/kern/subr_cprng.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 80e4441d70f3 -r 5c9d048ff42d sys/kern/subr_cprng.c
--- a/sys/kern/subr_cprng.c     Fri May 13 09:40:02 2022 +0000
+++ b/sys/kern/subr_cprng.c     Fri May 13 09:40:25 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_cprng.c,v 1.42 2022/03/16 23:56:33 riastradh Exp $        */
+/*     $NetBSD: subr_cprng.c,v 1.43 2022/05/13 09:40:25 riastradh Exp $        */
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -52,7 +52,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.42 2022/03/16 23:56:33 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.43 2022/05/13 09:40:25 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -268,7 +268,7 @@
 size_t
 cprng_strong(struct cprng_strong *cprng, void *buf, size_t len, int flags)
 {
-       uint32_t seed[NIST_HASH_DRBG_SEEDLEN_BYTES];
+       uint8_t seed[NIST_HASH_DRBG_SEEDLEN_BYTES];
        struct cprng_cpu *cc;
        unsigned epoch;
        int s;
Home | Main Index | Thread Index | Old Index