diff options
author | Werner Koch <wk@gnupg.org> | 2016-03-31 19:33:43 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2016-03-31 19:33:43 +0200 |
commit | a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0 (patch) | |
tree | 7b3e97f8bf5ae6c1388684e39653d40b1542eca8 /random/random-csprng.c | |
parent | 142a479a484cb4e84d0561be9b05b44dac9e6fe2 (diff) | |
download | libgcrypt-a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0.tar.gz |
random: Replace RMD160 by SHA-1 for mixing the CSPRNG pool.
* cipher/sha1.c (_gcry_sha1_mixblock_init): New.
(_gcry_sha1_mixblock): New.
* random/random-csprng.c: Include sha1.h instead of rmd.h.
(mix_pool): Use SHA-1 instead of RIPE-MD-160 for mixing.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'random/random-csprng.c')
-rw-r--r-- | random/random-csprng.c | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/random/random-csprng.c b/random/random-csprng.c index e7b751a2..a0bfc783 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -56,10 +56,10 @@ #include <process.h> #endif #include "g10lib.h" -#include "../cipher/rmd.h" #include "random.h" #include "rand-internal.h" -#include "cipher.h" /* Required for the rmd160_hash_buffer() prototype. */ +#include "cipher.h" /* _gcry_sha1_hash_buffer */ +#include "../cipher/sha1.h" /* _gcry_sha1_mixblock */ #ifndef RAND_MAX /* For SunOS. */ #define RAND_MAX 32767 @@ -83,7 +83,7 @@ /* Contstants pertaining to the hash pool. */ #define BLOCKLEN 64 /* Hash this amount of bytes... */ -#define DIGESTLEN 20 /* ... into a digest of this length (rmd160). */ +#define DIGESTLEN 20 /* ... into a digest of this length (sha-1). */ /* POOLBLOCKS is the number of digests which make up the pool. */ #define POOLBLOCKS 30 /* POOLSIZE must be a multiple of the digest length to make the AND @@ -593,20 +593,21 @@ mix_pool(unsigned char *pool) unsigned char *hashbuf = pool + POOLSIZE; unsigned char *p, *pend; int i, n; - RMD160_CONTEXT md; + SHA1_CONTEXT md; + unsigned int nburn; #if DIGESTLEN != 20 -#error must have a digest length of 20 for ripe-md-160 +#error must have a digest length of 20 for SHA-1 #endif gcry_assert (pool_is_locked); - _gcry_rmd160_init( &md ); + _gcry_sha1_mixblock_init (&md); /* Loop over the pool. */ pend = pool + POOLSIZE; memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN ); memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); - _gcry_rmd160_mixblock( &md, hashbuf); + nburn = _gcry_sha1_mixblock (&md, hashbuf); memcpy(pool, hashbuf, 20 ); if (failsafe_digest_valid && pool == rndpool) @@ -635,21 +636,21 @@ mix_pool(unsigned char *pool) } } - _gcry_rmd160_mixblock ( &md, hashbuf); + _gcry_sha1_mixblock (&md, hashbuf); memcpy(p, hashbuf, 20 ); } - /* Our hash implementation does only leave small parts (64 bytes) - of the pool on the stack, so it is okay not to require secure - memory here. Before we use this pool, it will be copied to the - help buffer anyway. */ - if ( pool == rndpool) - { - _gcry_rmd160_hash_buffer (failsafe_digest, pool, POOLSIZE); - failsafe_digest_valid = 1; - } - - _gcry_burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */ + /* Our hash implementation does only leave small parts (64 bytes) + of the pool on the stack, so it is okay not to require secure + memory here. Before we use this pool, it will be copied to the + help buffer anyway. */ + if ( pool == rndpool) + { + _gcry_sha1_hash_buffer (failsafe_digest, pool, POOLSIZE); + failsafe_digest_valid = 1; + } + + _gcry_burn_stack (nburn); } |