Module Name: src Committed By: riastradh Date: Fri May 13 09:40:25 UTC 2022
Modified Files: src/sys/kern: subr_cprng.c Log Message: cprng(9): Fix accidental 4x seed size. With SHA-256, NIST Hash_DRBG takes an preferred 440-bit/55-byte seed. It's a weird number, and I'm not sure where it comes from (a quick skim of SP800-90A doesn't turn anything up), but it's certainly sufficient (256-bit/32-byte seed is almost certainly enough) so it's not a problem to use something larger; Hash_DRBG can absorb seeds of arbitrary lengths and larger seeds can't really hurt security (with minor caveats like HMAC RO quirks that don't apply here). Except -- owing to a typo, we actually used a 1760-bit/220-byte seed, because I wrote `uint32_t seed[...]' instead of `uint8_t seed[...]'. Again: not a problem to use a seed larger than needed. But let's draw no more than we need out of the entropy pool! Verified with CTASSERT(sizeof(seed) == 55). (Assertion omitted from this commit because we might swap out Hash_DRBG for something else with a different seed size like 32 bytes.) To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/subr_cprng.c diff -u src/sys/kern/subr_cprng.c:1.42 src/sys/kern/subr_cprng.c:1.43 --- src/sys/kern/subr_cprng.c:1.42 Wed Mar 16 23:56:33 2022 +++ src/sys/kern/subr_cprng.c Fri May 13 09:40:25 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_cprng.c,v 1.42 2022/03/16 23:56:33 riastradh Exp $ */ +/* $NetBSD: subr_cprng.c,v 1.43 2022/05/13 09:40:25 riastradh Exp $ */ /*- * Copyright (c) 2019 The NetBSD Foundation, Inc. @@ -52,7 +52,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.42 2022/03/16 23:56:33 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.43 2022/05/13 09:40:25 riastradh Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -268,7 +268,7 @@ cprng_fini_cpu(void *ptr, void *cookie, size_t cprng_strong(struct cprng_strong *cprng, void *buf, size_t len, int flags) { - uint32_t seed[NIST_HASH_DRBG_SEEDLEN_BYTES]; + uint8_t seed[NIST_HASH_DRBG_SEEDLEN_BYTES]; struct cprng_cpu *cc; unsigned epoch; int s;