• Stephan Mueller's avatar
    crypto: drbg - Mix a time stamp into DRBG state · 27e4de2b
    Stephan Mueller authored
    The current locking approach of the DRBG tries to keep the protected
    code paths very minimal. It is therefore possible that two threads query
    one DRBG instance at the same time. When thread A requests random
    numbers, a shadow copy of the DRBG state is created upon which the
    request for A is processed. After finishing the state for A's request is
    merged back into the DRBG state. If now thread B requests random numbers
    from the same DRBG after the request for thread A is received, but
    before A's shadow state is merged back, the random numbers for B will be
    identical to the ones for A. Please note that the time window is very
    small for this scenario.
    
    To prevent that there is even a theoretical chance for thread A and B
    having the same DRBG state, the current time stamp is provided as
    additional information string for each new request.
    
    The addition of the time stamp as additional information string implies
    that now all generate functions must be capable to process a linked
    list with additional information strings instead of a scalar.
    
    CC: Rafael Aquini <aquini@redhat.com>
    Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    27e4de2b
drbg.h 8.79 KB