Page MenuHomeFreeBSD

EKCD: Preload error strings, PRNG seed; use OAEP padding
ClosedPublic

Authored by cem on Apr 22 2020, 6:46 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 24, 11:19 PM
Unknown Object (File)
Oct 24 2024, 11:47 AM
Unknown Object (File)
Oct 24 2024, 5:38 AM
Unknown Object (File)
Sep 30 2024, 7:01 PM
Unknown Object (File)
Sep 30 2024, 3:19 PM
Unknown Object (File)
Sep 25 2024, 12:37 AM
Unknown Object (File)
Sep 25 2024, 12:37 AM
Unknown Object (File)
Sep 25 2024, 12:37 AM
Subscribers

Details

Summary

Preload OpenSSL ERR string data so that the formatted error messages are
vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt()
operation failure case in one-time key generation.

For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG
before entering Cap mode, as old versions of OpenSSL are unaware of kernel
RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or
the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt()
wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the
"MGF" pseudo-random function in OAEP padding.)

Switch dumpon to encrypt the one-time key with OAEP padding (recommended since
1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313).

Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5
decryption on failure. This is intended only for transition convenience, and
we should obsolete support for non-OAEP padding in a release or two.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable