Hot!CRYPT_RNG_BlockGenerate 2.04 failure

Author
friesen
Super Member
  • Total Posts : 2036
  • Reward points : 0
  • Joined: 2008/05/08 05:23:35
  • Location: Indiana, USA
  • Status: offline
2018/09/06 06:23:13 (permalink)
0

CRYPT_RNG_BlockGenerate 2.04 failure

I am finding that after some period of time(10 hours, every 25ms) I am getting failures on CRYPT_RNG_BlockGenerate  using Harmony 2.04, FreeRTOS 10 and PIC32MZ2064DAH176.
 
These failures are happening in function
 
int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz){

    if (rng->status != DRBG_OK)
        return RNG_FAILURE_E;//<<-- Happening here cause DRBG_FAILED

 
I'm not sure what to look for here.
 
Is CRYPT_RNG_BlockGenerate threadsafe/reentrant?

Erik Friesen
#1

4 Replies Related Threads

    friesen
    Super Member
    • Total Posts : 2036
    • Reward points : 0
    • Joined: 2008/05/08 05:23:35
    • Location: Indiana, USA
    • Status: offline
    Re: CRYPT_RNG_BlockGenerate 2.04 failure 2018/09/07 05:25:45 (permalink)
    0
    It is failing farther down
     
        if (ret == DRBG_SUCCESS) {
            ret = 0;
        }
        else if (ret == DRBG_CONT_FAILURE) {
            ret = DRBG_CONT_FIPS_E;
            rng->status = DRBG_CONT_FAILED;
        }
        else {
            ret = RNG_FAILURE_E;
            rng->status = DRBG_FAILED;//<<-- fails here
        }

     
    Also, fails have the common value in DRBG reseedCtr of 0x40420F00, which incidentally is byte swapped RESEED_INTERVAL
     
    #define RESEED_INTERVAL   (1000000)  == 0xF4240
     
     
    post edited by friesen - 2018/09/07 05:29:02

    Erik Friesen
    #2
    friesen
    Super Member
    • Total Posts : 2036
    • Reward points : 0
    • Joined: 2008/05/08 05:23:35
    • Location: Indiana, USA
    • Status: offline
    Re: CRYPT_RNG_BlockGenerate 2.04 failure 2018/09/07 05:34:32 (permalink)
    0
    Another thing, it would appear that CRYPT_RNG_Initialize uses malloc, plus caching, I would wonder if the programmer was perceptive tocache lines.
     
    Really, something like should be documented, as this there is no harmony way to free this memory.

    Erik Friesen
    #3
    friesen
    Super Member
    • Total Posts : 2036
    • Reward points : 0
    • Joined: 2008/05/08 05:23:35
    • Location: Indiana, USA
    • Status: offline
    Re: CRYPT_RNG_BlockGenerate 2.04 failure 2018/09/07 06:06:57 (permalink)
    0
    Ok, so apparently the firewall is now silently failing, ugh.
     
    The problem is in Hash_DRBG_Generate, it lumps DRBG_NEED_RESEED as fails here
     
    return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
     
    The bug is all the way into 2.06
     
    Please paypal donations to ....

    Erik Friesen
    #4
    friesen
    Super Member
    • Total Posts : 2036
    • Reward points : 0
    • Joined: 2008/05/08 05:23:35
    • Location: Indiana, USA
    • Status: offline
    Re: CRYPT_RNG_BlockGenerate 2.04 failure 2018/09/07 06:08:45 (permalink)
    0
    Also, the 2.06 version would have a memory leak if FREE_VAR was free.

    Erik Friesen
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 4.5