View Issue Details

IDProjectCategoryView StatusLast Update
0009301GNUnetutil librarypublic2024-10-29 20:56
Reporterfefe Assigned Toschanzen  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version0.22.2Fixed in Version0.22.2 
Summary0009301: weakened randomness in GNUNET_CRYPTO_hash_create_random
DescriptionIn crypto_hash.c function GNUNET_CRYPTO_hash_create_random:

 99 void
100 GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
101 struct GNUNET_HashCode *result)
102 {
103 for (ssize_t i = (sizeof(struct GNUNET_HashCode) / sizeof(uint32_t)) - 1;
104 i >= 0;
105 i--)
106 result->bits[i] = GNUNET_CRYPTO_random_u32 (mode, UINT32_MAX);
107 }

Note that GNUNET_CRYPTO_random_u32 returns a result below UINT32_MAX, so
we are creating bad randomness here. The attacker can know that none of
the values is UINT32_MAX.
TagsNo tags attached.

Activities

schanzen

2024-10-25 13:39

administrator   ~0023596

Fix committed to master branch.

schanzen

2024-10-29 20:56

administrator   ~0023629

Released

Related Changesets

gnunet: master da2eae04

2024-10-25 15:38

schanzen


Details Diff
util: Create actually random hash from all set of possible values. Fixes 0009301 Affected Issues
0009301
mod - src/lib/util/crypto_hash.c Diff File

Issue History

Date Modified Username Field Change
2024-10-25 10:19 fefe New Issue
2024-10-25 13:39 schanzen Changeset attached => gnunet master da2eae04
2024-10-25 13:39 schanzen Note Added: 0023596
2024-10-25 13:39 schanzen Assigned To => schanzen
2024-10-25 13:39 schanzen Status new => resolved
2024-10-25 13:39 schanzen Resolution open => fixed
2024-10-25 13:39 schanzen Target Version => 0.22.2
2024-10-25 13:39 schanzen Fixed in Version => 0.22.2
2024-10-29 20:56 schanzen Note Added: 0023629
2024-10-29 20:56 schanzen Status resolved => closed