Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return value of generation is not checked #1

Closed
jflopezfernandez opened this issue Jun 2, 2019 · 1 comment
Closed

Return value of generation is not checked #1

jflopezfernandez opened this issue Jun 2, 2019 · 1 comment
Assignees
@jflopezfernandez
Labels
Critical Program has an error that severely endangers the security of its dependencies

Comments

@jflopezfernandez
Copy link
Owner

The return value of RDRAND must be checked to verify it is not zero.

If the CPU does not have enough entropy to generate secure random numbers at the rate the operating system is asking for them, the CPU will return zero and set the CF flag to zero to indicate the return value was not cryptographically secure.

As currently written, the application simply returns the zero value in RAX, printing it to standard output, potentially endangering any programs depending on the cryptographically secure output generated by the program.
@jflopezfernandez jflopezfernandez added the Critical Program has an error that severely endangers the security of its dependencies label Jun 2, 2019
@jflopezfernandez jflopezfernandez self-assigned this Jun 2, 2019
@jflopezfernandez
Copy link
Owner Author

Issue fixed in commit id: f42b6e4ef2eb77fe6f6a19439fd33b0e7c71cb07.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jflopezfernandez jflopezfernandez

Labels
Critical Program has an error that severely endangers the security of its dependencies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jflopezfernandez