random: Hash continuous areas in the csprng pool.

* random/gnupg-random.c (mix_pool): Store the first hash at the end of
the pool.

--

This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.

The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology.  A paper describing the problem in
detail will shortly be published.

This is a port of c6dbfe89 from the GnuPG classic branch.

CVE-id: CVE-2016-6313

0 files changed, 0 insertions, 0 deletions