diff options
| author | miod <> | 2014-11-09 19:24:30 +0000 |
|---|---|---|
| committer | miod <> | 2014-11-09 19:24:30 +0000 |
| commit | 73a7816209b98b60e458e2975460de46215d27cf (patch) | |
| tree | 844587803632407cc9aa4ee2efd17c963141b704 | |
| parent | 12455d6eff265f95b0a7e20595630321799f50a2 (diff) | |
| download | openbsd-73a7816209b98b60e458e2975460de46215d27cf.tar.gz openbsd-73a7816209b98b60e458e2975460de46215d27cf.tar.bz2 openbsd-73a7816209b98b60e458e2975460de46215d27cf.zip | |
Replace RAND_bytes() usage with arc4random_buf().
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/gost/gost.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/gost/gost_err.c | 1 | ||||
| -rw-r--r-- | src/lib/libcrypto/gost/gostr341001_pmeth.c | 9 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/gost/gost.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/gost/gost_err.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c | 9 |
6 files changed, 6 insertions, 20 deletions
diff --git a/src/lib/libcrypto/gost/gost.h b/src/lib/libcrypto/gost/gost.h index 5296e7b9c2..516c1b41fc 100644 --- a/src/lib/libcrypto/gost/gost.h +++ b/src/lib/libcrypto/gost/gost.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gost.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */ | 1 | /* $OpenBSD: gost.h,v 1.2 2014/11/09 19:24:30 miod Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> |
| 4 | * Copyright (c) 2005-2006 Cryptocom LTD | 4 | * Copyright (c) 2005-2006 Cryptocom LTD |
| @@ -251,7 +251,6 @@ void ERR_load_GOST_strings(void); | |||
| 251 | #define GOST_R_NO_PEER_KEY 116 | 251 | #define GOST_R_NO_PEER_KEY 116 |
| 252 | #define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117 | 252 | #define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117 |
| 253 | #define GOST_R_PUBLIC_KEY_UNDEFINED 118 | 253 | #define GOST_R_PUBLIC_KEY_UNDEFINED 118 |
| 254 | #define GOST_R_RANDOM_GENERATOR_FAILURE 119 | ||
| 255 | #define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120 | 254 | #define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120 |
| 256 | #define GOST_R_SIGNATURE_MISMATCH 121 | 255 | #define GOST_R_SIGNATURE_MISMATCH 121 |
| 257 | #define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122 | 256 | #define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122 |
diff --git a/src/lib/libcrypto/gost/gost_err.c b/src/lib/libcrypto/gost/gost_err.c index a52fe4cd5a..b4e061f985 100644 --- a/src/lib/libcrypto/gost/gost_err.c +++ b/src/lib/libcrypto/gost/gost_err.c | |||
| @@ -120,7 +120,6 @@ static ERR_STRING_DATA GOST_str_reasons[]= | |||
| 120 | {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, | 120 | {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, |
| 121 | {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, | 121 | {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, |
| 122 | {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, | 122 | {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, |
| 123 | {ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"}, | ||
| 124 | {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, | 123 | {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, |
| 125 | {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, | 124 | {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, |
| 126 | {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, | 125 | {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, |
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c index 0f82e88a9d..910c0b9c45 100644 --- a/src/lib/libcrypto/gost/gostr341001_pmeth.c +++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gostr341001_pmeth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */ | 1 | /* $OpenBSD: gostr341001_pmeth.c,v 1.2 2014/11/09 19:24:30 miod Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> |
| 4 | * Copyright (c) 2005-2006 Cryptocom LTD | 4 | * Copyright (c) 2005-2006 Cryptocom LTD |
| @@ -60,7 +60,6 @@ | |||
| 60 | #include <openssl/ec.h> | 60 | #include <openssl/ec.h> |
| 61 | #include <openssl/ecdsa.h> | 61 | #include <openssl/ecdsa.h> |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/rand.h> /* for RAND_bytes */ | ||
| 64 | 63 | ||
| 65 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
| 66 | #include "gost_locl.h" | 65 | #include "gost_locl.h" |
| @@ -454,11 +453,7 @@ int pkey_gost01_encrypt(EVP_PKEY_CTX * pctx, unsigned char *out, | |||
| 454 | if (data->shared_ukm) { | 453 | if (data->shared_ukm) { |
| 455 | memcpy(ukm, data->shared_ukm, 8); | 454 | memcpy(ukm, data->shared_ukm, 8); |
| 456 | } else if (out) { | 455 | } else if (out) { |
| 457 | if (RAND_bytes(ukm, 8) <= 0) { | 456 | arc4random_buf(ukm, 8); |
| 458 | GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT, | ||
| 459 | GOST_R_RANDOM_GENERATOR_FAILURE); | ||
| 460 | return 0; | ||
| 461 | } | ||
| 462 | } | 457 | } |
| 463 | /* Check for private key in the peer_key of context */ | 458 | /* Check for private key in the peer_key of context */ |
| 464 | if (sec_key) { | 459 | if (sec_key) { |
diff --git a/src/lib/libssl/src/crypto/gost/gost.h b/src/lib/libssl/src/crypto/gost/gost.h index 5296e7b9c2..516c1b41fc 100644 --- a/src/lib/libssl/src/crypto/gost/gost.h +++ b/src/lib/libssl/src/crypto/gost/gost.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gost.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */ | 1 | /* $OpenBSD: gost.h,v 1.2 2014/11/09 19:24:30 miod Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> |
| 4 | * Copyright (c) 2005-2006 Cryptocom LTD | 4 | * Copyright (c) 2005-2006 Cryptocom LTD |
| @@ -251,7 +251,6 @@ void ERR_load_GOST_strings(void); | |||
| 251 | #define GOST_R_NO_PEER_KEY 116 | 251 | #define GOST_R_NO_PEER_KEY 116 |
| 252 | #define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117 | 252 | #define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117 |
| 253 | #define GOST_R_PUBLIC_KEY_UNDEFINED 118 | 253 | #define GOST_R_PUBLIC_KEY_UNDEFINED 118 |
| 254 | #define GOST_R_RANDOM_GENERATOR_FAILURE 119 | ||
| 255 | #define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120 | 254 | #define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120 |
| 256 | #define GOST_R_SIGNATURE_MISMATCH 121 | 255 | #define GOST_R_SIGNATURE_MISMATCH 121 |
| 257 | #define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122 | 256 | #define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122 |
diff --git a/src/lib/libssl/src/crypto/gost/gost_err.c b/src/lib/libssl/src/crypto/gost/gost_err.c index a52fe4cd5a..b4e061f985 100644 --- a/src/lib/libssl/src/crypto/gost/gost_err.c +++ b/src/lib/libssl/src/crypto/gost/gost_err.c | |||
| @@ -120,7 +120,6 @@ static ERR_STRING_DATA GOST_str_reasons[]= | |||
| 120 | {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, | 120 | {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, |
| 121 | {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, | 121 | {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, |
| 122 | {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, | 122 | {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, |
| 123 | {ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"}, | ||
| 124 | {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, | 123 | {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, |
| 125 | {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, | 124 | {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, |
| 126 | {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, | 125 | {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, |
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c index 0f82e88a9d..910c0b9c45 100644 --- a/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c +++ b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gostr341001_pmeth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */ | 1 | /* $OpenBSD: gostr341001_pmeth.c,v 1.2 2014/11/09 19:24:30 miod Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> |
| 4 | * Copyright (c) 2005-2006 Cryptocom LTD | 4 | * Copyright (c) 2005-2006 Cryptocom LTD |
| @@ -60,7 +60,6 @@ | |||
| 60 | #include <openssl/ec.h> | 60 | #include <openssl/ec.h> |
| 61 | #include <openssl/ecdsa.h> | 61 | #include <openssl/ecdsa.h> |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/rand.h> /* for RAND_bytes */ | ||
| 64 | 63 | ||
| 65 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
| 66 | #include "gost_locl.h" | 65 | #include "gost_locl.h" |
| @@ -454,11 +453,7 @@ int pkey_gost01_encrypt(EVP_PKEY_CTX * pctx, unsigned char *out, | |||
| 454 | if (data->shared_ukm) { | 453 | if (data->shared_ukm) { |
| 455 | memcpy(ukm, data->shared_ukm, 8); | 454 | memcpy(ukm, data->shared_ukm, 8); |
| 456 | } else if (out) { | 455 | } else if (out) { |
| 457 | if (RAND_bytes(ukm, 8) <= 0) { | 456 | arc4random_buf(ukm, 8); |
| 458 | GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT, | ||
| 459 | GOST_R_RANDOM_GENERATOR_FAILURE); | ||
| 460 | return 0; | ||
| 461 | } | ||
| 462 | } | 457 | } |
| 463 | /* Check for private key in the peer_key of context */ | 458 | /* Check for private key in the peer_key of context */ |
| 464 | if (sec_key) { | 459 | if (sec_key) { |