diff options
| author | jsing <> | 2014-10-22 13:02:04 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-22 13:02:04 +0000 |
| commit | a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8 (patch) | |
| tree | 32d920c77e1ecf12be5fad632b9ae71343194a7c /src/lib/libcrypto/asn1 | |
| parent | 5a6d7fd5a10b0ad084948463b25822d91091b325 (diff) | |
| download | openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.tar.gz openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.tar.bz2 openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.zip | |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
Diffstat (limited to 'src/lib/libcrypto/asn1')
| -rw-r--r-- | src/lib/libcrypto/asn1/asn_mime.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/p5_pbe.c | 8 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/p5_pbev2.c | 13 |
3 files changed, 13 insertions, 14 deletions
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c index c153deca1e..afa0abd696 100644 --- a/src/lib/libcrypto/asn1/asn_mime.c +++ b/src/lib/libcrypto/asn1/asn_mime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn_mime.c,v 1.22 2014/07/13 16:03:09 beck Exp $ */ | 1 | /* $OpenBSD: asn_mime.c,v 1.23 2014/10/22 13:02:03 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -54,12 +54,12 @@ | |||
| 54 | 54 | ||
| 55 | #include <ctype.h> | 55 | #include <ctype.h> |
| 56 | #include <stdio.h> | 56 | #include <stdio.h> |
| 57 | #include <stdlib.h> | ||
| 57 | #include <string.h> | 58 | #include <string.h> |
| 58 | 59 | ||
| 59 | #include <openssl/asn1.h> | 60 | #include <openssl/asn1.h> |
| 60 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
| 61 | #include <openssl/err.h> | 62 | #include <openssl/err.h> |
| 62 | #include <openssl/rand.h> | ||
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | #include "asn1_locl.h" | 65 | #include "asn1_locl.h" |
| @@ -298,7 +298,7 @@ SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, | |||
| 298 | if ((flags & SMIME_DETACHED) && data) { | 298 | if ((flags & SMIME_DETACHED) && data) { |
| 299 | /* We want multipart/signed */ | 299 | /* We want multipart/signed */ |
| 300 | /* Generate a random boundary */ | 300 | /* Generate a random boundary */ |
| 301 | RAND_pseudo_bytes((unsigned char *)bound, 32); | 301 | arc4random_buf(bound, 32); |
| 302 | for (i = 0; i < 32; i++) { | 302 | for (i = 0; i < 32; i++) { |
| 303 | c = bound[i] & 0xf; | 303 | c = bound[i] & 0xf; |
| 304 | if (c < 10) | 304 | if (c < 10) |
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c index ba892b185c..44fbb648be 100644 --- a/src/lib/libcrypto/asn1/p5_pbe.c +++ b/src/lib/libcrypto/asn1/p5_pbe.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_pbe.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ | 1 | /* $OpenBSD: p5_pbe.c,v 1.17 2014/10/22 13:02:03 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -57,11 +57,11 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | ||
| 60 | #include <string.h> | 61 | #include <string.h> |
| 61 | 62 | ||
| 62 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 64 | #include <openssl/rand.h> | ||
| 65 | #include <openssl/x509.h> | 65 | #include <openssl/x509.h> |
| 66 | 66 | ||
| 67 | /* PKCS#5 password based encryption structure */ | 67 | /* PKCS#5 password based encryption structure */ |
| @@ -104,8 +104,8 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, | |||
| 104 | sstr = ASN1_STRING_data(pbe->salt); | 104 | sstr = ASN1_STRING_data(pbe->salt); |
| 105 | if (salt) | 105 | if (salt) |
| 106 | memcpy(sstr, salt, saltlen); | 106 | memcpy(sstr, salt, saltlen); |
| 107 | else if (RAND_pseudo_bytes(sstr, saltlen) < 0) | 107 | else |
| 108 | goto err; | 108 | arc4random_buf(sstr, saltlen); |
| 109 | 109 | ||
| 110 | if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { | 110 | if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { |
| 111 | ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); | 111 | ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index 8085aba453..0947965219 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_pbev2.c,v 1.17 2014/07/11 08:44:47 jsing Exp $ */ | 1 | /* $OpenBSD: p5_pbev2.c,v 1.18 2014/10/22 13:02:03 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999-2004. | 3 | * project 1999-2004. |
| 4 | */ | 4 | */ |
| @@ -57,11 +57,11 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | ||
| 60 | #include <string.h> | 61 | #include <string.h> |
| 61 | 62 | ||
| 62 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 64 | #include <openssl/rand.h> | ||
| 65 | #include <openssl/x509.h> | 65 | #include <openssl/x509.h> |
| 66 | 66 | ||
| 67 | /* PKCS#5 v2.0 password based encryption structures */ | 67 | /* PKCS#5 v2.0 password based encryption structures */ |
| @@ -121,9 +121,8 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, | |||
| 121 | if (EVP_CIPHER_iv_length(cipher)) { | 121 | if (EVP_CIPHER_iv_length(cipher)) { |
| 122 | if (aiv) | 122 | if (aiv) |
| 123 | memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); | 123 | memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); |
| 124 | else if (RAND_pseudo_bytes(iv, | 124 | else |
| 125 | EVP_CIPHER_iv_length(cipher)) < 0) | 125 | arc4random_buf(iv, EVP_CIPHER_iv_length(cipher)); |
| 126 | goto err; | ||
| 127 | } | 126 | } |
| 128 | 127 | ||
| 129 | EVP_CIPHER_CTX_init(&ctx); | 128 | EVP_CIPHER_CTX_init(&ctx); |
| @@ -227,8 +226,8 @@ PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, | |||
| 227 | 226 | ||
| 228 | if (salt) | 227 | if (salt) |
| 229 | memcpy (osalt->data, salt, saltlen); | 228 | memcpy (osalt->data, salt, saltlen); |
| 230 | else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) | 229 | else |
| 231 | goto merr; | 230 | arc4random_buf(osalt->data, saltlen); |
| 232 | 231 | ||
| 233 | if (iter <= 0) | 232 | if (iter <= 0) |
| 234 | iter = PKCS5_DEFAULT_ITER; | 233 | iter = PKCS5_DEFAULT_ITER; |