diff options
| author | jsing <> | 2014-10-22 13:02:04 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-22 13:02:04 +0000 |
| commit | a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8 (patch) | |
| tree | 32d920c77e1ecf12be5fad632b9ae71343194a7c /src/lib/libcrypto/bn | |
| parent | 5a6d7fd5a10b0ad084948463b25822d91091b325 (diff) | |
| download | openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.tar.gz openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.tar.bz2 openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.zip | |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
Diffstat (limited to 'src/lib/libcrypto/bn')
| -rw-r--r-- | src/lib/libcrypto/bn/bn.h | 17 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_rand.c | 15 |
2 files changed, 10 insertions, 22 deletions
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h index 155adf4fe0..10414dc339 100644 --- a/src/lib/libcrypto/bn/bn.h +++ b/src/lib/libcrypto/bn/bn.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn.h,v 1.24 2014/06/27 06:07:35 deraadt Exp $ */ | 1 | /* $OpenBSD: bn.h,v 1.25 2014/10/22 13:02:04 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -125,9 +125,11 @@ | |||
| 125 | #ifndef HEADER_BN_H | 125 | #ifndef HEADER_BN_H |
| 126 | #define HEADER_BN_H | 126 | #define HEADER_BN_H |
| 127 | 127 | ||
| 128 | #include <stdio.h> | ||
| 129 | #include <stdlib.h> | ||
| 130 | |||
| 128 | #include <openssl/opensslconf.h> | 131 | #include <openssl/opensslconf.h> |
| 129 | 132 | ||
| 130 | #include <stdio.h> /* FILE */ | ||
| 131 | #include <openssl/ossl_typ.h> | 133 | #include <openssl/ossl_typ.h> |
| 132 | #include <openssl/crypto.h> | 134 | #include <openssl/crypto.h> |
| 133 | 135 | ||
| @@ -673,11 +675,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ | |||
| 673 | #include <assert.h> | 675 | #include <assert.h> |
| 674 | 676 | ||
| 675 | #ifdef BN_DEBUG_RAND | 677 | #ifdef BN_DEBUG_RAND |
| 676 | /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ | ||
| 677 | #ifndef RAND_pseudo_bytes | ||
| 678 | int RAND_pseudo_bytes(unsigned char *buf, int num); | ||
| 679 | #define BN_DEBUG_TRIX | ||
| 680 | #endif | ||
| 681 | #define bn_pollute(a) \ | 678 | #define bn_pollute(a) \ |
| 682 | do { \ | 679 | do { \ |
| 683 | const BIGNUM *_bnum1 = (a); \ | 680 | const BIGNUM *_bnum1 = (a); \ |
| @@ -688,17 +685,15 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); | |||
| 688 | * wouldn't be constructed with top!=dmax. */ \ | 685 | * wouldn't be constructed with top!=dmax. */ \ |
| 689 | BN_ULONG *_not_const; \ | 686 | BN_ULONG *_not_const; \ |
| 690 | memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ | 687 | memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ |
| 691 | RAND_pseudo_bytes(&_tmp_char, 1); \ | 688 | arc4random_buf(&_tmp_char, 1); \ |
| 692 | memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ | 689 | memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ |
| 693 | (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ | 690 | (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ |
| 694 | } \ | 691 | } \ |
| 695 | } while(0) | 692 | } while(0) |
| 696 | #ifdef BN_DEBUG_TRIX | ||
| 697 | #undef RAND_pseudo_bytes | ||
| 698 | #endif | ||
| 699 | #else | 693 | #else |
| 700 | #define bn_pollute(a) | 694 | #define bn_pollute(a) |
| 701 | #endif | 695 | #endif |
| 696 | |||
| 702 | #define bn_check_top(a) \ | 697 | #define bn_check_top(a) \ |
| 703 | do { \ | 698 | do { \ |
| 704 | const BIGNUM *_bnum2 = (a); \ | 699 | const BIGNUM *_bnum2 = (a); \ |
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c index acb17882ef..334c65dd57 100644 --- a/src/lib/libcrypto/bn/bn_rand.c +++ b/src/lib/libcrypto/bn/bn_rand.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_rand.c,v 1.15 2014/07/11 08:44:48 jsing Exp $ */ | 1 | /* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -110,10 +110,10 @@ | |||
| 110 | */ | 110 | */ |
| 111 | 111 | ||
| 112 | #include <stdio.h> | 112 | #include <stdio.h> |
| 113 | #include <stdlib.h> | ||
| 113 | #include <time.h> | 114 | #include <time.h> |
| 114 | 115 | ||
| 115 | #include <openssl/err.h> | 116 | #include <openssl/err.h> |
| 116 | #include <openssl/rand.h> | ||
| 117 | 117 | ||
| 118 | #include "bn_lcl.h" | 118 | #include "bn_lcl.h" |
| 119 | 119 | ||
| @@ -139,14 +139,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) | |||
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | /* make a random number and set the top and bottom bits */ | 141 | /* make a random number and set the top and bottom bits */ |
| 142 | 142 | arc4random_buf(buf, bytes); | |
| 143 | if (pseudorand) { | ||
| 144 | if (RAND_pseudo_bytes(buf, bytes) == -1) | ||
| 145 | goto err; | ||
| 146 | } else { | ||
| 147 | if (RAND_bytes(buf, bytes) <= 0) | ||
| 148 | goto err; | ||
| 149 | } | ||
| 150 | 143 | ||
| 151 | #if 1 | 144 | #if 1 |
| 152 | if (pseudorand == 2) { | 145 | if (pseudorand == 2) { |
| @@ -156,7 +149,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) | |||
| 156 | unsigned char c; | 149 | unsigned char c; |
| 157 | 150 | ||
| 158 | for (i = 0; i < bytes; i++) { | 151 | for (i = 0; i < bytes; i++) { |
| 159 | RAND_pseudo_bytes(&c, 1); | 152 | arc4random_buf(&c, 1); |
| 160 | if (c >= 128 && i > 0) | 153 | if (c >= 128 && i > 0) |
| 161 | buf[i] = buf[i - 1]; | 154 | buf[i] = buf[i - 1]; |
| 162 | else if (c < 42) | 155 | else if (c < 42) |