summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/e_des3.c
diff options
context:
space:
mode:
authormiod <>2014-07-22 18:10:48 +0000
committermiod <>2014-07-22 18:10:48 +0000
commite1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2 (patch)
tree2f115d7407c065770ac7058ec55839e660ffe29e /src/lib/libcrypto/evp/e_des3.c
parent9537b06bc09eb72b0f1edd06de4049fb515437b8 (diff)
downloadopenbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.tar.gz
openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.tar.bz2
openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.zip
Now that DES_random_key() can be trusted, use it to generate DES keys in the
EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@
Diffstat (limited to 'src/lib/libcrypto/evp/e_des3.c')
-rw-r--r--src/lib/libcrypto/evp/e_des3.c13
1 files changed, 6 insertions, 7 deletions
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 0f1974f6c9..5f42a0ade9 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ 1/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
271 271
272 switch (type) { 272 switch (type) {
273 case EVP_CTRL_RAND_KEY: 273 case EVP_CTRL_RAND_KEY:
274 if (RAND_bytes(ptr, c->key_len) <= 0) 274 if (DES_random_key(deskey) == 0)
275 return 0;
276 if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0)
277 return 0;
278 if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0)
275 return 0; 279 return 0;
276 DES_set_odd_parity(deskey);
277 if (c->key_len >= 16)
278 DES_set_odd_parity(deskey + 1);
279 if (c->key_len >= 24)
280 DES_set_odd_parity(deskey + 2);
281 return 1; 280 return 1;
282 281
283 default: 282 default: