diff options
| author | miod <> | 2014-07-22 18:09:20 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-22 18:09:20 +0000 |
| commit | 9537b06bc09eb72b0f1edd06de4049fb515437b8 (patch) | |
| tree | a97eb5f989e740f16421e60d712773c06d2fa896 /src/lib | |
| parent | 4ed4f9bf6421a1b24b17919b26ff064b4d031b4d (diff) | |
| download | openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.tar.gz openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.tar.bz2 openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.zip | |
In DES_random_key(), force the generated key to the odd parity before checking
it is not one of the weak and semi-weak keys.
Even though the probability of generating a weak key with incorrect parity is
abysmally small, there is no reason to be correct (although, if you're in a
need for fresh DES keys nowadays, you should seriously consider switching to
a stronger symmetric cipher algorithm).
ok beck@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/des/rand_key.c | 16 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/des/rand_key.c | 16 |
2 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c index 2dba949bad..727d36f488 100644 --- a/src/lib/libcrypto/des/rand_key.c +++ b/src/lib/libcrypto/des/rand_key.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */ | 1 | /* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -56,13 +56,13 @@ | |||
| 56 | #include <openssl/des.h> | 56 | #include <openssl/des.h> |
| 57 | #include <openssl/rand.h> | 57 | #include <openssl/rand.h> |
| 58 | 58 | ||
| 59 | int DES_random_key(DES_cblock *ret) | 59 | int |
| 60 | { | 60 | DES_random_key(DES_cblock *ret) |
| 61 | do | 61 | { |
| 62 | { | 62 | do { |
| 63 | if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) | 63 | if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) |
| 64 | return (0); | 64 | return (0); |
| 65 | } while (DES_is_weak_key(ret)); | 65 | DES_set_odd_parity(ret); |
| 66 | DES_set_odd_parity(ret); | 66 | } while (DES_is_weak_key(ret)); |
| 67 | return (1); | 67 | return (1); |
| 68 | } | 68 | } |
diff --git a/src/lib/libssl/src/crypto/des/rand_key.c b/src/lib/libssl/src/crypto/des/rand_key.c index 2dba949bad..727d36f488 100644 --- a/src/lib/libssl/src/crypto/des/rand_key.c +++ b/src/lib/libssl/src/crypto/des/rand_key.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */ | 1 | /* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -56,13 +56,13 @@ | |||
| 56 | #include <openssl/des.h> | 56 | #include <openssl/des.h> |
| 57 | #include <openssl/rand.h> | 57 | #include <openssl/rand.h> |
| 58 | 58 | ||
| 59 | int DES_random_key(DES_cblock *ret) | 59 | int |
| 60 | { | 60 | DES_random_key(DES_cblock *ret) |
| 61 | do | 61 | { |
| 62 | { | 62 | do { |
| 63 | if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) | 63 | if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) |
| 64 | return (0); | 64 | return (0); |
| 65 | } while (DES_is_weak_key(ret)); | 65 | DES_set_odd_parity(ret); |
| 66 | DES_set_odd_parity(ret); | 66 | } while (DES_is_weak_key(ret)); |
| 67 | return (1); | 67 | return (1); |
| 68 | } | 68 | } |