In DES_random_key(), force the generated key to the odd parity before checking

it is not one of the weak and semi-weak keys. Even though the probability of generating a weak key with incorrect parity is abysmally small, there is no reason to be correct (although, if you're in a need for fresh DES keys nowadays, you should seriously consider switching to a stronger symmetric cipher algorithm). ok beck@
author: miod <> 2014-07-22 18:09:20 +0000
committer: miod <> 2014-07-22 18:09:20 +0000
commit: 9537b06bc09eb72b0f1edd06de4049fb515437b8 (patch)
tree: a97eb5f989e740f16421e60d712773c06d2fa896 /src
parent: 4ed4f9bf6421a1b24b17919b26ff064b4d031b4d (diff)
download: openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.tar.gz
openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.tar.bz2
openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.zip
2 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c
index 2dba949bad..727d36f488 100644
--- a/src/lib/libcrypto/des/rand_key.c
+++ b/src/lib/libcrypto/des/rand_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
@@ -56,13 +56,13 @@
 #include <openssl/des.h>
 #include <openssl/rand.h>
-int DES_random_key(DES_cblock *ret)
+int
-        {
+DES_random_key(DES_cblock *ret)
-        do
+{
-                {
+        do {
                if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
                        return (0);
-                } while (DES_is_weak_key(ret));
+                DES_set_odd_parity(ret);
-        DES_set_odd_parity(ret);
+        } while (DES_is_weak_key(ret));
        return (1);
-        }
+}
diff --git a/src/lib/libssl/src/crypto/des/rand_key.c b/src/lib/libssl/src/crypto/des/rand_key.c
index 2dba949bad..727d36f488 100644
--- a/src/lib/libssl/src/crypto/des/rand_key.c
+++ b/src/lib/libssl/src/crypto/des/rand_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
@@ -56,13 +56,13 @@
 #include <openssl/des.h>
 #include <openssl/rand.h>
-int DES_random_key(DES_cblock *ret)
+int
-        {
+DES_random_key(DES_cblock *ret)
-        do
+{
-                {
+        do {
                if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
                        return (0);
-                } while (DES_is_weak_key(ret));
+                DES_set_odd_parity(ret);
-        DES_set_odd_parity(ret);
+        } while (DES_is_weak_key(ret));
        return (1);
-        }
+}
author	miod <>	2014-07-22 18:09:20 +0000
committer	miod <>	2014-07-22 18:09:20 +0000
commit	9537b06bc09eb72b0f1edd06de4049fb515437b8 (patch)
tree	a97eb5f989e740f16421e60d712773c06d2fa896 /src
parent	4ed4f9bf6421a1b24b17919b26ff064b4d031b4d (diff)
download	openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.tar.gz openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.tar.bz2 openbsd-9537b06bc09eb72b0f1edd06de4049fb515437b8.zip

diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c index 2dba949bad..727d36f488 100644 --- a/src/lib/libcrypto/des/rand_key.c +++ b/src/lib/libcrypto/des/rand_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */	1	/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -56,13 +56,13 @@
56	#include <openssl/des.h>	56	#include <openssl/des.h>
57	#include <openssl/rand.h>	57	#include <openssl/rand.h>
58		58
59	int DES_random_key(DES_cblock *ret)	59	int
60	{	60	DES_random_key(DES_cblock *ret)
61	do	61	{
62	{	62	do {
63	if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)	63	if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
64	return (0);	64	return (0);
65	} while (DES_is_weak_key(ret));	65	DES_set_odd_parity(ret);
66	DES_set_odd_parity(ret);	66	} while (DES_is_weak_key(ret));
67	return (1);	67	return (1);
68	}	68	}


diff --git a/src/lib/libssl/src/crypto/des/rand_key.c b/src/lib/libssl/src/crypto/des/rand_key.c index 2dba949bad..727d36f488 100644 --- a/src/lib/libssl/src/crypto/des/rand_key.c +++ b/src/lib/libssl/src/crypto/des/rand_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */	1	/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -56,13 +56,13 @@
56	#include <openssl/des.h>	56	#include <openssl/des.h>
57	#include <openssl/rand.h>	57	#include <openssl/rand.h>
58		58
59	int DES_random_key(DES_cblock *ret)	59	int
60	{	60	DES_random_key(DES_cblock *ret)
61	do	61	{
62	{	62	do {
63	if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)	63	if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
64	return (0);	64	return (0);
65	} while (DES_is_weak_key(ret));	65	DES_set_odd_parity(ret);
66	DES_set_odd_parity(ret);	66	} while (DES_is_weak_key(ret));
67	return (1);	67	return (1);
68	}	68	}