Now that DES_random_key() can be trusted, use it to generate DES keys in the

EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@
author: miod <> 2014-07-22 18:10:48 +0000
committer: miod <> 2014-07-22 18:10:48 +0000
commit: e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2 (patch)
tree: 2f115d7407c065770ac7058ec55839e660ffe29e /src
parent: 9537b06bc09eb72b0f1edd06de4049fb515437b8 (diff)
download: openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.tar.gz
openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.tar.bz2
openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.zip
4 files changed, 20 insertions, 24 deletions
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 0a32d2adb9..7a9fa2d515 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des.c,v 1.12 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -80,8 +80,8 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
-        DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
-            ctx->cipher_data, ctx->encrypt);
+                    ctx->cipher_data, ctx->encrypt);
        return 1;
 }
@@ -220,9 +220,8 @@ des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-                if (RAND_bytes(ptr, 8) <= 0)
+                if (DES_random_key((DES_cblock *)ptr) == 0)
                        return 0;
-                DES_set_odd_parity((DES_cblock *)ptr);
                return 1;
        default:
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 0f1974f6c9..5f42a0ade9 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-                if (RAND_bytes(ptr, c->key_len) <= 0)
+                if (DES_random_key(deskey) == 0)
+                        return 0;
+                if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0)
+                        return 0;
+                if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0)
                        return 0;
-                DES_set_odd_parity(deskey);
-                if (c->key_len >= 16)
-                        DES_set_odd_parity(deskey + 1);
-                if (c->key_len >= 24)
-                        DES_set_odd_parity(deskey + 2);
                return 1;
        default:
diff --git a/src/lib/libssl/src/crypto/evp/e_des.c b/src/lib/libssl/src/crypto/evp/e_des.c
index 0a32d2adb9..7a9fa2d515 100644
--- a/src/lib/libssl/src/crypto/evp/e_des.c
+++ b/src/lib/libssl/src/crypto/evp/e_des.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des.c,v 1.12 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -80,8 +80,8 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
-        DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
-            ctx->cipher_data, ctx->encrypt);
+                    ctx->cipher_data, ctx->encrypt);
        return 1;
 }
@@ -220,9 +220,8 @@ des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-                if (RAND_bytes(ptr, 8) <= 0)
+                if (DES_random_key((DES_cblock *)ptr) == 0)
                        return 0;
-                DES_set_odd_parity((DES_cblock *)ptr);
                return 1;
        default:
diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c
index 0f1974f6c9..5f42a0ade9 100644
--- a/src/lib/libssl/src/crypto/evp/e_des3.c
+++ b/src/lib/libssl/src/crypto/evp/e_des3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-                if (RAND_bytes(ptr, c->key_len) <= 0)
+                if (DES_random_key(deskey) == 0)
+                        return 0;
+                if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0)
+                        return 0;
+                if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0)
                        return 0;
-                DES_set_odd_parity(deskey);
-                if (c->key_len >= 16)
-                        DES_set_odd_parity(deskey + 1);
-                if (c->key_len >= 24)
-                        DES_set_odd_parity(deskey + 2);
                return 1;
        default:
author	miod <>	2014-07-22 18:10:48 +0000
committer	miod <>	2014-07-22 18:10:48 +0000
commit	e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2 (patch)
tree	2f115d7407c065770ac7058ec55839e660ffe29e /src
parent	9537b06bc09eb72b0f1edd06de4049fb515437b8 (diff)
download	openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.tar.gz openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.tar.bz2 openbsd-e1bad9c63c8b2d0daeb63fd3ce71f1c5aca163a2.zip