From 9537b06bc09eb72b0f1edd06de4049fb515437b8 Mon Sep 17 00:00:00 2001 From: miod <> Date: Tue, 22 Jul 2014 18:09:20 +0000 Subject: In DES_random_key(), force the generated key to the odd parity before checking it is not one of the weak and semi-weak keys. Even though the probability of generating a weak key with incorrect parity is abysmally small, there is no reason to be correct (although, if you're in a need for fresh DES keys nowadays, you should seriously consider switching to a stronger symmetric cipher algorithm). ok beck@ --- src/lib/libcrypto/des/rand_key.c | 16 ++++++++-------- src/lib/libssl/src/crypto/des/rand_key.c | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c index 2dba949bad..727d36f488 100644 --- a/src/lib/libcrypto/des/rand_key.c +++ b/src/lib/libcrypto/des/rand_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * @@ -56,13 +56,13 @@ #include #include -int DES_random_key(DES_cblock *ret) - { - do - { +int +DES_random_key(DES_cblock *ret) +{ + do { if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) return (0); - } while (DES_is_weak_key(ret)); - DES_set_odd_parity(ret); + DES_set_odd_parity(ret); + } while (DES_is_weak_key(ret)); return (1); - } +} diff --git a/src/lib/libssl/src/crypto/des/rand_key.c b/src/lib/libssl/src/crypto/des/rand_key.c index 2dba949bad..727d36f488 100644 --- a/src/lib/libssl/src/crypto/des/rand_key.c +++ b/src/lib/libssl/src/crypto/des/rand_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * @@ -56,13 +56,13 @@ #include #include -int DES_random_key(DES_cblock *ret) - { - do - { +int +DES_random_key(DES_cblock *ret) +{ + do { if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) return (0); - } while (DES_is_weak_key(ret)); - DES_set_odd_parity(ret); + DES_set_odd_parity(ret); + } while (DES_is_weak_key(ret)); return (1); - } +} -- cgit v1.2.3-55-g6feb