Check RAND_bytes() return value or use RAND_pseudo_bytes().
This commit is contained in:
Ulf Möller
parent
731d9c5fb5
commit
e7f97e2d22
4
CHANGES
4
CHANGES
@ -31,10 +31,6 @@
|
||||
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
|
||||
error queue. New function RAND_pseudo_bytes() generates output that is
|
||||
guaranteed to be unique but not unpredictable.
|
||||
(TO DO: always check the result of RAND_bytes when it is used in the
|
||||
library, or use RAND_pseudo_bytes instead, because leaving the
|
||||
error in the error queue but reporting success in a function that
|
||||
uses RAND_bytes could confuse things considerably.)
|
||||
[Ulf Möller]
|
||||
|
||||
*) Do more iterations of Rabin-Miller probable prime test (specifically,
|
||||
|
||||
@ -448,7 +448,11 @@ bad:
|
||||
"invalid hex salt value\n");
|
||||
goto end;
|
||||
}
|
||||
} else RAND_bytes(salt, PKCS5_SALT_LEN);
|
||||
} else if (RAND_bytes(salt, PKCS5_SALT_LEN) <= 0) {
|
||||
BIO_printf(bio_err,
|
||||
"prng not seeded\n");
|
||||
goto end;
|
||||
}
|
||||
/* If -P option then don't bother writing */
|
||||
if((printkey != 2)
|
||||
&& (BIO_write(wbio,magic,
|
||||
|
||||
@ -129,7 +129,8 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
|
||||
}
|
||||
pbe->salt->length = saltlen;
|
||||
if (salt) memcpy (pbe->salt->data, salt, saltlen);
|
||||
else RAND_bytes (pbe->salt->data, saltlen);
|
||||
else if (RAND_bytes (pbe->salt->data, saltlen) <= 0)
|
||||
return NULL;
|
||||
|
||||
if (!(astype = ASN1_TYPE_new())) {
|
||||
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
|
||||
|
||||
@ -194,7 +194,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
|
||||
if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
|
||||
|
||||
/* Create random IV */
|
||||
RAND_bytes(iv, EVP_CIPHER_iv_length(cipher));
|
||||
RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher));
|
||||
|
||||
/* Dummy cipherinit to just setup the IV */
|
||||
EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
|
||||
@ -212,7 +212,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
|
||||
if (!(osalt->data = Malloc (saltlen))) goto merr;
|
||||
osalt->length = saltlen;
|
||||
if (salt) memcpy (osalt->data, salt, saltlen);
|
||||
else RAND_bytes (osalt->data, saltlen);
|
||||
else if (RAND_bytes (osalt->data, saltlen) <= 0) goto merr;
|
||||
|
||||
if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
|
||||
if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
|
||||
|
||||
@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
#if 0
|
||||
RAND_bytes(&n,1);
|
||||
RAND_pseudo_bytes(&n,1);
|
||||
num=(n&0x07);
|
||||
|
||||
if (outl > num) outl=num;
|
||||
@ -178,7 +178,7 @@ static int nbiof_write(BIO *b, char *in, int inl)
|
||||
}
|
||||
else
|
||||
{
|
||||
RAND_bytes(&n,1);
|
||||
RAND_pseudo_bytes(&n,1);
|
||||
num=(n&7);
|
||||
}
|
||||
|
||||
|
||||
@ -484,7 +484,7 @@ void doencryption(void)
|
||||
if (feof(DES_IN))
|
||||
{
|
||||
for (i=7-rem; i>0; i--)
|
||||
RAND_bytes(buf + l++, 1);
|
||||
RAND_pseudo_bytes(buf + l++, 1);
|
||||
buf[l++]=rem;
|
||||
ex=1;
|
||||
len+=rem;
|
||||
|
||||
@ -130,7 +130,7 @@ int des_enc_write(int fd, const void *_buf, int len,
|
||||
{
|
||||
cp=shortbuf;
|
||||
memcpy(shortbuf,buf,len);
|
||||
RAND_bytes(shortbuf+len, 8-len);
|
||||
RAND_pseudo_bytes(shortbuf+len, 8-len);
|
||||
rnum=8;
|
||||
}
|
||||
else
|
||||
|
||||
@ -121,7 +121,7 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
|
||||
if (callback != NULL) callback(0,m++,cb_arg);
|
||||
|
||||
if (!seed_len)
|
||||
RAND_bytes(seed,SHA_DIGEST_LENGTH);
|
||||
RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
|
||||
else
|
||||
seed_len=0;
|
||||
|
||||
|
||||
@ -451,7 +451,7 @@ static void sig_out(BIO* b)
|
||||
if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
|
||||
|
||||
EVP_DigestInit(md, md->digest);
|
||||
RAND_bytes(&(md->md.base[0]), md->digest->md_size);
|
||||
RAND_pseudo_bytes(&(md->md.base[0]), md->digest->md_size);
|
||||
memcpy(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]), md->digest->md_size);
|
||||
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
|
||||
ctx->buf_len+= md->digest->md_size;
|
||||
|
||||
@ -73,9 +73,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
|
||||
int i;
|
||||
|
||||
if (npubk <= 0) return(0);
|
||||
if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) return(0);
|
||||
if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
|
||||
return(0);
|
||||
if (type->iv_len > 0)
|
||||
RAND_bytes(iv,type->iv_len);
|
||||
RAND_pseudo_bytes(iv,type->iv_len);
|
||||
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
EVP_EncryptInit(ctx,type,key,iv);
|
||||
|
||||
@ -379,7 +379,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
|
||||
kstr=(unsigned char *)buf;
|
||||
}
|
||||
RAND_add(data,i,0);/* put in the RSA key. */
|
||||
RAND_bytes(iv,8); /* Generate a salt */
|
||||
if (RAND_bytes(iv,8) <= 0) /* Generate a salt */
|
||||
goto err;
|
||||
/* The 'iv' is used as the iv and as a salt. It is
|
||||
* NOT taken from the BytesToKey function */
|
||||
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
|
||||
|
||||
@ -156,7 +156,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
|
||||
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (!salt) RAND_bytes (p12->mac->salt->data, saltlen);
|
||||
if (!salt) {
|
||||
if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0)
|
||||
return 0;
|
||||
}
|
||||
else memcpy (p12->mac->salt->data, salt, saltlen);
|
||||
p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
|
||||
if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
|
||||
|
||||
@ -164,7 +164,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
|
||||
if (RAND_bytes(key,keylen) <= 0)
|
||||
goto err;
|
||||
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
|
||||
if (ivlen > 0) RAND_bytes(iv,ivlen);
|
||||
if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
|
||||
EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
|
||||
|
||||
if (ivlen > 0) {
|
||||
|
||||
@ -118,7 +118,7 @@ err:
|
||||
int RAND_write_file(const char *file)
|
||||
{
|
||||
unsigned char buf[BUFSIZE];
|
||||
int i,ret=0;
|
||||
int i,ret=0,err=0;
|
||||
FILE *out = NULL;
|
||||
int n;
|
||||
|
||||
@ -156,7 +156,8 @@ int RAND_write_file(const char *file)
|
||||
{
|
||||
i=(n > BUFSIZE)?BUFSIZE:n;
|
||||
n-=BUFSIZE;
|
||||
RAND_bytes(buf,i);
|
||||
if (RAND_bytes(buf,i) <= 0)
|
||||
err=1;
|
||||
i=fwrite(buf,1,i,out);
|
||||
if (i <= 0)
|
||||
{
|
||||
@ -169,7 +170,7 @@ int RAND_write_file(const char *file)
|
||||
fclose(out);
|
||||
memset(buf,0,BUFSIZE);
|
||||
err:
|
||||
return(ret);
|
||||
return(err ? -1 : ret);
|
||||
}
|
||||
|
||||
char *RAND_file_name(char *buf, int size)
|
||||
|
||||
@ -224,7 +224,7 @@ static int ssl23_client_hello(SSL *s)
|
||||
#endif
|
||||
|
||||
p=s->s3->client_random;
|
||||
RAND_bytes(p,SSL3_RANDOM_SIZE);
|
||||
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
|
||||
|
||||
/* Do the message type and length last */
|
||||
d= &(buf[2]);
|
||||
@ -285,7 +285,7 @@ static int ssl23_client_hello(SSL *s)
|
||||
i=ch_len;
|
||||
s2n(i,d);
|
||||
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
|
||||
RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
|
||||
RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
|
||||
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
|
||||
p+=i;
|
||||
|
||||
|
||||
@ -515,7 +515,7 @@ static int client_hello(SSL *s)
|
||||
s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
|
||||
s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
|
||||
/*challenge id data*/
|
||||
RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
|
||||
RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
|
||||
memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
|
||||
d+=SSL2_CHALLENGE_LENGTH;
|
||||
|
||||
@ -557,12 +557,19 @@ static int client_master_key(SSL *s)
|
||||
/* make key_arg data */
|
||||
i=EVP_CIPHER_iv_length(c);
|
||||
sess->key_arg_length=i;
|
||||
if (i > 0) RAND_bytes(sess->key_arg,i);
|
||||
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
|
||||
|
||||
/* make a master key */
|
||||
i=EVP_CIPHER_key_length(c);
|
||||
sess->master_key_length=i;
|
||||
if (i > 0) RAND_bytes(sess->master_key,i);
|
||||
if (i > 0)
|
||||
{
|
||||
if (RAND_bytes(sess->master_key,i) <= 0)
|
||||
{
|
||||
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
|
||||
enc=8;
|
||||
|
||||
@ -415,7 +415,7 @@ static int get_client_master_key(SSL *s)
|
||||
i=ek;
|
||||
else
|
||||
i=EVP_CIPHER_key_length(c);
|
||||
RAND_bytes(p,i);
|
||||
RAND_pseudo_bytes(p,i);
|
||||
}
|
||||
#else
|
||||
if (i < 0)
|
||||
@ -680,7 +680,7 @@ static int server_hello(SSL *s)
|
||||
/* make and send conn_id */
|
||||
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
|
||||
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
|
||||
RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
|
||||
RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
|
||||
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
|
||||
d+=SSL2_CONNECTION_ID_LENGTH;
|
||||
|
||||
@ -798,7 +798,7 @@ static int request_certificate(SSL *s)
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
|
||||
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
|
||||
RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
||||
RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
||||
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
||||
|
||||
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
|
||||
|
||||
@ -466,7 +466,7 @@ static int ssl3_client_hello(SSL *s)
|
||||
p=s->s3->client_random;
|
||||
Time=time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
||||
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
||||
|
||||
/* Do the message type and length last */
|
||||
d=p= &(buf[4]);
|
||||
@ -1341,7 +1341,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
|
||||
|
||||
tmp_buf[0]=s->client_version>>8;
|
||||
tmp_buf[1]=s->client_version&0xff;
|
||||
RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
|
||||
if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
|
||||
goto err;
|
||||
|
||||
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
|
||||
|
||||
|
||||
@ -816,7 +816,7 @@ static int ssl3_send_server_hello(SSL *s)
|
||||
p=s->s3->server_random;
|
||||
Time=time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
||||
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
||||
/* Do the message type and length last */
|
||||
d=p= &(buf[4]);
|
||||
|
||||
@ -1292,7 +1292,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
|
||||
{
|
||||
p[0]=(s->version>>8);
|
||||
p[1]=(s->version & 0xff);
|
||||
RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
|
||||
RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
|
||||
i=SSL_MAX_MASTER_KEY_LENGTH;
|
||||
}
|
||||
/* else, an SSLeay bug, ssl only server, tls client */
|
||||
|
||||
@ -184,7 +184,7 @@ int ssl_get_new_session(SSL *s, int session)
|
||||
{
|
||||
SSL_SESSION *r;
|
||||
|
||||
RAND_bytes(ss->session_id,ss->session_id_length);
|
||||
RAND_pseudo_bytes(ss->session_id,ss->session_id_length);
|
||||
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
|
||||
(char *)ss);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user