summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorderaadt <deraadt@openbsd.org>2014-04-17 12:14:26 +0000
committerderaadt <deraadt@openbsd.org>2014-04-17 12:14:26 +0000
commit4e938c91cc9b26aa0d9946d8ecd67cbfe685ee73 (patch)
tree64523ca1cfd55eff5cc12f96ee1d143ce1d4eba6
parentRemove some unnecessary includes and fix a typo. (diff)
downloadwireguard-openbsd-4e938c91cc9b26aa0d9946d8ecd67cbfe685ee73.tar.xz
wireguard-openbsd-4e938c91cc9b26aa0d9946d8ecd67cbfe685ee73.zip
Do not feed RSA private key information to the random subsystem as
entropy. It might be fed to a pluggable random subsystem.... What were they thinking?! ok guenther
-rw-r--r--lib/libcrypto/evp/evp_pkey.c2
-rw-r--r--lib/libcrypto/pem/pem_lib.c1
-rw-r--r--lib/libcrypto/rsa/rsa_crpt.c8
-rw-r--r--lib/libssl/src/crypto/evp/evp_pkey.c2
-rw-r--r--lib/libssl/src/crypto/pem/pem_lib.c1
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_crpt.c8
6 files changed, 0 insertions, 22 deletions
diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c
index ceebf692848..c760cf19656 100644
--- a/lib/libcrypto/evp/evp_pkey.c
+++ b/lib/libcrypto/evp/evp_pkey.c
@@ -150,8 +150,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
goto error;
}
- RAND_add(p8->pkey->value.octet_string->data,
- p8->pkey->value.octet_string->length, 0.0);
return p8;
error:
PKCS8_PRIV_KEY_INFO_free(p8);
diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index 74baa2ec1cc..0dfa7c73761 100644
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c
@@ -384,7 +384,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
}
kstr=(unsigned char *)buf;
}
- RAND_add(data,i,0);/* put in the RSA key. */
OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
goto err;
diff --git a/lib/libcrypto/rsa/rsa_crpt.c b/lib/libcrypto/rsa/rsa_crpt.c
index 7750366613b..2e100ca457f 100644
--- a/lib/libcrypto/rsa/rsa_crpt.c
+++ b/lib/libcrypto/rsa/rsa_crpt.c
@@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
else
e = rsa->e;
-
- if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
- {
- /* if PRNG is not properly seeded, resort to secret
- * exponent as unpredictable seed */
- RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
- }
-
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
/* Set BN_FLG_CONSTTIME flag */
diff --git a/lib/libssl/src/crypto/evp/evp_pkey.c b/lib/libssl/src/crypto/evp/evp_pkey.c
index ceebf692848..c760cf19656 100644
--- a/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -150,8 +150,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
goto error;
}
- RAND_add(p8->pkey->value.octet_string->data,
- p8->pkey->value.octet_string->length, 0.0);
return p8;
error:
PKCS8_PRIV_KEY_INFO_free(p8);
diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c
index 74baa2ec1cc..0dfa7c73761 100644
--- a/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/lib/libssl/src/crypto/pem/pem_lib.c
@@ -384,7 +384,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
}
kstr=(unsigned char *)buf;
}
- RAND_add(data,i,0);/* put in the RSA key. */
OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
goto err;
diff --git a/lib/libssl/src/crypto/rsa/rsa_crpt.c b/lib/libssl/src/crypto/rsa/rsa_crpt.c
index 7750366613b..2e100ca457f 100644
--- a/lib/libssl/src/crypto/rsa/rsa_crpt.c
+++ b/lib/libssl/src/crypto/rsa/rsa_crpt.c
@@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
else
e = rsa->e;
-
- if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
- {
- /* if PRNG is not properly seeded, resort to secret
- * exponent as unpredictable seed */
- RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
- }
-
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
/* Set BN_FLG_CONSTTIME flag */