diff options
| author |   miod <miod@openbsd.org> | 2014-07-22 18:10:48 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-07-22 18:10:48 +0000 |
| commit | fbd2cde0ea0ee9ba9449588ea87fc58cbe0f4723 (patch) | |
| tree | a98b83bcd8b6582f98f3aa31894ddab7f75af7a0 /lib/libssl/src | |
| parent | In DES_random_key(), force the generated key to the odd parity before checking (diff) | |
| download | wireguard-openbsd-fbd2cde0ea0ee9ba9449588ea87fc58cbe0f4723.tar.xz wireguard-openbsd-fbd2cde0ea0ee9ba9449588ea87fc58cbe0f4723.zip | |
Now that DES_random_key() can be trusted, use it to generate DES keys in the
EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and
not even checking it against the weak keys list.
ok beck@
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/crypto/evp/e_des.c | 9 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/evp/e_des3.c | 13 |
2 files changed, 10 insertions, 12 deletions
diff --git a/lib/libssl/src/crypto/evp/e_des.c b/lib/libssl/src/crypto/evp/e_des.c index 0a32d2adb90..7a9fa2d515e 100644 --- a/lib/libssl/src/crypto/evp/e_des.c +++ b/lib/libssl/src/crypto/evp/e_des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_des.c,v 1.12 2014/07/22 18:10:48 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,8 +80,8 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - ctx->cipher_data, ctx->encrypt); + DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), + ctx->cipher_data, ctx->encrypt); return 1; } @@ -220,9 +220,8 @@ des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, 8) <= 0) + if (DES_random_key((DES_cblock *)ptr) == 0) return 0; - DES_set_odd_parity((DES_cblock *)ptr); return 1; default: diff --git a/lib/libssl/src/crypto/evp/e_des3.c b/lib/libssl/src/crypto/evp/e_des3.c index 0f1974f6c94..5f42a0ade94 100644 --- a/lib/libssl/src/crypto/evp/e_des3.c +++ b/lib/libssl/src/crypto/evp/e_des3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, c->key_len) <= 0) + if (DES_random_key(deskey) == 0) + return 0; + if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) + return 0; + if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) return 0; - DES_set_odd_parity(deskey); - if (c->key_len >= 16) - DES_set_odd_parity(deskey + 1); - if (c->key_len >= 24) - DES_set_odd_parity(deskey + 2); return 1; default: |