Do not feed RSA private key information to the random subsystem as

entropy.  It might be fed to a pluggable random subsystem....

What were they thinking?!

ok guenther

diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c
index ceebf69..c760cf1 100644 (file)
--- a/lib/libcrypto/evp/evp_pkey.c
+++ b/lib/libcrypto/evp/evp_pkey.c
@@ -150,8 +150,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
                                EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
                goto error;
                }
-       RAND_add(p8->pkey->value.octet_string->data,
-                p8->pkey->value.octet_string->length, 0.0);
        return p8;
        error:
        PKCS8_PRIV_KEY_INFO_free(p8);

diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index 74baa2e..0dfa7c7 100644 (file)
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c
@@ -384,7 +384,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                                }
                        kstr=(unsigned char *)buf;
                        }
-               RAND_add(data,i,0);/* put in the RSA key. */
                OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
                if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
                        goto err;

diff --git a/lib/libcrypto/rsa/rsa_crpt.c b/lib/libcrypto/rsa/rsa_crpt.c
index 7750366..2e100ca 100644 (file)
--- a/lib/libcrypto/rsa/rsa_crpt.c
+++ b/lib/libcrypto/rsa/rsa_crpt.c
@@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
        else
                e = rsa->e;
 
-       
-       if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-               {
-               /* if PRNG is not properly seeded, resort to secret
-                * exponent as unpredictable seed */
-               RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
-               }
-
        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
                {
                /* Set BN_FLG_CONSTTIME flag */

diff --git a/lib/libssl/src/crypto/evp/evp_pkey.c b/lib/libssl/src/crypto/evp/evp_pkey.c
index ceebf69..c760cf1 100644 (file)
--- a/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -150,8 +150,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
                                EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
                goto error;
                }
-       RAND_add(p8->pkey->value.octet_string->data,
-                p8->pkey->value.octet_string->length, 0.0);
        return p8;
        error:
        PKCS8_PRIV_KEY_INFO_free(p8);

diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c
index 74baa2e..0dfa7c7 100644 (file)
--- a/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/lib/libssl/src/crypto/pem/pem_lib.c
@@ -384,7 +384,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                                }
                        kstr=(unsigned char *)buf;
                        }
-               RAND_add(data,i,0);/* put in the RSA key. */
                OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
                if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
                        goto err;

diff --git a/lib/libssl/src/crypto/rsa/rsa_crpt.c b/lib/libssl/src/crypto/rsa/rsa_crpt.c
index 7750366..2e100ca 100644 (file)
--- a/lib/libssl/src/crypto/rsa/rsa_crpt.c
+++ b/lib/libssl/src/crypto/rsa/rsa_crpt.c
@@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
        else
                e = rsa->e;
 
-       
-       if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-               {
-               /* if PRNG is not properly seeded, resort to secret
-                * exponent as unpredictable seed */
-               RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
-               }
-
        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
                {
                /* Set BN_FLG_CONSTTIME flag */