artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fe9e927)
Now that DES_random_key() can be trusted, use it to generate DES keys in the
authormiod <miod@openbsd.org>
Tue, 22 Jul 2014 18:10:48 +0000 (18:10 +0000)
committermiod <miod@openbsd.org>
Tue, 22 Jul 2014 18:10:48 +0000 (18:10 +0000)
EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and
not even checking it against the weak keys list.

ok beck@

lib/libcrypto/evp/e_des.c patch | blob | history
lib/libcrypto/evp/e_des3.c patch | blob | history
lib/libssl/src/crypto/evp/e_des.c patch | blob | history
lib/libssl/src/crypto/evp/e_des3.c patch | blob | history

diff --git a/lib/libcrypto/evp/e_des.c b/lib/libcrypto/evp/e_des.c
index 0a32d2a..7a9fa2d 100644 (file)
--- a/lib/libcrypto/evp/e_des.c
+++ b/lib/libcrypto/evp/e_des.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des.c,v 1.12 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,8 +80,8 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
-       DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
-           ctx->cipher_data, ctx->encrypt);
+               DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                   ctx->cipher_data, ctx->encrypt);
        return 1;
 }
 
@@ -220,9 +220,8 @@ des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-               if (RAND_bytes(ptr, 8) <= 0)
+               if (DES_random_key((DES_cblock *)ptr) == 0)
                        return 0;
-               DES_set_odd_parity((DES_cblock *)ptr);
                return 1;
 
        default:
diff --git a/lib/libcrypto/evp/e_des3.c b/lib/libcrypto/evp/e_des3.c
index 0f1974f..5f42a0a 100644 (file)
--- a/lib/libcrypto/evp/e_des3.c
+++ b/lib/libcrypto/evp/e_des3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-               if (RAND_bytes(ptr, c->key_len) <= 0)
+               if (DES_random_key(deskey) == 0)
+                       return 0;
+               if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0)
+                       return 0;
+               if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0)
                        return 0;
-               DES_set_odd_parity(deskey);
-               if (c->key_len >= 16)
-                       DES_set_odd_parity(deskey + 1);
-               if (c->key_len >= 24)
-                       DES_set_odd_parity(deskey + 2);
                return 1;
 
        default:
diff --git a/lib/libssl/src/crypto/evp/e_des.c b/lib/libssl/src/crypto/evp/e_des.c
index 0a32d2a..7a9fa2d 100644 (file)
--- a/lib/libssl/src/crypto/evp/e_des.c
+++ b/lib/libssl/src/crypto/evp/e_des.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des.c,v 1.12 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,8 +80,8 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
-       DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
-           ctx->cipher_data, ctx->encrypt);
+               DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                   ctx->cipher_data, ctx->encrypt);
        return 1;
 }
 
@@ -220,9 +220,8 @@ des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-               if (RAND_bytes(ptr, 8) <= 0)
+               if (DES_random_key((DES_cblock *)ptr) == 0)
                        return 0;
-               DES_set_odd_parity((DES_cblock *)ptr);
                return 1;
 
        default:
diff --git a/lib/libssl/src/crypto/evp/e_des3.c b/lib/libssl/src/crypto/evp/e_des3.c
index 0f1974f..5f42a0a 100644 (file)
--- a/lib/libssl/src/crypto/evp/e_des3.c
+++ b/lib/libssl/src/crypto/evp/e_des3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 
        switch (type) {
        case EVP_CTRL_RAND_KEY:
-               if (RAND_bytes(ptr, c->key_len) <= 0)
+               if (DES_random_key(deskey) == 0)
+                       return 0;
+               if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0)
+                       return 0;
+               if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0)
                        return 0;
-               DES_set_odd_parity(deskey);
-               if (c->key_len >= 16)
-                       DES_set_odd_parity(deskey + 1);
-               if (c->key_len >= 24)
-                       DES_set_odd_parity(deskey + 2);
                return 1;
 
        default:
OpenBSD src
by Ahmet Artu Yildirim