In DES_random_key(), force the generated key to the odd parity before checking

it is not one of the weak and semi-weak keys.

Even though the probability of generating a weak key with incorrect parity is
abysmally small, there is no reason to be correct (although, if you're in a
need for fresh DES keys nowadays, you should seriously consider switching to
a stronger symmetric cipher algorithm).

ok beck@

diff --git a/lib/libcrypto/des/rand_key.c b/lib/libcrypto/des/rand_key.c
index 2dba949..727d36f 100644 (file)
--- a/lib/libcrypto/des/rand_key.c
+++ b/lib/libcrypto/des/rand_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
@@ -56,13 +56,13 @@
 #include <openssl/des.h>
 #include <openssl/rand.h>
 
-int DES_random_key(DES_cblock *ret)
-       {
-       do
-               {
+int
+DES_random_key(DES_cblock *ret)
+{
+       do {
                if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
                        return (0);
-               } while (DES_is_weak_key(ret));
-       DES_set_odd_parity(ret);
+               DES_set_odd_parity(ret);
+       } while (DES_is_weak_key(ret));
        return (1);
-       }
+}

diff --git a/lib/libssl/src/crypto/des/rand_key.c b/lib/libssl/src/crypto/des/rand_key.c
index 2dba949..727d36f 100644 (file)
--- a/lib/libssl/src/crypto/des/rand_key.c
+++ b/lib/libssl/src/crypto/des/rand_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_key.c,v 1.6 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
@@ -56,13 +56,13 @@
 #include <openssl/des.h>
 #include <openssl/rand.h>
 
-int DES_random_key(DES_cblock *ret)
-       {
-       do
-               {
+int
+DES_random_key(DES_cblock *ret)
+{
+       do {
                if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
                        return (0);
-               } while (DES_is_weak_key(ret));
-       DES_set_odd_parity(ret);
+               DES_set_odd_parity(ret);
+       } while (DES_is_weak_key(ret));
        return (1);
-       }
+}