From: miod Date: Tue, 22 Jul 2014 18:10:48 +0000 (+0000) Subject: Now that DES_random_key() can be trusted, use it to generate DES keys in the X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=fbd2cde0ea0ee9ba9449588ea87fc58cbe0f4723;p=openbsd Now that DES_random_key() can be trusted, use it to generate DES keys in the EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@ --- diff --git a/lib/libcrypto/evp/e_des.c b/lib/libcrypto/evp/e_des.c index 0a32d2adb90..7a9fa2d515e 100644 --- a/lib/libcrypto/evp/e_des.c +++ b/lib/libcrypto/evp/e_des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_des.c,v 1.12 2014/07/22 18:10:48 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,8 +80,8 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - ctx->cipher_data, ctx->encrypt); + DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), + ctx->cipher_data, ctx->encrypt); return 1; } @@ -220,9 +220,8 @@ des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, 8) <= 0) + if (DES_random_key((DES_cblock *)ptr) == 0) return 0; - DES_set_odd_parity((DES_cblock *)ptr); return 1; default: diff --git a/lib/libcrypto/evp/e_des3.c b/lib/libcrypto/evp/e_des3.c index 0f1974f6c94..5f42a0ade94 100644 --- a/lib/libcrypto/evp/e_des3.c +++ b/lib/libcrypto/evp/e_des3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, c->key_len) <= 0) + if (DES_random_key(deskey) == 0) + return 0; + if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) + return 0; + if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) return 0; - DES_set_odd_parity(deskey); - if (c->key_len >= 16) - DES_set_odd_parity(deskey + 1); - if (c->key_len >= 24) - DES_set_odd_parity(deskey + 2); return 1; default: diff --git a/lib/libssl/src/crypto/evp/e_des.c b/lib/libssl/src/crypto/evp/e_des.c index 0a32d2adb90..7a9fa2d515e 100644 --- a/lib/libssl/src/crypto/evp/e_des.c +++ b/lib/libssl/src/crypto/evp/e_des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_des.c,v 1.12 2014/07/22 18:10:48 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,8 +80,8 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - ctx->cipher_data, ctx->encrypt); + DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), + ctx->cipher_data, ctx->encrypt); return 1; } @@ -220,9 +220,8 @@ des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, 8) <= 0) + if (DES_random_key((DES_cblock *)ptr) == 0) return 0; - DES_set_odd_parity((DES_cblock *)ptr); return 1; default: diff --git a/lib/libssl/src/crypto/evp/e_des3.c b/lib/libssl/src/crypto/evp/e_des3.c index 0f1974f6c94..5f42a0ade94 100644 --- a/lib/libssl/src/crypto/evp/e_des3.c +++ b/lib/libssl/src/crypto/evp/e_des3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des3.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_des3.c,v 1.17 2014/07/22 18:10:48 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -271,13 +271,12 @@ des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, c->key_len) <= 0) + if (DES_random_key(deskey) == 0) + return 0; + if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) + return 0; + if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) return 0; - DES_set_odd_parity(deskey); - if (c->key_len >= 16) - DES_set_odd_parity(deskey + 1); - if (c->key_len >= 24) - DES_set_odd_parity(deskey + 2); return 1; default: