From 4e938c91cc9b26aa0d9946d8ecd67cbfe685ee73 Mon Sep 17 00:00:00 2001 From: deraadt Date: Thu, 17 Apr 2014 12:14:26 +0000 Subject: [PATCH] Do not feed RSA private key information to the random subsystem as entropy. It might be fed to a pluggable random subsystem.... What were they thinking?! ok guenther --- lib/libcrypto/evp/evp_pkey.c | 2 -- lib/libcrypto/pem/pem_lib.c | 1 - lib/libcrypto/rsa/rsa_crpt.c | 8 -------- lib/libssl/src/crypto/evp/evp_pkey.c | 2 -- lib/libssl/src/crypto/pem/pem_lib.c | 1 - lib/libssl/src/crypto/rsa/rsa_crpt.c | 8 -------- 6 files changed, 22 deletions(-) diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c index ceebf692848..c760cf19656 100644 --- a/lib/libcrypto/evp/evp_pkey.c +++ b/lib/libcrypto/evp/evp_pkey.c @@ -150,8 +150,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); goto error; } - RAND_add(p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length, 0.0); return p8; error: PKCS8_PRIV_KEY_INFO_free(p8); diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index 74baa2ec1cc..0dfa7c73761 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -384,7 +384,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } kstr=(unsigned char *)buf; } - RAND_add(data,i,0);/* put in the RSA key. */ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; diff --git a/lib/libcrypto/rsa/rsa_crpt.c b/lib/libcrypto/rsa/rsa_crpt.c index 7750366613b..2e100ca457f 100644 --- a/lib/libcrypto/rsa/rsa_crpt.c +++ b/lib/libcrypto/rsa/rsa_crpt.c @@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) else e = rsa->e; - - if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) - { - /* if PRNG is not properly seeded, resort to secret - * exponent as unpredictable seed */ - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); - } - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { /* Set BN_FLG_CONSTTIME flag */ diff --git a/lib/libssl/src/crypto/evp/evp_pkey.c b/lib/libssl/src/crypto/evp/evp_pkey.c index ceebf692848..c760cf19656 100644 --- a/lib/libssl/src/crypto/evp/evp_pkey.c +++ b/lib/libssl/src/crypto/evp/evp_pkey.c @@ -150,8 +150,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); goto error; } - RAND_add(p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length, 0.0); return p8; error: PKCS8_PRIV_KEY_INFO_free(p8); diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c index 74baa2ec1cc..0dfa7c73761 100644 --- a/lib/libssl/src/crypto/pem/pem_lib.c +++ b/lib/libssl/src/crypto/pem/pem_lib.c @@ -384,7 +384,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } kstr=(unsigned char *)buf; } - RAND_add(data,i,0);/* put in the RSA key. */ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; diff --git a/lib/libssl/src/crypto/rsa/rsa_crpt.c b/lib/libssl/src/crypto/rsa/rsa_crpt.c index 7750366613b..2e100ca457f 100644 --- a/lib/libssl/src/crypto/rsa/rsa_crpt.c +++ b/lib/libssl/src/crypto/rsa/rsa_crpt.c @@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) else e = rsa->e; - - if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) - { - /* if PRNG is not properly seeded, resort to secret - * exponent as unpredictable seed */ - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); - } - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { /* Set BN_FLG_CONSTTIME flag */ -- 2.20.1