diff options
| author | Matt Caswell <matt@openssl.org> | 2015-02-26 11:57:37 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-25 12:38:07 +0000 |
| commit | 266483d2f56b0764849797f31866bfd84f9c3aa8 (patch) | |
| tree | 42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto/srp | |
| parent | 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff) | |
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/srp')
| -rw-r--r-- | crypto/srp/srp_vfy.c | 9 | ||||
| -rw-r--r-- | crypto/srp/srptest.c | 4 |
2 files changed, 8 insertions, 5 deletions
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 4aed5b4ba5..9d83a8f606 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -498,7 +498,8 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) if (!SRP_user_pwd_set_ids(user, username, NULL)) goto err; - RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH); + if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0) + goto err; EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); @@ -550,7 +551,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, } if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) + goto err; s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } else { @@ -608,7 +610,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, goto err; if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) + goto err; *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } diff --git a/crypto/srp/srptest.c b/crypto/srp/srptest.c index 17a8256f86..1d463cd782 100644 --- a/crypto/srp/srptest.c +++ b/crypto/srp/srptest.c @@ -59,7 +59,7 @@ static int run_srp(const char *username, const char *client_pass, showbn("Verifier", v); /* Server random */ - RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp)); + RAND_bytes(rand_tmp, sizeof(rand_tmp)); b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); /* TODO - check b != 0 */ showbn("b", b); @@ -74,7 +74,7 @@ static int run_srp(const char *username, const char *client_pass, } /* Client random */ - RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp)); + RAND_bytes(rand_tmp, sizeof(rand_tmp)); a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); /* TODO - check a != 0 */ showbn("a", a); |