summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2015-02-26 11:57:37 +0000
committerMatt Caswell <matt@openssl.org>2015-03-25 12:38:07 +0000
commit266483d2f56b0764849797f31866bfd84f9c3aa8 (patch)
tree42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto
parent8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff)
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/asn_mime.c3
-rw-r--r--crypto/asn1/p5_pbe.c2
-rw-r--r--crypto/asn1/p5_pbev2.c4
-rw-r--r--crypto/bio/bf_nbio.c6
-rw-r--r--crypto/bn/bn_lcl.h2
-rw-r--r--crypto/bn/bn_rand.c5
-rw-r--r--crypto/cms/cms_enc.c2
-rw-r--r--crypto/cms/cms_ess.c3
-rw-r--r--crypto/cms/cms_pwri.c7
-rw-r--r--crypto/des/enc_writ.c3
-rw-r--r--crypto/dsa/dsa_gen.c4
-rw-r--r--crypto/ecdsa/ecdsatest.c3
-rw-r--r--crypto/evp/bio_ok.c3
-rw-r--r--crypto/evp/e_des3.c3
-rw-r--r--crypto/evp/p_seal.c5
-rw-r--r--crypto/ocsp/ocsp_ext.c4
-rw-r--r--crypto/pem/pem_lib.c2
-rw-r--r--crypto/pkcs12/p12_mutl.c2
-rw-r--r--crypto/pkcs7/pk7_doit.c2
-rw-r--r--crypto/rand/randtest.c4
-rw-r--r--crypto/srp/srp_vfy.c9
-rw-r--r--crypto/srp/srptest.c4
22 files changed, 46 insertions, 36 deletions
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 28622f2815..e96fb02094 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -286,7 +286,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
- RAND_pseudo_bytes((unsigned char *)bound, 32);
+ if (RAND_bytes((unsigned char *)bound, 32) <= 0)
+ return 0;
for (i = 0; i < 32; i++) {
c = bound[i] & 0xf;
if (c < 10)
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index d54b0943fe..a65b659452 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
sstr = ASN1_STRING_data(pbe->salt);
if (salt)
memcpy(sstr, salt, saltlen);
- else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
+ else if (RAND_bytes(sstr, saltlen) <= 0)
goto err;
if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index c56d850a74..60abbe2649 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -120,7 +120,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+ else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err;
}
@@ -225,7 +225,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
if (salt)
memcpy(osalt->data, salt, saltlen);
- else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
+ else if (RAND_bytes(osalt->data, saltlen) <= 0)
goto merr;
if (iter <= 0)
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index 3af58bd38f..0ba6055e07 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -136,7 +136,8 @@ static int nbiof_read(BIO *b, char *out, int outl)
return (0);
BIO_clear_retry_flags(b);
- RAND_pseudo_bytes(&n, 1);
+ if (RAND_bytes(&n, 1) <= 0)
+ return -1;
num = (n & 0x07);
if (outl > num)
@@ -172,7 +173,8 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn;
nt->lwn = 0;
} else {
- RAND_pseudo_bytes(&n, 1);
+ if (RAND_bytes(&n, 1) <= 0)
+ return -1;
num = (n & 7);
}
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index ba22f3a125..a24ae7fdc9 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -168,7 +168,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
* wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
- RAND_pseudo_bytes(&_tmp_char, 1); \
+ RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
} \
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 9488454c12..be58a5ab2f 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -142,7 +142,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
RAND_add(&tim, sizeof(tim), 0.0);
if (pseudorand) {
- if (RAND_pseudo_bytes(buf, bytes) == -1)
+ if (RAND_bytes(buf, bytes) <= 0)
goto err;
} else {
if (RAND_bytes(buf, bytes) <= 0)
@@ -157,7 +157,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
unsigned char c;
for (i = 0; i < bytes; i++) {
- RAND_pseudo_bytes(&c, 1);
+ if (RAND_bytes(&c, 1) <= 0)
+ goto err;
if (c >= 128 && i > 0)
buf[i] = buf[i - 1];
else if (c < 42)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 85ae928a49..ffa85fc0dd 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
piv = iv;
}
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 8631a2eb2b..8212560628 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -107,8 +107,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
else {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
goto merr;
- if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
- <= 0)
+ if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
goto err;
}
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index dd5f636145..83a65d2f59 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -131,7 +131,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
if (ivlen > 0) {
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
@@ -299,8 +299,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
out[3] = in[2] ^ 0xFF;
memcpy(out + 4, in, inlen);
/* Add random padding to end */
- if (olen > inlen + 4)
- RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
+ if (olen > inlen + 4
+ && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+ return 0;
/* Encrypt twice */
if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
|| !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index b4eecc3812..55cc7fcb41 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -132,7 +132,8 @@ int DES_enc_write(int fd, const void *_buf, int len,
if (len < 8) {
cp = shortbuf;
memcpy(shortbuf, buf, len);
- RAND_pseudo_bytes(shortbuf + len, 8 - len);
+ if (RAND_bytes(shortbuf + len, 8 - len) <= 0)
+ return -1;
rnum = 8;
} else {
cp = buf;
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 37b23c9f41..3506bc3dd1 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -173,7 +173,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err;
if (!seed_len) {
- if (RAND_pseudo_bytes(seed, qsize) < 0)
+ if (RAND_bytes(seed, qsize) <= 0)
goto err;
seed_is_random = 1;
} else {
@@ -448,7 +448,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
goto err;
if (!seed_in) {
- if (RAND_pseudo_bytes(seed, seed_len) < 0)
+ if (RAND_bytes(seed, seed_len) <= 0)
goto err;
}
/* step 2 */
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index 31d9c84e99..c2132da882 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -311,8 +311,7 @@ int test_builtin(BIO *out)
int nid, ret = 0;
/* fill digest values with some random data */
- if (!RAND_pseudo_bytes(digest, 20) ||
- !RAND_pseudo_bytes(wrong_digest, 20)) {
+ if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) {
BIO_printf(out, "ERROR: unable to get random data\n");
goto builtin_err;
}
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index b097a4d57b..ffdde6cf79 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -491,7 +491,8 @@ static int sig_out(BIO *b)
* FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured.
*/
- RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+ if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
+ goto berr;
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
ctx->buf_len += md->digest->md_size;
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 73d792304f..c720242af7 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -439,7 +439,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
- RAND_bytes(ctx->iv, 8);
+ if (RAND_bytes(ctx->iv, 8) <= 0)
+ return -1;
memcpy(out, ctx->iv, 8);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index caabbf406f..ba9dfff215 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
- if (EVP_CIPHER_CTX_iv_length(ctx))
- RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx));
+ if (EVP_CIPHER_CTX_iv_length(ctx)
+ && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+ return 0;
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 4c6edb1f2c..b564259134 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -319,8 +319,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
if (val)
memcpy(tmpval, val, len);
- else
- RAND_pseudo_bytes(tmpval, len);
+ else if (RAND_bytes(tmpval, len) <= 0)
+ goto err;
if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE))
goto err;
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 410c2b2b95..70e6a70772 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -387,7 +387,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
}
RAND_add(data, i, 0); /* put in the RSA key. */
OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
- if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
+ if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */
goto err;
/*
* The 'iv' is used as the iv and as a salt. It is NOT taken from
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index d5eb8ffe74..252aca0021 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -177,7 +177,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
return 0;
}
if (!salt) {
- if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0)
+ if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 0200b3b91f..f77326b883 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -340,7 +340,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
ivlen = EVP_CIPHER_iv_length(evp_cipher);
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0)
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
goto err;
diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c
index 267752e4f5..67acf700ee 100644
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@@ -77,8 +77,8 @@ int main(int argc, char **argv)
*/
long d;
- i = RAND_pseudo_bytes(buf, 2500);
- if (i < 0) {
+ i = RAND_bytes(buf, 2500);
+ if (i <= 0) {
printf("init failed, the rand method is not properly installed\n");
err++;
goto err;
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 4aed5b4ba5..9d83a8f606 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -498,7 +498,8 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
if (!SRP_user_pwd_set_ids(user, username, NULL))
goto err;
- RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH);
+ if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+ goto err;
EVP_MD_CTX_init(&ctxt);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
@@ -550,7 +551,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
}
if (*salt == NULL) {
- RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
+ if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+ goto err;
s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
} else {
@@ -608,7 +610,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
goto err;
if (*salt == NULL) {
- RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
+ if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+ goto err;
*salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
}
diff --git a/crypto/srp/srptest.c b/crypto/srp/srptest.c
index 17a8256f86..1d463cd782 100644
--- a/crypto/srp/srptest.c
+++ b/crypto/srp/srptest.c
@@ -59,7 +59,7 @@ static int run_srp(const char *username, const char *client_pass,
showbn("Verifier", v);
/* Server random */
- RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
+ RAND_bytes(rand_tmp, sizeof(rand_tmp));
b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
/* TODO - check b != 0 */
showbn("b", b);
@@ -74,7 +74,7 @@ static int run_srp(const char *username, const char *client_pass,
}
/* Client random */
- RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
+ RAND_bytes(rand_tmp, sizeof(rand_tmp));
a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
/* TODO - check a != 0 */
showbn("a", a);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 10:49:20 +0000