diff options
| author | Ulf Möller <ulf@openssl.org> | 2000-01-21 01:15:56 +0000 |
|---|---|---|
| committer | Ulf Möller <ulf@openssl.org> | 2000-01-21 01:15:56 +0000 |
| commit | e7f97e2d22e386df60c8da63277727a931bf22b7 (patch) | |
| tree | 45c42494189d95fada508ac3ff806dee37c00d22 /crypto | |
| parent | 731d9c5fb5d0535e3c84866e3c355cbf21a92a67 (diff) | |
| download | openssl-e7f97e2d22e386df60c8da63277727a931bf22b7.tar.gz | |
Check RAND_bytes() return value or use RAND_pseudo_bytes().
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/p5_pbe.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/p5_pbev2.c | 4 | ||||
| -rw-r--r-- | crypto/bio/bf_nbio.c | 4 | ||||
| -rw-r--r-- | crypto/des/des.c | 2 | ||||
| -rw-r--r-- | crypto/des/enc_writ.c | 2 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 2 | ||||
| -rw-r--r-- | crypto/evp/bio_ok.c | 2 | ||||
| -rw-r--r-- | crypto/evp/p_seal.c | 5 | ||||
| -rw-r--r-- | crypto/pem/pem_lib.c | 3 | ||||
| -rw-r--r-- | crypto/pkcs12/p12_mutl.c | 5 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 2 | ||||
| -rw-r--r-- | crypto/rand/randfile.c | 7 |
12 files changed, 24 insertions, 17 deletions
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index adb92e5fd0..8cda4f609a 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -129,7 +129,8 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, } pbe->salt->length = saltlen; if (salt) memcpy (pbe->salt->data, salt, saltlen); - else RAND_bytes (pbe->salt->data, saltlen); + else if (RAND_bytes (pbe->salt->data, saltlen) <= 0) + return NULL; if (!(astype = ASN1_TYPE_new())) { ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 502a8c399d..44d5b5bc6e 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -194,7 +194,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; /* Create random IV */ - RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)); + RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)); /* Dummy cipherinit to just setup the IV */ EVP_CipherInit(&ctx, cipher, NULL, iv, 0); @@ -212,7 +212,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, if (!(osalt->data = Malloc (saltlen))) goto merr; osalt->length = saltlen; if (salt) memcpy (osalt->data, salt, saltlen); - else RAND_bytes (osalt->data, saltlen); + else if (RAND_bytes (osalt->data, saltlen) <= 0) goto merr; if(iter <= 0) iter = PKCS5_DEFAULT_ITER; if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index cbec2bae29..a525e79d4f 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); #if 0 - RAND_bytes(&n,1); + RAND_pseudo_bytes(&n,1); num=(n&0x07); if (outl > num) outl=num; @@ -178,7 +178,7 @@ static int nbiof_write(BIO *b, char *in, int inl) } else { - RAND_bytes(&n,1); + RAND_pseudo_bytes(&n,1); num=(n&7); } diff --git a/crypto/des/des.c b/crypto/des/des.c index 5cd337301a..aabd01cc8a 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -484,7 +484,7 @@ void doencryption(void) if (feof(DES_IN)) { for (i=7-rem; i>0; i--) - RAND_bytes(buf + l++, 1); + RAND_pseudo_bytes(buf + l++, 1); buf[l++]=rem; ex=1; len+=rem; diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c index 8ded146f8b..892f15e2d7 100644 --- a/crypto/des/enc_writ.c +++ b/crypto/des/enc_writ.c @@ -130,7 +130,7 @@ int des_enc_write(int fd, const void *_buf, int len, { cp=shortbuf; memcpy(shortbuf,buf,len); - RAND_bytes(shortbuf+len, 8-len); + RAND_pseudo_bytes(shortbuf+len, 8-len); rnum=8; } else diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index b5e5ec06e5..57435a9be2 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -121,7 +121,7 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, if (callback != NULL) callback(0,m++,cb_arg); if (!seed_len) - RAND_bytes(seed,SHA_DIGEST_LENGTH); + RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); else seed_len=0; diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 101275d648..a54384a71c 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -451,7 +451,7 @@ static void sig_out(BIO* b) if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return; EVP_DigestInit(md, md->digest); - RAND_bytes(&(md->md.base[0]), md->digest->md_size); + RAND_pseudo_bytes(&(md->md.base[0]), md->digest->md_size); memcpy(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]), md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); ctx->buf_len+= md->digest->md_size; diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index e372f138c7..d449e892bf 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -73,9 +73,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, int i; if (npubk <= 0) return(0); - if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) return(0); + if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) + return(0); if (type->iv_len > 0) - RAND_bytes(iv,type->iv_len); + RAND_pseudo_bytes(iv,type->iv_len); EVP_CIPHER_CTX_init(ctx); EVP_EncryptInit(ctx,type,key,iv); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 449a1fe984..49aeb62bde 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -379,7 +379,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - RAND_bytes(iv,8); /* Generate a salt */ + if (RAND_bytes(iv,8) <= 0) /* Generate a salt */ + goto err; /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 3cb782fa60..f1094b3840 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -156,7 +156,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } - if (!salt) RAND_bytes (p12->mac->salt->data, saltlen); + if (!salt) { + if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0) + return 0; + } else memcpy (p12->mac->salt->data, salt, saltlen); p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 78355c9387..1403ff591d 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -164,7 +164,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) if (RAND_bytes(key,keylen) <= 0) goto err; xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); - if (ivlen > 0) RAND_bytes(iv,ivlen); + if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); EVP_CipherInit(ctx, evp_cipher, key, iv, 1); if (ivlen > 0) { diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 97c3ece535..f95ecb0e00 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -118,7 +118,7 @@ err: int RAND_write_file(const char *file) { unsigned char buf[BUFSIZE]; - int i,ret=0; + int i,ret=0,err=0; FILE *out = NULL; int n; @@ -156,7 +156,8 @@ int RAND_write_file(const char *file) { i=(n > BUFSIZE)?BUFSIZE:n; n-=BUFSIZE; - RAND_bytes(buf,i); + if (RAND_bytes(buf,i) <= 0) + err=1; i=fwrite(buf,1,i,out); if (i <= 0) { @@ -169,7 +170,7 @@ int RAND_write_file(const char *file) fclose(out); memset(buf,0,BUFSIZE); err: - return(ret); + return(err ? -1 : ret); } char *RAND_file_name(char *buf, int size) |