mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Use the private RNG for data that is not public
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Fixes: #4641 GH: #4665
This commit is contained in:
parent
1238caa725
commit
4cffafe967
@ -89,7 +89,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
|
||||
return 0;
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
if (RAND_bytes(&n, 1) <= 0)
|
||||
if (RAND_priv_bytes(&n, 1) <= 0)
|
||||
return -1;
|
||||
num = (n & 0x07);
|
||||
|
||||
@ -126,7 +126,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
|
||||
num = nt->lwn;
|
||||
nt->lwn = 0;
|
||||
} else {
|
||||
if (RAND_bytes(&n, 1) <= 0)
|
||||
if (RAND_priv_bytes(&n, 1) <= 0)
|
||||
return -1;
|
||||
num = (n & 7);
|
||||
}
|
||||
|
@ -250,7 +250,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
|
||||
|
||||
do {
|
||||
int rv;
|
||||
if (!BN_rand_range(ret->A, ret->mod))
|
||||
if (!BN_priv_rand_range(ret->A, ret->mod))
|
||||
goto err;
|
||||
if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) {
|
||||
/*
|
||||
|
@ -279,6 +279,7 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
|
||||
char is_single_word = bits <= BN_BITS2;
|
||||
|
||||
again:
|
||||
/* TODO: Not all primes are private */
|
||||
if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
|
||||
return 0;
|
||||
/* we now have a random number 'rnd' to test. */
|
||||
@ -363,7 +364,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
|
||||
if ((t1 = BN_CTX_get(ctx)) == NULL)
|
||||
goto err;
|
||||
|
||||
if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
goto err;
|
||||
|
||||
/* we need ((rnd-rem) % add) == 0 */
|
||||
@ -419,7 +420,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
|
||||
if (!BN_rshift1(qadd, padd))
|
||||
goto err;
|
||||
|
||||
if (!BN_priv_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
goto err;
|
||||
|
||||
/* we need ((rnd-rem) % add) == 0 */
|
||||
|
@ -239,7 +239,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
||||
memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
|
||||
|
||||
for (done = 0; done < num_k_bytes;) {
|
||||
if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
|
||||
if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
|
||||
goto err;
|
||||
SHA512_Init(&sha);
|
||||
SHA512_Update(&sha, &done, sizeof(done));
|
||||
|
@ -179,7 +179,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
if (!BN_set_word(y, i))
|
||||
goto end;
|
||||
} else {
|
||||
if (!BN_rand(y, BN_num_bits(p), 0, 0))
|
||||
if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
|
||||
goto end;
|
||||
if (BN_ucmp(y, p) >= 0) {
|
||||
if (!(p->neg ? BN_add : BN_sub) (y, y, p))
|
||||
|
@ -13,7 +13,7 @@
|
||||
int DES_random_key(DES_cblock *ret)
|
||||
{
|
||||
do {
|
||||
if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
|
||||
if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
|
||||
return 0;
|
||||
} while (DES_is_weak_key(ret));
|
||||
DES_set_odd_parity(ret);
|
||||
|
@ -229,7 +229,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
|
||||
|
||||
switch (type) {
|
||||
case EVP_CTRL_RAND_KEY:
|
||||
if (RAND_bytes(ptr, 8) <= 0)
|
||||
if (RAND_priv_bytes(ptr, 8) <= 0)
|
||||
return 0;
|
||||
DES_set_odd_parity((DES_cblock *)ptr);
|
||||
return 1;
|
||||
|
@ -283,7 +283,7 @@ static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
|
||||
|
||||
switch (type) {
|
||||
case EVP_CTRL_RAND_KEY:
|
||||
if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
|
||||
if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
|
||||
return 0;
|
||||
DES_set_odd_parity(deskey);
|
||||
if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
|
||||
|
@ -602,7 +602,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
|
||||
{
|
||||
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
|
||||
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
|
||||
if (RAND_bytes(key, ctx->key_len) <= 0)
|
||||
if (RAND_priv_bytes(key, ctx->key_len) <= 0)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
@ -166,7 +166,7 @@ int RAND_write_file(const char *file)
|
||||
#endif
|
||||
|
||||
/* Collect enough random data. */
|
||||
if (RAND_bytes(buf, (int)sizeof(buf)) != 1)
|
||||
if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1)
|
||||
return -1;
|
||||
|
||||
#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
|
||||
|
@ -422,7 +422,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
|
||||
if (!SRP_user_pwd_set_ids(user, username, NULL))
|
||||
goto err;
|
||||
|
||||
if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
|
||||
if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
|
||||
goto err;
|
||||
ctxt = EVP_MD_CTX_new();
|
||||
if (ctxt == NULL
|
||||
|
@ -3047,13 +3047,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
||||
/* Setup RFC5077 ticket keys */
|
||||
if ((RAND_bytes(ret->ext.tick_key_name,
|
||||
sizeof(ret->ext.tick_key_name)) <= 0)
|
||||
|| (RAND_bytes(ret->ext.secure->tick_hmac_key,
|
||||
|| (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
|
||||
sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
|
||||
|| (RAND_bytes(ret->ext.secure->tick_aes_key,
|
||||
|| (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
|
||||
sizeof(ret->ext.secure->tick_aes_key)) <= 0))
|
||||
ret->options |= SSL_OP_NO_TICKET;
|
||||
|
||||
if (RAND_bytes(ret->ext.cookie_hmac_key,
|
||||
if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
|
||||
sizeof(ret->ext.cookie_hmac_key)) <= 0)
|
||||
goto err;
|
||||
|
||||
|
@ -2936,7 +2936,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
|
||||
* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
|
||||
*/
|
||||
|
||||
if (RAND_bytes(rand_premaster_secret,
|
||||
if (RAND_priv_bytes(rand_premaster_secret,
|
||||
sizeof(rand_premaster_secret)) <= 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
|
@ -157,7 +157,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
|
||||
(s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
|
||||
return SSL3_AL_FATAL;
|
||||
|
||||
if (RAND_bytes(b, sizeof(b)) <= 0)
|
||||
if (RAND_priv_bytes(b, sizeof(b)) <= 0)
|
||||
return SSL3_AL_FATAL;
|
||||
s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
|
||||
OPENSSL_cleanse(b, sizeof(b));
|
||||
@ -369,7 +369,7 @@ int SRP_Calc_A_param(SSL *s)
|
||||
{
|
||||
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
|
||||
|
||||
if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
|
||||
if (RAND_priv_bytes(rnd, sizeof(rnd)) <= 0)
|
||||
return 0;
|
||||
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
|
||||
OPENSSL_cleanse(rnd, sizeof(rnd));
|
||||
|
Loading…
Reference in New Issue
Block a user