diff options
author | Ulf Möller <ulf@openssl.org> | 2000-01-21 01:15:56 +0000 |
---|---|---|
committer | Ulf Möller <ulf@openssl.org> | 2000-01-21 01:15:56 +0000 |
commit | e7f97e2d22e386df60c8da63277727a931bf22b7 (patch) | |
tree | 45c42494189d95fada508ac3ff806dee37c00d22 /ssl | |
parent | 731d9c5fb5d0535e3c84866e3c355cbf21a92a67 (diff) | |
download | openssl-new-e7f97e2d22e386df60c8da63277727a931bf22b7.tar.gz |
Check RAND_bytes() return value or use RAND_pseudo_bytes().
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s23_clnt.c | 4 | ||||
-rw-r--r-- | ssl/s2_clnt.c | 13 | ||||
-rw-r--r-- | ssl/s2_srvr.c | 6 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 5 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 4 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 2 |
6 files changed, 21 insertions, 13 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 067216b1a2..aaedf6a9bb 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -224,7 +224,7 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - RAND_bytes(p,SSL3_RANDOM_SIZE); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); /* Do the message type and length last */ d= &(buf[2]); @@ -285,7 +285,7 @@ static int ssl23_client_hello(SSL *s) i=ch_len; s2n(i,d); memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); - RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); + RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); p+=i; diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index f05b76a66a..f813c504fe 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -515,7 +515,7 @@ static int client_hello(SSL *s) s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ /*challenge id data*/ - RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH); + RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH); memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); d+=SSL2_CHALLENGE_LENGTH; @@ -557,12 +557,19 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; - if (i > 0) RAND_bytes(sess->key_arg,i); + if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ i=EVP_CIPHER_key_length(c); sess->master_key_length=i; - if (i > 0) RAND_bytes(sess->master_key,i); + if (i > 0) + { + if (RAND_bytes(sess->master_key,i) <= 0) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + goto err; + } + } if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) enc=8; diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 811daa2e2c..af300bab8d 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -415,7 +415,7 @@ static int get_client_master_key(SSL *s) i=ek; else i=EVP_CIPHER_key_length(c); - RAND_bytes(p,i); + RAND_pseudo_bytes(p,i); } #else if (i < 0) @@ -680,7 +680,7 @@ static int server_hello(SSL *s) /* make and send conn_id */ s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; - RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length); + RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length); memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); d+=SSL2_CONNECTION_ID_LENGTH; @@ -798,7 +798,7 @@ static int request_certificate(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_REQUEST_CERTIFICATE; *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; - RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); + RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 9d85ba4fd9..cec0e3b35a 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -466,7 +466,7 @@ static int ssl3_client_hello(SSL *s) p=s->s3->client_random; Time=time(NULL); /* Time */ l2n(Time,p); - RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); /* Do the message type and length last */ d=p= &(buf[4]); @@ -1341,7 +1341,8 @@ static int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0]=s->client_version>>8; tmp_buf[1]=s->client_version&0xff; - RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2); + if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) + goto err; s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c6cc4f73a9..fd20f8004a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -816,7 +816,7 @@ static int ssl3_send_server_hello(SSL *s) p=s->s3->server_random; Time=time(NULL); /* Time */ l2n(Time,p); - RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); /* Do the message type and length last */ d=p= &(buf[4]); @@ -1292,7 +1292,7 @@ static int ssl3_get_client_key_exchange(SSL *s) { p[0]=(s->version>>8); p[1]=(s->version & 0xff); - RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); + RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); i=SSL_MAX_MASTER_KEY_LENGTH; } /* else, an SSLeay bug, ssl only server, tls client */ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index d6755801cc..0573f2c836 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -184,7 +184,7 @@ int ssl_get_new_session(SSL *s, int session) { SSL_SESSION *r; - RAND_bytes(ss->session_id,ss->session_id_length); + RAND_pseudo_bytes(ss->session_id,ss->session_id_length); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions, (char *)ss); |