summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNeil Conway2005-03-21 05:22:14 +0000
committerNeil Conway2005-03-21 05:22:14 +0000
commit8da3b352bdfb246163ca85736a7d40e5e90e7337 (patch)
treeffb1967727821b83352a2bbbf898773b1679d3c9
parentf86fe2cd81a8129eb6ca90d9ddc75c8f1401fb5e (diff)
pgcrypto update:
Reserve px_get_random_bytes() for strong randomness, add new function px_get_pseudo_random_bytes() for weak randomness and use it in gen_salt(). On openssl case, use RAND_pseudo_bytes() for px_get_pseudo_random_bytes(). Final result is that is user has not configured random souce but kept the 'silly' one, gen_salt() keeps working, but pgp_encrypt() will throw error. Marko Kreen
-rw-r--r--contrib/pgcrypto/px-crypt.c2
-rw-r--r--contrib/pgcrypto/px.c1
-rw-r--r--contrib/pgcrypto/px.h2
-rw-r--r--contrib/pgcrypto/random.c51
4 files changed, 44 insertions, 12 deletions
diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c
index 7e5ec03c2e..7abf3db5a6 100644
--- a/contrib/pgcrypto/px-crypt.c
+++ b/contrib/pgcrypto/px-crypt.c
@@ -171,7 +171,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
return PXE_BAD_SALT_ROUNDS;
}
- res = px_get_random_bytes(rbuf, g->input_len);
+ res = px_get_pseudo_random_bytes(rbuf, g->input_len);
if (res < 0)
return res;
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index f6e174bbfd..74e91ffe06 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -56,6 +56,7 @@ static const struct error_desc px_err_list[] = {
{PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
{PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
+ {PXE_NO_RANDOM, "No strong random source"},
{0, NULL},
};
diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h
index 4bc9a6f725..d1625487fb 100644
--- a/contrib/pgcrypto/px.h
+++ b/contrib/pgcrypto/px.h
@@ -83,6 +83,7 @@ void px_free(void *p);
#define PXE_UNKNOWN_SALT_ALGO -14
#define PXE_BAD_SALT_ROUNDS -15
#define PXE_MCRYPT_INTERNAL -16
+#define PXE_NO_RANDOM -17
typedef struct px_digest PX_MD;
typedef struct px_alias PX_Alias;
@@ -168,6 +169,7 @@ int px_find_cipher(const char *name, PX_Cipher ** res);
int px_find_combo(const char *name, PX_Combo ** res);
int px_get_random_bytes(uint8 *dst, unsigned count);
+int px_get_pseudo_random_bytes(uint8 *dst, unsigned count);
const char *px_strerror(int err);
diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c
index 84b56dd6b9..dcf54fb148 100644
--- a/contrib/pgcrypto/random.c
+++ b/contrib/pgcrypto/random.c
@@ -78,10 +78,16 @@ px_get_random_bytes(uint8 *dst, unsigned count)
return res;
}
+int
+px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
+{
+ return px_get_random_bytes(dst, count);
+}
+
#elif defined(RAND_SILLY)
int
-px_get_random_bytes(uint8 *dst, unsigned count)
+px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
{
int i;
@@ -90,6 +96,12 @@ px_get_random_bytes(uint8 *dst, unsigned count)
return i;
}
+int
+px_get_random_bytes(uint8 *dst, unsigned count)
+{
+ return PXE_NO_RANDOM;
+}
+
#elif defined(RAND_OPENSSL)
#include <openssl/evp.h>
@@ -99,22 +111,24 @@ px_get_random_bytes(uint8 *dst, unsigned count)
static int openssl_random_init = 0;
+/*
+ * OpenSSL random should re-feeded occasionally. From /dev/urandom
+ * preferably.
+ */
+static void init_openssl()
+{
+ if (RAND_get_rand_method() == NULL)
+ RAND_set_rand_method(RAND_SSLeay());
+ openssl_random_init = 1;
+}
+
int
px_get_random_bytes(uint8 *dst, unsigned count)
{
int res;
if (!openssl_random_init)
- {
- if (RAND_get_rand_method() == NULL)
- RAND_set_rand_method(RAND_SSLeay());
- openssl_random_init = 1;
- }
-
- /*
- * OpenSSL random should re-feeded occasionally. From /dev/urandom
- * preferably.
- */
+ init_openssl();
res = RAND_bytes(dst, count);
if (res == 1)
@@ -123,6 +137,21 @@ px_get_random_bytes(uint8 *dst, unsigned count)
return PXE_OSSL_RAND_ERROR;
}
+int
+px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
+{
+ int res;
+
+ if (!openssl_random_init)
+ init_openssl();
+
+ res = RAND_pseudo_bytes(dst, count);
+ if (res == 0 || res == 1)
+ return count;
+
+ return PXE_OSSL_RAND_ERROR;
+}
+
#else
#error "Invalid random source"
#endif