wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix RAND_(pseudo_)?_bytes returns

Browse source 
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8f8e4e4f52)

Conflicts:
	crypto/evp/e_des3.c
This commit is contained in:
Matt Caswell 2015-02-26 16:28:59 +00:00
parent 23a9b24aa1
commit 750190567a
20 changed files with 71 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/s_cb.c
View file

@ -747,7 +747,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
/* Initialize a random secret */ /* Initialize a random secret */
if (!cookie_initialized) { if (!cookie_initialized) {
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n"); BIO_printf(bio_err, "error setting random cookie secret\n");
return 0; return 0;
} }

3
apps/s_server.c
View file

@ -2916,7 +2916,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
{ {
unsigned int count = 0; unsigned int count = 0;
do { do {
RAND_pseudo_bytes(id, *id_len); if(RAND_pseudo_bytes(id, *id_len) < 0)
return 0;
/* /*
* Prefix the session_id with the required prefix. NB: If our prefix * Prefix the session_id with the required prefix. NB: If our prefix
* is too long, clip it - but there will be worse effects anyway, eg. * is too long, clip it - but there will be worse effects anyway, eg.

3
crypto/asn1/asn_mime.c
View file

@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) { if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */ /* We want multipart/signed */
/* Generate a random boundary */ /* Generate a random boundary */
RAND_pseudo_bytes((unsigned char *)bound, 32); if(RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
return 0;
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
c = bound[i] & 0xf; c = bound[i] & 0xf;
if (c < 10) if (c < 10)

6
crypto/bio/bf_nbio.c
View file

@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
#if 1 #if 1
RAND_pseudo_bytes(&n, 1); if(RAND_pseudo_bytes(&n, 1) < 0)
return -1;
num = (n & 0x07); num = (n & 0x07);
if (outl > num) if (outl > num)
@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn; num = nt->lwn;
nt->lwn = 0; nt->lwn = 0;
} else { } else {
RAND_pseudo_bytes(&n, 1); if(RAND_pseudo_bytes(&n, 1) < 0)
return -1;
num = (n & 7); num = (n & 7);
} }

1
crypto/bn/bn.h
View file

@ -797,6 +797,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
* wouldn't be constructed with top!=dmax. */ \ * wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \ BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
/* Debug only - safe to ignore error return */ \
RAND_pseudo_bytes(&_tmp_char, 1); \ RAND_pseudo_bytes(&_tmp_char, 1); \
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \

3
crypto/bn/bn_rand.c
View file

@ -157,7 +157,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
unsigned char c; unsigned char c;
for (i = 0; i < bytes; i++) { for (i = 0; i < bytes; i++) {
RAND_pseudo_bytes(&c, 1); if(RAND_pseudo_bytes(&c, 1) < 0)
goto err;
if (c >= 128 && i > 0) if (c >= 128 && i > 0)
buf[i] = buf[i - 1]; buf[i] = buf[i - 1];
else if (c < 42) else if (c < 42)

5
crypto/cms/cms_pwri.c
View file

@ -297,8 +297,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
out[3] = in[2] ^ 0xFF; out[3] = in[2] ^ 0xFF;
memcpy(out + 4, in, inlen); memcpy(out + 4, in, inlen);
/* Add random padding to end */ /* Add random padding to end */
if (olen > inlen + 4) if (olen > inlen + 4
RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
return 0;
/* Encrypt twice */ /* Encrypt twice */
EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen);

6
crypto/des/des.c
View file

@ -455,8 +455,10 @@ void doencryption(void)
rem = l % 8; rem = l % 8;
len = l - rem; len = l - rem;
if (feof(DES_IN)) { if (feof(DES_IN)) {
for (i = 7 - rem; i > 0; i--) for (i = 7 - rem; i > 0; i--) {
RAND_pseudo_bytes(buf + l++, 1); if(RAND_pseudo_bytes(buf + l++, 1) < 0)
goto problems;
}
buf[l++] = rem; buf[l++] = rem;
ex = 1; ex = 1;
len += rem; len += rem;

4
crypto/des/enc_writ.c
View file

@ -132,7 +132,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
if (len < 8) { if (len < 8) {
cp = shortbuf; cp = shortbuf;
memcpy(shortbuf, buf, len); memcpy(shortbuf, buf, len);
RAND_pseudo_bytes(shortbuf + len, 8 - len); if(RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
return -1;
}
rnum = 8; rnum = 8;
} else { } else {
cp = buf; cp = buf;

3
crypto/dsa/dsa_gen.c
View file

@ -202,7 +202,8 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err; goto err;
if (!seed_len) { if (!seed_len) {
RAND_pseudo_bytes(seed, qsize); if(RAND_pseudo_bytes(seed, qsize) < 0)
goto err;
seed_is_random = 1; seed_is_random = 1;
} else { } else {
seed_is_random = 0; seed_is_random = 0;

4
crypto/ecdsa/ecdsatest.c
View file

@ -296,8 +296,8 @@ int test_builtin(BIO *out)
int nid, ret = 0; int nid, ret = 0;
/* fill digest values with some random data */ /* fill digest values with some random data */
if (!RAND_pseudo_bytes(digest, 20) || if (RAND_pseudo_bytes(digest, 20) <= 0 ||
!RAND_pseudo_bytes(wrong_digest, 20)) { RAND_pseudo_bytes(wrong_digest, 20) <= 0) {
BIO_printf(out, "ERROR: unable to get random data\n"); BIO_printf(out, "ERROR: unable to get random data\n");
goto builtin_err; goto builtin_err;
} }

3
crypto/evp/bio_ok.c
View file

@ -491,7 +491,8 @@ static int sig_out(BIO *b)
* FIXME: there's absolutely no guarantee this makes any sense at all, * FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured. * particularly now EVP_MD_CTX has been restructured.
*/ */
RAND_pseudo_bytes(md->md_data, md->digest->md_size); if(RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0)
goto berr;
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
ctx->buf_len += md->digest->md_size; ctx->buf_len += md->digest->md_size;

5
crypto/evp/p_seal.c
View file

@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return 1; return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0; return 0;
if (EVP_CIPHER_CTX_iv_length(ctx)) if (EVP_CIPHER_CTX_iv_length(ctx)
RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
return 0;
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0; return 0;

4
crypto/ocsp/ocsp_ext.c
View file

@ -361,8 +361,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
if (val) if (val)
memcpy(tmpval, val, len); memcpy(tmpval, val, len);
else else if(RAND_pseudo_bytes(tmpval, len) < 0)
RAND_pseudo_bytes(tmpval, len); goto err;
if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE)) &os, 0, X509V3_ADD_REPLACE))
goto err; goto err;

9
crypto/srp/srp_vfy.c
View file

@ -497,7 +497,8 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
if (!SRP_user_pwd_set_ids(user, username, NULL)) if (!SRP_user_pwd_set_ids(user, username, NULL))
goto err; goto err;
RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH); if(RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH) < 0)
goto err;
EVP_MD_CTX_init(&ctxt); EVP_MD_CTX_init(&ctxt);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
@ -549,7 +550,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
} }
if (*salt == NULL) { if (*salt == NULL) {
RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); if(RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
goto err;
s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
} else { } else {
@ -609,7 +611,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
srp_bn_print(g); srp_bn_print(g);
if (*salt == NULL) { if (*salt == NULL) {
RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); if(RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
goto err;
*salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
} }

3
demos/easy_tls/easy-tls.c
View file

@ -761,7 +761,8 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
if (tls_dhe1024 == NULL) { if (tls_dhe1024 == NULL) {
int i; int i;
RAND_bytes((unsigned char *)&i, sizeof i); if(RAND_bytes((unsigned char *)&i, sizeof i) <= 0)
goto err_return;
/* /*
* make sure that i is non-negative -- pick one of the provided * make sure that i is non-negative -- pick one of the provided
* seeds * seeds

14
ssl/d1_both.c
View file

@ -1540,7 +1540,10 @@ int dtls1_process_heartbeat(SSL *s)
memcpy(bp, pl, payload); memcpy(bp, pl, payload);
bp += payload; bp += payload;
/* Random padding */ /* Random padding */
RAND_pseudo_bytes(bp, padding); if(RAND_pseudo_bytes(bp, padding) < 0) {
OPENSSL_free(buffer);
return -1;
}
r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
@ -1574,7 +1577,7 @@ int dtls1_process_heartbeat(SSL *s)
int dtls1_heartbeat(SSL *s) int dtls1_heartbeat(SSL *s)
{ {
unsigned char *buf, *p; unsigned char *buf, *p;
int ret; int ret = -1;
unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int payload = 18; /* Sequence number + random bytes */
unsigned int padding = 16; /* Use minimum padding */ unsigned int padding = 16; /* Use minimum padding */
@ -1622,10 +1625,12 @@ int dtls1_heartbeat(SSL *s)
/* Sequence number */ /* Sequence number */
s2n(s->tlsext_hb_seq, p); s2n(s->tlsext_hb_seq, p);
/* 16 random bytes */ /* 16 random bytes */
RAND_pseudo_bytes(p, 16); if(RAND_pseudo_bytes(p, 16) < 0)
goto err;
p += 16; p += 16;
/* Random padding */ /* Random padding */
RAND_pseudo_bytes(p, padding); if(RAND_pseudo_bytes(p, padding) < 0)
goto err;
ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
if (ret >= 0) { if (ret >= 0) {
@ -1638,6 +1643,7 @@ int dtls1_heartbeat(SSL *s)
s->tlsext_hb_pending = 1; s->tlsext_hb_pending = 1;
} }
err:
OPENSSL_free(buf); OPENSSL_free(buf);
return ret; return ret;

5
ssl/s3_clnt.c
View file

@ -2729,7 +2729,10 @@ int ssl3_send_client_key_exchange(SSL *s)
EVP_PKEY_encrypt_init(pkey_ctx); EVP_PKEY_encrypt_init(pkey_ctx);
/* Generate session key */ /* Generate session key */
RAND_bytes(premaster_secret, 32); if(RAND_bytes(premaster_secret, 32) <= 0) {
EVP_PKEY_CTX_free(pkey_ctx);
goto err;
}
/* /*
* If we have client certificate, use its secret as peer key * If we have client certificate, use its secret as peer key
*/ */

18
ssl/t1_lib.c
View file

@ -2612,7 +2612,10 @@ int tls1_process_heartbeat(SSL *s)
memcpy(bp, pl, payload); memcpy(bp, pl, payload);
bp += payload; bp += payload;
/* Random padding */ /* Random padding */
RAND_pseudo_bytes(bp, padding); if(RAND_pseudo_bytes(bp, padding) < 0) {
OPENSSL_free(buffer);
return -1;
}
r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
3 + payload + padding); 3 + payload + padding);
@ -2647,7 +2650,7 @@ int tls1_process_heartbeat(SSL *s)
int tls1_heartbeat(SSL *s) int tls1_heartbeat(SSL *s)
{ {
unsigned char *buf, *p; unsigned char *buf, *p;
int ret; int ret = -1;
unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int payload = 18; /* Sequence number + random bytes */
unsigned int padding = 16; /* Use minimum padding */ unsigned int padding = 16; /* Use minimum padding */
@ -2695,10 +2698,16 @@ int tls1_heartbeat(SSL *s)
/* Sequence number */ /* Sequence number */
s2n(s->tlsext_hb_seq, p); s2n(s->tlsext_hb_seq, p);
/* 16 random bytes */ /* 16 random bytes */
RAND_pseudo_bytes(p, 16); if(RAND_pseudo_bytes(p, 16) < 0) {
SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
goto err;
}
p += 16; p += 16;
/* Random padding */ /* Random padding */
RAND_pseudo_bytes(p, padding); if(RAND_pseudo_bytes(p, padding) < 0) {
SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
goto err;
}
ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
if (ret >= 0) { if (ret >= 0) {
@ -2710,6 +2719,7 @@ int tls1_heartbeat(SSL *s)
s->tlsext_hb_pending = 1; s->tlsext_hb_pending = 1;
} }
err:
OPENSSL_free(buf); OPENSSL_free(buf);
return ret; return ret;

3
ssl/tls_srp.c
View file

@ -454,7 +454,8 @@ int SRP_Calc_A_param(SSL *s)
{ {
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
RAND_bytes(rnd, sizeof(rnd)); if(RAND_bytes(rnd, sizeof(rnd)) <= 0)
return -1;
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd)); OPENSSL_cleanse(rnd, sizeof(rnd));