From 19b676869a1d9c1bf25a2332bdbe04bb9027c340 Mon Sep 17 00:00:00 2001 From: Neil Conway Date: Mon, 21 Mar 2005 05:22:14 +0000 Subject: [PATCH] pgcrypto update: Reserve px_get_random_bytes() for strong randomness, add new function px_get_pseudo_random_bytes() for weak randomness and use it in gen_salt(). On openssl case, use RAND_pseudo_bytes() for px_get_pseudo_random_bytes(). Final result is that is user has not configured random souce but kept the 'silly' one, gen_salt() keeps working, but pgp_encrypt() will throw error. Marko Kreen --- contrib/pgcrypto/px-crypt.c | 4 +-- contrib/pgcrypto/px.c | 3 ++- contrib/pgcrypto/px.h | 4 ++- contrib/pgcrypto/random.c | 53 ++++++++++++++++++++++++++++--------- 4 files changed, 48 insertions(+), 16 deletions(-) diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c index 8b398c38a0..5b99d1d046 100644 --- a/contrib/pgcrypto/px-crypt.c +++ b/contrib/pgcrypto/px-crypt.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/px-crypt.c,v 1.10 2005/03/21 05:19:55 neilc Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/px-crypt.c,v 1.11 2005/03/21 05:22:14 neilc Exp $ */ #include @@ -171,7 +171,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds) return PXE_BAD_SALT_ROUNDS; } - res = px_get_random_bytes(rbuf, g->input_len); + res = px_get_pseudo_random_bytes(rbuf, g->input_len); if (res < 0) return res; diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index 259d054bbd..51f8306917 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.10 2005/03/21 05:19:55 neilc Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.11 2005/03/21 05:22:14 neilc Exp $ */ #include @@ -56,6 +56,7 @@ static const struct error_desc px_err_list[] = { {PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"}, {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"}, {PXE_MCRYPT_INTERNAL, "mcrypt internal error"}, + {PXE_NO_RANDOM, "No strong random source"}, {0, NULL}, }; diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h index f205000e8e..d7a15ffaa3 100644 --- a/contrib/pgcrypto/px.h +++ b/contrib/pgcrypto/px.h @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.11 2005/03/21 05:19:55 neilc Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.12 2005/03/21 05:22:14 neilc Exp $ */ #ifndef __PX_H @@ -83,6 +83,7 @@ void px_free(void *p); #define PXE_UNKNOWN_SALT_ALGO -14 #define PXE_BAD_SALT_ROUNDS -15 #define PXE_MCRYPT_INTERNAL -16 +#define PXE_NO_RANDOM -17 typedef struct px_digest PX_MD; typedef struct px_alias PX_Alias; @@ -168,6 +169,7 @@ int px_find_cipher(const char *name, PX_Cipher ** res); int px_find_combo(const char *name, PX_Combo ** res); int px_get_random_bytes(uint8 *dst, unsigned count); +int px_get_pseudo_random_bytes(uint8 *dst, unsigned count); const char *px_strerror(int err); diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c index 840d4df7fc..7f2f5f4925 100644 --- a/contrib/pgcrypto/random.c +++ b/contrib/pgcrypto/random.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.9 2005/03/21 05:19:55 neilc Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.10 2005/03/21 05:22:14 neilc Exp $ */ @@ -78,10 +78,16 @@ px_get_random_bytes(uint8 *dst, unsigned count) return res; } +int +px_get_pseudo_random_bytes(uint8 *dst, unsigned count) +{ + return px_get_random_bytes(dst, count); +} + #elif defined(RAND_SILLY) int -px_get_random_bytes(uint8 *dst, unsigned count) +px_get_pseudo_random_bytes(uint8 *dst, unsigned count) { int i; @@ -90,6 +96,12 @@ px_get_random_bytes(uint8 *dst, unsigned count) return i; } +int +px_get_random_bytes(uint8 *dst, unsigned count) +{ + return PXE_NO_RANDOM; +} + #elif defined(RAND_OPENSSL) #include @@ -99,22 +111,24 @@ px_get_random_bytes(uint8 *dst, unsigned count) static int openssl_random_init = 0; +/* + * OpenSSL random should re-feeded occasionally. From /dev/urandom + * preferably. + */ +static void init_openssl() +{ + if (RAND_get_rand_method() == NULL) + RAND_set_rand_method(RAND_SSLeay()); + openssl_random_init = 1; +} + int px_get_random_bytes(uint8 *dst, unsigned count) { int res; if (!openssl_random_init) - { - if (RAND_get_rand_method() == NULL) - RAND_set_rand_method(RAND_SSLeay()); - openssl_random_init = 1; - } - - /* - * OpenSSL random should re-feeded occasionally. From /dev/urandom - * preferably. - */ + init_openssl(); res = RAND_bytes(dst, count); if (res == 1) @@ -123,6 +137,21 @@ px_get_random_bytes(uint8 *dst, unsigned count) return PXE_OSSL_RAND_ERROR; } +int +px_get_pseudo_random_bytes(uint8 *dst, unsigned count) +{ + int res; + + if (!openssl_random_init) + init_openssl(); + + res = RAND_pseudo_bytes(dst, count); + if (res == 0 || res == 1) + return count; + + return PXE_OSSL_RAND_ERROR; +} + #else #error "Invalid random source" #endif