diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-09-11 01:54:06 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-09-11 01:54:06 +0200 |
| commit | a12180612649d5aebb2ca7e6c7727c41becb4549 (patch) | |
| tree | a7fcce88036b9c82227f367f6b59877b18a08c20 /sys/src | |
| parent | b137763fe7ac6f16b18518f8acabb805183401c0 (diff) | |
kernel: replace various custom random iv buffer filling functions with calls to prng()
Diffstat (limited to 'sys/src')
| -rw-r--r-- | sys/src/9/ip/esp.c | 18 | ||||
| -rw-r--r-- | sys/src/9/port/devfs.c | 2 | ||||
| -rw-r--r-- | sys/src/9/port/devsdp.c | 4 | ||||
| -rw-r--r-- | sys/src/9/port/devssl.c | 13 | ||||
| -rw-r--r-- | sys/src/9/port/devtls.c | 11 |
5 files changed, 10 insertions, 38 deletions
diff --git a/sys/src/9/ip/esp.c b/sys/src/9/ip/esp.c index 1e93f6f75..667090953 100644 --- a/sys/src/9/ip/esp.c +++ b/sys/src/9/ip/esp.c @@ -15,7 +15,7 @@ #include "ip.h" #include "ipv6.h" -#include "libsec.h" +#include <libsec.h> #define BITS2BYTES(bi) (((bi) + BI2BY - 1) / BI2BY) #define BYTES2BITS(by) ((by) * BI2BY) @@ -840,15 +840,13 @@ static void aescbcespinit(Espcb *ecb, char *name, uchar *k, unsigned n) { uchar key[Aeskeysz], ivec[Aeskeysz]; - int i; n = BITS2BYTES(n); if(n > Aeskeysz) n = Aeskeysz; memset(key, 0, sizeof(key)); memmove(key, k, n); - for(i = 0; i < Aeskeysz; i++) - ivec[i] = nrand(256); + prng(ivec, Aeskeysz); ecb->espalg = name; ecb->espblklen = Aesblk; ecb->espivlen = Aesblk; @@ -900,15 +898,13 @@ static void aesctrespinit(Espcb *ecb, char *name, uchar *k, unsigned n) { uchar key[Aesblk], ivec[Aesblk]; - int i; n = BITS2BYTES(n); if(n > Aeskeysz) n = Aeskeysz; memset(key, 0, sizeof(key)); memmove(key, k, n); - for(i = 0; i < Aesblk; i++) - ivec[i] = nrand(256); + prng(ivec, Aesblk); ecb->espalg = name; ecb->espblklen = Aesblk; ecb->espivlen = Aesblk; @@ -1010,15 +1006,13 @@ static void desespinit(Espcb *ecb, char *name, uchar *k, unsigned n) { uchar key[Desblk], ivec[Desblk]; - int i; n = BITS2BYTES(n); if(n > Desblk) n = Desblk; memset(key, 0, sizeof(key)); memmove(key, k, n); - for(i = 0; i < Desblk; i++) - ivec[i] = nrand(256); + prng(ivec, Desblk); ecb->espalg = name; ecb->espblklen = Desblk; ecb->espivlen = Desblk; @@ -1034,15 +1028,13 @@ static void des3espinit(Espcb *ecb, char *name, uchar *k, unsigned n) { uchar key[3][Desblk], ivec[Desblk]; - int i; n = BITS2BYTES(n); if(n > Des3keysz) n = Des3keysz; memset(key, 0, sizeof(key)); memmove(key, k, n); - for(i = 0; i < Desblk; i++) - ivec[i] = nrand(256); + prng(ivec, Desblk); ecb->espalg = name; ecb->espblklen = Desblk; ecb->espivlen = Desblk; diff --git a/sys/src/9/port/devfs.c b/sys/src/9/port/devfs.c index 6af244679..e5e6659b1 100644 --- a/sys/src/9/port/devfs.c +++ b/sys/src/9/port/devfs.c @@ -21,7 +21,7 @@ #include "io.h" #include "ureg.h" #include "../port/error.h" -#include "libsec.h" +#include <libsec.h> int dec16(uchar *out, int lim, char *in, int n); diff --git a/sys/src/9/port/devsdp.c b/sys/src/9/port/devsdp.c index 6443212e4..a840bc635 100644 --- a/sys/src/9/port/devsdp.c +++ b/sys/src/9/port/devsdp.c @@ -1998,7 +1998,6 @@ descipherinit(Conv *c) { uchar key[8]; uchar ivec[8]; - int i; int n = c->cipher->keylen; cipherfree(c); @@ -2019,8 +2018,7 @@ descipherinit(Conv *c) /* out */ memset(key, 0, sizeof(key)); setkey(key, n, &c->out, "cipher"); - for(i=0; i<8; i++) - ivec[i] = nrand(256); + prng(ivec, 8); c->out.cipherblklen = 8; c->out.cipherivlen = 8; c->out.cipher = desencrypt; diff --git a/sys/src/9/port/devssl.c b/sys/src/9/port/devssl.c index ef3cd6fb6..69c509a9f 100644 --- a/sys/src/9/port/devssl.c +++ b/sys/src/9/port/devssl.c @@ -680,17 +680,6 @@ sslread(Chan *c, void *a, long n, vlong off) return n; } -/* - * this algorithm doesn't have to be great since we're just - * trying to obscure the block fill - */ -static void -randfill(uchar *buf, int len) -{ - while(len-- > 0) - *buf++ = nrand(256); -} - static long sslbwrite(Chan *c, Block *b, ulong) { @@ -779,7 +768,7 @@ sslput(Dstate *s, Block * volatile b) /* SSL style count */ if(pad){ nb = padblock(nb, -pad); - randfill(nb->wp, pad); + prng(nb->wp, pad); nb->wp += pad; m += pad; diff --git a/sys/src/9/port/devtls.c b/sys/src/9/port/devtls.c index 3f864a7fc..c417b38b5 100644 --- a/sys/src/9/port/devtls.c +++ b/sys/src/9/port/devtls.c @@ -1234,13 +1234,6 @@ tlsread(Chan *c, void *a, long n, vlong off) return n; } -static void -randfill(uchar *buf, int len) -{ - while(len-- > 0) - *buf++ = nrand(256); -} - /* * write a block in tls records */ @@ -1325,7 +1318,7 @@ if(tr->debug)pdump(BLEN(b), b->rp, "sent:"); n = (*sec->aead_enc)(sec, aad, aadlen, p + RecHdrLen, p + RecHdrLen + ivlen, n) + ivlen; else { if(ivlen > 0) - randfill(p + RecHdrLen, ivlen); + prng(p + RecHdrLen, ivlen); packMac(sec, aad, aadlen, p + RecHdrLen + ivlen, n, p + RecHdrLen + ivlen + n); n = (*sec->enc)(sec, p + RecHdrLen, ivlen + n + maclen); } @@ -1523,7 +1516,7 @@ initaesgcmkey(Encalg *ea, Secret *s, uchar *p, uchar *iv) s->maclen = 16; s->recivlen = 8; memmove(s->mackey, iv, ea->ivlen); - randfill(s->mackey + ea->ivlen, s->recivlen); + prng(s->mackey + ea->ivlen, s->recivlen); setupAESGCMstate(s->enckey, p, ea->keylen, nil, 0); } |