Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit19b6768

Browse files
author
Neil Conway
committed
pgcrypto update:
Reserve px_get_random_bytes() for strong randomness,add new function px_get_pseudo_random_bytes() forweak randomness and use it in gen_salt().On openssl case, use RAND_pseudo_bytes() forpx_get_pseudo_random_bytes().Final result is that is user has not configured randomsouce but kept the 'silly' one, gen_salt() keepsworking, but pgp_encrypt() will throw error.Marko Kreen
1 parent1ea9169 commit19b6768

File tree

4 files changed

+48
-16
lines changed

4 files changed

+48
-16
lines changed

‎contrib/pgcrypto/px-crypt.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2727
* SUCH DAMAGE.
2828
*
29-
* $PostgreSQL: pgsql/contrib/pgcrypto/px-crypt.c,v 1.10 2005/03/21 05:19:55 neilc Exp $
29+
* $PostgreSQL: pgsql/contrib/pgcrypto/px-crypt.c,v 1.11 2005/03/21 05:22:14 neilc Exp $
3030
*/
3131

3232
#include<postgres.h>
@@ -171,7 +171,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
171171
returnPXE_BAD_SALT_ROUNDS;
172172
}
173173

174-
res=px_get_random_bytes(rbuf,g->input_len);
174+
res=px_get_pseudo_random_bytes(rbuf,g->input_len);
175175
if (res<0)
176176
returnres;
177177

‎contrib/pgcrypto/px.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2727
* SUCH DAMAGE.
2828
*
29-
* $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.10 2005/03/21 05:19:55 neilc Exp $
29+
* $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.11 2005/03/21 05:22:14 neilc Exp $
3030
*/
3131

3232
#include<postgres.h>
@@ -56,6 +56,7 @@ static const struct error_desc px_err_list[] = {
5656
{PXE_UNKNOWN_SALT_ALGO,"Unknown salt algorithm"},
5757
{PXE_BAD_SALT_ROUNDS,"Incorrect number of rounds"},
5858
{PXE_MCRYPT_INTERNAL,"mcrypt internal error"},
59+
{PXE_NO_RANDOM,"No strong random source"},
5960
{0,NULL},
6061
};
6162

‎contrib/pgcrypto/px.h

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2727
* SUCH DAMAGE.
2828
*
29-
* $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.11 2005/03/21 05:19:55 neilc Exp $
29+
* $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.12 2005/03/21 05:22:14 neilc Exp $
3030
*/
3131

3232
#ifndef__PX_H
@@ -83,6 +83,7 @@ voidpx_free(void *p);
8383
#definePXE_UNKNOWN_SALT_ALGO-14
8484
#definePXE_BAD_SALT_ROUNDS-15
8585
#definePXE_MCRYPT_INTERNAL-16
86+
#definePXE_NO_RANDOM-17
8687

8788
typedefstructpx_digestPX_MD;
8889
typedefstructpx_aliasPX_Alias;
@@ -168,6 +169,7 @@ intpx_find_cipher(const char *name, PX_Cipher ** res);
168169
intpx_find_combo(constchar*name,PX_Combo**res);
169170

170171
intpx_get_random_bytes(uint8*dst,unsignedcount);
172+
intpx_get_pseudo_random_bytes(uint8*dst,unsignedcount);
171173

172174
constchar*px_strerror(interr);
173175

‎contrib/pgcrypto/random.c

Lines changed: 41 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2727
* SUCH DAMAGE.
2828
*
29-
* $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.9 2005/03/21 05:19:55 neilc Exp $
29+
* $PostgreSQL: pgsql/contrib/pgcrypto/random.c,v 1.10 2005/03/21 05:22:14 neilc Exp $
3030
*/
3131

3232

@@ -78,10 +78,16 @@ px_get_random_bytes(uint8 *dst, unsigned count)
7878
returnres;
7979
}
8080

81+
int
82+
px_get_pseudo_random_bytes(uint8*dst,unsignedcount)
83+
{
84+
returnpx_get_random_bytes(dst,count);
85+
}
86+
8187
#elif defined(RAND_SILLY)
8288

8389
int
84-
px_get_random_bytes(uint8*dst,unsignedcount)
90+
px_get_pseudo_random_bytes(uint8*dst,unsignedcount)
8591
{
8692
inti;
8793

@@ -90,6 +96,12 @@ px_get_random_bytes(uint8 *dst, unsigned count)
9096
returni;
9197
}
9298

99+
int
100+
px_get_random_bytes(uint8*dst,unsignedcount)
101+
{
102+
returnPXE_NO_RANDOM;
103+
}
104+
93105
#elif defined(RAND_OPENSSL)
94106

95107
#include<openssl/evp.h>
@@ -99,22 +111,24 @@ px_get_random_bytes(uint8 *dst, unsigned count)
99111

100112
staticintopenssl_random_init=0;
101113

114+
/*
115+
* OpenSSL random should re-feeded occasionally. From /dev/urandom
116+
* preferably.
117+
*/
118+
staticvoidinit_openssl()
119+
{
120+
if (RAND_get_rand_method()==NULL)
121+
RAND_set_rand_method(RAND_SSLeay());
122+
openssl_random_init=1;
123+
}
124+
102125
int
103126
px_get_random_bytes(uint8*dst,unsignedcount)
104127
{
105128
intres;
106129

107130
if (!openssl_random_init)
108-
{
109-
if (RAND_get_rand_method()==NULL)
110-
RAND_set_rand_method(RAND_SSLeay());
111-
openssl_random_init=1;
112-
}
113-
114-
/*
115-
* OpenSSL random should re-feeded occasionally. From /dev/urandom
116-
* preferably.
117-
*/
131+
init_openssl();
118132

119133
res=RAND_bytes(dst,count);
120134
if (res==1)
@@ -123,6 +137,21 @@ px_get_random_bytes(uint8 *dst, unsigned count)
123137
returnPXE_OSSL_RAND_ERROR;
124138
}
125139

140+
int
141+
px_get_pseudo_random_bytes(uint8*dst,unsignedcount)
142+
{
143+
intres;
144+
145+
if (!openssl_random_init)
146+
init_openssl();
147+
148+
res=RAND_pseudo_bytes(dst,count);
149+
if (res==0||res==1)
150+
returncount;
151+
152+
returnPXE_OSSL_RAND_ERROR;
153+
}
154+
126155
#else
127156
#error "Invalid random source"
128157
#endif

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp