src - OpenBSD base system

diff options


context:
space:
mode:

author	Damien Miller <djm@cvs.openbsd.org>	2007-09-18 22:02:19 +0000
committer	Damien Miller <djm@cvs.openbsd.org>	2007-09-18 22:02:19 +0000
commit	60a50c17457081b214d0e67ae4d197348e65b44b (patch)
tree	6147ed9a892b427eadc4c9a9a1f55dece2c774a0
parent	3f52b824168b8743c53ff47ac2278be7ed638c5e (diff)

arc4random_bytes() is the preferred interface for generating nonces;

"looks ok" markus@

Diffstat

-rw-r--r--

sys/arch/i386/i386/via.c

-rw-r--r--

sys/arch/i386/pci/glxsb.c

-rw-r--r--

sys/dev/pci/hifn7751.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

sys/net80211/ieee80211_input.c

-rw-r--r--

sys/netinet/tcp_subr.c

9 files changed, 18 insertions, 18 deletions

diff --git a/sys/arch/i386/i386/via.c b/sys/arch/i386/i386/via.c
index 4bcc33df6a6..8f9e494db22 100644
--- a/sys/arch/i386/i386/via.c
+++ b/sys/arch/i386/i386/via.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: via.c,v 1.14 2007/09/11 01:12:44 deraadt Exp $ */

+/* $OpenBSD: via.c,v 1.15 2007/09/18 22:02:18 djm Exp $ */

/* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */

/*-

@@ -194,7 +194,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri)

cw0 |= C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW |

C3_CRYPT_CWLO_NORMAL;

- get_random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

+ arc4random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

ses->ses_klen = c->cri_klen;

ses->ses_cw0 = cw0;

diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c
index 4ea7493849b..c8712262417 100644
--- a/sys/arch/i386/pci/glxsb.c
+++ b/sys/arch/i386/pci/glxsb.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: glxsb.c,v 1.10 2007/09/10 23:04:46 henric Exp $ */

+/* $OpenBSD: glxsb.c,v 1.11 2007/09/18 22:02:18 djm Exp $ */

@@ -379,7 +379,7 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri)

return (EINVAL);

}

- get_random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

+ arc4random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

ses->ses_klen = c->cri_klen;

/* Copy the key (Geode LX wants the primary key only) */

diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c
index 7ae75aae001..a2c48ba6997 100644
--- a/sys/dev/pci/hifn7751.c
+++ b/sys/dev/pci/hifn7751.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: hifn7751.c,v 1.152 2006/06/29 21:34:51 deraadt Exp $ */

+/* $OpenBSD: hifn7751.c,v 1.153 2007/09/18 22:02:18 djm Exp $ */

* Invertex AEON / Hifn 7751 driver

@@ -1868,7 +1868,7 @@ hifn_newsession(u_int32_t *sidp, struct cryptoini *cri)

case CRYPTO_DES_CBC:

case CRYPTO_3DES_CBC:

case CRYPTO_AES_CBC:

- get_random_bytes(ses->hs_iv,

+ arc4random_bytes(ses->hs_iv,

(c->cri_alg == CRYPTO_AES_CBC ?

HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH));

/*FALLTHROUGH*/

diff --git a/sys/dev/pci/ises.c b/sys/dev/pci/ises.c
index 5a3bf6afa13..0f06a70c6f8 100644
--- a/sys/dev/pci/ises.c
+++ b/sys/dev/pci/ises.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ises.c,v 1.31 2006/06/29 21:34:51 deraadt Exp $ */

+/* $OpenBSD: ises.c,v 1.32 2007/09/18 22:02:18 djm Exp $ */

@@ -1014,7 +1014,7 @@ ises_newsession(u_int32_t *sidp, struct cryptoini *cri)

if (enc) {

/* get an IV, network byte order */

/* XXX switch to using builtin HRNG ! */

- get_random_bytes(ses->sccr, sizeof(ses->sccr));

+ arc4random_bytes(ses->sccr, sizeof(ses->sccr));

/* crypto key */

if (enc->cri_alg == CRYPTO_DES_CBC) {

diff --git a/sys/dev/pci/noct.c b/sys/dev/pci/noct.c
index e25a4051ebe..dc955a496a6 100644
--- a/sys/dev/pci/noct.c
+++ b/sys/dev/pci/noct.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: noct.c,v 1.17 2006/06/29 21:34:51 deraadt Exp $ */

+/* $OpenBSD: noct.c,v 1.18 2007/09/18 22:02:18 djm Exp $ */

@@ -1139,7 +1139,7 @@ noct_ea_start_des(sc, q, crp, crd)

if (crd->crd_flags & CRD_F_IV_EXPLICIT)

bcopy(crd->crd_iv, iv, 8);

else

- get_random_bytes(iv, sizeof(iv));

+ arc4random_bytes(iv, sizeof(iv));

if (!(crd->crd_flags & CRD_F_IV_PRESENT)) {

if (crp->crp_flags & CRYPTO_F_IMBUF)

diff --git a/sys/dev/pci/safe.c b/sys/dev/pci/safe.c
index 4724ad7951d..40538cb322c 100644
--- a/sys/dev/pci/safe.c
+++ b/sys/dev/pci/safe.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: safe.c,v 1.21 2007/02/28 22:16:55 deraadt Exp $ */

+/* $OpenBSD: safe.c,v 1.22 2007/09/18 22:02:18 djm Exp $ */

/*-

@@ -1358,7 +1358,7 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri)

if (encini) {

/* get an IV */

- get_random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

+ arc4random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

ses->ses_klen = encini->cri_klen;

bcopy(encini->cri_key, ses->ses_key, ses->ses_klen / 8);

diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c
index 404a1cdff7e..f2103655045 100644
--- a/sys/dev/pci/ubsec.c
+++ b/sys/dev/pci/ubsec.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ubsec.c,v 1.138 2006/12/29 13:04:37 pedro Exp $ */

+/* $OpenBSD: ubsec.c,v 1.139 2007/09/18 22:02:18 djm Exp $ */

@@ -620,7 +620,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri)

ses->ses_used = 1;

if (encini) {

/* get an IV, network byte order */

- get_random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

+ arc4random_bytes(ses->ses_iv, sizeof(ses->ses_iv));

/* Go ahead and compute key in ubsec's byte order */

if (encini->cri_alg == CRYPTO_DES_CBC) {

diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c
index 99103adf6b6..095aa0445b6 100644
--- a/sys/net80211/ieee80211_input.c
+++ b/sys/net80211/ieee80211_input.c

@@ -1,5 +1,5 @@

/* $NetBSD: ieee80211_input.c,v 1.24 2004/05/31 11:12:24 dyoung Exp $ */

-/* $OpenBSD: ieee80211_input.c,v 1.70 2007/08/29 19:54:46 damien Exp $ */

+/* $OpenBSD: ieee80211_input.c,v 1.71 2007/09/18 22:02:18 djm Exp $ */

/*-

@@ -1981,7 +1981,7 @@ ieee80211_recv_4way_msg1(struct ieee80211com *ic,

return;

/* generate a new nonce (SNonce) */

- get_random_bytes(snonce, EAPOL_KEY_NONCE_LEN);

+ arc4random_bytes(snonce, EAPOL_KEY_NONCE_LEN);

if (ni->ni_akm == IEEE80211_AKM_IEEE8021X) {

/* XXX find the PMK in the PMKSA cache using the PMKID */

diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 7723d0b6170..e5048bfb54a 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tcp_subr.c,v 1.99 2007/09/01 18:49:28 henning Exp $ */

+/* $OpenBSD: tcp_subr.c,v 1.100 2007/09/18 22:02:18 djm Exp $ */

/* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */

@@ -1218,7 +1218,7 @@ tcp_rndiss_encrypt(val)

void

tcp_rndiss_init()

{

- get_random_bytes(tcp_rndiss_sbox, sizeof(tcp_rndiss_sbox));

+ arc4random_bytes(tcp_rndiss_sbox, sizeof(tcp_rndiss_sbox));

tcp_rndiss_reseed = time_second + TCP_RNDISS_OUT;

tcp_rndiss_msb = tcp_rndiss_msb == 0x8000 ? 0 : 0x8000;