[openssl.org #2040] [PATCH] use of RAND_bytes (fwd)

Sun, 13 Sep 2009 12:45:16 -0700 


---------- Forwarded message ----------
Date: Sun, 13 Sep 2009 12:09:23 +0200 (CEST)
From: Julia Lawall <ju...@diku.dk>
Reply-To: openssl-dev@openssl.org
To: openssl-dev@openssl.org, Rene Rydhof Hansen <r...@cs.aau.dk>,
    Gilles Muller - lip6 <gilles.mul...@lip6.fr>, z...@google.com
Subject: [PATCH] use of RAND_bytes

The function RAND_bytes returns -1 if it is not supported by the current
RAND method, and 0 for other kinds of errors.  Perhaps it is statically
known at these call sites that -1 is not a possible result.  But if that is
not the case, then the test on the call should be converted to a <= 0
test.  Other calls to RAND_bytes do indeed use a <= 0 test.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@expression@
expression list args;
@@

-   RAND_bytes(args) == 0
+   RAND_bytes(args) <= 0
    || ...

@expression@
expression list args;
@@

-   RAND_bytes(args) != 0
+   RAND_bytes(args) > 0
    || ...
// </smpl>

---

diff -u -p a/apps/ts.c b/apps/ts.c
--- a/apps/ts.c 2009-04-01 17:02:37.000000000 +0200
+++ b/apps/ts.c 2009-09-12 11:26:07.000000000 +0200
@@ -649,7 +649,7 @@ static ASN1_INTEGER *create_nonce(int bi
 
        /* Generating random byte sequence. */
        if (len > (int)sizeof(buf)) goto err;
-       if (!RAND_bytes(buf, len)) goto err;
+       if (RAND_bytes(buf, len) <= 0) goto err;
 
        /* Find the first non-zero byte and creating ASN1_INTEGER object. */
        for (i = 0; i < len && !buf[i]; ++i);
diff -u -p a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
--- a/crypto/rsa/rsa_pss.c 2008-12-29 17:11:56.000000000 +0100
+++ b/crypto/rsa/rsa_pss.c 2009-09-12 11:26:11.000000000 +0200
@@ -222,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, 
                                ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-               if (!RAND_bytes(salt, sLen))
+               if (RAND_bytes(salt, sLen) <= 0)
                        goto err;
                }
        maskedDBLen = emLen - hLen - 1;
diff -u -p a/ssl/d1_enc.c b/ssl/d1_enc.c
--- a/ssl/d1_enc.c 2009-01-05 15:43:05.000000000 +0100
+++ b/ssl/d1_enc.c 2009-09-12 11:26:19.000000000 +0200
@@ -155,7 +155,7 @@ int dtls1_enc(SSL *s, int send)
                                        __FILE__, __LINE__);
                        else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
                                {
-                               if (!RAND_bytes(rec->input, 
EVP_CIPHER_block_size(ds->cipher)))
+                               if (RAND_bytes(rec->input, 
EVP_CIPHER_block_size(ds->cipher)) <= 0)
                                        return -1;
                                }
                        }
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to