diff options
-rw-r--r-- | src/alloc/secmem.h | 7 | ||||
-rw-r--r-- | src/constructs/passhash/passhash9.cpp | 2 | ||||
-rw-r--r-- | src/filters/filter.cpp | 2 | ||||
-rw-r--r-- | src/filters/pipe_io.cpp | 4 | ||||
-rw-r--r-- | src/filters/pk_filts/pk_filts.cpp | 6 | ||||
-rw-r--r-- | src/hash/md2/md2.cpp | 6 | ||||
-rw-r--r-- | src/math/bigint/big_rand.cpp | 4 | ||||
-rw-r--r-- | src/math/numbertheory/dsa_gen.cpp | 4 | ||||
-rw-r--r-- | src/pbe/pbes1/pbes1.cpp | 3 | ||||
-rw-r--r-- | src/pbe/pbes2/pbes2.cpp | 7 | ||||
-rw-r--r-- | src/pk_pad/eme1/eme1.cpp | 2 | ||||
-rw-r--r-- | src/pk_pad/emsa4/emsa4.cpp | 3 | ||||
-rw-r--r-- | src/pubkey/keypair/keypair.cpp | 7 | ||||
-rw-r--r-- | src/rng/rng.h | 7 | ||||
-rw-r--r-- | src/ssl/c_kex.cpp | 15 | ||||
-rw-r--r-- | src/ssl/hello.cpp | 8 | ||||
-rw-r--r-- | src/ssl/rec_read.cpp | 2 | ||||
-rw-r--r-- | src/ssl/s_kex.cpp | 2 |
18 files changed, 49 insertions, 42 deletions
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index dc5e90b79..c87035a1e 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -34,6 +34,7 @@ class MemoryRegion */ bool empty() const { return (used == 0); } +#if 1 /** * Get a pointer to the first element in the buffer. * @return pointer to the first element in the buffer @@ -45,6 +46,12 @@ class MemoryRegion * @return constant pointer to the first element in the buffer */ operator const T* () const { return buf; } +#else + + T& operator[](u32bit n) { return buf[n]; } + const T& operator[](u32bit n) const { return buf[n]; } + +#endif /** * Get a pointer to the first element in the buffer. diff --git a/src/constructs/passhash/passhash9.cpp b/src/constructs/passhash/passhash9.cpp index c120b39c5..adde40ed5 100644 --- a/src/constructs/passhash/passhash9.cpp +++ b/src/constructs/passhash/passhash9.cpp @@ -121,7 +121,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) byte alg_id = bin[0]; u32bit kdf_iterations = - WORK_FACTOR_SCALE * load_be<u16bit>(bin + ALGID_BYTES, 0); + WORK_FACTOR_SCALE * load_be<u16bit>(&bin[ALGID_BYTES], 0); if(kdf_iterations == 0) return false; diff --git a/src/filters/filter.cpp b/src/filters/filter.cpp index d722c1f67..d7e17e82a 100644 --- a/src/filters/filter.cpp +++ b/src/filters/filter.cpp @@ -32,7 +32,7 @@ void Filter::send(const byte input[], u32bit length) if(next[j]) { if(write_queue.size()) - next[j]->write(write_queue, write_queue.size()); + next[j]->write(&write_queue[0], write_queue.size()); next[j]->write(input, length); nothing_attached = false; } diff --git a/src/filters/pipe_io.cpp b/src/filters/pipe_io.cpp index bf4a05642..7c3ed689e 100644 --- a/src/filters/pipe_io.cpp +++ b/src/filters/pipe_io.cpp @@ -18,7 +18,7 @@ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); while(stream.good() && pipe.remaining()) { - u32bit got = pipe.read(buffer, buffer.size()); + u32bit got = pipe.read(&buffer[0], buffer.size()); stream.write(reinterpret_cast<const char*>(&buffer[0]), got); } if(!stream.good()) @@ -35,7 +35,7 @@ std::istream& operator>>(std::istream& stream, Pipe& pipe) while(stream.good()) { stream.read(reinterpret_cast<char*>(&buffer[0]), buffer.size()); - pipe.write(buffer, stream.gcount()); + pipe.write(&buffer[0], stream.gcount()); } if(stream.bad() || (stream.fail() && !stream.eof())) throw Stream_IO_Error("Pipe input operator (iostream) has failed"); diff --git a/src/filters/pk_filts/pk_filts.cpp b/src/filters/pk_filts/pk_filts.cpp index 1b800520e..9de0da679 100644 --- a/src/filters/pk_filts/pk_filts.cpp +++ b/src/filters/pk_filts/pk_filts.cpp @@ -22,7 +22,7 @@ void PK_Encryptor_Filter::write(const byte input[], u32bit length) */ void PK_Encryptor_Filter::end_msg() { - send(cipher->encrypt(buffer, buffer.size(), rng)); + send(cipher->encrypt(buffer, rng)); buffer.clear(); } @@ -39,7 +39,7 @@ void PK_Decryptor_Filter::write(const byte input[], u32bit length) */ void PK_Decryptor_Filter::end_msg() { - send(cipher->decrypt(buffer, buffer.size())); + send(cipher->decrypt(buffer)); buffer.clear(); } @@ -74,7 +74,7 @@ void PK_Verifier_Filter::end_msg() { if(signature.empty()) throw Invalid_State("PK_Verifier_Filter: No signature to check against"); - bool is_valid = verifier->check_signature(signature, signature.size()); + bool is_valid = verifier->check_signature(signature); send((is_valid ? 1 : 0)); } diff --git a/src/hash/md2/md2.cpp b/src/hash/md2/md2.cpp index 376a95e93..462e43b25 100644 --- a/src/hash/md2/md2.cpp +++ b/src/hash/md2/md2.cpp @@ -40,7 +40,7 @@ void MD2::hash(const byte input[]) 0x9F, 0x11, 0x83, 0x14 }; X.copy(16, input, HASH_BLOCK_SIZE); - xor_buf(X + 32, X, X + 16, HASH_BLOCK_SIZE); + xor_buf(&X[32], &X[0], &X[16], HASH_BLOCK_SIZE); byte T = 0; for(u32bit j = 0; j != 18; ++j) { @@ -88,8 +88,8 @@ void MD2::final_result(byte output[]) { for(u32bit j = position; j != HASH_BLOCK_SIZE; ++j) buffer[j] = static_cast<byte>(HASH_BLOCK_SIZE - position); - hash(buffer); - hash(checksum); + hash(&buffer[0]); + hash(&checksum[0]); copy_mem(output, &X[0], OUTPUT_LENGTH); clear(); } diff --git a/src/math/bigint/big_rand.cpp b/src/math/bigint/big_rand.cpp index b641baee2..84ad02587 100644 --- a/src/math/bigint/big_rand.cpp +++ b/src/math/bigint/big_rand.cpp @@ -35,8 +35,8 @@ void BigInt::randomize(RandomNumberGenerator& rng, clear(); else { - SecureVector<byte> array((bitsize + 7) / 8); - rng.randomize(array, array.size()); + SecureVector<byte> array = rng.random_vec((bitsize + 7) / 8); + if(bitsize % 8) array[0] &= 0xFF >> (8 - (bitsize % 8)); array[0] |= 0x80 >> ((bitsize % 8) ? (8 - bitsize % 8) : 0); diff --git a/src/math/numbertheory/dsa_gen.cpp b/src/math/numbertheory/dsa_gen.cpp index e88af0d87..e09de4b04 100644 --- a/src/math/numbertheory/dsa_gen.cpp +++ b/src/math/numbertheory/dsa_gen.cpp @@ -121,11 +121,9 @@ SecureVector<byte> generate_dsa_primes(RandomNumberGenerator& rng, BigInt& p, BigInt& q, u32bit pbits, u32bit qbits) { - SecureVector<byte> seed(qbits/8); - while(true) { - rng.randomize(&seed[0], seed.size()); + SecureVector<byte> seed = rng.random_vec(qbits / 8); if(generate_dsa_primes(rng, af, p, q, pbits, qbits, seed)) return seed; diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp index 6e4c3f54d..701e61464 100644 --- a/src/pbe/pbes1/pbes1.cpp +++ b/src/pbe/pbes1/pbes1.cpp @@ -94,8 +94,7 @@ void PBE_PKCS5v15::set_key(const std::string& passphrase) void PBE_PKCS5v15::new_params(RandomNumberGenerator& rng) { iterations = 10000; - salt.resize(8); - rng.randomize(salt, salt.size()); + salt = rng.random_vec(8); } /* diff --git a/src/pbe/pbes2/pbes2.cpp b/src/pbe/pbes2/pbes2.cpp index 5b77acff5..55b3a781a 100644 --- a/src/pbe/pbes2/pbes2.cpp +++ b/src/pbe/pbes2/pbes2.cpp @@ -100,11 +100,8 @@ void PBE_PKCS5v20::new_params(RandomNumberGenerator& rng) iterations = 10000; key_length = block_cipher->MAXIMUM_KEYLENGTH; - salt.resize(12); - rng.randomize(salt, salt.size()); - - iv.resize(block_cipher->BLOCK_SIZE); - rng.randomize(iv, iv.size()); + salt = rng.random_vec(12); + iv = rng.random_vec(block_cipher->BLOCK_SIZE); } /* diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index 84fcf4b83..b695fc2c4 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -26,7 +26,7 @@ SecureVector<byte> EME1::pad(const byte in[], u32bit in_length, SecureVector<byte> out(key_length); - rng.randomize(out, HASH_LENGTH); + rng.randomize(&out[0], HASH_LENGTH); out.copy(HASH_LENGTH, Phash, Phash.size()); out[out.size() - in_length - 1] = 0x01; diff --git a/src/pk_pad/emsa4/emsa4.cpp b/src/pk_pad/emsa4/emsa4.cpp index 41b1e6971..b056d7c27 100644 --- a/src/pk_pad/emsa4/emsa4.cpp +++ b/src/pk_pad/emsa4/emsa4.cpp @@ -43,8 +43,7 @@ SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg, const u32bit output_length = (output_bits + 7) / 8; - SecureVector<byte> salt(SALT_SIZE); - rng.randomize(salt, SALT_SIZE); + SecureVector<byte> salt = rng.random_vec(SALT_SIZE); for(u32bit j = 0; j != 8; ++j) hash->update(0); diff --git a/src/pubkey/keypair/keypair.cpp b/src/pubkey/keypair/keypair.cpp index c837bc1f6..857a5328a 100644 --- a/src/pubkey/keypair/keypair.cpp +++ b/src/pubkey/keypair/keypair.cpp @@ -29,8 +29,8 @@ bool encryption_consistency_check(RandomNumberGenerator& rng, if(encryptor.maximum_input_size() == 0) return true; - SecureVector<byte> plaintext(encryptor.maximum_input_size() - 1); - rng.randomize(plaintext, plaintext.size()); + SecureVector<byte> plaintext = + rng.random_vec(encryptor.maximum_input_size() - 1); SecureVector<byte> ciphertext = encryptor.encrypt(plaintext, rng); if(ciphertext == plaintext) @@ -51,8 +51,7 @@ bool signature_consistency_check(RandomNumberGenerator& rng, PK_Signer signer(key, padding); PK_Verifier verifier(key, padding); - SecureVector<byte> message(16); - rng.randomize(message, message.size()); + SecureVector<byte> message = rng.random_vec(16); SecureVector<byte> signature; diff --git a/src/rng/rng.h b/src/rng/rng.h index 687f98d13..e024eeb59 100644 --- a/src/rng/rng.h +++ b/src/rng/rng.h @@ -32,6 +32,13 @@ class BOTAN_DLL RandomNumberGenerator */ virtual void randomize(byte output[], u32bit length) = 0; + SecureVector<byte> random_vec(u32bit bytes) + { + SecureVector<byte> output(bytes); + randomize(&output[0], output.size()); + return output; + } + /** * Return a random byte * @return random byte diff --git a/src/ssl/c_kex.cpp b/src/ssl/c_kex.cpp index 5194c8c3d..fafb67d3d 100644 --- a/src/ssl/c_kex.cpp +++ b/src/ssl/c_kex.cpp @@ -40,8 +40,7 @@ Client_Key_Exchange::Client_Key_Exchange(RandomNumberGenerator& rng, } else if(const RSA_PublicKey* rsa_pub = dynamic_cast<const RSA_PublicKey*>(pub_key)) { - pre_master.resize(48); - rng.randomize(pre_master, 48); + pre_master = rng.random_vec(48); pre_master[0] = (pref_version >> 8) & 0xFF; pre_master[1] = (pref_version ) & 0xFF; @@ -123,8 +122,13 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, } catch(...) { - pre_master.resize(dh_priv->public_value().size()); - rng.randomize(pre_master, pre_master.size()); + /* + * Something failed in the DH computation. To avoid possible + * timing attacks, randomize the pre-master output and carry + * on, allowing the protocol to fail later in the finished + * checks. + */ + pre_master = rng.random_vec(dh_priv->public_value().size()); } return pre_master; @@ -142,8 +146,7 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, } catch(...) { - pre_master.resize(48); - rng.randomize(pre_master, pre_master.size()); + pre_master = rng.random_vec(48); pre_master[0] = (version >> 8) & 0xFF; pre_master[1] = (version ) & 0xFF; } diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index 2fb5bb567..9ee3f87b9 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -29,7 +29,7 @@ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const hash.update(send_buf); - writer.send(HANDSHAKE, send_buf, send_buf.size()); + writer.send(HANDSHAKE, &send_buf[0], send_buf.size()); writer.flush(); } @@ -66,8 +66,7 @@ Client_Hello::Client_Hello(RandomNumberGenerator& rng, Record_Writer& writer, const TLS_Policy* policy, HandshakeHash& hash) { - c_random.resize(32); - rng.randomize(c_random, c_random.size()); + c_random = rng.random_vec(32); suites = policy->ciphersuites(); comp_algos = policy->compression(); @@ -249,8 +248,7 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng, comp_algo = policy->choose_compression(c_hello.compression_algos()); s_version = ver; - s_random.resize(32); - rng.randomize(s_random, s_random.size()); + s_random = rng.random_vec(32); send(writer, hash); } diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index 86b976417..789cac187 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -167,7 +167,7 @@ u32bit Record_Reader::get_record(byte& msg_type, SecureVector<byte> buffer(record_len); input_queue.read(header, sizeof(header)); // pull off the header - input_queue.read(buffer, buffer.size()); + input_queue.read(&buffer[0], buffer.size()); /* * We are handshaking, no crypto to do so return as-is diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp index bf0a25c62..9fe37d490 100644 --- a/src/ssl/s_kex.cpp +++ b/src/ssl/s_kex.cpp @@ -180,7 +180,7 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert, verifier.update(s_random); verifier.update(params_got); - return verifier.check_signature(signature, signature.size()); + return verifier.check_signature(signature); } } |