Commit 6cc2a3b3 authored by Niels Möller's avatar Niels Möller

* src/client_x11.c (make_forward_x11): Assert that the randomness

generator is of "good" quality.
* src/rsa_keygen.c (rsa_generate_key): Likewise.
* src/keyexchange.c (make_simple_kexinit): Likewise.
* src/dsa_keygen.c (dsa_generate_key): Likewise.
* src/dsa.c (generic_dsa_sign): Likewise.
* src/dh_exchange.c (make_dh): Likewise.

Rev: src/client_x11.c:1.17
Rev: src/dh_exchange.c:1.13
Rev: src/dsa.c:1.31
Rev: src/dsa_keygen.c:1.18
Rev: src/keyexchange.c:1.79
Rev: src/rsa_keygen.c:1.6
parent c0fb432a
......@@ -732,6 +732,8 @@ make_forward_x11(const char *display_string,
struct lsh_string *fake = lsh_string_alloc(X11_COOKIE_LENGTH);
struct client_x11_display *display;
assert(random->quality == RANDOM_GOOD);
RANDOM(random, fake->length, fake->data);
debug("Generated X11 fake cookie %xS\n", fake);
......
......@@ -28,10 +28,13 @@
#include "connection.h"
#include "crypto.h"
#include "format.h"
#include "randomness.h"
#include "ssh.h"
#include "werror.h"
#include "xalloc.h"
#include <assert.h>
void
init_dh_instance(struct dh_method *m,
struct dh_instance *self,
......@@ -71,6 +74,9 @@ make_dh(struct abstract_group *G, struct hash_algorithm *H,
struct randomness *r)
{
NEW(dh_method, res);
assert(r->quality == RANDOM_GOOD);
res->G = G;
res->H = H;
res->random = r;
......
......@@ -28,6 +28,7 @@
#include "crypto.h"
#include "format.h"
#include "parse.h"
#include "randomness.h"
#include "sexp.h"
#include "spki.h"
#include "ssh.h"
......@@ -415,6 +416,8 @@ generic_dsa_sign(struct dsa_signer *self,
mpz_t k, tmp;
assert(r && s);
assert(self->random->quality == RANDOM_GOOD);
/* Select k, 0<k<q, randomly */
mpz_init_set(tmp, self->verifier->q);
......@@ -580,6 +583,7 @@ make_dsa_signer(struct signature_algorithm *c,
{
CAST(dsa_algorithm, self, c);
NEW(dsa_signer, res);
mpz_init(res->a);
#if 0
......
......@@ -73,7 +73,7 @@ dsa_nist_gen(mpz_t p, mpz_t q, struct randomness *r, unsigned l)
mpz_t s, t, c;
assert(l <= 8);
L = 512 + 64*l;
n = (L-1) / 160; b = (L-1) % 160;
......@@ -190,6 +190,8 @@ struct sexp *
dsa_generate_key(struct randomness *r, unsigned level)
{
struct sexp *key = NULL;
assert(r->quality == RANDOM_GOOD);
mpz_t p; mpz_t q;
mpz_t g; mpz_t y;
......
......@@ -687,6 +687,8 @@ make_simple_kexinit(struct randomness *r,
{
NEW(simple_kexinit, res);
assert(r->quality == RANDOM_GOOD);
res->super.make = do_make_simple_kexinit;
res->r = r;
res->kex_algorithms = kex_algorithms;
......
......@@ -26,9 +26,12 @@
#include "rsa.h"
#include "randomness.h"
#include "sexp.h"
#include "werror.h"
#include <assert.h>
#define SA(x) sexp_a(ATOM_##x)
/* Takes the public exponent e as argument. */
......@@ -36,6 +39,8 @@ struct sexp *
rsa_generate_key(mpz_t e, struct randomness *r, UINT32 bits)
{
struct sexp *key = NULL;
assert(r->quality == RANDOM_GOOD);
mpz_t n;
mpz_t d;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment