ref: a12180612649d5aebb2ca7e6c7727c41becb4549
parent: b137763fe7ac6f16b18518f8acabb805183401c0
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Sep 10 21:54:06 EDT 2016
kernel: replace various custom random iv buffer filling functions with calls to prng()
--- a/sys/src/9/ip/esp.c
+++ b/sys/src/9/ip/esp.c
@@ -15,7 +15,7 @@
#include "ip.h"
#include "ipv6.h"
-#include "libsec.h"
+#include <libsec.h>
#define BITS2BYTES(bi) (((bi) + BI2BY - 1) / BI2BY)
#define BYTES2BITS(by) ((by) * BI2BY)
@@ -840,7 +840,6 @@
aescbcespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
{uchar key[Aeskeysz], ivec[Aeskeysz];
- int i;
n = BITS2BYTES(n);
if(n > Aeskeysz)
@@ -847,8 +846,7 @@
n = Aeskeysz;
memset(key, 0, sizeof(key));
memmove(key, k, n);
- for(i = 0; i < Aeskeysz; i++)
- ivec[i] = nrand(256);
+ prng(ivec, Aeskeysz);
ecb->espalg = name;
ecb->espblklen = Aesblk;
ecb->espivlen = Aesblk;
@@ -900,7 +898,6 @@
aesctrespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
{uchar key[Aesblk], ivec[Aesblk];
- int i;
n = BITS2BYTES(n);
if(n > Aeskeysz)
@@ -907,8 +904,7 @@
n = Aeskeysz;
memset(key, 0, sizeof(key));
memmove(key, k, n);
- for(i = 0; i < Aesblk; i++)
- ivec[i] = nrand(256);
+ prng(ivec, Aesblk);
ecb->espalg = name;
ecb->espblklen = Aesblk;
ecb->espivlen = Aesblk;
@@ -1010,7 +1006,6 @@
desespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
{uchar key[Desblk], ivec[Desblk];
- int i;
n = BITS2BYTES(n);
if(n > Desblk)
@@ -1017,8 +1012,7 @@
n = Desblk;
memset(key, 0, sizeof(key));
memmove(key, k, n);
- for(i = 0; i < Desblk; i++)
- ivec[i] = nrand(256);
+ prng(ivec, Desblk);
ecb->espalg = name;
ecb->espblklen = Desblk;
ecb->espivlen = Desblk;
@@ -1034,7 +1028,6 @@
des3espinit(Espcb *ecb, char *name, uchar *k, unsigned n)
{uchar key[3][Desblk], ivec[Desblk];
- int i;
n = BITS2BYTES(n);
if(n > Des3keysz)
@@ -1041,8 +1034,7 @@
n = Des3keysz;
memset(key, 0, sizeof(key));
memmove(key, k, n);
- for(i = 0; i < Desblk; i++)
- ivec[i] = nrand(256);
+ prng(ivec, Desblk);
ecb->espalg = name;
ecb->espblklen = Desblk;
ecb->espivlen = Desblk;
--- a/sys/src/9/port/devfs.c
+++ b/sys/src/9/port/devfs.c
@@ -21,7 +21,7 @@
#include "io.h"
#include "ureg.h"
#include "../port/error.h"
-#include "libsec.h"
+#include <libsec.h>
int dec16(uchar *out, int lim, char *in, int n);
--- a/sys/src/9/port/devsdp.c
+++ b/sys/src/9/port/devsdp.c
@@ -1998,7 +1998,6 @@
{uchar key[8];
uchar ivec[8];
- int i;
int n = c->cipher->keylen;
cipherfree(c);
@@ -2019,8 +2018,7 @@
/* out */
memset(key, 0, sizeof(key));
setkey(key, n, &c->out, "cipher");
- for(i=0; i<8; i++)
- ivec[i] = nrand(256);
+ prng(ivec, 8);
c->out.cipherblklen = 8;
c->out.cipherivlen = 8;
c->out.cipher = desencrypt;
--- a/sys/src/9/port/devssl.c
+++ b/sys/src/9/port/devssl.c
@@ -680,17 +680,6 @@
return n;
}
-/*
- * this algorithm doesn't have to be great since we're just
- * trying to obscure the block fill
- */
-static void
-randfill(uchar *buf, int len)
-{- while(len-- > 0)
- *buf++ = nrand(256);
-}
-
static long
sslbwrite(Chan *c, Block *b, ulong)
{@@ -779,7 +768,7 @@
/* SSL style count */
if(pad){nb = padblock(nb, -pad);
- randfill(nb->wp, pad);
+ prng(nb->wp, pad);
nb->wp += pad;
m += pad;
--- a/sys/src/9/port/devtls.c
+++ b/sys/src/9/port/devtls.c
@@ -1234,13 +1234,6 @@
return n;
}
-static void
-randfill(uchar *buf, int len)
-{- while(len-- > 0)
- *buf++ = nrand(256);
-}
-
/*
* write a block in tls records
*/
@@ -1325,7 +1318,7 @@
n = (*sec->aead_enc)(sec, aad, aadlen, p + RecHdrLen, p + RecHdrLen + ivlen, n) + ivlen;
else {if(ivlen > 0)
- randfill(p + RecHdrLen, ivlen);
+ prng(p + RecHdrLen, ivlen);
packMac(sec, aad, aadlen, p + RecHdrLen + ivlen, n, p + RecHdrLen + ivlen + n);
n = (*sec->enc)(sec, p + RecHdrLen, ivlen + n + maclen);
}
@@ -1523,7 +1516,7 @@
s->maclen = 16;
s->recivlen = 8;
memmove(s->mackey, iv, ea->ivlen);
- randfill(s->mackey + ea->ivlen, s->recivlen);
+ prng(s->mackey + ea->ivlen, s->recivlen);
setupAESGCMstate(s->enckey, p, ea->keylen, nil, 0);
}