From deea96de7cc218556c65f5a17ab5c10651a452f0 Mon Sep 17 00:00:00 2001 From: dmiller Date: Sat, 8 Sep 2018 17:07:02 +0000 Subject: [PATCH] Make rand_bytes crypto-safe, use rand_pseudo_bytes for no-fail random --- nse_openssl.cc | 8 ++++---- nselib/openssl.luadoc | 7 ++++++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/nse_openssl.cc b/nse_openssl.cc index cd613415e..ec187ee12 100644 --- a/nse_openssl.cc +++ b/nse_openssl.cc @@ -244,7 +244,9 @@ static int l_rand_bytes( lua_State *L ) /** rand_bytes( number bytes ) */ unsigned char * result = (unsigned char *) malloc( len ); if (!result) return luaL_error( L, "Couldn't allocate memory."); - RAND_bytes( result, len ); + if (RAND_bytes( result, len ) != 1) { + return luaL_error(L, "Failure in RAND_bytes."); + } lua_pushlstring( L, (char *) result, len ); free( result ); return 1; @@ -256,9 +258,7 @@ static int l_rand_pseudo_bytes( lua_State *L ) /** rand_pseudo_bytes( number byt unsigned char * result = (unsigned char *) malloc( len ); if (!result) return luaL_error( L, "Couldn't allocate memory."); - if (RAND_bytes( result, len ) != 1) { - return luaL_error(L, "Failure in RAND_bytes."); - } + RAND_pseudo_bytes( result, len ); lua_pushlstring( L, (char *) result, len ); free( result ); return 1; diff --git a/nselib/openssl.luadoc b/nselib/openssl.luadoc index 986870433..d8ba53aed 100644 --- a/nselib/openssl.luadoc +++ b/nselib/openssl.luadoc @@ -128,12 +128,17 @@ function bignum_div(a, b) -- @return bignum function bignum_add(a, b) ---- Returns a string containing random data. +--- Returns a string containing cryptographically-strong random data. +-- +-- If the PRNG has not been seeded with enough randomness, this function throws an error. -- @param bytes Length of the returned string in bytes. -- @return Random string. function rand_bytes(bytes) --- Returns a string containing pseudorandom data. +-- +-- No indication is given whether or not the contents of the string are +-- cryptographically strong. -- @param bytes Length of the returned string in bytes. -- @return Pseudorandom string. function rand_pseudo_bytes(bytes)