Here's another pass.
This replaces RAND_{,pseudo_}bytes() calls with equivelant arc4random_buf(3)
calls for apps/ and ssl/ (crypto/ still has a bunch).
There was one that was commented out (in ssl/s3_pkt.c) which I wasn't sure
about, so I made the accoring transformation and left it commented out.
Feedback appreciated
Index: apps/enc.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/enc.c,v
retrieving revision 1.25
diff -u -p -r1.25 enc.c
--- apps/enc.c 19 Apr 2014 16:18:22 -0000 1.25
+++ apps/enc.c 22 Apr 2014 03:19:29 -0000
@@ -476,8 +476,8 @@ enc_main(int argc, char **argv)
"invalid hex salt
value\n");
goto end;
}
- } else if (RAND_pseudo_bytes(salt,
sizeof salt) < 0)
- goto end;
+ } else
+ arc4random_buf(salt, sizeof
salt);
/*
* If -P option then don't bother
* writing
Index: apps/passwd.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/passwd.c,v
retrieving revision 1.14
diff -u -p -r1.14 passwd.c
--- apps/passwd.c 18 Apr 2014 04:17:16 -0000 1.14
+++ apps/passwd.c 22 Apr 2014 03:19:29 -0000
@@ -7,6 +7,7 @@
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
#include <assert.h>
+#include <stdlib.h>
#include <string.h>
#include "apps.h"
@@ -399,8 +400,7 @@ do_passwd(int passed_salt, char **salt_p
if (*salt_malloc_p == NULL)
goto err;
}
- if (RAND_pseudo_bytes((unsigned char *) *salt_p, 2) < 0)
- goto err;
+ arc4random_buf(*salt_p, 2);
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6
bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6
bits */
(*salt_p)[2] = 0;
@@ -416,8 +416,7 @@ do_passwd(int passed_salt, char **salt_p
if (*salt_malloc_p == NULL)
goto err;
}
- if (RAND_pseudo_bytes((unsigned char *) *salt_p, 8) < 0)
- goto err;
+ arc4random_buf(*salt_p, 8);
for (i = 0; i < 8; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f];
/* 6 bits */
Index: apps/rand.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/rand.c,v
retrieving revision 1.14
diff -u -p -r1.14 rand.c
--- apps/rand.c 18 Apr 2014 19:54:57 -0000 1.14
+++ apps/rand.c 22 Apr 2014 03:19:29 -0000
@@ -57,6 +57,7 @@
#include <ctype.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <openssl/bio.h>
@@ -186,9 +187,7 @@ rand_main(int argc, char **argv)
chunk = num;
if (chunk > (int) sizeof(buf))
chunk = sizeof buf;
- r = RAND_bytes(buf, chunk);
- if (r <= 0)
- goto err;
+ arc4random_buf(buf, chunk);
if (!hex)
BIO_write(out, buf, chunk);
else {
Index: apps/s_cb.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/s_cb.c,v
retrieving revision 1.16
diff -u -p -r1.16 s_cb.c
--- apps/s_cb.c 18 Apr 2014 14:37:41 -0000 1.16
+++ apps/s_cb.c 22 Apr 2014 03:19:30 -0000
@@ -730,11 +730,7 @@ generate_cookie_callback(SSL * ssl, unsi
/* Initialize a random secret */
if (!cookie_initialized) {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
- BIO_printf(bio_err,
- "error setting random cookie secret\n");
- return 0;
- }
+ arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH);
cookie_initialized = 1;
}
/* Read peer information */
Index: apps/s_server.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/s_server.c,v
retrieving revision 1.36
diff -u -p -r1.36 s_server.c
--- apps/s_server.c 19 Apr 2014 16:46:08 -0000 1.36
+++ apps/s_server.c 22 Apr 2014 03:19:30 -0000
@@ -2556,7 +2556,7 @@ generate_session_id(const SSL * ssl, uns
{
unsigned int count = 0;
do {
- RAND_pseudo_bytes(id, *id_len);
+ arc4random_buf(id, *id_len);
/*
* Prefix the session_id with the required prefix. NB: If our
* prefix is too long, clip it - but there will be worse
Index: apps/speed.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/speed.c,v
retrieving revision 1.33
diff -u -p -r1.33 speed.c
--- apps/speed.c 18 Apr 2014 18:01:06 -0000 1.33
+++ apps/speed.c 22 Apr 2014 03:19:30 -0000
@@ -1877,7 +1877,7 @@ speed_main(int argc, char **argv)
print_result(D_EVP, j, count, d);
}
}
- RAND_pseudo_bytes(buf, 36);
+ arc4random_buf(buf, 36);
#ifndef OPENSSL_NO_RSA
for (j = 0; j < RSA_NUM; j++) {
int ret;
@@ -1951,7 +1951,7 @@ speed_main(int argc, char **argv)
}
#endif
- RAND_pseudo_bytes(buf, 20);
+ arc4random_buf(buf, 20);
#ifndef OPENSSL_NO_DSA
for (j = 0; j < DSA_NUM; j++) {
unsigned int kk;
Index: apps/ts.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/ts.c,v
retrieving revision 1.9
diff -u -p -r1.9 ts.c
--- apps/ts.c 18 Apr 2014 19:54:57 -0000 1.9
+++ apps/ts.c 22 Apr 2014 03:19:30 -0000
@@ -610,8 +610,7 @@ create_nonce(int bits)
/* Generating random byte sequence. */
if (len > (int) sizeof(buf))
goto err;
- if (RAND_bytes(buf, len) <= 0)
- goto err;
+ arc4random_buf(buf, len);
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
for (i = 0; i < len && !buf[i]; ++i);
Index: ssl/d1_clnt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_clnt.c,v
retrieving revision 1.15
diff -u -p -r1.15 d1_clnt.c
--- ssl/d1_clnt.c 21 Apr 2014 16:34:43 -0000 1.15
+++ ssl/d1_clnt.c 22 Apr 2014 03:19:59 -0000
@@ -114,6 +114,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#ifndef OPENSSL_NO_KRB5
#include "kssl_lcl.h"
@@ -964,8 +966,7 @@ dtls1_send_client_key_exchange(SSL *s)
tmp_buf[0] = s->client_version >> 8;
tmp_buf[1] = s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
- goto err;
+ arc4random_buf(&(tmp_buf[2]), sizeof tmp_buf - 2);
s->session->master_key_length = sizeof tmp_buf;
@@ -1087,8 +1088,7 @@ dtls1_send_client_key_exchange(SSL *s)
n += 2;
}
- if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
- goto err;
+ arc4random_buf(tmp_buf, sizeof tmp_buf);
/* 20010420 VRS. Tried it this way; failed.
** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
Index: ssl/d1_enc.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_enc.c,v
retrieving revision 1.3
diff -u -p -r1.3 d1_enc.c
--- ssl/d1_enc.c 14 Apr 2014 14:16:33 -0000 1.3
+++ ssl/d1_enc.c 22 Apr 2014 03:19:59 -0000
@@ -114,6 +114,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
@@ -159,10 +161,9 @@ dtls1_enc(SSL *s, int send)
/* we can't write into the input stream */
fprintf(stderr, "%s:%d: rec->data !=
rec->input\n",
__FILE__, __LINE__);
- else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
- if (RAND_bytes(rec->input,
EVP_CIPHER_block_size(ds->cipher)) <= 0)
- return -1;
- }
+ else if (EVP_CIPHER_block_size(ds->cipher) > 1)
+ arc4random_buf(rec->input,
+ EVP_CIPHER_block_size(ds->cipher));
}
} else {
if (EVP_MD_CTX_md(s->read_hash)) {
Index: ssl/d1_pkt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_pkt.c,v
retrieving revision 1.15
diff -u -p -r1.15 d1_pkt.c
--- ssl/d1_pkt.c 17 Apr 2014 23:35:40 -0000 1.15
+++ ssl/d1_pkt.c 22 Apr 2014 03:19:59 -0000
@@ -114,6 +114,7 @@
*/
#include <stdio.h>
+#include <stdlib.h>
#include <errno.h>
#include "ssl_locl.h"
#include <openssl/evp.h>
@@ -1522,7 +1523,7 @@ do_dtls1_write(SSL *s, int type, const u
/* ssl3_enc can only have an error on read */
if (bs) /* bs != 0 in case of CBC */
{
- RAND_pseudo_bytes(p, bs);
+ arc4random_buf(p, bs);
/* master IV and last CBC residue stand for
* the rest of randomness */
wr->length += bs;
Index: ssl/d1_srvr.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_srvr.c,v
retrieving revision 1.17
diff -u -p -r1.17 d1_srvr.c
--- ssl/d1_srvr.c 21 Apr 2014 16:34:43 -0000 1.17
+++ ssl/d1_srvr.c 22 Apr 2014 03:19:59 -0000
@@ -114,6 +114,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
@@ -1574,7 +1576,7 @@ dtls1_send_newsession_ticket(SSL *s)
return -1;
}
} else {
- RAND_pseudo_bytes(iv, 16);
+ arc4random_buf(iv, 16);
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv);
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
Index: ssl/s23_clnt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s23_clnt.c,v
retrieving revision 1.23
diff -u -p -r1.23 s23_clnt.c
--- ssl/s23_clnt.c 19 Apr 2014 17:07:35 -0000 1.23
+++ ssl/s23_clnt.c 22 Apr 2014 03:19:59 -0000
@@ -110,6 +110,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
@@ -268,9 +270,10 @@ ssl_fill_hello_random(SSL *s, int server
unsigned long Time = (unsigned long)time(NULL);
unsigned char *p = result;
l2n(Time, p);
- return RAND_pseudo_bytes(p, len - 4);
+ arc4random_buf(p, len - 4);
} else
- return RAND_pseudo_bytes(result, len);
+ arc4random_buf(result, len);
+ return 1;
}
static int
Index: ssl/s3_clnt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_clnt.c,v
retrieving revision 1.41
diff -u -p -r1.41 s3_clnt.c
--- ssl/s3_clnt.c 21 Apr 2014 16:34:43 -0000 1.41
+++ ssl/s3_clnt.c 22 Apr 2014 03:19:59 -0000
@@ -149,6 +149,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/buffer.h>
@@ -2035,8 +2037,7 @@ ssl3_send_client_key_exchange(SSL *s)
tmp_buf[0] = s->client_version >> 8;
tmp_buf[1] = s->client_version & 0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
- goto err;
+ arc4random_buf(&(tmp_buf[2]), sizeof tmp_buf - 2);
s->session->master_key_length = sizeof tmp_buf;
@@ -2160,8 +2161,7 @@ ssl3_send_client_key_exchange(SSL *s)
tmp_buf[0] = s->client_version >> 8;
tmp_buf[1] = s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
- goto err;
+ arc4random_buf(&(tmp_buf[2]), sizeof tmp_buf - 2);
/* 20010420 VRS. Tried it this way; failed.
** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -2457,7 +2457,7 @@ ssl3_send_client_key_exchange(SSL *s)
EVP_PKEY_encrypt_init(pkey_ctx);
/* Generate session key */
- RAND_bytes(premaster_secret, 32);
+ arc4random_buf(premaster_secret, 32);
/* If we have client certificate, use its secret as
peer key */
if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
if (EVP_PKEY_derive_set_peer(pkey_ctx,
s->cert->key->privatekey) <=0) {
Index: ssl/s3_pkt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_pkt.c,v
retrieving revision 1.32
diff -u -p -r1.32 s3_pkt.c
--- ssl/s3_pkt.c 19 Apr 2014 19:40:11 -0000 1.32
+++ ssl/s3_pkt.c 22 Apr 2014 03:19:59 -0000
@@ -109,8 +109,10 @@
*
*/
-#include <stdio.h>
#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
@@ -756,9 +758,8 @@ do_ssl3_write(SSL *s, int type, const un
wr->data = p;
if (eivlen) {
- /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
- goto err;
- */
+ /* XXX why was this commented out? */
+ /* arc4random_buf(p, eivlen); */
wr->length += eivlen;
}
Index: ssl/s3_srvr.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_srvr.c,v
retrieving revision 1.44
diff -u -p -r1.44 s3_srvr.c
--- ssl/s3_srvr.c 21 Apr 2014 16:34:43 -0000 1.44
+++ ssl/s3_srvr.c 22 Apr 2014 03:19:59 -0000
@@ -152,6 +152,8 @@
#define NETSCAPE_HANG_BUG
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/buffer.h>
@@ -2216,12 +2218,7 @@ ssl3_get_client_key_exchange(SSL *s)
i = SSL_MAX_MASTER_KEY_LENGTH;
p[0] = s->client_version >> 8;
p[1] = s->client_version & 0xff;
- /*
- * Should be RAND_bytes, but we cannot work around a
- * failure.
- */
- if (RAND_pseudo_bytes(p+2, i-2) <= 0)
- goto err;
+ arc4random_buf(p + 2, i - 2);
}
s->session->master_key_length =
@@ -3340,7 +3337,7 @@ ssl3_send_newsession_ticket(SSL *s)
return -1;
}
} else {
- RAND_pseudo_bytes(iv, 16);
+ arc4random_buf(iv, 16);
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv);
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
Index: ssl/ssl_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/ssl_lib.c,v
retrieving revision 1.39
diff -u -p -r1.39 ssl_lib.c
--- ssl/ssl_lib.c 21 Apr 2014 16:34:43 -0000 1.39
+++ ssl/ssl_lib.c 22 Apr 2014 03:19:59 -0000
@@ -143,6 +143,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/objects.h>
@@ -1781,10 +1783,9 @@ SSL_CTX_new(const SSL_METHOD *meth)
ret->tlsext_servername_callback = 0;
ret->tlsext_servername_arg = NULL;
/* Setup RFC4507 ticket keys */
- if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
- || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
- || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
- ret->options |= SSL_OP_NO_TICKET;
+ arc4random_buf(ret->tlsext_tick_key_name, 16);
+ arc4random_buf(ret->tlsext_tick_hmac_key, 16);
+ arc4random_buf(ret->tlsext_tick_aes_key, 16);
ret->tlsext_status_cb = 0;
ret->tlsext_status_arg = NULL;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/ssl_sess.c,v
retrieving revision 1.25
diff -u -p -r1.25 ssl_sess.c
--- ssl/ssl_sess.c 21 Apr 2014 16:34:43 -0000 1.25
+++ ssl/ssl_sess.c 22 Apr 2014 03:19:59 -0000
@@ -136,6 +136,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include <openssl/lhash.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
@@ -258,11 +260,10 @@ def_generate_session_id(const SSL *ssl,
unsigned int *id_len)
{
unsigned int retry = 0;
- do
- if (RAND_pseudo_bytes(id, *id_len) <= 0)
- return 0;
- while (SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++retry < MAX_SESS_ID_ATTEMPTS));
+ do {
+ arc4random_buf(id, *id_len);
+ } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++retry < MAX_SESS_ID_ATTEMPTS));
if (retry < MAX_SESS_ID_ATTEMPTS)
return 1;
/* else - woops a session_id match */
Index: ssl/t1_enc.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_enc.c,v
retrieving revision 1.26
diff -u -p -r1.26 t1_enc.c
--- ssl/t1_enc.c 21 Apr 2014 16:34:43 -0000 1.26
+++ ssl/t1_enc.c 22 Apr 2014 03:19:59 -0000
@@ -136,6 +136,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+
#include "ssl_locl.h"
#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
@@ -692,8 +694,8 @@ tls1_enc(SSL *s, int send)
fprintf(stderr,
"%s:%d: rec->data != rec->input\n",
__FILE__, __LINE__);
- else if (RAND_bytes(rec->input, ivlen) <= 0)
- return -1;
+ else
+ arc4random_buf(rec->input, ivlen);
}
}
} else {
Index: ssl/tls_srp.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/tls_srp.c,v
retrieving revision 1.7
diff -u -p -r1.7 tls_srp.c
--- ssl/tls_srp.c 19 Apr 2014 17:05:00 -0000 1.7
+++ ssl/tls_srp.c 22 Apr 2014 03:19:59 -0000
@@ -56,6 +56,9 @@
* Hudson (t...@cryptsoft.com).
*
*/
+
+#include <stdlib.h>
+
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SRP
@@ -244,8 +247,7 @@ SSL_srp_server_param_with_username(SSL *
(s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
return SSL3_AL_FATAL;
- if (RAND_bytes(b, sizeof(b)) <= 0)
- return SSL3_AL_FATAL;
+ arc4random_buf(b, sizeof(b));
s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
OPENSSL_cleanse(b, sizeof(b));
@@ -415,7 +417,7 @@ SRP_Calc_A_param(SSL *s)
!SRP_check_known_gN_param(s->srp_ctx.g, s->srp_ctx.N))
return -1;
- RAND_bytes(rnd, sizeof(rnd));
+ arc4random_buf(rnd, sizeof(rnd));
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd));
