Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes() (most

with unchecked return values).
author: jsing <> 2014-10-22 13:23:05 +0000
committer: jsing <> 2014-10-22 13:23:05 +0000
commit: 70d2dbcdd5a01333cc8bb15f04f81dcb06351848 (patch)
tree: 24c467810ca11f3d70c7d8828c4abd7b3893cade
parent: a5ae6e09eb3d7ae9cef0fc65a04c31e6478f5cb5 (diff)
download: openbsd-70d2dbcdd5a01333cc8bb15f04f81dcb06351848.tar.gz
openbsd-70d2dbcdd5a01333cc8bb15f04f81dcb06351848.tar.bz2
openbsd-70d2dbcdd5a01333cc8bb15f04f81dcb06351848.zip
4 files changed, 15 insertions, 21 deletions
diff --git a/src/regress/lib/libcrypto/bn/mont/mont.c b/src/regress/lib/libcrypto/bn/mont/mont.c
index 2a60c022c3..30d5317b64 100644
--- a/src/regress/lib/libcrypto/bn/mont/mont.c
+++ b/src/regress/lib/libcrypto/bn/mont/mont.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mont.c,v 1.1 2014/06/20 10:38:22 miod Exp $   */
+/*      $OpenBSD: mont.c,v 1.2 2014/10/22 13:23:05 jsing Exp $  */
 /*
 * Copyright (c) 2014 Miodrag Vallat.
@@ -25,7 +25,6 @@
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
 /*
 * Test for proper bn_mul_mont behaviour when operands are of vastly different
@@ -39,7 +38,7 @@ main(int argc, char *argv[])
        unsigned char *key, r[32 + 16 * 8];
        size_t privsz;
-        RAND_bytes(r, sizeof r);
+        arc4random_buf(r, sizeof(r));
        for (privsz = 32; privsz <= sizeof(r); privsz += 8) {
                dh = DH_new();
diff --git a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
index eadb43d652..810fef61bb 100644
--- a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
@@ -82,7 +82,6 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
-#include <openssl/rand.h>
 /* declaration of the test functions */
 int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
@@ -169,12 +168,8 @@ int test_builtin(BIO *out)
        int             nid, ret =  0;
        
        /* fill digest values with some random data */
-        if (!RAND_pseudo_bytes(digest, 20) ||
+        arc4random_buf(digest, 20);
-            !RAND_pseudo_bytes(wrong_digest, 20))
+        arc4random_buf(wrong_digest, 20);
-                {
-                BIO_printf(out, "ERROR: unable to get random data\n");
-                goto builtin_err;
-                }
        /* create and verify a ecdsa signature with every availble curve
         * (with ) */
diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c
index faa9328ba9..5f9b663a26 100644
--- a/src/regress/lib/libcrypto/exp/exptest.c
+++ b/src/regress/lib/libcrypto/exp/exptest.c
@@ -62,7 +62,6 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
-#include <openssl/rand.h>
 #include <openssl/err.h>
 #define NUM_BITS        (BN_BITS*2)
@@ -97,15 +96,15 @@ int main(int argc, char *argv[])
        for (i=0; i<200; i++)
                {
-                RAND_bytes(&c,1);
+                arc4random_buf(&c,1);
                c=(c%BN_BITS)-BN_BITS2;
                BN_rand(a,NUM_BITS+c,0,0);
-                RAND_bytes(&c,1);
+                arc4random_buf(&c,1);
                c=(c%BN_BITS)-BN_BITS2;
                BN_rand(b,NUM_BITS+c,0,0);
-                RAND_bytes(&c,1);
+                arc4random_buf(&c,1);
                c=(c%BN_BITS)-BN_BITS2;
                BN_rand(m,NUM_BITS+c,0,1);
diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c
index b3e7280bbd..7945aab3ab 100644
--- a/src/regress/lib/libcrypto/ige/igetest.c
+++ b/src/regress/lib/libcrypto/ige/igetest.c
@@ -49,11 +49,12 @@
 *
 */
-#include <openssl/aes.h>
+#include <assert.h>
-#include <openssl/rand.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
-#include <assert.h>
+#include <openssl/aes.h>
 #define TEST_SIZE       128
 #define BIG_TEST_SIZE 10240
@@ -189,10 +190,10 @@ int main(int argc, char **argv)
        assert(BIG_TEST_SIZE >= TEST_SIZE);
-        RAND_pseudo_bytes(rkey, sizeof rkey);
+        arc4random_buf(rkey, sizeof(rkey));
-        RAND_pseudo_bytes(plaintext, sizeof plaintext);
+        arc4random_buf(plaintext, sizeof(plaintext));
-        RAND_pseudo_bytes(iv, sizeof iv);
+        arc4random_buf(iv, sizeof(iv));
-        memcpy(saved_iv, iv, sizeof saved_iv);
+        memcpy(saved_iv, iv, sizeof(saved_iv));
        /* Forward IGE only... */
author	jsing <>	2014-10-22 13:23:05 +0000
committer	jsing <>	2014-10-22 13:23:05 +0000
commit	70d2dbcdd5a01333cc8bb15f04f81dcb06351848 (patch)
tree	24c467810ca11f3d70c7d8828c4abd7b3893cade
parent	a5ae6e09eb3d7ae9cef0fc65a04c31e6478f5cb5 (diff)
download	openbsd-70d2dbcdd5a01333cc8bb15f04f81dcb06351848.tar.gz openbsd-70d2dbcdd5a01333cc8bb15f04f81dcb06351848.tar.bz2 openbsd-70d2dbcdd5a01333cc8bb15f04f81dcb06351848.zip

diff --git a/src/regress/lib/libcrypto/bn/mont/mont.c b/src/regress/lib/libcrypto/bn/mont/mont.c index 2a60c022c3..30d5317b64 100644 --- a/src/regress/lib/libcrypto/bn/mont/mont.c +++ b/src/regress/lib/libcrypto/bn/mont/mont.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mont.c,v 1.1 2014/06/20 10:38:22 miod Exp $ */	1	/* $OpenBSD: mont.c,v 1.2 2014/10/22 13:23:05 jsing Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2014 Miodrag Vallat.	4	* Copyright (c) 2014 Miodrag Vallat.
@@ -25,7 +25,6 @@
25	#include <openssl/crypto.h>	25	#include <openssl/crypto.h>
26	#include <openssl/dh.h>	26	#include <openssl/dh.h>
27	#include <openssl/err.h>	27	#include <openssl/err.h>
28	#include <openssl/rand.h>
29		28
30	/*	29	/*
31	* Test for proper bn_mul_mont behaviour when operands are of vastly different	30	* Test for proper bn_mul_mont behaviour when operands are of vastly different
@@ -39,7 +38,7 @@ main(int argc, char *argv[])
39	unsigned char key, r[32 + 16 8];	38	unsigned char key, r[32 + 16 8];
40	size_t privsz;	39	size_t privsz;
41		40
42	RAND_bytes(r, sizeof r);	41	arc4random_buf(r, sizeof(r));
43		42
44	for (privsz = 32; privsz <= sizeof(r); privsz += 8) {	43	for (privsz = 32; privsz <= sizeof(r); privsz += 8) {
45	dh = DH_new();	44	dh = DH_new();


diff --git a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c index eadb43d652..810fef61bb 100644 --- a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c +++ b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
@@ -82,7 +82,6 @@
82	#include <openssl/engine.h>	82	#include <openssl/engine.h>
83	#endif	83	#endif
84	#include <openssl/err.h>	84	#include <openssl/err.h>
85	#include <openssl/rand.h>
86		85
87	/* declaration of the test functions */	86	/* declaration of the test functions */
88	int x9_62_test_internal(BIO out, int nid, const char r, const char *s);	87	int x9_62_test_internal(BIO out, int nid, const char r, const char *s);
@@ -169,12 +168,8 @@ int test_builtin(BIO *out)
169	int nid, ret = 0;	168	int nid, ret = 0;
170		169
171	/* fill digest values with some random data */	170	/* fill digest values with some random data */
172	if (!RAND_pseudo_bytes(digest, 20) \|\|	171	arc4random_buf(digest, 20);
173	!RAND_pseudo_bytes(wrong_digest, 20))	172	arc4random_buf(wrong_digest, 20);
174	{
175	BIO_printf(out, "ERROR: unable to get random data\n");
176	goto builtin_err;
177	}
178		173
179	/* create and verify a ecdsa signature with every availble curve	174	/* create and verify a ecdsa signature with every availble curve
180	* (with ) */	175	* (with ) */


diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c index faa9328ba9..5f9b663a26 100644 --- a/src/regress/lib/libcrypto/exp/exptest.c +++ b/src/regress/lib/libcrypto/exp/exptest.c
@@ -62,7 +62,6 @@
62		62
63	#include <openssl/bio.h>	63	#include <openssl/bio.h>
64	#include <openssl/bn.h>	64	#include <openssl/bn.h>
65	#include <openssl/rand.h>
66	#include <openssl/err.h>	65	#include <openssl/err.h>
67		66
68	#define NUM_BITS (BN_BITS*2)	67	#define NUM_BITS (BN_BITS*2)
@@ -97,15 +96,15 @@ int main(int argc, char *argv[])
97		96
98	for (i=0; i<200; i++)	97	for (i=0; i<200; i++)
99	{	98	{
100	RAND_bytes(&c,1);	99	arc4random_buf(&c,1);
101	c=(c%BN_BITS)-BN_BITS2;	100	c=(c%BN_BITS)-BN_BITS2;
102	BN_rand(a,NUM_BITS+c,0,0);	101	BN_rand(a,NUM_BITS+c,0,0);
103		102
104	RAND_bytes(&c,1);	103	arc4random_buf(&c,1);
105	c=(c%BN_BITS)-BN_BITS2;	104	c=(c%BN_BITS)-BN_BITS2;
106	BN_rand(b,NUM_BITS+c,0,0);	105	BN_rand(b,NUM_BITS+c,0,0);
107		106
108	RAND_bytes(&c,1);	107	arc4random_buf(&c,1);
109	c=(c%BN_BITS)-BN_BITS2;	108	c=(c%BN_BITS)-BN_BITS2;
110	BN_rand(m,NUM_BITS+c,0,1);	109	BN_rand(m,NUM_BITS+c,0,1);
111		110


diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c index b3e7280bbd..7945aab3ab 100644 --- a/src/regress/lib/libcrypto/ige/igetest.c +++ b/src/regress/lib/libcrypto/ige/igetest.c
@@ -49,11 +49,12 @@
49	*	49	*
50	*/	50	*/
51		51
52	#include <openssl/aes.h>	52	#include <assert.h>
53	#include <openssl/rand.h>
54	#include <stdio.h>	53	#include <stdio.h>
		54	#include <stdlib.h>
55	#include <string.h>	55	#include <string.h>
56	#include <assert.h>	56
		57	#include <openssl/aes.h>
57		58
58	#define TEST_SIZE 128	59	#define TEST_SIZE 128
59	#define BIG_TEST_SIZE 10240	60	#define BIG_TEST_SIZE 10240
@@ -189,10 +190,10 @@ int main(int argc, char **argv)
189		190
190	assert(BIG_TEST_SIZE >= TEST_SIZE);	191	assert(BIG_TEST_SIZE >= TEST_SIZE);
191		192
192	RAND_pseudo_bytes(rkey, sizeof rkey);	193	arc4random_buf(rkey, sizeof(rkey));
193	RAND_pseudo_bytes(plaintext, sizeof plaintext);	194	arc4random_buf(plaintext, sizeof(plaintext));
194	RAND_pseudo_bytes(iv, sizeof iv);	195	arc4random_buf(iv, sizeof(iv));
195	memcpy(saved_iv, iv, sizeof saved_iv);	196	memcpy(saved_iv, iv, sizeof(saved_iv));
196		197
197	/* Forward IGE only... */	198	/* Forward IGE only... */
198		199