another round of chemo for the RAND code to provide clarity.

ok deraadt

4 files changed, 85 insertions, 379 deletions

diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c
index 243a87ddfb..6d61b3d3f6 100644
--- a/src/lib/libssl/src/crypto/rand/rand_lib.c
+++ b/src/lib/libssl/src/crypto/rand/rand_lib.c
@@ -1,177 +1,97 @@
-/* crypto/rand/rand_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-
-#include <stdio.h>
-#include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
+#include <stdlib.h>
 
-#ifndef OPENSSL_NO_ENGINE
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
-#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-
-int RAND_set_rand_method(const RAND_METHOD *meth)
-        {
-#ifndef OPENSSL_NO_ENGINE
-        if(funct_ref)
-                {
-                ENGINE_finish(funct_ref);
-                funct_ref = NULL;
-                }
-#endif
-        default_RAND_meth = meth;
+/*
+ * The useful functions in this file are at the bottom.
+ */
+int
+RAND_set_rand_method(const RAND_METHOD *meth)
+{
         return 1;
-        }
+}
 
-const RAND_METHOD *RAND_get_rand_method(void)
-        {
-        if (!default_RAND_meth)
-                {
-#ifndef OPENSSL_NO_ENGINE
-                ENGINE *e = ENGINE_get_default_RAND();
-                if(e)
-                        {
-                        default_RAND_meth = ENGINE_get_RAND(e);
-                        if(!default_RAND_meth)
-                                {
-                                ENGINE_finish(e);
-                                e = NULL;
-                                }
-                        }
-                if(e)
-                        funct_ref = e;
-                else
-#endif
-                        default_RAND_meth = RAND_SSLeay();
-                }
-        return default_RAND_meth;
-        }
+const RAND_METHOD *
+RAND_get_rand_method(void)
+{
+        return NULL;
+}
+
+RAND_METHOD *
+RAND_SSLeay(void)
+{
+        return NULL;
+}
 
 #ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine)
-        {
-        const RAND_METHOD *tmp_meth = NULL;
-        if(engine)
-                {
-                if(!ENGINE_init(engine))
-                        return 0;
-                tmp_meth = ENGINE_get_RAND(engine);
-                if(!tmp_meth)
-                        {
-                        ENGINE_finish(engine);
-                        return 0;
-                        }
-                }
-        /* This function releases any prior ENGINE so call it first */
-        RAND_set_rand_method(tmp_meth);
-        funct_ref = engine;
+int
+RAND_set_rand_engine(ENGINE *engine)
+{
         return 1;
-        }
+}
 #endif
 
-void RAND_cleanup(void)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->cleanup)
-                meth->cleanup();
-        RAND_set_rand_method(NULL);
-        }
+void
+RAND_cleanup(void)
+{
+
+}
+
+void
+RAND_seed(const void *buf, int num)
+{
+
+}
 
-void RAND_seed(const void *buf, int num)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->seed)
-                meth->seed(buf,num);
-        }
+void
+RAND_add(const void *buf, int num, double entropy)
+{
 
-void RAND_add(const void *buf, int num, double entropy)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->add)
-                meth->add(buf,num,entropy);
-        }
+}
 
-int RAND_bytes(unsigned char *buf, int num)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->bytes)
-                return meth->bytes(buf,num);
-        return(-1);
-        }
+int
+RAND_status(void)
+{
+        return 1;
+}
 
-int RAND_pseudo_bytes(unsigned char *buf, int num)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->pseudorand)
-                return meth->pseudorand(buf,num);
-        return(-1);
-        }
+int
+RAND_poll(void)
+{
+       return 1;
+}
 
-int RAND_status(void)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->status)
-                return meth->status();
-        return 0;
-        }
+/*
+ * Hurray. You've made it to the good parts.
+ */
+int
+RAND_bytes(unsigned char *buf, int num)
+{
+        if (num > 0)
+                arc4random_buf(buf, num);
+        return 1;
+}
+
+int
+RAND_pseudo_bytes(unsigned char *buf, int num)
+{
+        if (num > 0)
+                arc4random_buf(buf, num);
+        return 1;
+}
diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c
deleted file mode 100644
index a5b9b2a529..0000000000
--- a/src/lib/libssl/src/crypto/rand/rand_unix.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/rand/rand_unix.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "e_os.h"
-#include "cryptlib.h"
-#include <openssl/rand.h>
-
-#include <stdlib.h>
-#include <string.h>
-
-int RAND_poll(void)
-{
-        return 1;
-}
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index c47d1f7224..23efa17388 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -74,10 +74,7 @@
 #define BUFSIZE 1024
 #define RAND_DATA 1024
 
-#define RFILE           ".rnd"
-
-/* Note that these functions are intended for seed files only.
- * Entropy devices and EGD sockets are handled in rand_unix.c */
+/* Note that these functions should not be used. */
 
 int RAND_load_file(const char *file, long bytes)
 {
@@ -145,46 +142,8 @@ err:
         }
 
 const char *RAND_file_name(char *buf, size_t size)
-        {
-        char *s=NULL;
-        struct stat sb;
-
-        if (OPENSSL_issetugid() == 0)
-                s=getenv("RANDFILE");
-        if (s != NULL && *s && strlen(s) + 1 < size)
-                {
-                if (BUF_strlcpy(buf,s,size) >= size)
-                        return NULL;
-                }
-        else
-                {
-                if (OPENSSL_issetugid() == 0)
-                        s=getenv("HOME");
-                if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
-                        {
-                        BUF_strlcpy(buf,s,size);
-                        BUF_strlcat(buf,"/",size);
-                        BUF_strlcat(buf,RFILE,size);
-                        }
-                else
-                        buf[0] = '\0'; /* no file name */
-                }
-
-        /* given that all random loads just fail if the file can't be 
-         * seen on a stat, we stat the file we're returning, if it
-         * fails, use /dev/arandom instead. this allows the user to 
-         * use their own source for good random data, but defaults
-         * to something hopefully decent if that isn't available. 
-         */
-
-        if (!buf[0])
-                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-                        return(NULL);
-                }       
-        if (stat(buf,&sb) == -1)
-                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-                        return(NULL);
-                }       
-
-        return(buf);
-        }
+{
+        if (BUF_strlcpy(buf,"/dev/urandom",size) >= size)
+                return(NULL);
+        return buf;
+}
diff --git a/src/lib/libssl/src/crypto/rand/rc4_rand.c b/src/lib/libssl/src/crypto/rand/rc4_rand.c
deleted file mode 100644
index 47405b0d9a..0000000000
--- a/src/lib/libssl/src/crypto/rand/rc4_rand.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*      $OpenBSD: rc4_rand.c,v 1.2 2014/04/16 13:57:14 reyk Exp $       */
-
-/*
- * Copyright (c) 2014 Miodrag Vallat.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-
-#include <openssl/rand.h>
-
-static int
-arc4_rand_bytes(unsigned char *buf, int num)
-{
-        if (num > 0)
-                arc4random_buf(buf, (size_t)num);
-
-        return 1;
-}
-
-static int 
-arc4_rand_status(void)
-{
-        /* no possible error condition */
-        return 1;
-}
-
-static RAND_METHOD rand_arc4_meth = {
-        .seed = NULL,           /* no external seed allowed */
-        .bytes = arc4_rand_bytes,
-        .cleanup = NULL,        /* no cleanup necessary */
-        .add = NULL,            /* no external feed allowed */
-        .pseudorand = arc4_rand_bytes,
-        .status =  arc4_rand_status
-};
-
-RAND_METHOD *RAND_SSLeay(void)
-{
-        return &rand_arc4_meth;
-}
-