MonetDB: Oct2014 - Use OpenSSL's RAND_bytes() to generate random...

Thu, 14 Aug 2014 01:18:46 -0700 

Changeset: 67dbeb724bda for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=67dbeb724bda
Modified Files:
        common/utils/muuid.c
        monetdb5/modules/atoms/uuid.c
        monetdb5/modules/mal/mal_mapi.c
        tools/merovingian/utils/utils.c
Branch: Oct2014
Log Message:

Use OpenSSL's RAND_bytes() to generate randomness for security.


diffs (144 lines):

diff --git a/common/utils/muuid.c b/common/utils/muuid.c
--- a/common/utils/muuid.c
+++ b/common/utils/muuid.c
@@ -26,6 +26,8 @@
 #include <string.h> /* strdup */
 #ifdef HAVE_UUID_UUID_H
 # include <uuid/uuid.h>
+#else
+# include <openssl/rand.h>
 #endif
 
 /**
@@ -49,14 +51,27 @@ generateUUID(void)
        /* try to do some pseudo interesting stuff, and stash it in the
         * format of a UUID to at least return some uniform answer */
        char out[37];
+       union {
+               unsigned char randbuf[16];
+               unsigned short s[8];
+       } r;
 
-       /* generate something like this:
-        * cefa7a9c-1dd2-11b2-8350-880020adbeef ("%08x-%04x-%04x-%04x-%012x") */
-       snprintf(out, sizeof(out), "%04x%04x-%04x-%04x-%04x-%04x%04x%04x",
-                rand() % 65536, rand() % 65536,
-                rand() % 65536, rand() % 65536,
-                rand() % 65536, rand() % 65536,
-                rand() % 65536, rand() % 65536);
+       if (RAND_bytes(r.randbuf, 16) >= 0) {
+               snprintf(out, sizeof(out),
+                        "%04x%04x-%04x-%04x-%04x-%04x%04x%04x",
+                        r.s[0], r.s[1], r.s[2], r.s[3],
+                        r.s[4], r.s[5], r.s[6], r.s[7]);
+       } else {
+               /* generate something like this:
+                * cefa7a9c-1dd2-11b2-8350-880020adbeef
+                * ("%08x-%04x-%04x-%04x-%012x") */
+               snprintf(out, sizeof(out),
+                        "%04x%04x-%04x-%04x-%04x-%04x%04x%04x",
+                        rand() % 65536, rand() % 65536,
+                        rand() % 65536, rand() % 65536,
+                        rand() % 65536, rand() % 65536,
+                        rand() % 65536, rand() % 65536);
+       }
 #endif
        return strdup(out);
 }
diff --git a/monetdb5/modules/atoms/uuid.c b/monetdb5/modules/atoms/uuid.c
--- a/monetdb5/modules/atoms/uuid.c
+++ b/monetdb5/modules/atoms/uuid.c
@@ -31,6 +31,9 @@
 #ifdef HAVE_UUID_UUID_H
 #include <uuid/uuid.h>
 #endif
+#ifndef HAVE_UUID
+#include <openssl/rand.h>              /* for RAND_bytes */
+#endif
 
 #ifdef HAVE_UUID
 #define UUID_SIZE      ((int) sizeof(uuid_t)) /* size of a UUID */
@@ -178,7 +181,8 @@ UUIDgenerateUuid(uuid **retval)
 #ifdef HAVE_UUID
        uuid_generate(u->u);
 #else
-       {
+       if (RAND_bytes(u->u, 16) < 0) {
+               /* if it failed, use rand */
                int i, r;
 
                for (i = 0; i < UUID_SIZE;) {
diff --git a/monetdb5/modules/mal/mal_mapi.c b/monetdb5/modules/mal/mal_mapi.c
--- a/monetdb5/modules/mal/mal_mapi.c
+++ b/monetdb5/modules/mal/mal_mapi.c
@@ -44,6 +44,7 @@
 #include <sys/types.h>
 #include <stream_socket.h>
 #include <mapi.h>
+#include <openssl/rand.h>              /* RAND_bytes() */
 
 #ifdef _WIN32   /* Windows specific */
 # include <winsock.h>
@@ -86,12 +87,18 @@ static void generateChallenge(str buf, i
 
        /* don't seed the randomiser here, or you get the same challenge
         * during the same second */
-       size = rand();
+       if (RAND_bytes((unsigned char *) &size, (int) sizeof(size)) < 0)
+               size = rand();
        size = (size % (max - min)) + min;
-       for (i = 0; i < size; i++) {
-               bte = rand();
-               bte %= 62;
-               buf[i] = seedChars[bte];
+       if (RAND_bytes((unsigned char *) buf, (int) size) >= 0) {
+               for (i = 0; i < size; i++)
+                       buf[i] = seedChars[((unsigned char *) buf)[i] % 62];
+       } else {
+               for (i = 0; i < size; i++) {
+                       bte = rand();
+                       bte %= 62;
+                       buf[i] = seedChars[bte];
+               }
        }
        buf[i] = '\0';
 }
diff --git a/tools/merovingian/utils/utils.c b/tools/merovingian/utils/utils.c
--- a/tools/merovingian/utils/utils.c
+++ b/tools/merovingian/utils/utils.c
@@ -45,6 +45,7 @@
 #  include <time.h>
 # endif
 #endif
+#include <openssl/rand.h>              /* RAND_bytes */
 
 /**
  * Parses the given file stream matching the keys from list.  If a match
@@ -314,12 +315,22 @@ void
 generateSalt(char *buf, unsigned int len)
 {
        unsigned int c;
-       unsigned int size = (unsigned int)rand();
-       unsigned int fill = len * 0.75;
-       unsigned int min = len * 0.42;
+       unsigned int size;
+       unsigned int fill;
+       unsigned int min;
+
+       if (RAND_bytes((unsigned char *) &size, (int) sizeof(size)) < 0)
+               size = (unsigned int)rand();
+       fill = len * 0.75;
+       min = len * 0.42;
        size = (size % (fill - min)) + min;
-       for (c = 0; c < size; c++)
-               buf[c] = seedChars[rand() % 62];
+       if (RAND_bytes((unsigned char *) buf, (int) size) >= 0) {
+               for (c = 0; c < size; c++)
+                       buf[c] = seedChars[((unsigned char *) buf)[c] % 62];
+       } else {
+               for (c = 0; c < size; c++)
+                       buf[c] = seedChars[rand() % 62];
+       }
        for ( ; c < len; c++)
                buf[c] = '\0';
 }
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list

Reply via email to