From owner-freebsd-audit Sat Mar 3 15: 0:57 2001 Delivered-To: freebsd-audit@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-158.dsl.lsan03.pacbell.net [63.207.60.158]) by hub.freebsd.org (Postfix) with ESMTP id 1A29837B719 for ; Sat, 3 Mar 2001 15:00:50 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C9E4566D2E; Sat, 3 Mar 2001 15:00:49 -0800 (PST) Date: Sat, 3 Mar 2001 15:00:49 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: rand() patches Message-ID: <20010303150049.A33806@mollari.cthul.hu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Please review the following patches which replace all uses of rand() (and one of random() which I came across) with stronger variants. Even the "fixed" version of rand() in -current is too weak (because of interface constraints with rand_r()) to be used here. Kris Index: bin/ed/cbc.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/bin/ed/cbc.c,v retrieving revision 1.12 diff -u -r1.12 cbc.c --- bin/ed/cbc.c 1999/08/27 23:14:12 1.12 +++ bin/ed/cbc.c 2001/02/27 18:38:17 @@ -57,12 +57,6 @@ =20 =20 /* - * Define a divisor for rand() that yields a uniform distribution in the - * range 0-255. - */ -#define RAND_DIV (((unsigned) RAND_MAX + 1) >> 8) - -/* * BSD and System V systems offer special library calls that do * block move_liness and fills, so if possible we take advantage of them */ @@ -125,9 +119,8 @@ MEMZERO(ivec, 8); =20 /* initialize the padding vector */ - srand((unsigned) time((time_t *) 0)); for (i =3D 0; i < 8; i++) - CHAR(pvec, i) =3D (char) (rand()/RAND_DIV); + CHAR(pvec, i) =3D (char) (arc4random() % 256); #endif } =20 Index: contrib/opie/libopie/newseed.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/contrib/opie/libopie/newseed.c,v retrieving revision 1.3 diff -u -r1.3 newseed.c --- contrib/opie/libopie/newseed.c 2000/04/10 11:18:54 1.3 +++ contrib/opie/libopie/newseed.c 2001/02/27 18:15:19 @@ -16,6 +16,9 @@ */ =20 #include "opie_cfg.h" +#if HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ #if HAVE_TIME_H #include #endif /* HAVE_TIME_H */ @@ -84,12 +87,6 @@ =20 { { - time_t now; - time(&now); - srand(now); - } - - { struct utsname utsname; =20 if (uname(&utsname) < 0) { @@ -101,7 +98,7 @@ } utsname.nodename[2] =3D 0; =20 - sprintf(seed, "%s%04d", utsname.nodename, (rand() % 9999) + 1); + sprintf(seed, "%s%04d", utsname.nodename, (arc4random() % 9999) + 1); return 0; } } Index: contrib/opie/libopie/randomchallenge.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/contrib/opie/libopie/randomchallenge.c,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 randomchallenge.c --- contrib/opie/libopie/randomchallenge.c 2000/04/10 11:09:41 1.1.1.3 +++ contrib/opie/libopie/randomchallenge.c 2001/02/27 18:16:48 @@ -25,6 +25,9 @@ Created at NRL for OPIE 2.2 from opiesubr2.c */ =20 +#if HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ #include "opie_cfg.h" #include "opie.h" =20 @@ -41,5 +44,5 @@ if (opienewseed(buf)) strcpy(buf, "ke4452"); =20 - sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf= ); + sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (arc4random() % 499) + = 1, buf); } Index: usr.bin/newkey/generic.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/usr.bin/newkey/generic.c,v retrieving revision 1.3 diff -u -r1.3 generic.c --- usr.bin/newkey/generic.c 1999/08/28 01:04:33 1.3 +++ usr.bin/newkey/generic.c 2001/02/27 18:26:42 @@ -57,18 +57,9 @@ unsigned char *pass; { int i; - int rseed; - struct timeval tv; =20 - (void)gettimeofday(&tv, (struct timezone *)NULL); - rseed =3D tv.tv_sec + tv.tv_usec; - for (i =3D 0; i < 8; i++) { - rseed ^=3D (rseed << 8) | pass[i]; - } - srand(rseed); - for (i =3D 0; i < seedsize; i++) { - seed[i] =3D (rand() & 0xff) ^ pass[i % 8]; + seed[i] =3D (arc4random() & 0xff) ^ pass[i % 8]; } } =20 Index: usr.sbin/pw/pw_user.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/usr.sbin/pw/pw_user.c,v retrieving revision 1.44 diff -u -r1.44 pw_user.c --- usr.sbin/pw/pw_user.c 2000/12/29 18:04:49 1.44 +++ usr.sbin/pw/pw_user.c 2001/02/27 19:05:05 @@ -55,7 +55,6 @@ #define LOGNAMESIZE (MAXLOGNAME-1) #endif =20 -static int randinit; static char locked_str[] =3D "*LOCKED*"; =20 static int print_user(struct passwd * pwd, int pretty, int v7); @@ -1013,16 +1012,8 @@ /* * Calculate a salt value */ - if (!randinit) { - randinit =3D 1; -#ifdef __FreeBSD__ - srandomdev(); -#else - srandom((unsigned long) (time(NULL) ^ getpid())); -#endif - } for (i =3D 0; i < 8; i++) - salt[i] =3D chars[random() % 63]; + salt[i] =3D chars[arc4random() % 63]; salt[i] =3D '\0'; =20 return strcpy(buf, crypt(password, salt)); @@ -1086,15 +1077,7 @@ =20 switch (cnf->default_password) { case -1: /* Random password */ - if (!randinit) { - randinit =3D 1; -#ifdef __FreeBSD__ - srandomdev(); -#else - srandom((unsigned long) (time(NULL) ^ getpid())); -#endif - } - l =3D (random() % 8 + 8); /* 8 - 16 chars */ + l =3D (arc4random() % 8 + 8); /* 8 - 16 chars */ pw_getrand(rndbuf, l); for (i =3D 0; i < l; i++) pwbuf[i] =3D chars[rndbuf[i] % (sizeof(chars)-1)]; --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6oXehWry0BWjoQKURAkCMAKDNLq+JHgc4pDinfX0uLAMzOdcpVACgsqvB myoUVfNBLywOchUtN8R1GFk= =D+tQ -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message