openbsd-ports/security/heimdal/patches/patch-lib_hx509_softp11_c

$OpenBSD: patch-lib_hx509_softp11_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $

Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.

--- lib/hx509/softp11.c.orig	Tue Nov 29 02:35:27 2016
+++ lib/hx509/softp11.c	Thu Dec 15 11:29:38 2016
@@ -33,6 +33,7 @@
 
 #define CRYPTOKI_EXPORTS 1
 
+#include <config.h>
 #include "hx_locl.h"
 #include "ref/pkcs11.h"
 
@@ -304,6 +305,7 @@ static struct st_object *
 add_st_object(void)
 {
     struct st_object *o, **objs;
+    u_int32_t rnd;
     int i;
 
     o = calloc(1, sizeof(*o));
@@ -326,8 +328,14 @@ add_st_object(void)
 	soft_token.object.objs = objs;
 	soft_token.object.objs[soft_token.object.num_objs++] = o;
     }
+#ifdef HAVE_ARC4RANDOM
+    rnd = arc4random();
+#else
+    rnd = random();
+#endif
+
     soft_token.object.objs[i]->object_handle =
-	(random() & (~OBJECT_ID_MASK)) | i;
+	(rnd & (~OBJECT_ID_MASK)) | i;
 
     return o;
 }
@@ -878,7 +886,9 @@ C_Initialize(CK_VOID_PTR a)
 
     OpenSSL_add_all_algorithms();
 
+#ifndef HAVE_ARC4RANDOM
     srandom(getpid() ^ (int) time(NULL));
+#endif
 
     for (i = 0; i < MAX_NUM_SESSION; i++) {
 	soft_token.state[i].session_handle = CK_INVALID_HANDLE;
@@ -1124,6 +1134,7 @@ C_OpenSession(CK_SLOT_ID slotID,
 	      CK_SESSION_HANDLE_PTR phSession)
 {
     size_t i;
+    u_int32_t rnd;
     INIT_CONTEXT();
     st_logf("OpenSession: slot: %d\n", (int)slotID);
 
@@ -1139,10 +1150,15 @@ C_OpenSession(CK_SLOT_ID slotID,
     if (i == MAX_NUM_SESSION)
 	abort();
 
-    soft_token.open_sessions++;
+#ifdef HAVE_ARC4RANDOM
+    rnd = arc4random();
+#else
+    rnd = random();
+#endif
 
+    soft_token.open_sessions++;
     soft_token.state[i].session_handle =
-	(CK_SESSION_HANDLE)(random() & 0xfffff);
+	(CK_SESSION_HANDLE)(rnd & 0xfffff);
     *phSession = soft_token.state[i].session_handle;
 
     return CKR_OK;