check the return value of RAND_bytes()

use OPENSSL_cleanse()

Author: vesvault-jz

ChangeLog

@@ -0,0 +1,3 @@
+2019-01-01  Jim Zubov <jz@vesvault.com>
+    * * Usage of RAND_bytes() and OPENSSL_cleanup()
+    credits: https://reddit.com/u/skeeto

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libVES-c 0.9b.
+# Generated by GNU Autoconf 2.69 for VES 0.901b.
 #
 # Report bugs to <bugs@vesvault.com>.
 #
@@ -578,10 +578,10 @@ MFLAGS=
 MAKEFLAGS=
 
 # Identity of this package.
-PACKAGE_NAME='libVES-c'
-PACKAGE_TARNAME='libves-c'
-PACKAGE_VERSION='0.9b'
-PACKAGE_STRING='libVES-c 0.9b'
+PACKAGE_NAME='VES'
+PACKAGE_TARNAME='ves'
+PACKAGE_VERSION='0.901b'
+PACKAGE_STRING='VES 0.901b'
 PACKAGE_BUGREPORT='bugs@vesvault.com'
 PACKAGE_URL=''
 
@@ -1261,7 +1261,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libVES-c 0.9b to adapt to many kinds of systems.
+\`configure' configures VES 0.901b to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1309,7 +1309,7 @@ Fine tuning of the installation directories:
   --infodir=DIR           info documentation [DATAROOTDIR/info]
   --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
   --mandir=DIR            man documentation [DATAROOTDIR/man]
-  --docdir=DIR            documentation root [DATAROOTDIR/doc/libves-c]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/ves]
   --htmldir=DIR           html documentation [DOCDIR]
   --dvidir=DIR            dvi documentation [DOCDIR]
   --pdfdir=DIR            pdf documentation [DOCDIR]
@@ -1327,7 +1327,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libVES-c 0.9b:";;
+     short | recursive ) echo "Configuration of VES 0.901b:";;
    esac
   cat <<\_ACEOF
 
@@ -1414,7 +1414,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libVES-c configure 0.9b
+VES configure 0.901b
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1837,7 +1837,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libVES-c $as_me 0.9b, which was
+It was created by VES $as_me 0.901b, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2655,8 +2655,8 @@ fi
 
 
 # Define the identity of the package.
- PACKAGE='libves-c'
- VERSION='0.9b'
+ PACKAGE='ves'
+ VERSION='0.901b'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5006,7 +5006,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libVES-c $as_me 0.9b, which was
+This file was extended by VES $as_me 0.901b, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -5072,7 +5072,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libVES-c config.status 0.9b
+VES config.status 0.901b
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -3,7 +3,7 @@
 
 
 AC_PREREQ([2.69])
-AC_INIT([libVES-c], [0.9b], [bugs@vesvault.com])
+AC_INIT([VES], [0.901b], [bugs@vesvault.com])
 AC_CONFIG_SRCDIR([src/ves-util.c])
 AC_CONFIG_HEADERS([src/config.h])
 

lib/libVES.h

@@ -28,8 +28,8 @@
  * libVES.h                   libVES: Main header
  *
  ***************************************************************************/
-#define LIBVES_VERSION_NUMBER	0x00090000L
-#define LIBVES_VERSION_CODE	"0.9b"
+#define LIBVES_VERSION_NUMBER	0x00090001L
+#define LIBVES_VERSION_CODE	"0.901b"
 #define LIBVES_VERSION_STR	"libVES.c " LIBVES_VERSION_CODE " (c) 2018 VESvault Corp"
 #define LIBVES_VERSION_SHORT	"libVES/" LIBVES_VERSION_CODE
 

lib/libVES/CiAlgo_AES.c

@@ -37,6 +37,7 @@
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
+#include <openssl/crypto.h>
 #include "Cipher.h"
 #include "CiAlgo_AES.h"
 #include "Util.h"
@@ -50,7 +51,7 @@
 		memcpy(ci->alg.key, key, sizeof(ci->alg.key)); \
 		memcpy(ci->alg.seed, key + (keylen <= sizeof(ci->alg.key) + sizeof(ci->alg.seed) ? keylen - sizeof(ci->alg.seed) : sizeof(ci->alg.key)), sizeof(ci->alg.seed)); \
 	    } else { \
-		RAND_bytes(ci->alg.key, sizeof(ci->alg.key) + sizeof(ci->alg.seed)); \
+		if (RAND_bytes(ci->alg.key, sizeof(ci->alg.key) + sizeof(ci->alg.seed)) <= 0) libVES_throwEVP(ves, LIBVES_E_CRYPTO, "RAND_bytes", NULL); \
 	    }
 
 #define libVES_CiAlgo_LEN_1K	1024
@@ -218,7 +219,7 @@ int libVES_CiAlgo_e_AES256GCMp(libVES_Cipher *ci, int final, const char *plainte
 	if (ci->gcm.offs) {
 	    l = libVES_CiAlgo_e_AES256GCM(ci, 0, ci->gcm.pbuf, ci->gcm.offs, ctext);
 	    if (l < 0) return -1;
-	    memset(ci->gcm.pbuf, 0, ci->gcm.offs);
+	    OPENSSL_cleanse(ci->gcm.pbuf, ci->gcm.offs);
 	    ctext += l;
 	}
 	l = libVES_CiAlgo_e_AES256GCM(ci, 0, plaintext, ptlen, ctext);
@@ -327,7 +328,7 @@ int libVES_CiAlgo_e_AES256GCM1K(libVES_Cipher *ci, int final, const char *plaint
     while (ptext < ptail || ff) {
 	ff = 0;
 	if (!ci->gcm.offs) {
-	    RAND_bytes((unsigned char *) ctext, sizeof(ci->gcm.gbuf));
+	    if (RAND_bytes((unsigned char *) ctext, sizeof(ci->gcm.gbuf)) <= 0) libVES_throwEVP(ci->ves, LIBVES_E_CRYPTO, "RAND_bytes", -1);
 	    if (!libVES_CiAlgo_setiv_AES256GCM1K(ci, ctext)) return -1;
 	    ctext += sizeof(ci->gcm.gbuf);
 	    ci->gcm.offs = sizeof(ci->gcm.gbuf);
@@ -352,7 +353,7 @@ int libVES_CiAlgo_e_AES256GCM1K(libVES_Cipher *ci, int final, const char *plaint
 
 void libVES_CiAlgo_r_AES256GCMp(libVES_Cipher *ci) {
     if (ci->gcm.pbuf) {
-	memset(ci->gcm.pbuf, 0, ci->gcm.offs);
+	OPENSSL_cleanse(ci->gcm.pbuf, ci->gcm.offs);
 	free(ci->gcm.pbuf);
 	ci->gcm.pbuf = NULL;
     }
@@ -460,7 +461,7 @@ int libVES_CiAlgo_l_AES256CFB(libVES_Cipher *ci) {
 }
 
 void libVES_CiAlgo_f_AES256(libVES_Cipher *ci) {
-    memset(ci->gcm.key, 0, sizeof(ci->gcm.key));
+    OPENSSL_cleanse(ci->gcm.key, sizeof(ci->gcm.key));
 }
 
 

lib/libVES/KeyAlgo_EVP.c

@@ -37,6 +37,7 @@
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
+#include <openssl/crypto.h>
 #include "../jVar.h"
 #include "../libVES.h"
 #include "VaultKey.h"
@@ -197,7 +198,7 @@ int libVES_KeyAlgo_RSA_decrypt(libVES_VaultKey *vkey, const char *ciphertext, si
 	    res = 0;
 	} else res = dlen;
     }
-    if (keybuf) memset(keybuf, 0, len);
+    if (keybuf) OPENSSL_cleanse(keybuf, len);
     free(keybuf);
     EVP_PKEY_CTX_free(ctx);
     return res;
@@ -212,7 +213,7 @@ int libVES_KeyAlgo_RSA_encrypt(libVES_VaultKey *vkey, const char *plaintext, siz
     if (*ptlen + libVES_KeyAlgo_RSA_LENpad > len && *ptlen > *keylen) {
 	*ptlen = 0;
 	if (!ciphertext) return len;
-	RAND_bytes((unsigned char *) key, *keylen);
+	if (RAND_bytes((unsigned char *) key, *keylen) <= 0) libVES_throwEVP(vkey->ves, LIBVES_E_CRYPTO, "RAND_bytes", -1);
 	s = key;
 	sl = *keylen;
     } else {
@@ -284,7 +285,7 @@ int libVES_KeyAlgo_ECDH_derive(EVP_PKEY *pub, EVP_PKEY *priv, char *buf, size_t
 	}
 	if (mdctx) EVP_MD_CTX_destroy(mdctx);
     }
-    memset(dh, 0, sizeof(dh));
+    OPENSSL_cleanse(dh, sizeof(dh));
     EVP_PKEY_CTX_free(ctx);
     return res;
 }

lib/libVES/VaultItem.c

@@ -33,6 +33,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
+#include <openssl/crypto.h>
 #include "../jVar.h"
 #include "../libVES.h"
 #include "VaultItem.h"
@@ -369,7 +370,7 @@ void libVES_VaultItem_free(libVES_VaultItem *vitem) {
     if (!vitem) return;
     jVar_free(vitem->meta);
     if (vitem->value) {
-	memset(vitem->value, 0, vitem->len);
+	OPENSSL_cleanse(vitem->value, vitem->len);
 	free(vitem->value);
 	vitem->len = 0;
     }

lib/libVES/VaultKey.c

@@ -36,6 +36,7 @@
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
+#include <openssl/crypto.h>
 #include "../jVar.h"
 #include "../libVES.h"
 #include "VaultKey.h"
@@ -382,7 +383,7 @@ int libVES_VaultKey_decrypt(libVES_VaultKey *vkey, const char *ciphertext, char
 	else pl = -1;
     }
     free(ctext);
-    memset(cikey, 0, sizeof(cikey));
+    OPENSSL_cleanse(cikey, sizeof(cikey));
     return pl;
 }
 
@@ -410,7 +411,7 @@ char *libVES_VaultKey_encrypt(libVES_VaultKey *vkey, const char *plaintext, size
 	if (l >= 0) cl += l;
 	else cl = -1;
     }
-    memset(cikey, 0, sizeof(cikey));
+    OPENSSL_cleanse(cikey, sizeof(cikey));
     if (cl >= 0) return libVES_b64encode(ctext, cl, ctbuf);
     free(ctbuf);
     return NULL;
@@ -564,7 +565,7 @@ libVES_veskey *libVES_veskey_new(size_t keylen, const char *veskey) {
     libVES_veskey *vk = malloc(offsetof(libVES_veskey, veskey) + keylen);
     if (veskey) memcpy(vk->veskey, veskey, keylen);
     else {
-	RAND_bytes((unsigned char *) vk->veskey, keylen);
+	if (RAND_bytes((unsigned char *) vk->veskey, keylen) <= 0) return NULL;
 	char *p;
 	for (p = vk->veskey; p < vk->veskey + keylen; p++) {
 	    unsigned char c = *p;
@@ -577,6 +578,6 @@ libVES_veskey *libVES_veskey_new(size_t keylen, const char *veskey) {
 
 void libVES_veskey_free(libVES_veskey *veskey) {
     if (!veskey) return;
-    memset(veskey, 0, veskey->keylen + sizeof(veskey->keylen));
+    OPENSSL_cleanse(veskey, veskey->keylen + sizeof(veskey->keylen));
     free(veskey);
 }

lib/libVES/VaultKey.h

@@ -210,11 +210,16 @@ extern const struct libVES_ListCtl libVES_VaultKey_ListCtlU;
 
 /***************************************************************************
  * VESkey, a binary with length
+ * Generate a random one if veskey == NULL, see libVES_veskey_generate()
  ***************************************************************************/
 libVES_veskey *libVES_veskey_new(size_t keylen, const char *veskey);
 
 /***************************************************************************
  * Generate a random ascii VESkey
+ * The character frequency is biased to improve human readability,
+ * the entropy is ~ 203 bit for keylen == 32 (vs 256 bit for a random binary)
+ * Character frequency graph:
+ * https://i.imgur.com/o2oTDLz.png (credits: https://reddit.com/u/skeeto)
  ***************************************************************************/
 #define libVES_veskey_generate(keylen)		libVES_veskey_new(keylen, NULL)
 

src/ves-util.c

@@ -49,6 +49,7 @@
 #include <libVES/Ref.h>
 #include <libVES/Cipher.h>
 #include <libVES/User.h>
+#include <openssl/crypto.h>
 #include "ves-util.h"
 #include "ves-util/put.h"
 #include "ves-util/get.h"
@@ -515,7 +516,7 @@ int main(int argc, char **argv) {
 		char *passwd = get_noecho(msg, &gl, NULL);
 		if (!passwd) break;
 		pvkey = libVES_primary(ctx.ves, pri, passwd);
-		memset(passwd, 0, strlen(passwd));
+		OPENSSL_cleanse(passwd, strlen(passwd));
 		free(passwd);
 		if (pvkey) break;
 		if (--retry <= 0 || !libVES_checkError(ctx.ves, LIBVES_E_DENIED)) break;
@@ -530,7 +531,7 @@ int main(int argc, char **argv) {
 		char *vk = get_noecho(msg, &gl, NULL);
 		if (!vk) break;
 		libVES_veskey *veskey = libVES_veskey_new(strlen(vk), vk);
-		memset(vk, 0, gl);
+		OPENSSL_cleanse(vk, gl);
 		free(vk);
 		unlk = libVES_VaultKey_unlock(pvkey, veskey);
 		libVES_veskey_free(veskey);