From 8c62e0aad10ef82e8bc0fd6a6c2663ac98d24045 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sat, 15 Jul 2017 16:44:46 +0200 Subject: [PATCH] Support arc4random for pre-10.7/Lion macOS --- expat/Changes | 3 +++ expat/configure.ac | 19 +++++++++++++++++++ expat/lib/xmlparse.c | 34 +++++++++++++++++++++++++++++++--- 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/expat/Changes b/expat/Changes index d91712b4..6991761f 100644 --- a/expat/Changes +++ b/expat/Changes @@ -3,6 +3,9 @@ NOTE: We are looking for help with a few things: If you can help, please get in touch. Thanks! Release 2.2.? ???????????????? + Security fixes: + #81 Pre-10.7/Lion macOS: Support entropy from arc4random + Other changes: #23 Test suite: Fix memory leaks Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__) diff --git a/expat/configure.ac b/expat/configure.ac index 7d1fd037..5e4c9255 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -126,6 +126,25 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) + + AC_MSG_CHECKING([for arc4random (BSD, macOS or libbsd)]) + AC_LINK_IFELSE([AC_LANG_SOURCE([ + #if defined(HAVE_LIBBSD) + # include + #else + # include + #endif + int main() { + arc4random(); + return 0; + } + ])], [ + AC_DEFINE([HAVE_ARC4RANDOM], [1], + [Define to 1 if you have the `arc4random' function.]) + AC_MSG_RESULT([yes]) + ], [ + AC_MSG_RESULT([no]) + ]) ]) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 7e916d4b..d55eefeb 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -45,13 +45,15 @@ # endif #endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ -#if defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_LIBBSD) +#if defined(HAVE_LIBBSD) \ + && (defined(HAVE_ARC4RANDOM_BUF) || defined(HAVE_ARC4RANDOM)) # include #endif #if !defined(HAVE_GETRANDOM) && !defined(HAVE_SYSCALL_GETRANDOM) \ - && !defined(HAVE_ARC4RANDOM_BUF) && !defined(_WIN32) \ + && !defined(HAVE_ARC4RANDOM_BUF) && !defined(HAVE_ARC4RANDOM) \ + && !defined(_WIN32) \ && !defined(XML_POOR_ENTROPY) # error \ You do not have support for any sources of high quality entropy \ @@ -60,8 +62,10 @@ Your options include: \ * Linux + glibc >=2.25 (getrandom): HAVE_GETRANDOM, \ * Linux + glibc <2.25 (syscall SYS_getrandom): HAVE_SYSCALL_GETRANDOM, \ - * BSD / macOS (arc4random_buf): HAVE_ARC4RANDOM_BUF, \ + * BSD / macOS >=10.7 (arc4random_buf): HAVE_ARC4RANDOM_BUF, \ + * BSD / macOS <10.7 (arc4random): HAVE_ARC4RANDOM, \ * libbsd (arc4random_buf): HAVE_ARC4RANDOM_BUF + HAVE_LIBBSD, \ + * libbsd (arc4random): HAVE_ARC4RANDOM + HAVE_LIBBSD, \ * Windows (RtlGenRandom): _WIN32. \ \ If insist on not using any of these, bypass this error by defining \ @@ -773,6 +777,27 @@ writeRandomBytes_getrandom(void * target, size_t count) { #endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ +#if defined(HAVE_ARC4RANDOM) + +static void +writeRandomBytes_arc4random(void * target, size_t count) { + size_t bytesWrittenTotal = 0; + + while (bytesWrittenTotal < count) { + const uint32_t random32 = arc4random(); + size_t i = 0; + + for (; (i < sizeof(random32)) && (bytesWrittenTotal < count); + i++, bytesWrittenTotal++) { + const uint8_t random8 = (uint8_t)(random32 >> (i * 8)); + ((uint8_t *)target)[bytesWrittenTotal] = random8; + } + } +} + +#endif /* defined(HAVE_ARC4RANDOM) */ + + #ifdef _WIN32 typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG); @@ -850,6 +875,9 @@ generate_hash_secret_salt(XML_Parser parser) (void)gather_time_entropy; arc4random_buf(&entropy, sizeof(entropy)); return ENTROPY_DEBUG("arc4random_buf", entropy); +#elif defined(HAVE_ARC4RANDOM) + writeRandomBytes_arc4random((void *)&entropy, sizeof(entropy)); + return ENTROPY_DEBUG("arc4random", entropy); #else /* Try high quality providers first .. */ #ifdef _WIN32