Merge branch 'ingela/otp/deprecated-rand_bytes/OTP-13214'

* ingela/otp/deprecated-rand_bytes/OTP-13214: stdlib: Remove use of crypto:rand_bytes/1 compiler: Remove use of crypto:rand_bytes/1 ssh: Remove use of crypto:rand_bytes/1 public_key: Remove use of crypto:rand_bytes/1 ssl: Remove use of crypto:rand_bytes/1 crypto: Deprecate rand_bytes/1
author: Ingela Anderton Andin <[email protected]> 2016-04-25 11:44:07 +0200
committer: Ingela Anderton Andin <[email protected]> 2016-04-25 11:44:07 +0200
commit: 5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf (patch)
tree: 40ed1c7ace8863dcd3662d2390b1e9195fa848cd /lib
parent: 79f3e0ef07eff9d22fb1735d77813142da493bfc (diff)
parent: 09bd54f2d28cb2981028f55dc93279a98021e8d1 (diff)
download: otp-5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf.tar.gz
otp-5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf.tar.bz2
otp-5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf.zip
22 files changed, 53 insertions, 99 deletions
diff --git a/lib/compiler/src/compile.erl b/lib/compiler/src/compile.erl
index daf6521236..149086152a 100644
--- a/lib/compiler/src/compile.erl
+++ b/lib/compiler/src/compile.erl
@@ -1317,7 +1317,7 @@ generate_key(String) when is_list(String) ->
 encrypt({des3_cbc=Type,Key,IVec,BlockSize}, Bin0) ->
     Bin1 = case byte_size(Bin0) rem BlockSize of
 	       0 -> Bin0;
-	       N -> list_to_binary([Bin0,crypto:rand_bytes(BlockSize-N)])
+	       N -> list_to_binary([Bin0,crypto:strong_rand_bytes(BlockSize-N)])
 	   end,
     Bin = crypto:block_encrypt(Type, Key, IVec, Bin1),
     TypeString = atom_to_list(Type),
diff --git a/lib/compiler/test/compile_SUITE.erl b/lib/compiler/test/compile_SUITE.erl
index 72e88370b6..f55ea9a3a6 100644
--- a/lib/compiler/test/compile_SUITE.erl
+++ b/lib/compiler/test/compile_SUITE.erl
@@ -546,7 +546,6 @@ verify_abstract(Target) ->
 has_crypto() ->
     try
 	crypto:start(),
-	<<_,_,_,_,_>> = crypto:rand_bytes(5),
 	crypto:stop(),
 	true
     catch
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 1be22a0b8a..067e220863 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -214,7 +214,6 @@ static ERL_NIF_TERM aes_ctr_stream_init(ErlNifEnv* env, int argc, const ERL_NIF_
 static ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_bytes_1(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM strong_rand_bytes_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM mod_exp_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -285,7 +284,6 @@ static ErlNifFunc nif_funcs[] = {
     {"aes_ctr_stream_decrypt", 2, aes_ctr_stream_encrypt},
     {"rand_bytes", 1, rand_bytes_1},
     {"strong_rand_bytes_nif", 1, strong_rand_bytes_nif},
-    {"rand_bytes", 3, rand_bytes_3},
     {"strong_rand_mpint_nif", 3, strong_rand_mpint_nif},
     {"rand_uniform_nif", 2, rand_uniform_nif},
     {"mod_exp_nif", 4, mod_exp_nif},
@@ -1927,27 +1925,7 @@ static ERL_NIF_TERM strong_rand_bytes_nif(ErlNifEnv* env, int argc, const ERL_NI
     return ret;
 }
 
-static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-{/* (Bytes, TopMask, BottomMask) */    
-    unsigned bytes;
-    unsigned char* data;
-    unsigned top_mask, bot_mask;
-    ERL_NIF_TERM ret;
 
-    if (!enif_get_uint(env, argv[0], &bytes)
-	|| !enif_get_uint(env, argv[1], &top_mask)
-	|| !enif_get_uint(env, argv[2], &bot_mask)) {
-	return enif_make_badarg(env);
-    }
-    data = enif_make_new_binary(env, bytes, &ret);
-    RAND_pseudo_bytes(data, bytes);
-    ERL_VALGRIND_MAKE_MEM_DEFINED(data, bytes);
-    if (bytes > 0) {
-	data[bytes-1] |= top_mask;
-	data[0] |= bot_mask;
-    }
-    return ret;
-}
 static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Bytes, TopMask, BottomMask) */    
     unsigned bits;
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index e0b989436f..5a5627747c 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -308,6 +308,8 @@
       <desc>
 	<p>Generates public keys of type <c>Type</c>.
 	See also <seealso marker="public_key:public_key#generate_key-1">public_key:generate_key/1</seealso>
+	May throw exception <c>low_entropy</c> in case the random generator
+	failed due to lack of secure "randomness".
 	</p>
       </desc>
     </func>
@@ -596,22 +598,6 @@
     </func>
 
     <func>
-      <name>rand_bytes(N) -> binary()</name>
-      <fsummary>Generate a binary of random bytes</fsummary>
-      <type>
-        <v>N = integer()</v>
-      </type>
-      <desc>
-        <p>Generates N bytes randomly uniform 0..255, and returns the
-        result in a binary. Uses the <c>crypto</c> library pseudo-random
-        number generator.</p>
-        <p>This function is not recommended for cryptographic purposes.
-        Please use <seealso marker="#strong_rand_bytes/1">
-        strong_rand_bytes/1</seealso> instead.</p>
-      </desc>
-    </func>
-
-    <func>
       <name>rand_seed(Seed) -> ok</name>
       <fsummary>Set the seed for random bytes generation</fsummary>
       <type>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index a154476560..025d57e9c5 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -28,7 +28,7 @@
 -export([generate_key/2, generate_key/3, compute_key/4]).
 -export([hmac/3, hmac/4, hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]).
 -export([exor/2, strong_rand_bytes/1, mod_pow/3]).
--export([rand_bytes/1, rand_bytes/3, rand_uniform/2]).
+-export([rand_uniform/2]).
 -export([block_encrypt/3, block_decrypt/3, block_encrypt/4, block_decrypt/4]).
 -export([next_iv/2, next_iv/3]).
 -export([stream_init/2, stream_init/3, stream_encrypt/2, stream_decrypt/2]).
@@ -39,6 +39,9 @@
 -export([rand_seed/1]).
 
 %% DEPRECATED
+-export([rand_bytes/1]).
+-deprecated({rand_bytes, 1, next_major_release}).
+
 %% Replaced by hash_*
 -export([md4/1, md4_init/0, md4_update/2, md4_final/1]).
 -export([md5/1, md5_init/0, md5_update/2, md5_final/1]).
@@ -407,8 +410,6 @@ strong_rand_bytes(Bytes) ->
     end.
 strong_rand_bytes_nif(_Bytes) -> ?nif_stub.
 
-rand_bytes(_Bytes, _Topmask, _Bottommask) -> ?nif_stub.
-
 
 rand_uniform(From,To) when is_binary(From), is_binary(To) ->
     case rand_uniform_nif(From,To) of
@@ -546,7 +547,7 @@ generate_key(dh, DHParameters, PrivateKey) ->
 generate_key(srp, {host, [Verifier, Generator, Prime, Version]}, PrivArg)
   when is_binary(Verifier), is_binary(Generator), is_binary(Prime), is_atom(Version) ->
     Private = case PrivArg of
-		  undefined -> random_bytes(32);
+		  undefined -> strong_rand_bytes(32);
 		  _ -> ensure_int_as_bin(PrivArg)
 	      end,
     host_srp_gen_key(Private, Verifier, Generator, Prime, Version);
@@ -554,7 +555,7 @@ generate_key(srp, {host, [Verifier, Generator, Prime, Version]}, PrivArg)
 generate_key(srp, {user, [Generator, Prime, Version]}, PrivateArg)
   when is_binary(Generator), is_binary(Prime), is_atom(Version) ->
     Private = case PrivateArg of
-		  undefined -> random_bytes(32);
+		  undefined -> strong_rand_bytes(32);
 		  _ -> PrivateArg
 	      end,
     user_srp_gen_key(Private, Generator, Prime);
@@ -606,16 +607,6 @@ compute_key(ecdh, Others, My, Curve) ->
 			 nif_curve_params(Curve),
 			 ensure_int_as_bin(My)).
 
-
-random_bytes(N) ->
-    try strong_rand_bytes(N) of
-	RandBytes ->
-	    RandBytes
-    catch
-	error:low_entropy ->
-	    rand_bytes(N)
-    end.
-
 %%--------------------------------------------------------------------
 %%% On load
 %%--------------------------------------------------------------------
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 0d18cd8017..6732f27824 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -269,7 +269,6 @@ rand_uniform() ->
     [{doc, "rand_uniform and random_bytes testing"}].
 rand_uniform(Config) when is_list(Config) ->
     rand_uniform_aux_test(10),
-    10 = byte_size(crypto:rand_bytes(10)),
     10 = byte_size(crypto:strong_rand_bytes(10)).
 
 %%--------------------------------------------------------------------
@@ -649,8 +648,8 @@ ipow(A, B, M, Prod)  ->
 do_exor(B) ->
     Z1 = zero_bin(B),
     Z1 = crypto:exor(B, B),
-    B1 = crypto:rand_bytes(100),
-    B2 = crypto:rand_bytes(100),
+    B1 = crypto:strong_rand_bytes(100),
+    B2 = crypto:strong_rand_bytes(100),
     Z2 = zero_bin(B1),
     Z2 = crypto:exor(B1, B1),
     Z2 = crypto:exor(B2, B2),
diff --git a/lib/crypto/test/old_crypto_SUITE.erl b/lib/crypto/test/old_crypto_SUITE.erl
index f57e9ff341..0d97290d10 100644
--- a/lib/crypto/test/old_crypto_SUITE.erl
+++ b/lib/crypto/test/old_crypto_SUITE.erl
@@ -2068,8 +2068,8 @@ exor_test(Config) when is_list(Config) ->
     B = <<1, 2, 3, 4, 5, 6, 7, 8, 9, 10>>,
     Z1 = zero_bin(B),
     Z1 = crypto:exor(B, B),
-    B1 = crypto:rand_bytes(100),
-    B2 = crypto:rand_bytes(100),
+    B1 = crypto:strong_rand_bytes(100),
+    B2 = crypto:strong_rand_bytes(100),
     Z2 = zero_bin(B1),
     Z2 = crypto:exor(B1, B1),
     Z2 = crypto:exor(B2, B2),
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 6923066da7..04daee460f 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -118,7 +118,7 @@
       <p><c> not_encrypted | cipher_info()}</c></p></item>
       
       <tag><c>cipher_info() = </c></tag>
-      <item><p><c>{"RC2-CBC" | "DES-CBC" | "DES-EDE3-CBC", crypto:rand_bytes(8)</c></p>
+      <item><p><c>{"RC2-CBC" | "DES-CBC" | "DES-EDE3-CBC", crypto:strong_rand_bytes(8)</c></p>
       <p><c>| {#'PBEParameter{}, digest_type()} | #'PBES2-params'{}}</c></p>
       </item>
       
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index be1a4472e9..51050c4480 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -199,7 +199,7 @@ encrypted_pem(Config) when is_list(Config) ->
 
     RSAKey = public_key:der_decode('RSAPrivateKey', DerRSAKey),
 
-    Salt0 = crypto:rand_bytes(8),
+    Salt0 = crypto:strong_rand_bytes(8),
     Entry0 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey,
 					 {{"DES-EDE3-CBC", Salt0}, "1234abcd"}),
     RSAKey = public_key:pem_entry_decode(Entry0,"1234abcd"),
@@ -208,7 +208,7 @@ encrypted_pem(Config) when is_list(Config) ->
     [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] =
 	erl_make_certs:pem_to_der(Des3KeyFile),
 
-    Salt1 = crypto:rand_bytes(8),
+    Salt1 = crypto:strong_rand_bytes(8),
     Entry1 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey,
 					   {{"DES-CBC", Salt1}, "4567efgh"}),
     DesKeyFile = filename:join(Datadir, "des_client_key.pem"),
diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl
index 8ec1017642..6e1d18cc95 100644
--- a/lib/ssh/test/ssh_benchmark_SUITE.erl
+++ b/lib/ssh/test/ssh_benchmark_SUITE.erl
@@ -104,7 +104,7 @@ init_sftp_dirs(Config) ->
     DstDir = filename:join(UserDir, "sftp_dst"),
     ok = file:make_dir(DstDir),
     N = 100 * 1024*1024,
-    ok = file:write_file(filename:join(SrcDir,SrcFile), crypto:rand_bytes(N)),
+    ok = file:write_file(filename:join(SrcDir,SrcFile), crypto:strong_rand_bytes(N)),
     [{sftp_src_dir,SrcDir}, {sftp_dst_dir,DstDir}, {src_file,SrcFile}, {sftp_size,N}
      | Config].
 
diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl
index c4bb02841b..cd6c5f82b9 100644
--- a/lib/ssh/test/ssh_sftp_SUITE.erl
+++ b/lib/ssh/test/ssh_sftp_SUITE.erl
@@ -869,7 +869,7 @@ aes_cbc256_crypto_tar(Config) ->
 		  {"d1",fn("d1",Config)}  % Dir
 		 ]),
     Key = <<"This is a 256 bit key. Boring...">>,
-    Ivec0 = crypto:rand_bytes(16),
+    Ivec0 = crypto:strong_rand_bytes(16),
     DataSize = 1024,  % data_size rem 16 = 0 for aes_cbc
 
     Cinitw = fun() -> {ok, Ivec0, DataSize} end,
@@ -914,7 +914,7 @@ aes_ctr_stream_crypto_tar(Config) ->
 		  {"d1",fn("d1",Config)}  % Dir
 		 ]),
     Key = <<"This is a 256 bit key. Boring...">>,
-    Ivec0 = crypto:rand_bytes(16),
+    Ivec0 = crypto:strong_rand_bytes(16),
 
     Cinitw = Cinitr = fun() -> {ok, crypto:stream_init(aes_ctr,Key,Ivec0)} end,
 
diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl
index abbd4857c9..4db7d09ccd 100644
--- a/lib/ssh/test/ssh_test_lib.erl
+++ b/lib/ssh/test/ssh_test_lib.erl
@@ -100,7 +100,7 @@ std_simple_sftp(Host, Port, Config, Opts) ->
     DataFile = filename:join(UserDir, "test.data"),
     ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, Opts),
     {ok, ChannelRef} = ssh_sftp:start_channel(ConnectionRef),
-    Data = crypto:rand_bytes(proplists:get_value(std_simple_sftp_size,Config,10)),
+    Data = crypto:strong_rand_bytes(proplists:get_value(std_simple_sftp_size,Config,10)),
     ok = ssh_sftp:write_file(ChannelRef, DataFile, Data),
     {ok,ReadData} = file:read_file(DataFile),
     ok = ssh:close(ConnectionRef),
@@ -354,7 +354,7 @@ setup_rsa_pass_pharse(DataDir, UserDir, Phrase) ->
 setup_pass_pharse(KeyBin, OutFile, Phrase) ->
     [{KeyType, _,_} = Entry0] = public_key:pem_decode(KeyBin),
     Key =  public_key:pem_entry_decode(Entry0),
-    Salt = crypto:rand_bytes(8),
+    Salt = crypto:strong_rand_bytes(8),
     Entry = public_key:pem_entry_encode(KeyType, Key,
 					{{"DES-CBC", Salt}, Phrase}),
     Pem = public_key:pem_encode([Entry]),
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 4bcd6ddb0e..61afdce93c 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -42,7 +42,7 @@
      renegotiate/1, prf/5, negotiated_protocol/1, negotiated_next_protocol/1,
 	 connection_information/1, connection_information/2]).
 %% Misc
--export([random_bytes/1, handle_options/2]).
+-export([handle_options/2]).
 
 -deprecated({negotiated_next_protocol, 1, next_major_release}).
 -deprecated({connection_info, 1, next_major_release}).
@@ -581,22 +581,6 @@ format_error(Error) ->
             Other
     end.
 
-%%--------------------------------------------------------------------
--spec random_bytes(integer()) -> binary().
-
-%%
-%% Description: Generates cryptographically secure random sequence if possible
-%% fallbacks on pseudo random function
-%%--------------------------------------------------------------------
-random_bytes(N) ->
-    try crypto:strong_rand_bytes(N) of
-	RandBytes ->
-	    RandBytes
-    catch
-	error:low_entropy ->
-	    crypto:rand_bytes(N)
-    end.
-
 %%%--------------------------------------------------------------
 %%% Internal functions
 %%%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index e66f253a70..f58533b764 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1,4 +1,4 @@
-%%
+%
 %% %CopyrightBegin%
 %%
 %% Copyright Ericsson AB 2007-2016. All Rights Reserved.
@@ -39,7 +39,8 @@
 	 suite/1, suites/1, all_suites/1, 
 	 ec_keyed_suites/0, anonymous_suites/1, psk_suites/1, srp_suites/0,
 	 rc4_suites/1, des_suites/1, openssl_suite/1, openssl_suite_name/1, filter/2, filter_suites/1,
-	 hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2, is_fallback/1]).
+	 hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2, is_fallback/1,
+	 random_bytes/1]).
 
 -export_type([cipher_suite/0,
 	      erl_cipher_suite/0, openssl_cipher_suite/0,
@@ -49,7 +50,8 @@
 			   | aes_128_cbc |  aes_256_cbc | aes_128_gcm | aes_256_gcm | chacha20_poly1305.
 -type hash()              :: null | sha | md5 | sha224 | sha256 | sha384 | sha512.
 -type sign_algo()         :: rsa | dsa | ecdsa.
--type key_algo()          :: null | rsa | dhe_rsa | dhe_dss | ecdhe_ecdsa| ecdh_ecdsa | ecdh_rsa| srp_rsa| srp_dss | psk | dhe_psk | rsa_psk | dh_anon | ecdh_anon | srp_anon.
+-type key_algo()          :: null | rsa | dhe_rsa | dhe_dss | ecdhe_ecdsa| ecdh_ecdsa | ecdh_rsa| srp_rsa| srp_dss | 
+			     psk | dhe_psk | rsa_psk | dh_anon | ecdh_anon | srp_anon.
 -type erl_cipher_suite()  :: {key_algo(), cipher(), hash()} % Pre TLS 1.2 
 			     %% TLS 1.2, internally PRE TLS 1.2 will use default_prf
 			   | {key_algo(), cipher(), hash(), hash() | default_prf}. 
@@ -102,7 +104,7 @@ cipher_init(?RC4, IV, Key) ->
     State = crypto:stream_init(rc4, Key),
     #cipher_state{iv = IV, key = Key, state = State};
 cipher_init(?AES_GCM, IV, Key) ->
-    <<Nonce:64>> = ssl:random_bytes(8),
+    <<Nonce:64>> = random_bytes(8),
     #cipher_state{iv = IV, key = Key, nonce = Nonce};
 cipher_init(_BCA, IV, Key) ->
     #cipher_state{iv = IV, key = Key}.
@@ -1472,6 +1474,16 @@ is_acceptable_prf(Prf, Algos) ->
 is_fallback(CipherSuites)->
     lists:member(?TLS_FALLBACK_SCSV, CipherSuites).
 
+
+%%--------------------------------------------------------------------
+-spec random_bytes(integer()) -> binary().
+
+%%
+%% Description: Generates cryptographically secure random sequence 
+%%--------------------------------------------------------------------
+random_bytes(N) ->
+    crypto:strong_rand_bytes(N).
+
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -1712,7 +1724,7 @@ get_padding_aux(BlockSize, PadLength) ->
 
 random_iv(IV) ->
     IVSz = byte_size(IV),
-    ssl:random_bytes(IVSz).
+    random_bytes(IVSz).
 
 next_iv(Bin, IV) ->
     BinSz = byte_size(Bin),
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 1568e8559f..0073e86e26 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -502,7 +502,7 @@ certify(#server_hello_done{},
 	       role = client,
 	       key_algorithm = Alg} = State0, Connection)
   when Alg == rsa_psk ->
-    Rand = ssl:random_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
+    Rand = ssl_cipher:random_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
     RSAPremasterSecret = <<?BYTE(Major), ?BYTE(Minor), Rand/binary>>,
     case ssl_handshake:premaster_secret({Alg, PSKIdentity}, PSKLookup, RSAPremasterSecret) of
 	#alert{} = Alert ->
@@ -1885,7 +1885,7 @@ handle_resumed_session(SessId, #state{connection_states = ConnectionStates0,
     end.
 
 make_premaster_secret({MajVer, MinVer}, rsa) ->
-    Rand = ssl:random_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
+    Rand = ssl_cipher:random_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
     <<?BYTE(MajVer), ?BYTE(MinVer), Rand/binary>>;
 make_premaster_secret(_, _) ->
     undefined.
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index e273581de9..2349158b11 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -551,7 +551,7 @@ last_delay_timer({_,_}, TRef, {_, LastClient}) ->
 new_id(_, 0, _, _) ->
     <<>>;
 new_id(Port, Tries, Cache, CacheCb) ->
-    Id = crypto:rand_bytes(?NUM_OF_SESSION_ID_BYTES),
+    Id = ssl_cipher:random_bytes(?NUM_OF_SESSION_ID_BYTES),
     case CacheCb:lookup(Cache, {Port, Id}) of
 	undefined ->
 	    Now = erlang:monotonic_time(),
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index ecff950668..866bfcef7e 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -460,7 +460,7 @@ empty_security_params(ConnectionEnd = ?SERVER) ->
 random() ->
     Secs_since_1970 = calendar:datetime_to_gregorian_seconds(
 			calendar:universal_time()) - 62167219200,
-    Random_28_bytes = crypto:rand_bytes(28),
+    Random_28_bytes = ssl_cipher:random_bytes(28),
     <<?UINT32(Secs_since_1970), Random_28_bytes/binary>>.
 
 dtls_next_epoch(#connection_state{epoch = undefined}) -> %% SSL/TLS
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 50313e6a22..829ab126ec 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1555,7 +1555,7 @@ tcp_connect_big(Config) when is_list(Config) ->
     {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     TcpOpts = [binary, {reuseaddr, true}],
 
-    Rand = crypto:rand_bytes(?MAX_CIPHER_TEXT_LENGTH+1),
+    Rand = crypto:strong_rand_bytes(?MAX_CIPHER_TEXT_LENGTH+1),
     Server = ssl_test_lib:start_upgrade_server_error([{node, ServerNode}, {port, 0},
 						      {from, self()},
 						      {timeout, 5000},
diff --git a/lib/ssl/test/ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
index bd0ddde090..e7cbfa63f4 100644
--- a/lib/ssl/test/ssl_dist_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -194,7 +194,7 @@ payload(Config) when is_list(Config) ->
 	     ok = apply_on_ssl_node(
 		    NH2,
 		    fun () ->
-			    Msg = crypto:rand_bytes(100000),
+			    Msg = crypto:strong_rand_bytes(100000),
 			    SslPid ! {self(), Msg},
 			    receive
 				{SslPid, Msg} ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 2cd23eb3b8..7e6562fb37 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -349,7 +349,7 @@ wait_for_result(Pid, Msg) ->
 user_lookup(psk, _Identity, UserState) ->
     {ok, UserState};
 user_lookup(srp, Username, _UserState) ->
-    Salt = ssl:random_bytes(16),
+    Salt = ssl_cipher:random_bytes(16),
     UserPassHash = crypto:hash(sha, [Salt, crypto:hash(sha, [Username, <<$:>>, <<"secret">>])]),
     {ok, {srp_1024, Salt, UserPassHash}}.
 
diff --git a/lib/stdlib/src/otp_internal.erl b/lib/stdlib/src/otp_internal.erl
index 052dffdbfd..7a59523f06 100644
--- a/lib/stdlib/src/otp_internal.erl
+++ b/lib/stdlib/src/otp_internal.erl
@@ -58,7 +58,12 @@ obsolete_1(erlang, now, 0) ->
 obsolete_1(calendar, local_time_to_universal_time, 1) ->
     {deprecated, {calendar, local_time_to_universal_time_dst, 1}};
 
-%% *** CRYPTO add in R16B01 ***
+%% *** CRYPTO added in OTP 19 ***
+
+obsolete_1(crypto, rand_bytes, 1) ->
+    {deprecated, {crypto, strong_rand_bytes, 1}};
+
+%% *** CRYPTO added in R16B01 ***
 
 obsolete_1(crypto, md4, 1) ->
     {deprecated, {crypto, hash, 2}};
diff --git a/lib/stdlib/test/rand_SUITE.erl b/lib/stdlib/test/rand_SUITE.erl
index 3fd5ed4ccf..1bcdc3ccd0 100644
--- a/lib/stdlib/test/rand_SUITE.erl
+++ b/lib/stdlib/test/rand_SUITE.erl
@@ -377,7 +377,7 @@ crypto_seed() ->
 crypto_next(<<Num:64, Bin/binary>>) ->
     {Num, Bin};
 crypto_next(_) ->
-    crypto_next(crypto:rand_bytes((64 div 8)*100)).
+    crypto_next(crypto:strong_rand_bytes((64 div 8)*100)).
 
 crypto_uniform({Api, Data0}) ->
     {Int, Data} = crypto_next(Data0),
author	Ingela Anderton Andin <[email protected]>	2016-04-25 11:44:07 +0200
committer	Ingela Anderton Andin <[email protected]>	2016-04-25 11:44:07 +0200
commit	5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf (patch)
tree	40ed1c7ace8863dcd3662d2390b1e9195fa848cd /lib
parent	79f3e0ef07eff9d22fb1735d77813142da493bfc (diff)
parent	09bd54f2d28cb2981028f55dc93279a98021e8d1 (diff)
download	otp-5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf.tar.gz otp-5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf.tar.bz2 otp-5f67ca5b3d0c13dfbe936fcfa08621eef00d53cf.zip