Permalink
Switch branches/tags
pre_openssl_0_9_8h openssl_1_0_1_g openssl_1_0_1g openssl_1_0_1_c openssl_1_0_0_f openssl_1_0_0_e openssl_0_9_8_k openssl_0_9_8_j openssl_0_9_8_h openssl_0_9_7j openssh_1_0_0_a libressl-v2.6.3 libressl-v2.6.2 libressl-v2.6.1 libressl-v2.6.0 libressl-v2.5.5 libressl-v2.5.4 libressl-v2.5.3 libressl-v2.5.2 libressl-v2.5.1 libressl-v2.5.0 libressl-v2.4.5 libressl-v2.4.4 libressl-v2.4.3 libressl-v2.4.2 libressl-v2.4.1 libressl-v2.4.0 libressl-v2.3.10 libressl-v2.3.9 libressl-v2.3.8 libressl-v2.3.7 libressl-v2.3.6 libressl-v2.3.5 libressl-v2.3.4 libressl-v2.3.3 libressl-v2.3.2 libressl-v2.3.1 libressl-v2.3.0 libressl-v2.2.9 libressl-v2.2.8 libressl-v2.2.7 libressl-v2.2.6 libressl-v2.2.5 libressl-v2.2.4 libressl-v2.2.3 libressl-v2.2.2 libressl-v2.2.1 libressl-v2.2.0 libressl-v2.1.10 libressl-v2.1.9 libressl-v2.1.8 libressl-v2.1.7 libressl-v2.1.6 libressl-v2.1.5 libressl-v2.1.4 libressl-v2.1.3 libressl-v2.1.2 libressl-v2.0.6 eric_g2k12 butholakala SSLeay_0_9_0b OPENSSL_0_9_7_STABLE_SNAP_20020911 OPENSSL_0_9_7G OPENSSL_0_9_7D OPENSSL_0_9_7C OPENSSL_0_9_7_BETA3 OPENSSL_0_9_7_BETA1 OPENSSL_0_9_7B OPENBSD_6_2_BASE OPENBSD_6_1_BASE OPENBSD_6_0_BASE OPENBSD_5_9_BASE OPENBSD_5_8_BASE OPENBSD_5_7_BASE OPENBSD_5_6_BASE OPENBSD_5_5_BASE OPENBSD_5_4_BASE OPENBSD_5_3_BASE OPENBSD_5_2_BASE OPENBSD_5_1_BASE OPENBSD_5_0_BASE OPENBSD_4_9_BASE OPENBSD_4_8_BASE OPENBSD_4_7_BASE OPENBSD_4_6_BASE OPENBSD_4_5_BASE OPENBSD_4_4_BASE OPENBSD_4_3_BASE OPENBSD_4_2_BASE OPENBSD_4_1_BASE OPENBSD_4_0_BASE OPENBSD_3_9_BASE OPENBSD_3_8_BASE OPENBSD_3_7_BASE OPENBSD_3_6_BASE OPENBSD_3_5_BASE OPENBSD_3_4_BASE OPENBSD_3_3_BASE OPENBSD_3_2_BASE OPENBSD_3_1_BASE
Nothing to show
Find file
Cannot retrieve latest commit at this time.
199 lines (169 sloc) 4.59 KB
/* $OpenBSD: arc4random.c,v 1.54 2015/09/13 08:31:47 guenther Exp $ */
/*
* Copyright (c) 1996, David Mazieres <dm@uun.org>
* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
* Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
* Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* ChaCha based random number generator for OpenBSD.
*/
#include <fcntl.h>
#include <limits.h>
#include <signal.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/time.h>
#define KEYSTREAM_ONLY
#include "chacha_private.h"
#define minimum(a, b) ((a) < (b) ? (a) : (b))
#if defined(__GNUC__) || defined(_MSC_VER)
#define inline __inline
#else /* __GNUC__ || _MSC_VER */
#define inline
#endif /* !__GNUC__ && !_MSC_VER */
#define KEYSZ 32
#define IVSZ 8
#define BLOCKSZ 64
#define RSBUFSZ (16*BLOCKSZ)
/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
static struct _rs {
size_t rs_have; /* valid bytes at end of rs_buf */
size_t rs_count; /* bytes till reseed */
} *rs;
/* Maybe be preserved in fork children, if _rs_allocate() decides. */
static struct _rsx {
chacha_ctx rs_chacha; /* chacha context for random keystream */
u_char rs_buf[RSBUFSZ]; /* keystream blocks */
} *rsx;
static inline int _rs_allocate(struct _rs **, struct _rsx **);
static inline void _rs_forkdetect(void);
#include "arc4random.h"
static inline void _rs_rekey(u_char *dat, size_t datlen);
static inline void
_rs_init(u_char *buf, size_t n)
{
if (n < KEYSZ + IVSZ)
return;
if (rs == NULL) {
if (_rs_allocate(&rs, &rsx) == -1)
abort();
}
chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ);
}
static void
_rs_stir(void)
{
u_char rnd[KEYSZ + IVSZ];
if (getentropy(rnd, sizeof rnd) == -1)
_getentropy_fail();
if (!rs)
_rs_init(rnd, sizeof(rnd));
else
_rs_rekey(rnd, sizeof(rnd));
explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
/* invalidate rs_buf */
rs->rs_have = 0;
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
rs->rs_count = 1600000;
}
static inline void
_rs_stir_if_needed(size_t len)
{
_rs_forkdetect();
if (!rs || rs->rs_count <= len)
_rs_stir();
if (rs->rs_count <= len)
rs->rs_count = 0;
else
rs->rs_count -= len;
}
static inline void
_rs_rekey(u_char *dat, size_t datlen)
{
#ifndef KEYSTREAM_ONLY
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
#endif
/* fill rs_buf with the keystream */
chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf,
rsx->rs_buf, sizeof(rsx->rs_buf));
/* mix in optional user provided data */
if (dat) {
size_t i, m;
m = minimum(datlen, KEYSZ + IVSZ);
for (i = 0; i < m; i++)
rsx->rs_buf[i] ^= dat[i];
}
/* immediately reinit for backtracking resistance */
_rs_init(rsx->rs_buf, KEYSZ + IVSZ);
memset(rsx->rs_buf, 0, KEYSZ + IVSZ);
rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ;
}
static inline void
_rs_random_buf(void *_buf, size_t n)
{
u_char *buf = (u_char *)_buf;
u_char *keystream;
size_t m;
_rs_stir_if_needed(n);
while (n > 0) {
if (rs->rs_have > 0) {
m = minimum(n, rs->rs_have);
keystream = rsx->rs_buf + sizeof(rsx->rs_buf)
- rs->rs_have;
memcpy(buf, keystream, m);
memset(keystream, 0, m);
buf += m;
n -= m;
rs->rs_have -= m;
}
if (rs->rs_have == 0)
_rs_rekey(NULL, 0);
}
}
static inline void
_rs_random_u32(uint32_t *val)
{
u_char *keystream;
_rs_stir_if_needed(sizeof(*val));
if (rs->rs_have < sizeof(*val))
_rs_rekey(NULL, 0);
keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have;
memcpy(val, keystream, sizeof(*val));
memset(keystream, 0, sizeof(*val));
rs->rs_have -= sizeof(*val);
}
uint32_t
arc4random(void)
{
uint32_t val;
_ARC4_LOCK();
_rs_random_u32(&val);
_ARC4_UNLOCK();
return val;
}
DEF_WEAK(arc4random);
void
arc4random_buf(void *buf, size_t n)
{
_ARC4_LOCK();
_rs_random_buf(buf, n);
_ARC4_UNLOCK();
}
DEF_WEAK(arc4random_buf);