summaryrefslogtreecommitdiff
path: root/code/ecp
diff options
context:
space:
mode:
authorUros Majstorovic <majstor@majstor.org>2018-01-22 15:23:20 +0100
committerUros Majstorovic <majstor@majstor.org>2018-01-22 15:23:20 +0100
commit87c71978e556d532a5b91a653514a92acec9a1b7 (patch)
treeb7533e088f1adf07ec46a32e9cf33251a147bbe2 /code/ecp
parentb9d0e6e824f222e7f6647806b6afb3c2f4727ab5 (diff)
arc4random added
Diffstat (limited to 'code/ecp')
-rw-r--r--code/ecp/crypto/Makefile4
-rwxr-xr-xcode/ecp/crypto/arc4random/Makefile14
-rwxr-xr-xcode/ecp/crypto/arc4random/arc4random.c259
-rwxr-xr-xcode/ecp/crypto/arc4random/arc4random.h78
-rwxr-xr-x[-rw-r--r--]code/ecp/crypto/arc4random/chacha_private.h (renamed from code/ecp/crypto/compat/chacha_private.h)61
-rw-r--r--code/ecp/crypto/compat/Makefile3
-rw-r--r--code/ecp/crypto/compat/arc4random.c198
-rw-r--r--code/ecp/crypto/compat/arc4random.h35
-rw-r--r--code/ecp/crypto/compat/arc4random_aix.h81
-rw-r--r--code/ecp/crypto/compat/arc4random_freebsd.h87
-rw-r--r--code/ecp/crypto/compat/arc4random_hpux.h81
-rw-r--r--code/ecp/crypto/compat/arc4random_linux.h88
-rw-r--r--code/ecp/crypto/compat/arc4random_netbsd.h87
-rw-r--r--code/ecp/crypto/compat/arc4random_osx.h81
-rw-r--r--code/ecp/crypto/compat/arc4random_solaris.h81
-rw-r--r--code/ecp/crypto/compat/arc4random_uniform.c56
-rw-r--r--code/ecp/crypto/compat/arc4random_win.h78
-rw-r--r--code/ecp/crypto/compat/getentropy_aix.c426
-rw-r--r--code/ecp/crypto/compat/getentropy_freebsd.c62
-rw-r--r--code/ecp/crypto/compat/getentropy_hpux.c421
-rw-r--r--code/ecp/crypto/compat/getentropy_linux.c549
-rw-r--r--code/ecp/crypto/compat/getentropy_netbsd.c64
-rw-r--r--code/ecp/crypto/compat/getentropy_osx.c442
-rw-r--r--code/ecp/crypto/compat/getentropy_solaris.c447
-rw-r--r--code/ecp/crypto/compat/getentropy_win.c59
25 files changed, 385 insertions, 3457 deletions
diff --git a/code/ecp/crypto/Makefile b/code/ecp/crypto/Makefile
index 797cb16..36ecbfc 100644
--- a/code/ecp/crypto/Makefile
+++ b/code/ecp/crypto/Makefile
@@ -4,8 +4,8 @@ CFLAGS=$(CFLAGS_PL) $(PIC) -Iinclude -I.. -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN
obj = e_chacha20poly1305.o crypto.o
obj_dep = compat/explicit_bzero.o compat/timingsafe_memcmp.o compat/timingsafe_bcmp.o \
chacha/chacha.o poly1305/poly1305.o curve25519/curve25519.o curve25519/curve25519-generic.o \
- sha/sha256.o sha/sha512.o
-subdirs = compat curve25519 chacha poly1305 sha
+ sha/sha256.o sha/sha512.o arc4random/arc4random.o
+subdirs = compat curve25519 chacha poly1305 sha arc4random
%.o: %.c
diff --git a/code/ecp/crypto/arc4random/Makefile b/code/ecp/crypto/arc4random/Makefile
new file mode 100755
index 0000000..3d74290
--- /dev/null
+++ b/code/ecp/crypto/arc4random/Makefile
@@ -0,0 +1,14 @@
+include ../../Makefile.platform
+CFLAGS=$(CFLAGS_PL) $(PIC)
+
+obj = arc4random.o
+
+
+all: $(obj)
+dep: all
+
+%.o: %.c
+ $(CC) $(CFLAGS) -c $<
+
+clean:
+ rm -f *.o *.a
diff --git a/code/ecp/crypto/arc4random/arc4random.c b/code/ecp/crypto/arc4random/arc4random.c
new file mode 100755
index 0000000..e891dd6
--- /dev/null
+++ b/code/ecp/crypto/arc4random/arc4random.c
@@ -0,0 +1,259 @@
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2015, Sudhi Herle <sudhi@herle.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+/*
+ * ChaCha based random number generator from OpenBSD.
+ *
+ * Made fully portable and thread-safe by Sudhi Herle.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <assert.h>
+
+#define ARC4R_KEYSZ 32
+#define ARC4R_IVSZ 8
+#define ARC4R_BLOCKSZ 64
+#define ARC4R_RSBUFSZ (16*ARC4R_BLOCKSZ)
+
+typedef struct
+{
+ uint32_t input[16]; /* could be compressed */
+} chacha_ctx;
+
+struct rand_state
+{
+ size_t rs_have; /* valid bytes at end of rs_buf */
+ size_t rs_count; /* bytes till reseed */
+ chacha_ctx rs_chacha; /* chacha context for random keystream */
+ u_char rs_buf[ARC4R_RSBUFSZ]; /* keystream blocks */
+};
+typedef struct rand_state rand_state;
+
+
+/* kernel entropy */
+static int (*getentropy) (void* buf, size_t n);
+
+
+#define KEYSTREAM_ONLY
+#include "chacha_private.h"
+
+#define minimum(a, b) ((a) < (b) ? (a) : (b))
+
+#include "arc4random.h"
+
+
+static inline void
+_rs_init(rand_state* st, u8 *buf, size_t n)
+{
+ assert(n >= (ARC4R_KEYSZ + ARC4R_IVSZ));
+
+ chacha_keysetup(&st->rs_chacha, buf, ARC4R_KEYSZ * 8, 0);
+ chacha_ivsetup(&st->rs_chacha, buf + ARC4R_KEYSZ);
+}
+
+
+
+static inline void
+_rs_rekey(rand_state* st, u8 *dat, size_t datlen)
+{
+ /* fill rs_buf with the keystream */
+ chacha_encrypt_bytes(&st->rs_chacha, st->rs_buf, st->rs_buf, sizeof st->rs_buf);
+
+ /* mix in optional user provided data */
+ if (dat) {
+ size_t i, m;
+
+ m = minimum(datlen, ARC4R_KEYSZ + ARC4R_IVSZ);
+ for (i = 0; i < m; i++)
+ st->rs_buf[i] ^= dat[i];
+
+ memset(dat, 0, datlen);
+ }
+
+ /* immediately reinit for backtracking resistance */
+ _rs_init(st, st->rs_buf, ARC4R_KEYSZ + ARC4R_IVSZ);
+ memset(st->rs_buf, 0, ARC4R_KEYSZ + ARC4R_IVSZ);
+ st->rs_have = (sizeof st->rs_buf) - ARC4R_KEYSZ - ARC4R_IVSZ;
+}
+
+
+static void
+_rs_stir(rand_state* st)
+{
+ u8 rnd[ARC4R_KEYSZ + ARC4R_IVSZ];
+
+
+ int r = getentropy(rnd, sizeof rnd);
+ assert(r == 0);
+
+ _rs_rekey(st, rnd, sizeof(rnd));
+
+ /* invalidate rs_buf */
+ st->rs_have = 0;
+ memset(st->rs_buf, 0, sizeof st->rs_buf);
+
+ st->rs_count = 1600000;
+}
+
+
+static inline void
+_rs_stir_if_needed(rand_state* st, size_t len)
+{
+ if (st->rs_count <= len)
+ _rs_stir(st);
+
+ st->rs_count -= len;
+}
+
+
+static inline void
+_rs_random_buf(rand_state* rs, void *_buf, size_t n)
+{
+ u8 *buf = (u8 *)_buf;
+ u8 *keystream;
+ size_t m;
+
+ _rs_stir_if_needed(rs, n);
+ while (n > 0) {
+ if (rs->rs_have > 0) {
+ m = minimum(n, rs->rs_have);
+ keystream = rs->rs_buf + sizeof(rs->rs_buf) - rs->rs_have;
+ memcpy(buf, keystream, m);
+ memset(keystream, 0, m);
+ buf += m;
+ n -= m;
+ rs->rs_have -= m;
+ } else
+ _rs_rekey(rs, NULL, 0);
+ }
+}
+
+static inline uint32_t
+_rs_random_u32(rand_state* rs)
+{
+ u8 *keystream;
+ uint32_t val;
+
+ _rs_stir_if_needed(rs, sizeof(val));
+ if (rs->rs_have < sizeof(val))
+ _rs_rekey(rs, NULL, 0);
+ keystream = rs->rs_buf + sizeof(rs->rs_buf) - rs->rs_have;
+ memcpy(&val, keystream, sizeof(val));
+ memset(keystream, 0, sizeof(val));
+ rs->rs_have -= sizeof(val);
+
+ return val;
+}
+
+
+/*
+ * Use gcc extension to declare a thread-local variable.
+ *
+ * On most systems (including x86_64), thread-local access is
+ * essentially free for non .so use cases.
+ *
+ */
+static rand_state st = { .rs_count = 0 };
+static inline rand_state*
+sget()
+{
+ rand_state* s = &st;
+
+ if (s->rs_count == 0)
+ _rs_stir(s);
+ return s;
+}
+
+
+
+/*
+ * Public API.
+ */
+
+
+void
+arc4random_init(int (*f) (void*, size_t))
+{
+ getentropy = f;
+}
+
+
+uint32_t
+arc4random()
+{
+ rand_state* z = sget();
+
+ return _rs_random_u32(z);
+}
+
+
+void
+arc4random_buf(void* b, size_t n)
+{
+ rand_state* z = sget();
+
+ _rs_random_buf(z, b, n);
+}
+
+
+
+
+/*
+ * Calculate a uniformly distributed random number less than upper_bound
+ * avoiding "modulo bias".
+ *
+ * Uniformity is achieved by generating new random numbers until the one
+ * returned is outside the range [0, 2**32 % upper_bound). This
+ * guarantees the selected random number will be inside
+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+ * after reduction modulo upper_bound.
+ */
+uint32_t
+arc4random_uniform(uint32_t upper_bound)
+{
+ rand_state* z = sget();
+ uint32_t r, min;
+
+ if (upper_bound < 2)
+ return 0;
+
+ /* 2**32 % x == (2**32 - x) % x */
+ min = -upper_bound % upper_bound;
+
+ /*
+ * This could theoretically loop forever but each retry has
+ * p > 0.5 (worst case, usually far better) of selecting a
+ * number inside the range we need, so it should rarely need
+ * to re-roll.
+ */
+ for (;;) {
+ r = _rs_random_u32(z);
+ if (r >= min)
+ break;
+ }
+
+ return r % upper_bound;
+}
+
+/* EOF */
diff --git a/code/ecp/crypto/arc4random/arc4random.h b/code/ecp/crypto/arc4random/arc4random.h
new file mode 100755
index 0000000..e281a89
--- /dev/null
+++ b/code/ecp/crypto/arc4random/arc4random.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2015, Sudhi Herle <sudhi@herle.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef ___ARC4RANDOM_H_5000666_1462841354__
+#define ___ARC4RANDOM_H_5000666_1462841354__ 1
+
+ /* Provide C linkage for symbols declared here .. */
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <stdint.h>
+#include <sys/types.h>
+
+/*
+ * On OpenBSD - we should NOT use the same symbol names. OpenBSD
+ * libc defines these, and the rest of libc uses this - from dynamic
+ * loading, to malloc() to printf() etc.
+ *
+ * For some fun, don't redefine the names - and see what happens :-)
+ */
+#ifdef __OpenBSD__
+
+#define arc4random mt_arc4random
+#define arc4random_uniform mt_arc4random_uniform
+#define arc4random_buf mt_arc4random_buf
+
+#endif /* __OpenBSD__ */
+
+
+/*
+ * Initialize generator with getentropy
+ */
+extern void arc4random_init(int (*) (void*, size_t));
+
+
+/*
+ * Generate and return a random 32-bit number
+ */
+extern uint32_t arc4random(void);
+
+
+/*
+ * Generate and return a uniformly random 32-bit quantity with an
+ * upper bound of 'upper_bound'
+ */
+extern uint32_t arc4random_uniform(uint32_t upper_bound);
+
+
+/*
+ * Generate 'n' random bytes and put them in 'buf'.
+ */
+extern void arc4random_buf(void* buf, size_t n);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* ! ___ARC4RANDOM_H_5000666_1462841354__ */
+
+/* EOF */
diff --git a/code/ecp/crypto/compat/chacha_private.h b/code/ecp/crypto/arc4random/chacha_private.h
index 7c3680f..05ce200 100644..100755
--- a/code/ecp/crypto/compat/chacha_private.h
+++ b/code/ecp/crypto/arc4random/chacha_private.h
@@ -1,18 +1,17 @@
/*
-chacha-merged.c version 20080118
-D. J. Bernstein
-Public domain.
-*/
+ * chacha-merged.c version 20080118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+/* $OpenBSD$ */
+
+#include <stdint.h>
-/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
typedef unsigned char u8;
-typedef unsigned int u32;
+typedef uint32_t u32;
-typedef struct
-{
- u32 input[16]; /* could be compressed */
-} chacha_ctx;
#define U8C(v) (v##U)
#define U32C(v) (v##U)
@@ -54,26 +53,28 @@ static const char tau[16] = "expand 16-byte k";
static void
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
{
- const char *constants;
-
- x->input[4] = U8TO32_LITTLE(k + 0);
- x->input[5] = U8TO32_LITTLE(k + 4);
- x->input[6] = U8TO32_LITTLE(k + 8);
- x->input[7] = U8TO32_LITTLE(k + 12);
- if (kbits == 256) { /* recommended */
- k += 16;
- constants = sigma;
- } else { /* kbits == 128 */
- constants = tau;
- }
- x->input[8] = U8TO32_LITTLE(k + 0);
- x->input[9] = U8TO32_LITTLE(k + 4);
- x->input[10] = U8TO32_LITTLE(k + 8);
- x->input[11] = U8TO32_LITTLE(k + 12);
- x->input[0] = U8TO32_LITTLE(constants + 0);
- x->input[1] = U8TO32_LITTLE(constants + 4);
- x->input[2] = U8TO32_LITTLE(constants + 8);
- x->input[3] = U8TO32_LITTLE(constants + 12);
+ const char *constants;
+
+ (void)ivbits;
+
+ x->input[4] = U8TO32_LITTLE(k + 0);
+ x->input[5] = U8TO32_LITTLE(k + 4);
+ x->input[6] = U8TO32_LITTLE(k + 8);
+ x->input[7] = U8TO32_LITTLE(k + 12);
+ if (kbits == 256) { /* recommended */
+ k += 16;
+ constants = sigma;
+ } else { /* kbits == 128 */
+ constants = tau;
+ }
+ x->input[8] = U8TO32_LITTLE(k + 0);
+ x->input[9] = U8TO32_LITTLE(k + 4);
+ x->input[10] = U8TO32_LITTLE(k + 8);
+ x->input[11] = U8TO32_LITTLE(k + 12);
+ x->input[0] = U8TO32_LITTLE(constants + 0);
+ x->input[1] = U8TO32_LITTLE(constants + 4);
+ x->input[2] = U8TO32_LITTLE(constants + 8);
+ x->input[3] = U8TO32_LITTLE(constants + 12);
}
static void
diff --git a/code/ecp/crypto/compat/Makefile b/code/ecp/crypto/compat/Makefile
index fc32fe7..7922366 100644
--- a/code/ecp/crypto/compat/Makefile
+++ b/code/ecp/crypto/compat/Makefile
@@ -1,8 +1,7 @@
include ../../Makefile.platform
CFLAGS=$(CFLAGS_PL) $(PIC) -I../include -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=
-getentropy = getentropy_osx
-obj = explicit_bzero.o timingsafe_memcmp.o timingsafe_bcmp.o # arc4random.o arc4random_uniform.o $(getentropy).o
+obj = explicit_bzero.o timingsafe_memcmp.o timingsafe_bcmp.o
all: $(obj)
diff --git a/code/ecp/crypto/compat/arc4random.c b/code/ecp/crypto/compat/arc4random.c
deleted file mode 100644
index 0d3a64f..0000000
--- a/code/ecp/crypto/compat/arc4random.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/* $OpenBSD: arc4random.c,v 1.54 2015/09/13 08:31:47 guenther Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * ChaCha based random number generator for OpenBSD.
- */
-
-#include <fcntl.h>
-#include <limits.h>
-#include <signal.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/time.h>
-
-#include <compat.h>
-
-#define KEYSTREAM_ONLY
-#include "chacha_private.h"
-
-#define minimum(a, b) ((a) < (b) ? (a) : (b))
-
-#if defined(__GNUC__) || defined(_MSC_VER)
-#define inline __inline
-#else /* __GNUC__ || _MSC_VER */
-#define inline
-#endif /* !__GNUC__ && !_MSC_VER */
-
-#define KEYSZ 32
-#define IVSZ 8
-#define BLOCKSZ 64
-#define RSBUFSZ (16*BLOCKSZ)
-
-/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
-static struct _rs {
- size_t rs_have; /* valid bytes at end of rs_buf */
- size_t rs_count; /* bytes till reseed */
-} *rs;
-
-/* Maybe be preserved in fork children, if _rs_allocate() decides. */
-static struct _rsx {
- chacha_ctx rs_chacha; /* chacha context for random keystream */
- u_char rs_buf[RSBUFSZ]; /* keystream blocks */
-} *rsx;
-
-static inline int _rs_allocate(struct _rs **, struct _rsx **);
-static inline void _rs_forkdetect(void);
-#include "arc4random.h"
-
-static inline void _rs_rekey(u_char *dat, size_t datlen);
-
-static inline void
-_rs_init(u_char *buf, size_t n)
-{
- if (n < KEYSZ + IVSZ)
- return;
-
- if (rs == NULL) {
- if (_rs_allocate(&rs, &rsx) == -1)
- abort();
- }
-
- chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
- chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ);
-}
-
-static void
-_rs_stir(void)
-{
- u_char rnd[KEYSZ + IVSZ];
-
- if (getentropy(rnd, sizeof rnd) == -1)
- _getentropy_fail();
-
- if (!rs)
- _rs_init(rnd, sizeof(rnd));
- else
- _rs_rekey(rnd, sizeof(rnd));
- explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
-
- /* invalidate rs_buf */
- rs->rs_have = 0;
- memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
-
- rs->rs_count = 1600000;
-}
-
-static inline void
-_rs_stir_if_needed(size_t len)
-{
- _rs_forkdetect();
- if (!rs || rs->rs_count <= len)
- _rs_stir();
- if (rs->rs_count <= len)
- rs->rs_count = 0;
- else
- rs->rs_count -= len;
-}
-
-static inline void
-_rs_rekey(u_char *dat, size_t datlen)
-{
-#ifndef KEYSTREAM_ONLY
- memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
-#endif
- /* fill rs_buf with the keystream */
- chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf,
- rsx->rs_buf, sizeof(rsx->rs_buf));
- /* mix in optional user provided data */
- if (dat) {
- size_t i, m;
-
- m = minimum(datlen, KEYSZ + IVSZ);
- for (i = 0; i < m; i++)
- rsx->rs_buf[i] ^= dat[i];
- }
- /* immediately reinit for backtracking resistance */
- _rs_init(rsx->rs_buf, KEYSZ + IVSZ);
- memset(rsx->rs_buf, 0, KEYSZ + IVSZ);
- rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ;
-}
-
-static inline void
-_rs_random_buf(void *_buf, size_t n)
-{
- u_char *buf = (u_char *)_buf;
- u_char *keystream;
- size_t m;
-
- _rs_stir_if_needed(n);
- while (n > 0) {
- if (rs->rs_have > 0) {
- m = minimum(n, rs->rs_have);
- keystream = rsx->rs_buf + sizeof(rsx->rs_buf)
- - rs->rs_have;
- memcpy(buf, keystream, m);
- memset(keystream, 0, m);
- buf += m;
- n -= m;
- rs->rs_have -= m;
- }
- if (rs->rs_have == 0)
- _rs_rekey(NULL, 0);
- }
-}
-
-static inline void
-_rs_random_u32(uint32_t *val)
-{
- u_char *keystream;
-
- _rs_stir_if_needed(sizeof(*val));
- if (rs->rs_have < sizeof(*val))
- _rs_rekey(NULL, 0);
- keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have;
- memcpy(val, keystream, sizeof(*val));
- memset(keystream, 0, sizeof(*val));
- rs->rs_have -= sizeof(*val);
-}
-
-uint32_t
-arc4random(void)
-{
- uint32_t val;
-
- _ARC4_LOCK();
- _rs_random_u32(&val);
- _ARC4_UNLOCK();
- return val;
-}
-
-void
-arc4random_buf(void *buf, size_t n)
-{
- _ARC4_LOCK();
- _rs_random_buf(buf, n);
- _ARC4_UNLOCK();
-}
diff --git a/code/ecp/crypto/compat/arc4random.h b/code/ecp/crypto/compat/arc4random.h
deleted file mode 100644
index 762aec2..0000000
--- a/code/ecp/crypto/compat/arc4random.h
+++ /dev/null
@@ -1,35 +0,0 @@
-#ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H
-#define LIBCRYPTOCOMPAT_ARC4RANDOM_H
-
-#include <sys/param.h>
-
-#if defined(_AIX)
-#include "arc4random_aix.h"
-
-#elif defined(__FreeBSD__)
-#include "arc4random_freebsd.h"
-
-#elif defined(__hpux)
-#include "arc4random_hpux.h"
-
-#elif defined(__linux__)
-#include "arc4random_linux.h"
-
-#elif defined(__NetBSD__)
-#include "arc4random_netbsd.h"
-
-#elif defined(__APPLE__)
-#include "arc4random_osx.h"
-
-#elif defined(__sun)
-#include "arc4random_solaris.h"
-
-#elif defined(_WIN32)
-#include "arc4random_win.h"
-
-#else
-#error "No arc4random hooks defined for this platform."
-
-#endif
-
-#endif
diff --git a/code/ecp/crypto/compat/arc4random_aix.h b/code/ecp/crypto/compat/arc4random_aix.h
deleted file mode 100644
index 3142a1f..0000000
--- a/code/ecp/crypto/compat/arc4random_aix.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* $OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
- raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
- _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
- static pid_t _rs_pid = 0;
- pid_t pid = getpid();
-
- if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
- _rs_pid = pid;
- _rs_forked = 0;
- if (rs)
- memset(rs, 0, sizeof(*rs));
- }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
- return (-1);
-
- if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
- munmap(*rsp, sizeof(**rsp));
- *rsp = NULL;
- return (-1);
- }
-
- _ARC4_ATFORK(_rs_forkhandler);
- return (0);
-}
diff --git a/code/ecp/crypto/compat/arc4random_freebsd.h b/code/ecp/crypto/compat/arc4random_freebsd.h
deleted file mode 100644
index 3faa5e4..0000000
--- a/code/ecp/crypto/compat/arc4random_freebsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* $OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-/*
- * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
- * a program does not link to -lthr. Callbacks registered with pthread_atfork()
- * appear to fail silently. So, it is not always possible to detect a PID
- * wraparound.
- */
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
- raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
- _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
- static pid_t _rs_pid = 0;
- pid_t pid = getpid();
-
- if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
- _rs_pid = pid;
- _rs_forked = 0;
- if (rs)
- memset(rs, 0, sizeof(*rs));
- }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
- return (-1);
-
- if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
- munmap(*rsp, sizeof(**rsp));
- *rsp = NULL;
- return (-1);
- }
-
- _ARC4_ATFORK(_rs_forkhandler);
- return (0);
-}
diff --git a/code/ecp/crypto/compat/arc4random_hpux.h b/code/ecp/crypto/compat/arc4random_hpux.h
deleted file mode 100644
index 2a3fe8c..0000000
--- a/code/ecp/crypto/compat/arc4random_hpux.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* $OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
- raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
- _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
- static pid_t _rs_pid = 0;
- pid_t pid = getpid();
-
- if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
- _rs_pid = pid;
- _rs_forked = 0;
- if (rs)
- memset(rs, 0, sizeof(*rs));
- }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
- return (-1);
-
- if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
- munmap(*rsp, sizeof(**rsp));
- *rsp = NULL;
- return (-1);
- }
-
- _ARC4_ATFORK(_rs_forkhandler);
- return (0);
-}
diff --git a/code/ecp/crypto/compat/arc4random_linux.h b/code/ecp/crypto/compat/arc4random_linux.h
deleted file mode 100644
index 879f966..0000000
--- a/code/ecp/crypto/compat/arc4random_linux.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* $OpenBSD: arc4random_linux.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#ifdef __GLIBC__
-extern void *__dso_handle;
-extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
-#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle)
-#else
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-#endif
-
-static inline void
-_getentropy_fail(void)
-{
- raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
- _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
- static pid_t _rs_pid = 0;
- pid_t pid = getpid();
-
- /* XXX unusual calls to clone() can bypass checks */
- if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) {
- _rs_pid = pid;
- _rs_forked = 0;
- if (rs)
- memset(rs, 0, sizeof(*rs));
- }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
- return (-1);
-
- if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
- munmap(*rsp, sizeof(**rsp));
- *rsp = NULL;
- return (-1);
- }
-
- _ARC4_ATFORK(_rs_forkhandler);
- return (0);
-}
diff --git a/code/ecp/crypto/compat/arc4random_netbsd.h b/code/ecp/crypto/compat/arc4random_netbsd.h
deleted file mode 100644
index 611997d..0000000
--- a/code/ecp/crypto/compat/arc4random_netbsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* $OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-/*
- * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
- * a program does not link to -lthr. Callbacks registered with pthread_atfork()
- * appear to fail silently. So, it is not always possible to detect a PID
- * wraparound.
- */
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
- raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
- _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
- static pid_t _rs_pid = 0;
- pid_t pid = getpid();
-
- if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
- _rs_pid = pid;
- _rs_forked = 0;
- if (rs)
- memset(rs, 0, sizeof(*rs));
- }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
- return (-1);
-
- if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
- munmap(*rsp, sizeof(**rsp));
- *rsp = NULL;
- return (-1);
- }
-
- _ARC4_ATFORK(_rs_forkhandler);
- return (0);
-}
diff --git a/code/ecp/crypto/compat/arc4random_osx.h b/code/ecp/crypto/compat/arc4random_osx.h
deleted file mode 100644
index 818ae6b..0000000
--- a/code/ecp/crypto/compat/arc4random_osx.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* $OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
- raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
- _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
- static pid_t _rs_pid = 0;
- pid_t pid = getpid();
-
- if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
- _rs_pid = pid;
- _rs_forked = 0;
- if (rs)
- memset(rs, 0, sizeof(*rs));
- }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
- return (-1);
-
- if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
- munmap(*rsp, sizeof(**rsp));
- *rsp = NULL;
- return (-1);
- }
-
- _ARC4_ATFORK(_rs_forkhandler);
- return (0);
-}
diff --git a/code/ecp/crypto/compat/arc4random_solaris.h b/code/ecp/crypto/compat/arc4random_solaris.h
deleted file mode 100644
index b1084cd..0000000
--- a/code/ecp/crypto/compat/arc4random_solaris.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* $OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
- raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
- _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
- static pid_t _rs_pid = 0;
- pid_t pid = getpid();
-
- if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
- _rs_pid = pid;
- _rs_forked = 0;
- if (rs)
- memset(rs, 0, sizeof(*rs));
- }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
- return (-1);
-
- if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
- MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
- munmap(*rsp, sizeof(**rsp));
- *rsp = NULL;
- return (-1);
- }
-
- _ARC4_ATFORK(_rs_forkhandler);
- return (0);
-}
diff --git a/code/ecp/crypto/compat/arc4random_uniform.c b/code/ecp/crypto/compat/arc4random_uniform.c
deleted file mode 100644
index 2d22434..0000000
--- a/code/ecp/crypto/compat/arc4random_uniform.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/* $OpenBSD: arc4random_uniform.c,v 1.2 2015/09/13 08:31:47 guenther Exp $ */
-
-/*
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/types.h>
-#include <stdlib.h>
-
-/*
- * Calculate a uniformly distributed random number less than upper_bound
- * avoiding "modulo bias".
- *
- * Uniformity is achieved by generating new random numbers until the one
- * returned is outside the range [0, 2**32 % upper_bound). This
- * guarantees the selected random number will be inside
- * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
- * after reduction modulo upper_bound.
- */
-uint32_t
-arc4random_uniform(uint32_t upper_bound)
-{
- uint32_t r, min;
-
- if (upper_bound < 2)
- return 0;
-
- /* 2**32 % x == (2**32 - x) % x */
- min = -upper_bound % upper_bound;
-
- /*
- * This could theoretically loop forever but each retry has
- * p > 0.5 (worst case, usually far better) of selecting a
- * number inside the range we need, so it should rarely need
- * to re-roll.
- */
- for (;;) {
- r = arc4random();
- if (r >= min)
- break;
- }
-
- return r % upper_bound;
-}
diff --git a/code/ecp/crypto/compat/arc4random_win.h b/code/ecp/crypto/compat/arc4random_win.h
deleted file mode 100644
index deec8a1..0000000
--- a/code/ecp/crypto/compat/arc4random_win.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/* $OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <windows.h>
-
-static volatile HANDLE arc4random_mtx = NULL;
-
-/*
- * Initialize the mutex on the first lock attempt. On collision, each thread
- * will attempt to allocate a mutex and compare-and-swap it into place as the
- * global mutex. On failure to swap in the global mutex, the mutex is closed.
- */
-#define _ARC4_LOCK() { \
- if (!arc4random_mtx) { \
- HANDLE p = CreateMutex(NULL, FALSE, NULL); \
- if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \
- CloseHandle(p); \
- } \
- WaitForSingleObject(arc4random_mtx, INFINITE); \
-} \
-
-#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx)
-
-static inline void
-_getentropy_fail(void)
-{
- TerminateProcess(GetCurrentProcess(), 0);
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
- *rsp = VirtualAlloc(NULL, sizeof(**rsp),
- MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
- if (*rsp == NULL)
- return (-1);
-
- *rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
- MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
- if (*rsxp == NULL) {
- VirtualFree(*rsp, 0, MEM_RELEASE);
- *rsp = NULL;
- return (-1);
- }
- return (0);
-}
-
-static inline void
-_rs_forkhandler(void)
-{
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-}
diff --git a/code/ecp/crypto/compat/getentropy_aix.c b/code/ecp/crypto/compat/getentropy_aix.c
deleted file mode 100644
index b046412..0000000
--- a/code/ecp/crypto/compat/getentropy_aix.c
+++ /dev/null
@@ -1,426 +0,0 @@
-/* $OpenBSD: getentropy_aix.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */
-
-/*
- * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-/*
- * -lperfstat is needed for the psuedo entropy data
- */
-
-#include <sys/mman.h>
-#include <sys/procfs.h>
-#include <sys/protosw.h>
-#include <sys/resource.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/statvfs.h>
-#include <sys/timers.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <termios.h>
-
-#include <compat.h>
-#include <sha.h>
-
-#include <libperfstat.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
- do { \
- if ((a)) \
- HD(errno); \
- else \
- HD(b); \
- } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len, const char *path,
- int devfscheck);
-static int getentropy_fallback(void *buf, size_t len);
-
-int
-getentropy(void *buf, size_t len)
-{
- int ret = -1;
-
- if (len > 256) {
- errno = EIO;
- return (-1);
- }
-
- /*
- * Try to get entropy with /dev/urandom
- */
- ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
- if (ret != -1)
- return (ret);
-
- /*
- * Entropy collection via /dev/urandom has failed.
- *
- * No other API exists for collecting entropy, and we have
- * no failsafe way to get it on AIX that is not sensitive
- * to resource exhaustion.
- *
- * We have very few options:
- * - Even syslog_r is unsafe to call at this low level, so
- * there is no way to alert the user or program.
- * - Cannot call abort() because some systems have unsafe
- * corefiles.
- * - Could raise(SIGKILL) resulting in silent program termination.
- * - Return EIO, to hint that arc4random's stir function
- * should raise(SIGKILL)
- * - Do the best under the circumstances....
- *
- * This code path exists to bring light to the issue that AIX
- * does not provide a failsafe API for entropy collection.
- *
- * We hope this demonstrates that AIX should consider
- * providing a new failsafe API which works in a chroot or
- * when file descriptors are exhausted.
- */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
- raise(SIGKILL);
-#endif
- ret = getentropy_fallback(buf, len);
- if (ret != -1)
- return (ret);
-
- errno = EIO;
- return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
- char any_set = 0;
- size_t i;
-
- for (i = 0; i < len; ++i)
- any_set |= buf[i];
- if (any_set == 0)
- return (-1);
- return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
-{
- struct stat st;
- size_t i;
- int fd, flags;
- int save_errno = errno;
-
-start:
-
- flags = O_RDONLY;
-#ifdef O_NOFOLLOW
- flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
- flags |= O_CLOEXEC;
-#endif
- fd = open(path, flags, 0);
- if (fd == -1) {
- if (errno == EINTR)
- goto start;
- goto nodevrandom;
- }
-#ifndef O_CLOEXEC
- fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
- /* Lightly verify that the device node looks sane */
- if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
- close(fd);
- goto nodevrandom;
- }
- for (i = 0; i < len; ) {
- size_t wanted = len - i;
- ssize_t ret = read(fd, (char *)buf + i, wanted);
-
- if (ret == -1) {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- close(fd);
- goto nodevrandom;
- }
- i += ret;
- }
- close(fd);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
-nodevrandom:
- errno = EIO;
- return (-1);
-}
-
-static const int cl[] = {
- CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
- CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
- CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
- CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
- CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
- CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
- CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
- CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
- uint8_t results[SHA512_DIGEST_LENGTH];
- int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
- static int cnt;
- struct timespec ts;
- struct timeval tv;
- perfstat_cpu_total_t cpustats;
-#ifdef _AIX61
- perfstat_cpu_total_wpar_t cpustats_wpar;
-#endif
- perfstat_partition_total_t lparstats;
- perfstat_disk_total_t diskinfo;
- perfstat_netinterface_total_t netinfo;
- struct rusage ru;
- sigset_t sigset;
- struct stat st;
- SHA512_CTX ctx;
- static pid_t lastpid;
- pid_t pid;
- size_t i, ii, m;
- char *p;
-
- pid = getpid();
- if (lastpid == pid) {
- faster = 1;
- repeat = 2;
- } else {
- faster = 0;
- lastpid = pid;
- repeat = REPEAT;
- }
- for (i = 0; i < len; ) {
- int j;
- SHA512_Init(&ctx);
- for (j = 0; j < repeat; j++) {
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- HX(perfstat_cpu_total(NULL, &cpustats,
- sizeof(cpustats), 1) == -1, cpustats);
-
-#ifdef _AIX61
- HX(perfstat_cpu_total_wpar(NULL, &cpustats_wpar,
- sizeof(cpustats_wpar), 1) == -1, cpustats_wpar);
-#endif
-
- HX(perfstat_partition_total(NULL, &lparstats,
- sizeof(lparstats), 1) == -1, lparstats);
-
- HX(perfstat_disk_total(NULL, &diskinfo,
- sizeof(diskinfo), 1) == -1, diskinfo);
-
- HX(perfstat_netinterface_total(NULL, &netinfo,
- sizeof(netinfo), 1) == -1, netinfo);
-
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
- HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
- HX((pid = getpid()) == -1, pid);
- HX((pid = getsid(pid)) == -1, pid);
- HX((pid = getppid()) == -1, pid);
- HX((pid = getpgid(0)) == -1, pid);
- HX((e = getpriority(0, 0)) == -1, e);
-
- if (!faster) {
- ts.tv_sec = 0;
- ts.tv_nsec = 1;
- (void) nanosleep(&ts, NULL);
- }
-
- HX(sigpending(&sigset) == -1, sigset);
- HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
- sigset);
-
- HF(getentropy); /* an addr in this library */
- HF(printf); /* an addr in libc */
- p = (char *)&p;
- HD(p); /* an addr on stack */
- p = (char *)&errno;
- HD(p); /* the addr of errno */
-
- if (i == 0) {
- struct sockaddr_storage ss;
- struct statvfs stvfs;
- struct termios tios;
- socklen_t ssl;
- off_t off;
-
- /*
- * Prime-sized mappings encourage fragmentation;
- * thus exposing some address entropy.
- */
- struct mm {
- size_t npg;
- void *p;
- } mm[] = {
- { 17, MAP_FAILED }, { 3, MAP_FAILED },
- { 11, MAP_FAILED }, { 2, MAP_FAILED },
- { 5, MAP_FAILED }, { 3, MAP_FAILED },
- { 7, MAP_FAILED }, { 1, MAP_FAILED },
- { 57, MAP_FAILED }, { 3, MAP_FAILED },
- { 131, MAP_FAILED }, { 1, MAP_FAILED },
- };
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- HX(mm[m].p = mmap(NULL,
- mm[m].npg * pgs,
- PROT_READ|PROT_WRITE,
- MAP_PRIVATE|MAP_ANON, -1,
- (off_t)0), mm[m].p);
- if (mm[m].p != MAP_FAILED) {
- size_t mo;
-
- /* Touch some memory... */
- p = mm[m].p;
- mo = cnt %
- (mm[m].npg * pgs - 1);
- p[mo] = 1;
- cnt += (int)((long)(mm[m].p)
- / pgs);
- }
-
- /* Check cnts and times... */
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
- ii++) {
- HX((e = clock_gettime(cl[ii],
- &ts)) == -1, ts);
- if (e != -1)
- cnt += (int)ts.tv_nsec;
- }
-
- HX((e = getrusage(RUSAGE_SELF,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- }
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- if (mm[m].p != MAP_FAILED)
- munmap(mm[m].p, mm[m].npg * pgs);
- mm[m].p = MAP_FAILED;
- }
-
- HX(stat(".", &st) == -1, st);
- HX(statvfs(".", &stvfs) == -1, stvfs);
-
- HX(stat("/", &st) == -1, st);
- HX(statvfs("/", &stvfs) == -1, stvfs);
-
- HX((e = fstat(0, &st)) == -1, st);
- if (e == -1) {
- if (S_ISREG(st.st_mode) ||
- S_ISFIFO(st.st_mode) ||
- S_ISSOCK(st.st_mode)) {
- HX(fstatvfs(0, &stvfs) == -1,
- stvfs);
- HX((off = lseek(0, (off_t)0,
- SEEK_CUR)) < 0, off);
- }
- if (S_ISCHR(st.st_mode)) {
- HX(tcgetattr(0, &tios) == -1,
- tios);
- } else if (S_ISSOCK(st.st_mode)) {
- memset(&ss, 0, sizeof ss);
- ssl = sizeof(ss);
- HX(getpeername(0,
- (void *)&ss, &ssl) == -1,
- ss);
- }
- }
-
- HX((e = getrusage(RUSAGE_CHILDREN,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- } else {
- /* Subsequent hashes absorb previous result */
- HD(results);
- }
-
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- HD(cnt);
- }
- SHA512_Final(results, &ctx);
- memcpy((char *)buf + i, results, min(sizeof(results), len - i));
- i += min(sizeof(results), len - i);
- }
- explicit_bzero(&ctx, sizeof ctx);
- explicit_bzero(results, sizeof results);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
- errno = EIO;
- return (-1);
-}
diff --git a/code/ecp/crypto/compat/getentropy_freebsd.c b/code/ecp/crypto/compat/getentropy_freebsd.c
deleted file mode 100644
index 30cd68e..0000000
--- a/code/ecp/crypto/compat/getentropy_freebsd.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */
-
-/*
- * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
- * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/sysctl.h>
-
-#include <errno.h>
-#include <stddef.h>
-
-/*
- * Derived from lib/libc/gen/arc4random.c from FreeBSD.
- */
-static size_t
-getentropy_sysctl(u_char *buf, size_t size)
-{
- int mib[2];
- size_t len, done;
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_ARND;
- done = 0;
-
- do {
- len = size;
- if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
- return (done);
- done += len;
- buf += len;
- size -= len;
- } while (size > 0);
-
- return (done);
-}
-
-int
-getentropy(void *buf, size_t len)
-{
- if (len <= 256 && getentropy_sysctl(buf, len) == len)
- return (0);
-
- errno = EIO;
- return (-1);
-}
diff --git a/code/ecp/crypto/compat/getentropy_hpux.c b/code/ecp/crypto/compat/getentropy_hpux.c
deleted file mode 100644
index a74e53c..0000000
--- a/code/ecp/crypto/compat/getentropy_hpux.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/* $OpenBSD: getentropy_hpux.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-
-#include <compat.h>
-#include <sha.h>
-
-#include <sys/vfs.h>
-
-#include <sys/pstat.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
- do { \
- if ((a)) \
- HD(errno); \
- else \
- HD(b); \
- } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len, const char *path,
- int devfscheck);
-static int getentropy_fallback(void *buf, size_t len);
-
-int
-getentropy(void *buf, size_t len)
-{
- int ret = -1;
-
- if (len > 256) {
- errno = EIO;
- return (-1);
- }
-
- /*
- * Try to get entropy with /dev/urandom
- */
- ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
- if (ret != -1)
- return (ret);
-
- /*
- * Entropy collection via /dev/urandom has failed.
- *
- * No other API exists for collecting entropy, and we have
- * no failsafe way to get it on hpux that is not sensitive
- * to resource exhaustion.
- *
- * We have very few options:
- * - Even syslog_r is unsafe to call at this low level, so
- * there is no way to alert the user or program.
- * - Cannot call abort() because some systems have unsafe
- * corefiles.
- * - Could raise(SIGKILL) resulting in silent program termination.
- * - Return EIO, to hint that arc4random's stir function
- * should raise(SIGKILL)
- * - Do the best under the circumstances....
- *
- * This code path exists to bring light to the issue that hpux
- * does not provide a failsafe API for entropy collection.
- *
- * We hope this demonstrates that hpux should consider
- * providing a new failsafe API which works in a chroot or
- * when file descriptors are exhausted.
- */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
- raise(SIGKILL);
-#endif
- ret = getentropy_fallback(buf, len);
- if (ret != -1)
- return (ret);
-
- errno = EIO;
- return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
- char any_set = 0;
- size_t i;
-
- for (i = 0; i < len; ++i)
- any_set |= buf[i];
- if (any_set == 0)
- return (-1);
- return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
-{
- struct stat st;
- size_t i;
- int fd, flags;
- int save_errno = errno;
-
-start:
-
- flags = O_RDONLY;
-#ifdef O_NOFOLLOW
- flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
- flags |= O_CLOEXEC;
-#endif
- fd = open(path, flags, 0);
- if (fd == -1) {
- if (errno == EINTR)
- goto start;
- goto nodevrandom;
- }
-#ifndef O_CLOEXEC
- fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
- /* Lightly verify that the device node looks sane */
- if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
- close(fd);
- goto nodevrandom;
- }
- for (i = 0; i < len; ) {
- size_t wanted = len - i;
- ssize_t ret = read(fd, (char *)buf + i, wanted);
-
- if (ret == -1) {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- close(fd);
- goto nodevrandom;
- }
- i += ret;
- }
- close(fd);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
-nodevrandom:
- errno = EIO;
- return (-1);
-}
-
-static const int cl[] = {
- CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
- CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
- CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
- CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
- CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
- CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
- CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
- CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
- uint8_t results[SHA512_DIGEST_LENGTH];
- int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
- static int cnt;
- struct timespec ts;
- struct timeval tv;
- struct pst_vminfo pvi;
- struct pst_vm_status pvs;
- struct pst_dynamic pdy;
- struct rusage ru;
- sigset_t sigset;
- struct stat st;
- SHA512_CTX ctx;
- static pid_t lastpid;
- pid_t pid;
- size_t i, ii, m;
- char *p;
-
- pid = getpid();
- if (lastpid == pid) {
- faster = 1;
- repeat = 2;
- } else {
- faster = 0;
- lastpid = pid;
- repeat = REPEAT;
- }
- for (i = 0; i < len; ) {
- int j;
- SHA512_Init(&ctx);
- for (j = 0; j < repeat; j++) {
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- HX(pstat_getvminfo(&pvi, sizeof(pvi), 1, 0) != 1, pvi);
- HX(pstat_getprocvm(&pvs, sizeof(pvs), 0, 0) != 1, pvs);
-
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
- HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
- HX((pid = getpid()) == -1, pid);
- HX((pid = getsid(pid)) == -1, pid);
- HX((pid = getppid()) == -1, pid);
- HX((pid = getpgid(0)) == -1, pid);
- HX((e = getpriority(0, 0)) == -1, e);
-
- if(pstat_getdynamic(&pdy, sizeof(pdy), 1, 0) != 1) {
- HD(errno);
- } else {
- HD(pdy.psd_avg_1_min);
- HD(pdy.psd_avg_5_min);
- HD(pdy.psd_avg_15_min);
- }
-
- if (!faster) {
- ts.tv_sec = 0;
- ts.tv_nsec = 1;
- (void) nanosleep(&ts, NULL);
- }
-
- HX(sigpending(&sigset) == -1, sigset);
- HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
- sigset);
-
- HF(getentropy); /* an addr in this library */
- HF(printf); /* an addr in libc */
- p = (char *)&p;
- HD(p); /* an addr on stack */
- p = (char *)&errno;
- HD(p); /* the addr of errno */
-
- if (i == 0) {
- struct sockaddr_storage ss;
- struct statvfs stvfs;
- struct termios tios;
- socklen_t ssl;
- off_t off;
-
- /*
- * Prime-sized mappings encourage fragmentation;
- * thus exposing some address entropy.
- */
- struct mm {
- size_t npg;
- void *p;
- } mm[] = {
- { 17, MAP_FAILED }, { 3, MAP_FAILED },
- { 11, MAP_FAILED }, { 2, MAP_FAILED },
- { 5, MAP_FAILED }, { 3, MAP_FAILED },
- { 7, MAP_FAILED }, { 1, MAP_FAILED },
- { 57, MAP_FAILED }, { 3, MAP_FAILED },
- { 131, MAP_FAILED }, { 1, MAP_FAILED },
- };
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- HX(mm[m].p = mmap(NULL,
- mm[m].npg * pgs,
- PROT_READ|PROT_WRITE,
- MAP_PRIVATE|MAP_ANON, -1,
- (off_t)0), mm[m].p);
- if (mm[m].p != MAP_FAILED) {
- size_t mo;
-
- /* Touch some memory... */
- p = mm[m].p;
- mo = cnt %
- (mm[m].npg * pgs - 1);
- p[mo] = 1;
- cnt += (int)((long)(mm[m].p)
- / pgs);
- }
-
- /* Check cnts and times... */
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
- ii++) {
- HX((e = clock_gettime(cl[ii],
- &ts)) == -1, ts);
- if (e != -1)
- cnt += (int)ts.tv_nsec;
- }
-
- HX((e = getrusage(RUSAGE_SELF,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- }
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- if (mm[m].p != MAP_FAILED)
- munmap(mm[m].p, mm[m].npg * pgs);
- mm[m].p = MAP_FAILED;
- }
-
- HX(stat(".", &st) == -1, st);
- HX(statvfs(".", &stvfs) == -1, stvfs);
-
- HX(stat("/", &st) == -1, st);
- HX(statvfs("/", &stvfs) == -1, stvfs);
-
- HX((e = fstat(0, &st)) == -1, st);
- if (e == -1) {
- if (S_ISREG(st.st_mode) ||
- S_ISFIFO(st.st_mode) ||
- S_ISSOCK(st.st_mode)) {
- HX(fstatvfs(0, &stvfs) == -1,
- stvfs);
- HX((off = lseek(0, (off_t)0,
- SEEK_CUR)) < 0, off);
- }
- if (S_ISCHR(st.st_mode)) {
- HX(tcgetattr(0, &tios) == -1,
- tios);
- } else if (S_ISSOCK(st.st_mode)) {
- memset(&ss, 0, sizeof ss);
- ssl = sizeof(ss);
- HX(getpeername(0,
- (void *)&ss, &ssl) == -1,
- ss);
- }
- }
-
- HX((e = getrusage(RUSAGE_CHILDREN,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- } else {
- /* Subsequent hashes absorb previous result */
- HD(results);
- }
-
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- HD(cnt);
- }
- SHA512_Final(results, &ctx);
- memcpy((char *)buf + i, results, min(sizeof(results), len - i));
- i += min(sizeof(results), len - i);
- }
- explicit_bzero(&ctx, sizeof ctx);
- explicit_bzero(results, sizeof results);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
- errno = EIO;
- return (-1);
-}
diff --git a/code/ecp/crypto/compat/getentropy_linux.c b/code/ecp/crypto/compat/getentropy_linux.c
deleted file mode 100644
index 37362e9..0000000
--- a/code/ecp/crypto/compat/getentropy_linux.c
+++ /dev/null
@@ -1,549 +0,0 @@
-/* $OpenBSD: getentropy_linux.c,v 1.43 2016/08/07 03:27:21 tb Exp $ */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#define _POSIX_C_SOURCE 199309L
-#define _GNU_SOURCE 1
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#ifdef SYS__sysctl
-#include <linux/sysctl.h>
-#endif
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <link.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-
-#include <compat.h>
-#include <sha.h>
-
-#include <linux/types.h>
-#include <linux/random.h>
-#ifdef HAVE_GETAUXVAL
-#include <sys/auxv.h>
-#endif
-#include <sys/vfs.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
- do { \
- if ((a)) \
- HD(errno); \
- else \
- HD(b); \
- } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-#ifdef SYS_getrandom
-static int getentropy_getrandom(void *buf, size_t len);
-#endif
-static int getentropy_urandom(void *buf, size_t len);
-#ifdef SYS__sysctl
-static int getentropy_sysctl(void *buf, size_t len);
-#endif
-static int getentropy_fallback(void *buf, size_t len);
-static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
-
-int
-getentropy(void *buf, size_t len)
-{
- int ret = -1;
-
- if (len > 256) {
- errno = EIO;
- return (-1);
- }
-
-#ifdef SYS_getrandom
- /*
- * Try descriptor-less getrandom()
- */
- ret = getentropy_getrandom(buf, len);
- if (ret != -1)
- return (ret);
- if (errno != ENOSYS)
- return (-1);
-#endif
-
- /*
- * Try to get entropy with /dev/urandom
- *
- * This can fail if the process is inside a chroot or if file
- * descriptors are exhausted.
- */
- ret = getentropy_urandom(buf, len);
- if (ret != -1)
- return (ret);
-
-#ifdef SYS__sysctl
- /*
- * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
- * sysctl is a failsafe API, so it guarantees a result. This
- * should work inside a chroot, or when file descriptors are
- * exhausted.
- *
- * However this can fail if the Linux kernel removes support
- * for sysctl. Starting in 2007, there have been efforts to
- * deprecate the sysctl API/ABI, and push callers towards use
- * of the chroot-unavailable fd-using /proc mechanism --
- * essentially the same problems as /dev/urandom.
- *
- * Numerous setbacks have been encountered in their deprecation
- * schedule, so as of June 2014 the kernel ABI still exists on
- * most Linux architectures. The sysctl() stub in libc is missing
- * on some systems. There are also reports that some kernels
- * spew messages to the console.
- */
- ret = getentropy_sysctl(buf, len);
- if (ret != -1)
- return (ret);
-#endif /* SYS__sysctl */
-
- /*
- * Entropy collection via /dev/urandom and sysctl have failed.
- *
- * No other API exists for collecting entropy. See the large
- * comment block above.
- *
- * We have very few options:
- * - Even syslog_r is unsafe to call at this low level, so
- * there is no way to alert the user or program.
- * - Cannot call abort() because some systems have unsafe
- * corefiles.
- * - Could raise(SIGKILL) resulting in silent program termination.
- * - Return EIO, to hint that arc4random's stir function
- * should raise(SIGKILL)
- * - Do the best under the circumstances....
- *
- * This code path exists to bring light to the issue that Linux
- * does not provide a failsafe API for entropy collection.
- *
- * We hope this demonstrates that Linux should either retain their
- * sysctl ABI, or consider providing a new failsafe API which
- * works in a chroot or when file descriptors are exhausted.
- */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
- raise(SIGKILL);
-#endif
- ret = getentropy_fallback(buf, len);
- if (ret != -1)
- return (ret);
-
- errno = EIO;
- return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
- char any_set = 0;
- size_t i;
-
- for (i = 0; i < len; ++i)
- any_set |= buf[i];
- if (any_set == 0)
- return (-1);
- return (0);
-}
-
-#ifdef SYS_getrandom
-static int
-getentropy_getrandom(void *buf, size_t len)
-{
- int pre_errno = errno;
- int ret;
- if (len > 256)
- return (-1);
- do {
- ret = syscall(SYS_getrandom, buf, len, 0);
- } while (ret == -1 && errno == EINTR);
-
- if (ret != len)
- return (-1);
- errno = pre_errno;
- return (0);
-}
-#endif
-
-static int
-getentropy_urandom(void *buf, size_t len)
-{
- struct stat st;
- size_t i;
- int fd, cnt, flags;
- int save_errno = errno;
-
-start:
-
- flags = O_RDONLY;
-#ifdef O_NOFOLLOW
- flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
- flags |= O_CLOEXEC;
-#endif
- fd = open("/dev/urandom", flags, 0);
- if (fd == -1) {
- if (errno == EINTR)
- goto start;
- goto nodevrandom;
- }
-#ifndef O_CLOEXEC
- fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
- /* Lightly verify that the device node looks sane */
- if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
- close(fd);
- goto nodevrandom;
- }
- if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
- close(fd);
- goto nodevrandom;
- }
- for (i = 0; i < len; ) {
- size_t wanted = len - i;
- ssize_t ret = read(fd, (char *)buf + i, wanted);
-
- if (ret == -1) {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- close(fd);
- goto nodevrandom;
- }
- i += ret;
- }
- close(fd);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
-nodevrandom:
- errno = EIO;
- return (-1);
-}
-
-#ifdef SYS__sysctl
-static int
-getentropy_sysctl(void *buf, size_t len)
-{
- static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
- size_t i;
- int save_errno = errno;
-
- for (i = 0; i < len; ) {
- size_t chunk = min(len - i, 16);
-
- /* SYS__sysctl because some systems already removed sysctl() */
- struct __sysctl_args args = {
- .name = mib,
- .nlen = 3,
- .oldval = (char *)buf + i,
- .oldlenp = &chunk,
- };
- if (syscall(SYS__sysctl, &args) != 0)
- goto sysctlfailed;
- i += chunk;
- }
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
-sysctlfailed:
- errno = EIO;
- return (-1);
-}
-#endif /* SYS__sysctl */
-
-static const int cl[] = {
- CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
- CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
- CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
- CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
- CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
- CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
- CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
- CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
-{
- SHA512_CTX *ctx = data;
-
- SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
- return (0);
-}
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
- uint8_t results[SHA512_DIGEST_LENGTH];
- int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
- static int cnt;
- struct timespec ts;
- struct timeval tv;
- struct rusage ru;
- sigset_t sigset;
- struct stat st;
- SHA512_CTX ctx;
- static pid_t lastpid;
- pid_t pid;
- size_t i, ii, m;
- char *p;
-
- pid = getpid();
- if (lastpid == pid) {
- faster = 1;
- repeat = 2;
- } else {
- faster = 0;
- lastpid = pid;
- repeat = REPEAT;
- }
- for (i = 0; i < len; ) {
- int j;
- SHA512_Init(&ctx);
- for (j = 0; j < repeat; j++) {
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- dl_iterate_phdr(getentropy_phdr, &ctx);
-
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
- HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
- HX((pid = getpid()) == -1, pid);
- HX((pid = getsid(pid)) == -1, pid);
- HX((pid = getppid()) == -1, pid);
- HX((pid = getpgid(0)) == -1, pid);
- HX((e = getpriority(0, 0)) == -1, e);
-
- if (!faster) {
- ts.tv_sec = 0;
- ts.tv_nsec = 1;
- (void) nanosleep(&ts, NULL);
- }
-
- HX(sigpending(&sigset) == -1, sigset);
- HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
- sigset);
-
- HF(getentropy); /* an addr in this library */
- HF(printf); /* an addr in libc */
- p = (char *)&p;
- HD(p); /* an addr on stack */
- p = (char *)&errno;
- HD(p); /* the addr of errno */
-
- if (i == 0) {
- struct sockaddr_storage ss;
- struct statvfs stvfs;
- struct termios tios;
- struct statfs stfs;
- socklen_t ssl;
- off_t off;
-
- /*
- * Prime-sized mappings encourage fragmentation;
- * thus exposing some address entropy.
- */
- struct mm {
- size_t npg;
- void *p;
- } mm[] = {
- { 17, MAP_FAILED }, { 3, MAP_FAILED },
- { 11, MAP_FAILED }, { 2, MAP_FAILED },
- { 5, MAP_FAILED }, { 3, MAP_FAILED },
- { 7, MAP_FAILED }, { 1, MAP_FAILED },
- { 57, MAP_FAILED }, { 3, MAP_FAILED },
- { 131, MAP_FAILED }, { 1, MAP_FAILED },
- };
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- HX(mm[m].p = mmap(NULL,
- mm[m].npg * pgs,
- PROT_READ|PROT_WRITE,
- MAP_PRIVATE|MAP_ANON, -1,
- (off_t)0), mm[m].p);
- if (mm[m].p != MAP_FAILED) {
- size_t mo;
-
- /* Touch some memory... */
- p = mm[m].p;
- mo = cnt %
- (mm[m].npg * pgs - 1);
- p[mo] = 1;
- cnt += (int)((long)(mm[m].p)
- / pgs);
- }
-
- /* Check cnts and times... */
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
- ii++) {
- HX((e = clock_gettime(cl[ii],
- &ts)) == -1, ts);
- if (e != -1)
- cnt += (int)ts.tv_nsec;
- }
-
- HX((e = getrusage(RUSAGE_SELF,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- }
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- if (mm[m].p != MAP_FAILED)
- munmap(mm[m].p, mm[m].npg * pgs);
- mm[m].p = MAP_FAILED;
- }
-
- HX(stat(".", &st) == -1, st);
- HX(statvfs(".", &stvfs) == -1, stvfs);
- HX(statfs(".", &stfs) == -1, stfs);
-
- HX(stat("/", &st) == -1, st);
- HX(statvfs("/", &stvfs) == -1, stvfs);
- HX(statfs("/", &stfs) == -1, stfs);
-
- HX((e = fstat(0, &st)) == -1, st);
- if (e == -1) {
- if (S_ISREG(st.st_mode) ||
- S_ISFIFO(st.st_mode) ||
- S_ISSOCK(st.st_mode)) {
- HX(fstatvfs(0, &stvfs) == -1,
- stvfs);
- HX(fstatfs(0, &stfs) == -1,
- stfs);
- HX((off = lseek(0, (off_t)0,
- SEEK_CUR)) < 0, off);
- }
- if (S_ISCHR(st.st_mode)) {
- HX(tcgetattr(0, &tios) == -1,
- tios);
- } else if (S_ISSOCK(st.st_mode)) {
- memset(&ss, 0, sizeof ss);
- ssl = sizeof(ss);
- HX(getpeername(0,
- (void *)&ss, &ssl) == -1,
- ss);
- }
- }
-
- HX((e = getrusage(RUSAGE_CHILDREN,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- } else {
- /* Subsequent hashes absorb previous result */
- HD(results);
- }
-
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- HD(cnt);
- }
-#ifdef HAVE_GETAUXVAL
-#ifdef AT_RANDOM
- /* Not as random as you think but we take what we are given */
- p = (char *) getauxval(AT_RANDOM);
- if (p)
- HR(p, 16);
-#endif
-#ifdef AT_SYSINFO_EHDR
- p = (char *) getauxval(AT_SYSINFO_EHDR);
- if (p)
- HR(p, pgs);
-#endif
-#ifdef AT_BASE
- p = (char *) getauxval(AT_BASE);
- if (p)
- HD(p);
-#endif
-#endif
-
- SHA512_Final(results, &ctx);
- memcpy((char *)buf + i, results, min(sizeof(results), len - i));
- i += min(sizeof(results), len - i);
- }
- explicit_bzero(&ctx, sizeof ctx);
- explicit_bzero(results, sizeof results);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
- errno = EIO;
- return (-1);
-}
diff --git a/code/ecp/crypto/compat/getentropy_netbsd.c b/code/ecp/crypto/compat/getentropy_netbsd.c
deleted file mode 100644
index 45d68c9..0000000
--- a/code/ecp/crypto/compat/getentropy_netbsd.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/* $OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */
-
-/*
- * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
- * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/sysctl.h>
-
-#include <errno.h>
-#include <stddef.h>
-
-/*
- * Derived from lib/libc/gen/arc4random.c from FreeBSD.
- */
-static size_t
-getentropy_sysctl(u_char *buf, size_t size)
-{
- int mib[2];
- size_t len, done;
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_ARND;
- done = 0;
-
- do {
- len = size;
- if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
- return (done);
- done += len;
- buf += len;
- size -= len;
- } while (size > 0);
-
- return (done);
-}
-
-int
-getentropy(void *buf, size_t len)
-{
- if (len <= 256 &&
- getentropy_sysctl(buf, len) == len) {
- return (0);
- }
-
- errno = EIO;
- return (-1);
-}
diff --git a/code/ecp/crypto/compat/getentropy_osx.c b/code/ecp/crypto/compat/getentropy_osx.c
deleted file mode 100644
index 44a313c..0000000
--- a/code/ecp/crypto/compat/getentropy_osx.c
+++ /dev/null
@@ -1,442 +0,0 @@
-/* $OpenBSD: getentropy_osx.c,v 1.11 2016/09/03 15:24:09 bcook Exp $ */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <TargetConditionals.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#include <sys/sysctl.h>
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-#include <mach/mach_time.h>
-#include <mach/mach_host.h>
-#include <mach/host_info.h>
-#if TARGET_OS_OSX
-#include <sys/socketvar.h>
-#include <sys/vmmeter.h>
-#endif
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#if TARGET_OS_OSX
-#include <netinet/udp.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp_var.h>
-#include <netinet/udp_var.h>
-#endif
-#include <CommonCrypto/CommonDigest.h>
-#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c)))
-#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
-#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
-#define SHA512_CTX CC_SHA512_CTX
-#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH
-
-#include <compat.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
- do { \
- if ((a)) \
- HD(errno); \
- else \
- HD(b); \
- } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len);
-static int getentropy_fallback(void *buf, size_t len);
-
-int
-getentropy(void *buf, size_t len)
-{
- int ret = -1;
-
- if (len > 256) {
- errno = EIO;
- return (-1);
- }
-
- /*
- * Try to get entropy with /dev/urandom
- *
- * This can fail if the process is inside a chroot or if file
- * descriptors are exhausted.
- */
- ret = getentropy_urandom(buf, len);
- if (ret != -1)
- return (ret);
-
- /*
- * Entropy collection via /dev/urandom and sysctl have failed.
- *
- * No other API exists for collecting entropy, and we have
- * no failsafe way to get it on OSX that is not sensitive
- * to resource exhaustion.
- *
- * We have very few options:
- * - Even syslog_r is unsafe to call at this low level, so
- * there is no way to alert the user or program.
- * - Cannot call abort() because some systems have unsafe
- * corefiles.
- * - Could raise(SIGKILL) resulting in silent program termination.
- * - Return EIO, to hint that arc4random's stir function
- * should raise(SIGKILL)
- * - Do the best under the circumstances....
- *
- * This code path exists to bring light to the issue that OSX
- * does not provide a failsafe API for entropy collection.
- *
- * We hope this demonstrates that OSX should consider
- * providing a new failsafe API which works in a chroot or
- * when file descriptors are exhausted.
- */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
- raise(SIGKILL);
-#endif
- ret = getentropy_fallback(buf, len);
- if (ret != -1)
- return (ret);
-
- errno = EIO;
- return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
- char any_set = 0;
- size_t i;
-
- for (i = 0; i < len; ++i)
- any_set |= buf[i];
- if (any_set == 0)
- return (-1);
- return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len)
-{
- struct stat st;
- size_t i;
- int fd, flags;
- int save_errno = errno;
-
-start:
-
- flags = O_RDONLY;
-#ifdef O_NOFOLLOW
- flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
- flags |= O_CLOEXEC;
-#endif
- fd = open("/dev/urandom", flags, 0);
- if (fd == -1) {
- if (errno == EINTR)
- goto start;
- goto nodevrandom;
- }
-#ifndef O_CLOEXEC
- fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
- /* Lightly verify that the device node looks sane */
- if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
- close(fd);
- goto nodevrandom;
- }
- for (i = 0; i < len; ) {
- size_t wanted = len - i;
- ssize_t ret = read(fd, (char *)buf + i, wanted);
-
- if (ret == -1) {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- close(fd);
- goto nodevrandom;
- }
- i += ret;
- }
- close(fd);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
-nodevrandom:
- errno = EIO;
- return (-1);
-}
-
-#if TARGET_OS_OSX
-static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
-static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
-static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
-#endif
-static int kmib[] = { CTL_KERN, KERN_USRSTACK };
-static int hwmib[] = { CTL_HW, HW_USERMEM };
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
- uint8_t results[SHA512_DIGEST_LENGTH];
- int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
- static int cnt;
- struct timespec ts;
- struct timeval tv;
- struct rusage ru;
- sigset_t sigset;
- struct stat st;
- SHA512_CTX ctx;
- static pid_t lastpid;
- pid_t pid;
- size_t i, ii, m;
- char *p;
-#if TARGET_OS_OSX
- struct tcpstat tcpstat;
- struct udpstat udpstat;
- struct ipstat ipstat;
-#endif
- u_int64_t mach_time;
- unsigned int idata;
- void *addr;
-
- pid = getpid();
- if (lastpid == pid) {
- faster = 1;
- repeat = 2;
- } else {
- faster = 0;
- lastpid = pid;
- repeat = REPEAT;
- }
- for (i = 0; i < len; ) {
- int j;
- SHA512_Init(&ctx);
- for (j = 0; j < repeat; j++) {
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- mach_time = mach_absolute_time();
- HD(mach_time);
-
- ii = sizeof(addr);
- HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
- &addr, &ii, NULL, 0) == -1, addr);
-
- ii = sizeof(idata);
- HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
- &idata, &ii, NULL, 0) == -1, idata);
-
-#if TARGET_OS_OSX
- ii = sizeof(tcpstat);
- HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
- &tcpstat, &ii, NULL, 0) == -1, tcpstat);
-
- ii = sizeof(udpstat);
- HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
- &udpstat, &ii, NULL, 0) == -1, udpstat);
-
- ii = sizeof(ipstat);
- HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
- &ipstat, &ii, NULL, 0) == -1, ipstat);
-#endif
-
- HX((pid = getpid()) == -1, pid);
- HX((pid = getsid(pid)) == -1, pid);
- HX((pid = getppid()) == -1, pid);
- HX((pid = getpgid(0)) == -1, pid);
- HX((e = getpriority(0, 0)) == -1, e);
-
- if (!faster) {
- ts.tv_sec = 0;
- ts.tv_nsec = 1;
- (void) nanosleep(&ts, NULL);
- }
-
- HX(sigpending(&sigset) == -1, sigset);
- HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
- sigset);
-
- HF(getentropy); /* an addr in this library */
- HF(printf); /* an addr in libc */
- p = (char *)&p;
- HD(p); /* an addr on stack */
- p = (char *)&errno;
- HD(p); /* the addr of errno */
-
- if (i == 0) {
- struct sockaddr_storage ss;
- struct statvfs stvfs;
- struct termios tios;
- struct statfs stfs;
- socklen_t ssl;
- off_t off;
-
- /*
- * Prime-sized mappings encourage fragmentation;
- * thus exposing some address entropy.
- */
- struct mm {
- size_t npg;
- void *p;
- } mm[] = {
- { 17, MAP_FAILED }, { 3, MAP_FAILED },
- { 11, MAP_FAILED }, { 2, MAP_FAILED },
- { 5, MAP_FAILED }, { 3, MAP_FAILED },
- { 7, MAP_FAILED }, { 1, MAP_FAILED },
- { 57, MAP_FAILED }, { 3, MAP_FAILED },
- { 131, MAP_FAILED }, { 1, MAP_FAILED },
- };
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- HX(mm[m].p = mmap(NULL,
- mm[m].npg * pgs,
- PROT_READ|PROT_WRITE,
- MAP_PRIVATE|MAP_ANON, -1,
- (off_t)0), mm[m].p);
- if (mm[m].p != MAP_FAILED) {
- size_t mo;
-
- /* Touch some memory... */
- p = mm[m].p;
- mo = cnt %
- (mm[m].npg * pgs - 1);
- p[mo] = 1;
- cnt += (int)((long)(mm[m].p)
- / pgs);
- }
-
- /* Check cnts and times... */
- mach_time = mach_absolute_time();
- HD(mach_time);
- cnt += (int)mach_time;
-
- HX((e = getrusage(RUSAGE_SELF,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- }
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- if (mm[m].p != MAP_FAILED)
- munmap(mm[m].p, mm[m].npg * pgs);
- mm[m].p = MAP_FAILED;
- }
-
- HX(stat(".", &st) == -1, st);
- HX(statvfs(".", &stvfs) == -1, stvfs);
- HX(statfs(".", &stfs) == -1, stfs);
-
- HX(stat("/", &st) == -1, st);
- HX(statvfs("/", &stvfs) == -1, stvfs);
- HX(statfs("/", &stfs) == -1, stfs);
-
- HX((e = fstat(0, &st)) == -1, st);
- if (e == -1) {
- if (S_ISREG(st.st_mode) ||
- S_ISFIFO(st.st_mode) ||
- S_ISSOCK(st.st_mode)) {
- HX(fstatvfs(0, &stvfs) == -1,
- stvfs);
- HX(fstatfs(0, &stfs) == -1,
- stfs);
- HX((off = lseek(0, (off_t)0,
- SEEK_CUR)) < 0, off);
- }
- if (S_ISCHR(st.st_mode)) {
- HX(tcgetattr(0, &tios) == -1,
- tios);
- } else if (S_ISSOCK(st.st_mode)) {
- memset(&ss, 0, sizeof ss);
- ssl = sizeof(ss);
- HX(getpeername(0,
- (void *)&ss, &ssl) == -1,
- ss);
- }
- }
-
- HX((e = getrusage(RUSAGE_CHILDREN,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- } else {
- /* Subsequent hashes absorb previous result */
- HD(results);
- }
-
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- HD(cnt);
- }
-
- SHA512_Final(results, &ctx);
- memcpy((char *)buf + i, results, min(sizeof(results), len - i));
- i += min(sizeof(results), len - i);
- }
- explicit_bzero(&ctx, sizeof ctx);
- explicit_bzero(results, sizeof results);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
- errno = EIO;
- return (-1);
-}
diff --git a/code/ecp/crypto/compat/getentropy_solaris.c b/code/ecp/crypto/compat/getentropy_solaris.c
deleted file mode 100644
index 017a2cf..0000000
--- a/code/ecp/crypto/compat/getentropy_solaris.c
+++ /dev/null
@@ -1,447 +0,0 @@
-/* $OpenBSD: getentropy_solaris.c,v 1.12 2016/08/07 03:27:21 tb Exp $ */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <link.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-#include <sys/sha2.h>
-#define SHA512_Init SHA512Init
-#define SHA512_Update SHA512Update
-#define SHA512_Final SHA512Final
-
-#include <sys/vfs.h>
-#include <sys/statfs.h>
-#include <sys/loadavg.h>
-
-#include <compat.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
- do { \
- if ((a)) \
- HD(errno); \
- else \
- HD(b); \
- } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len, const char *path,
- int devfscheck);
-static int getentropy_fallback(void *buf, size_t len);
-static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
-
-int
-getentropy(void *buf, size_t len)
-{
- int ret = -1;
-
- if (len > 256) {
- errno = EIO;
- return (-1);
- }
-
- /*
- * Try to get entropy with /dev/urandom
- *
- * Solaris provides /dev/urandom as a symbolic link to
- * /devices/pseudo/random@0:urandom which is provided by
- * a devfs filesystem. Best practice is to use O_NOFOLLOW,
- * so we must try the unpublished name directly.
- *
- * This can fail if the process is inside a chroot which lacks
- * the devfs mount, or if file descriptors are exhausted.
- */
- ret = getentropy_urandom(buf, len,
- "/devices/pseudo/random@0:urandom", 1);
- if (ret != -1)
- return (ret);
-
- /*
- * Unfortunately, chroot spaces on Solaris are sometimes setup
- * with direct device node of the well-known /dev/urandom name
- * (perhaps to avoid dragging all of devfs into the space).
- *
- * This can fail if the process is inside a chroot or if file
- * descriptors are exhausted.
- */
- ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
- if (ret != -1)
- return (ret);
-
- /*
- * Entropy collection via /dev/urandom has failed.
- *
- * No other API exists for collecting entropy, and we have
- * no failsafe way to get it on Solaris that is not sensitive
- * to resource exhaustion.
- *
- * We have very few options:
- * - Even syslog_r is unsafe to call at this low level, so
- * there is no way to alert the user or program.
- * - Cannot call abort() because some systems have unsafe
- * corefiles.
- * - Could raise(SIGKILL) resulting in silent program termination.
- * - Return EIO, to hint that arc4random's stir function
- * should raise(SIGKILL)
- * - Do the best under the circumstances....
- *
- * This code path exists to bring light to the issue that Solaris
- * does not provide a failsafe API for entropy collection.
- *
- * We hope this demonstrates that Solaris should consider
- * providing a new failsafe API which works in a chroot or
- * when file descriptors are exhausted.
- */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
- raise(SIGKILL);
-#endif
- ret = getentropy_fallback(buf, len);
- if (ret != -1)
- return (ret);
-
- errno = EIO;
- return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
- char any_set = 0;
- size_t i;
-
- for (i = 0; i < len; ++i)
- any_set |= buf[i];
- if (any_set == 0)
- return (-1);
- return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
-{
- struct stat st;
- size_t i;
- int fd, flags;
- int save_errno = errno;
-
-start:
-
- flags = O_RDONLY;
-#ifdef O_NOFOLLOW
- flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
- flags |= O_CLOEXEC;
-#endif
- fd = open(path, flags, 0);
- if (fd == -1) {
- if (errno == EINTR)
- goto start;
- goto nodevrandom;
- }
-#ifndef O_CLOEXEC
- fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
- /* Lightly verify that the device node looks sane */
- if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) ||
- (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) {
- close(fd);
- goto nodevrandom;
- }
- for (i = 0; i < len; ) {
- size_t wanted = len - i;
- ssize_t ret = read(fd, (char *)buf + i, wanted);
-
- if (ret == -1) {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- close(fd);
- goto nodevrandom;
- }
- i += ret;
- }
- close(fd);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
-nodevrandom:
- errno = EIO;
- return (-1);
-}
-
-static const int cl[] = {
- CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
- CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
- CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
- CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
- CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
- CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
- CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
- CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
-{
- SHA512_CTX *ctx = data;
-
- SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
- return (0);
-}
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
- uint8_t results[SHA512_DIGEST_LENGTH];
- int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
- static int cnt;
- struct timespec ts;
- struct timeval tv;
- double loadavg[3];
- struct rusage ru;
- sigset_t sigset;
- struct stat st;
- SHA512_CTX ctx;
- static pid_t lastpid;
- pid_t pid;
- size_t i, ii, m;
- char *p;
-
- pid = getpid();
- if (lastpid == pid) {
- faster = 1;
- repeat = 2;
- } else {
- faster = 0;
- lastpid = pid;
- repeat = REPEAT;
- }
- for (i = 0; i < len; ) {
- int j;
- SHA512_Init(&ctx);
- for (j = 0; j < repeat; j++) {
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- dl_iterate_phdr(getentropy_phdr, &ctx);
-
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
- HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
- HX((pid = getpid()) == -1, pid);
- HX((pid = getsid(pid)) == -1, pid);
- HX((pid = getppid()) == -1, pid);
- HX((pid = getpgid(0)) == -1, pid);
- HX((e = getpriority(0, 0)) == -1, e);
- HX((getloadavg(loadavg, 3) == -1), loadavg);
-
- if (!faster) {
- ts.tv_sec = 0;
- ts.tv_nsec = 1;
- (void) nanosleep(&ts, NULL);
- }
-
- HX(sigpending(&sigset) == -1, sigset);
- HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
- sigset);
-
- HF(getentropy); /* an addr in this library */
- HF(printf); /* an addr in libc */
- p = (char *)&p;
- HD(p); /* an addr on stack */
- p = (char *)&errno;
- HD(p); /* the addr of errno */
-
- if (i == 0) {
- struct sockaddr_storage ss;
- struct statvfs stvfs;
- struct termios tios;
- socklen_t ssl;
- off_t off;
-
- /*
- * Prime-sized mappings encourage fragmentation;
- * thus exposing some address entropy.
- */
- struct mm {
- size_t npg;
- void *p;
- } mm[] = {
- { 17, MAP_FAILED }, { 3, MAP_FAILED },
- { 11, MAP_FAILED }, { 2, MAP_FAILED },
- { 5, MAP_FAILED }, { 3, MAP_FAILED },
- { 7, MAP_FAILED }, { 1, MAP_FAILED },
- { 57, MAP_FAILED }, { 3, MAP_FAILED },
- { 131, MAP_FAILED }, { 1, MAP_FAILED },
- };
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- HX(mm[m].p = mmap(NULL,
- mm[m].npg * pgs,
- PROT_READ|PROT_WRITE,
- MAP_PRIVATE|MAP_ANON, -1,
- (off_t)0), mm[m].p);
- if (mm[m].p != MAP_FAILED) {
- size_t mo;
-
- /* Touch some memory... */
- p = mm[m].p;
- mo = cnt %
- (mm[m].npg * pgs - 1);
- p[mo] = 1;
- cnt += (int)((long)(mm[m].p)
- / pgs);
- }
-
- /* Check cnts and times... */
- for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
- ii++) {
- HX((e = clock_gettime(cl[ii],
- &ts)) == -1, ts);
- if (e != -1)
- cnt += (int)ts.tv_nsec;
- }
-
- HX((e = getrusage(RUSAGE_SELF,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- }
-
- for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
- if (mm[m].p != MAP_FAILED)
- munmap(mm[m].p, mm[m].npg * pgs);
- mm[m].p = MAP_FAILED;
- }
-
- HX(stat(".", &st) == -1, st);
- HX(statvfs(".", &stvfs) == -1, stvfs);
-
- HX(stat("/", &st) == -1, st);
- HX(statvfs("/", &stvfs) == -1, stvfs);
-
- HX((e = fstat(0, &st)) == -1, st);
- if (e == -1) {
- if (S_ISREG(st.st_mode) ||
- S_ISFIFO(st.st_mode) ||
- S_ISSOCK(st.st_mode)) {
- HX(fstatvfs(0, &stvfs) == -1,
- stvfs);
- HX((off = lseek(0, (off_t)0,
- SEEK_CUR)) < 0, off);
- }
- if (S_ISCHR(st.st_mode)) {
- HX(tcgetattr(0, &tios) == -1,
- tios);
- } else if (S_ISSOCK(st.st_mode)) {
- memset(&ss, 0, sizeof ss);
- ssl = sizeof(ss);
- HX(getpeername(0,
- (void *)&ss, &ssl) == -1,
- ss);
- }
- }
-
- HX((e = getrusage(RUSAGE_CHILDREN,
- &ru)) == -1, ru);
- if (e != -1) {
- cnt += (int)ru.ru_utime.tv_sec;
- cnt += (int)ru.ru_utime.tv_usec;
- }
- } else {
- /* Subsequent hashes absorb previous result */
- HD(results);
- }
-
- HX((e = gettimeofday(&tv, NULL)) == -1, tv);
- if (e != -1) {
- cnt += (int)tv.tv_sec;
- cnt += (int)tv.tv_usec;
- }
-
- HD(cnt);
- }
- SHA512_Final(results, &ctx);
- memcpy((char *)buf + i, results, min(sizeof(results), len - i));
- i += min(sizeof(results), len - i);
- }
- explicit_bzero(&ctx, sizeof ctx);
- explicit_bzero(results, sizeof results);
- if (gotdata(buf, len) == 0) {
- errno = save_errno;
- return (0); /* satisfied */
- }
- errno = EIO;
- return (-1);
-}
diff --git a/code/ecp/crypto/compat/getentropy_win.c b/code/ecp/crypto/compat/getentropy_win.c
deleted file mode 100644
index 2abeb27..0000000
--- a/code/ecp/crypto/compat/getentropy_win.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */
-
-/*
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014, Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <windows.h>
-#include <errno.h>
-#include <stdint.h>
-#include <sys/types.h>
-#include <wincrypt.h>
-#include <process.h>
-
-int getentropy(void *buf, size_t len);
-
-/*
- * On Windows, CryptGenRandom is supposed to be a well-seeded
- * cryptographically strong random number generator.
- */
-int
-getentropy(void *buf, size_t len)
-{
- HCRYPTPROV provider;
-
- if (len > 256) {
- errno = EIO;
- return (-1);
- }
-
- if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT) == 0)
- goto fail;
- if (CryptGenRandom(provider, len, buf) == 0) {
- CryptReleaseContext(provider, 0);
- goto fail;
- }
- CryptReleaseContext(provider, 0);
- return (0);
-
-fail:
- errno = EIO;
- return (-1);
-}