diff options
Diffstat (limited to 'code/core/crypto/compat/arc4random.c')
-rw-r--r-- | code/core/crypto/compat/arc4random.c | 198 |
1 files changed, 0 insertions, 198 deletions
diff --git a/code/core/crypto/compat/arc4random.c b/code/core/crypto/compat/arc4random.c deleted file mode 100644 index 0d3a64f..0000000 --- a/code/core/crypto/compat/arc4random.c +++ /dev/null @@ -1,198 +0,0 @@ -/* $OpenBSD: arc4random.c,v 1.54 2015/09/13 08:31:47 guenther Exp $ */ - -/* - * Copyright (c) 1996, David Mazieres <dm@uun.org> - * Copyright (c) 2008, Damien Miller <djm@openbsd.org> - * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> - * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * ChaCha based random number generator for OpenBSD. - */ - -#include <fcntl.h> -#include <limits.h> -#include <signal.h> -#include <stdint.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/time.h> - -#include <compat.h> - -#define KEYSTREAM_ONLY -#include "chacha_private.h" - -#define minimum(a, b) ((a) < (b) ? (a) : (b)) - -#if defined(__GNUC__) || defined(_MSC_VER) -#define inline __inline -#else /* __GNUC__ || _MSC_VER */ -#define inline -#endif /* !__GNUC__ && !_MSC_VER */ - -#define KEYSZ 32 -#define IVSZ 8 -#define BLOCKSZ 64 -#define RSBUFSZ (16*BLOCKSZ) - -/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ -static struct _rs { - size_t rs_have; /* valid bytes at end of rs_buf */ - size_t rs_count; /* bytes till reseed */ -} *rs; - -/* Maybe be preserved in fork children, if _rs_allocate() decides. */ -static struct _rsx { - chacha_ctx rs_chacha; /* chacha context for random keystream */ - u_char rs_buf[RSBUFSZ]; /* keystream blocks */ -} *rsx; - -static inline int _rs_allocate(struct _rs **, struct _rsx **); -static inline void _rs_forkdetect(void); -#include "arc4random.h" - -static inline void _rs_rekey(u_char *dat, size_t datlen); - -static inline void -_rs_init(u_char *buf, size_t n) -{ - if (n < KEYSZ + IVSZ) - return; - - if (rs == NULL) { - if (_rs_allocate(&rs, &rsx) == -1) - abort(); - } - - chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); - chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); -} - -static void -_rs_stir(void) -{ - u_char rnd[KEYSZ + IVSZ]; - - if (getentropy(rnd, sizeof rnd) == -1) - _getentropy_fail(); - - if (!rs) - _rs_init(rnd, sizeof(rnd)); - else - _rs_rekey(rnd, sizeof(rnd)); - explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ - - /* invalidate rs_buf */ - rs->rs_have = 0; - memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - - rs->rs_count = 1600000; -} - -static inline void -_rs_stir_if_needed(size_t len) -{ - _rs_forkdetect(); - if (!rs || rs->rs_count <= len) - _rs_stir(); - if (rs->rs_count <= len) - rs->rs_count = 0; - else - rs->rs_count -= len; -} - -static inline void -_rs_rekey(u_char *dat, size_t datlen) -{ -#ifndef KEYSTREAM_ONLY - memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); -#endif - /* fill rs_buf with the keystream */ - chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf, - rsx->rs_buf, sizeof(rsx->rs_buf)); - /* mix in optional user provided data */ - if (dat) { - size_t i, m; - - m = minimum(datlen, KEYSZ + IVSZ); - for (i = 0; i < m; i++) - rsx->rs_buf[i] ^= dat[i]; - } - /* immediately reinit for backtracking resistance */ - _rs_init(rsx->rs_buf, KEYSZ + IVSZ); - memset(rsx->rs_buf, 0, KEYSZ + IVSZ); - rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ; -} - -static inline void -_rs_random_buf(void *_buf, size_t n) -{ - u_char *buf = (u_char *)_buf; - u_char *keystream; - size_t m; - - _rs_stir_if_needed(n); - while (n > 0) { - if (rs->rs_have > 0) { - m = minimum(n, rs->rs_have); - keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - - rs->rs_have; - memcpy(buf, keystream, m); - memset(keystream, 0, m); - buf += m; - n -= m; - rs->rs_have -= m; - } - if (rs->rs_have == 0) - _rs_rekey(NULL, 0); - } -} - -static inline void -_rs_random_u32(uint32_t *val) -{ - u_char *keystream; - - _rs_stir_if_needed(sizeof(*val)); - if (rs->rs_have < sizeof(*val)) - _rs_rekey(NULL, 0); - keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have; - memcpy(val, keystream, sizeof(*val)); - memset(keystream, 0, sizeof(*val)); - rs->rs_have -= sizeof(*val); -} - -uint32_t -arc4random(void) -{ - uint32_t val; - - _ARC4_LOCK(); - _rs_random_u32(&val); - _ARC4_UNLOCK(); - return val; -} - -void -arc4random_buf(void *buf, size_t n) -{ - _ARC4_LOCK(); - _rs_random_buf(buf, n); - _ARC4_UNLOCK(); -} |