diff options
Diffstat (limited to 'openbsd-compat/bsd-arc4random.c')
-rw-r--r-- | openbsd-compat/bsd-arc4random.c | 150 |
1 files changed, 0 insertions, 150 deletions
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c deleted file mode 100644 index d7c586253..000000000 --- a/openbsd-compat/bsd-arc4random.c +++ /dev/null | |||
@@ -1,150 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org> | ||
3 | * | ||
4 | * Permission to use, copy, modify, and distribute this software for any | ||
5 | * purpose with or without fee is hereby granted, provided that the above | ||
6 | * copyright notice and this permission notice appear in all copies. | ||
7 | * | ||
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
15 | */ | ||
16 | |||
17 | #include "includes.h" | ||
18 | |||
19 | #include <sys/types.h> | ||
20 | |||
21 | #include <string.h> | ||
22 | #include <stdlib.h> | ||
23 | #include <stdarg.h> | ||
24 | |||
25 | #include "log.h" | ||
26 | |||
27 | #ifndef HAVE_ARC4RANDOM | ||
28 | |||
29 | #include <openssl/rand.h> | ||
30 | #include <openssl/rc4.h> | ||
31 | #include <openssl/err.h> | ||
32 | |||
33 | /* Size of key to use */ | ||
34 | #define SEED_SIZE 20 | ||
35 | |||
36 | /* Number of bytes to reseed after */ | ||
37 | #define REKEY_BYTES (1 << 24) | ||
38 | |||
39 | static int rc4_ready = 0; | ||
40 | static RC4_KEY rc4; | ||
41 | |||
42 | unsigned int | ||
43 | arc4random(void) | ||
44 | { | ||
45 | unsigned int r = 0; | ||
46 | static int first_time = 1; | ||
47 | |||
48 | if (rc4_ready <= 0) { | ||
49 | if (first_time) | ||
50 | seed_rng(); | ||
51 | first_time = 0; | ||
52 | arc4random_stir(); | ||
53 | } | ||
54 | |||
55 | RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r); | ||
56 | |||
57 | rc4_ready -= sizeof(r); | ||
58 | |||
59 | return(r); | ||
60 | } | ||
61 | |||
62 | void | ||
63 | arc4random_stir(void) | ||
64 | { | ||
65 | unsigned char rand_buf[SEED_SIZE]; | ||
66 | int i; | ||
67 | |||
68 | memset(&rc4, 0, sizeof(rc4)); | ||
69 | if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) | ||
70 | fatal("Couldn't obtain random bytes (error %ld)", | ||
71 | ERR_get_error()); | ||
72 | RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); | ||
73 | |||
74 | /* | ||
75 | * Discard early keystream, as per recommendations in: | ||
76 | * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps | ||
77 | */ | ||
78 | for(i = 0; i <= 256; i += sizeof(rand_buf)) | ||
79 | RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf); | ||
80 | |||
81 | memset(rand_buf, 0, sizeof(rand_buf)); | ||
82 | |||
83 | rc4_ready = REKEY_BYTES; | ||
84 | } | ||
85 | #endif /* !HAVE_ARC4RANDOM */ | ||
86 | |||
87 | #ifndef HAVE_ARC4RANDOM_BUF | ||
88 | void | ||
89 | arc4random_buf(void *_buf, size_t n) | ||
90 | { | ||
91 | size_t i; | ||
92 | u_int32_t r = 0; | ||
93 | char *buf = (char *)_buf; | ||
94 | |||
95 | for (i = 0; i < n; i++) { | ||
96 | if (i % 4 == 0) | ||
97 | r = arc4random(); | ||
98 | buf[i] = r & 0xff; | ||
99 | r >>= 8; | ||
100 | } | ||
101 | i = r = 0; | ||
102 | } | ||
103 | #endif /* !HAVE_ARC4RANDOM_BUF */ | ||
104 | |||
105 | #ifndef HAVE_ARC4RANDOM_UNIFORM | ||
106 | /* | ||
107 | * Calculate a uniformly distributed random number less than upper_bound | ||
108 | * avoiding "modulo bias". | ||
109 | * | ||
110 | * Uniformity is achieved by generating new random numbers until the one | ||
111 | * returned is outside the range [0, 2**32 % upper_bound). This | ||
112 | * guarantees the selected random number will be inside | ||
113 | * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) | ||
114 | * after reduction modulo upper_bound. | ||
115 | */ | ||
116 | u_int32_t | ||
117 | arc4random_uniform(u_int32_t upper_bound) | ||
118 | { | ||
119 | u_int32_t r, min; | ||
120 | |||
121 | if (upper_bound < 2) | ||
122 | return 0; | ||
123 | |||
124 | #if (ULONG_MAX > 0xffffffffUL) | ||
125 | min = 0x100000000UL % upper_bound; | ||
126 | #else | ||
127 | /* Calculate (2**32 % upper_bound) avoiding 64-bit math */ | ||
128 | if (upper_bound > 0x80000000) | ||
129 | min = 1 + ~upper_bound; /* 2**32 - upper_bound */ | ||
130 | else { | ||
131 | /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */ | ||
132 | min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound; | ||
133 | } | ||
134 | #endif | ||
135 | |||
136 | /* | ||
137 | * This could theoretically loop forever but each retry has | ||
138 | * p > 0.5 (worst case, usually far better) of selecting a | ||
139 | * number inside the range we need, so it should rarely need | ||
140 | * to re-roll. | ||
141 | */ | ||
142 | for (;;) { | ||
143 | r = arc4random(); | ||
144 | if (r >= min) | ||
145 | break; | ||
146 | } | ||
147 | |||
148 | return r % upper_bound; | ||
149 | } | ||
150 | #endif /* !HAVE_ARC4RANDOM_UNIFORM */ | ||