X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/22616013c4eef383b19b8ad4f95780a316d0a51b..d76f17672018832a885e3ce6087123d85bda0bca:/openssh/openbsd-compat/bsd-arc4random.c diff --git a/openssh/openbsd-compat/bsd-arc4random.c b/openssh/openbsd-compat/bsd-arc4random.c index 9d4c869..4fcfc6e 100644 --- a/openssh/openbsd-compat/bsd-arc4random.c +++ b/openssh/openbsd-compat/bsd-arc4random.c @@ -1,29 +1,32 @@ /* - * Copyright (c) 1999,2000,2004 Damien Miller + * Copyright (c) 1999-2000 Damien Miller. All rights reserved. * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" - -#include - -#include -#include -#include - #include "log.h" +RCSID("$Id$"); + #ifndef HAVE_ARC4RANDOM #include @@ -39,14 +42,13 @@ static int rc4_ready = 0; static RC4_KEY rc4; -unsigned int -arc4random(void) +unsigned int arc4random(void) { unsigned int r = 0; static int first_time = 1; if (rc4_ready <= 0) { - if (first_time) + if (!first_time) seed_rng(); first_time = 0; arc4random_stir(); @@ -59,92 +61,17 @@ arc4random(void) return(r); } -void -arc4random_stir(void) +void arc4random_stir(void) { unsigned char rand_buf[SEED_SIZE]; - int i; memset(&rc4, 0, sizeof(rc4)); - if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) + if (!RAND_bytes(rand_buf, sizeof(rand_buf))) fatal("Couldn't obtain random bytes (error %ld)", ERR_get_error()); RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); - - /* - * Discard early keystream, as per recommendations in: - * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps - */ - for(i = 0; i <= 256; i += sizeof(rand_buf)) - RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf); - memset(rand_buf, 0, sizeof(rand_buf)); rc4_ready = REKEY_BYTES; } #endif /* !HAVE_ARC4RANDOM */ - -#ifndef ARC4RANDOM_BUF -void -arc4random_buf(void *_buf, size_t n) -{ - size_t i; - u_int32_t r = 0; - char *buf = (char *)_buf; - - for (i = 0; i < n; i++) { - if (i % 4 == 0) - r = arc4random(); - buf[i] = r & 0xff; - r >>= 8; - } - i = r = 0; -} -#endif /* !HAVE_ARC4RANDOM_BUF */ - -#ifndef ARC4RANDOM_UNIFORM -/* - * Calculate a uniformly distributed random number less than upper_bound - * avoiding "modulo bias". - * - * Uniformity is achieved by generating new random numbers until the one - * returned is outside the range [0, 2**32 % upper_bound). This - * guarantees the selected random number will be inside - * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) - * after reduction modulo upper_bound. - */ -u_int32_t -arc4random_uniform(u_int32_t upper_bound) -{ - u_int32_t r, min; - - if (upper_bound < 2) - return 0; - -#if (ULONG_MAX > 0xffffffffUL) - min = 0x100000000UL % upper_bound; -#else - /* Calculate (2**32 % upper_bound) avoiding 64-bit math */ - if (upper_bound > 0x80000000) - min = 1 + ~upper_bound; /* 2**32 - upper_bound */ - else { - /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */ - min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound; - } -#endif - - /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. - */ - for (;;) { - r = arc4random(); - if (r >= min) - break; - } - - return r % upper_bound; -} -#endif /* !HAVE_ARC4RANDOM_UNIFORM */