[openssh.git] / openbsd-compat / bsd-arc4random.c

/*
 * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"
#include "log.h"

#ifndef HAVE_ARC4RANDOM

#include <openssl/rand.h>
#include <openssl/rc4.h>
#include <openssl/err.h>

/* Size of key to use */
#define SEED_SIZE 20

/* Number of bytes to reseed after */
#define REKEY_BYTES	(1 << 24)

static int rc4_ready = 0;
static RC4_KEY rc4;

unsigned int
arc4random(void)
{
	unsigned int r = 0;
	static int first_time = 1;

	if (rc4_ready <= 0) {
		if (first_time)
			seed_rng();
		first_time = 0;
		arc4random_stir();
	}

	RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);

	rc4_ready -= sizeof(r);
	
	return(r);
}

void
arc4random_stir(void)
{
	unsigned char rand_buf[SEED_SIZE];
	int i;

	memset(&rc4, 0, sizeof(rc4));
	if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
		fatal("Couldn't obtain random bytes (error %ld)",
		    ERR_get_error());
	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);

	/*
	 * Discard early keystream, as per recommendations in:
	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
	 */
	for(i = 0; i <= 256; i += sizeof(rand_buf))
		RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);

	memset(rand_buf, 0, sizeof(rand_buf));

	rc4_ready = REKEY_BYTES;
}
#endif /* !HAVE_ARC4RANDOM */
Commit	Line	Data
416ed5a7	1	/*
9cd11896	2	* Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
416ed5a7	3	*
9cd11896	4	* Permission to use, copy, modify, and distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice appear in all copies.
416ed5a7	7	*
9cd11896	8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
416ed5a7	15	*/
	16
	17	#include "includes.h"
a701a70b	18	#include "log.h"
416ed5a7	19
	20	#ifndef HAVE_ARC4RANDOM
	21
2f125ca1	22	#include <openssl/rand.h>
2f125ca1	23	#include <openssl/rc4.h>
a701a70b	24	#include <openssl/err.h>
2f125ca1	25
10fa00c8	26	/* Size of key to use */
	27	#define SEED_SIZE 20
	28
	29	/* Number of bytes to reseed after */
ddc49b5c	30	#define REKEY_BYTES (1 << 24)
10fa00c8	31
416ed5a7	32	static int rc4_ready = 0;
	33	static RC4_KEY rc4;
	34
15606882	35	unsigned int
15606882	36	arc4random(void)
416ed5a7	37	{
416ed5a7	38	unsigned int r = 0;
e339aa53	39	static int first_time = 1;
416ed5a7	40
e339aa53	41	if (rc4_ready <= 0) {
af5ee4e4	42	if (first_time)
e339aa53	43	seed_rng();
e339aa53	44	first_time = 0;
416ed5a7	45	arc4random_stir();
e339aa53	46	}
e339aa53	47
416ed5a7	48	RC4(&rc4, sizeof(r), (unsigned char )&r, (unsigned char )&r);
10fa00c8	49
10fa00c8	50	rc4_ready -= sizeof(r);
416ed5a7	51
	52	return(r);
	53	}
	54
15606882	55	void
15606882	56	arc4random_stir(void)
416ed5a7	57	{
10fa00c8	58	unsigned char rand_buf[SEED_SIZE];
75d1f941	59	int i;
10fa00c8	60
e339aa53	61	memset(&rc4, 0, sizeof(rc4));
d8eb5247	62	if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
e339aa53	63	fatal("Couldn't obtain random bytes (error %ld)",
e339aa53	64	ERR_get_error());
416ed5a7	65	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
75d1f941	66
	67	/*
	68	* Discard early keystream, as per recommendations in:
	69	* http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
	70	*/
	71	for(i = 0; i <= 256; i += sizeof(rand_buf))
	72	RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
	73
416ed5a7	74	memset(rand_buf, 0, sizeof(rand_buf));
e339aa53	75
10fa00c8	76	rc4_ready = REKEY_BYTES;
416ed5a7	77	}
416ed5a7	78	#endif /* !HAVE_ARC4RANDOM */