diff options
| author | miod <> | 2014-04-15 16:52:50 +0000 |
|---|---|---|
| committer | miod <> | 2014-04-15 16:52:50 +0000 |
| commit | be03b064bffafbd378c0d5cc5971594573544d64 (patch) | |
| tree | cd099da9298b8ab84a5dbbead9a6560737057c97 /src/lib/libcrypto/rand/rand_egd.c | |
| parent | f08ae3b01d60723e8f4334e0aaf4a57f03c478ba (diff) | |
| download | openbsd-be03b064bffafbd378c0d5cc5971594573544d64.tar.gz openbsd-be03b064bffafbd378c0d5cc5971594573544d64.tar.bz2 openbsd-be03b064bffafbd378c0d5cc5971594573544d64.zip | |
Replace the old OpenSSL PRNG by direct use of arc4random_buf(), keeping the
existing RAND interfaces unchanged.
All interfaces allowing external feed or seed of the RNG (either from a file
or a local entropy gathering daemon) are kept for ABI compatibility, but are
no longer do anything.
While the OpenSSL PRNG was required 15+ years ago when many systems lacked
proper entropy collection, things have evolved and one can reasonably assume
it is better to use the kernel (system global) entropy pool rather than trying
to build one's own and having to compensate for thread scheduling...
<RANT>
Whoever thought that RAND_screen(), feeding the PRNG with the contents of the
local workstation's display, under Win32, was a smart idea, ought to be banned
from security programming.
</RANT>
ok beck@ deraadt@ tedu@
Diffstat (limited to 'src/lib/libcrypto/rand/rand_egd.c')
| -rw-r--r-- | src/lib/libcrypto/rand/rand_egd.c | 193 |
1 files changed, 0 insertions, 193 deletions
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c index d53b916ebe..a78aa90c46 100644 --- a/src/lib/libcrypto/rand/rand_egd.c +++ b/src/lib/libcrypto/rand/rand_egd.c | |||
| @@ -95,7 +95,6 @@ | |||
| 95 | * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. | 95 | * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. |
| 96 | */ | 96 | */ |
| 97 | 97 | ||
| 98 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) | ||
| 99 | int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) | 98 | int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) |
| 100 | { | 99 | { |
| 101 | return(-1); | 100 | return(-1); |
| @@ -109,195 +108,3 @@ int RAND_egd_bytes(const char *path,int bytes) | |||
| 109 | { | 108 | { |
| 110 | return(-1); | 109 | return(-1); |
| 111 | } | 110 | } |
| 112 | #else | ||
| 113 | #include <openssl/opensslconf.h> | ||
| 114 | #include OPENSSL_UNISTD | ||
| 115 | #include <sys/types.h> | ||
| 116 | #include <sys/socket.h> | ||
| 117 | #ifndef NO_SYS_UN_H | ||
| 118 | # ifdef OPENSSL_SYS_VXWORKS | ||
| 119 | # include <streams/un.h> | ||
| 120 | # else | ||
| 121 | # include <sys/un.h> | ||
| 122 | # endif | ||
| 123 | #else | ||
| 124 | struct sockaddr_un { | ||
| 125 | short sun_family; /* AF_UNIX */ | ||
| 126 | char sun_path[108]; /* path name (gag) */ | ||
| 127 | }; | ||
| 128 | #endif /* NO_SYS_UN_H */ | ||
| 129 | #include <string.h> | ||
| 130 | #include <errno.h> | ||
| 131 | |||
| 132 | #ifndef offsetof | ||
| 133 | # define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) | ||
| 134 | #endif | ||
| 135 | |||
| 136 | int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) | ||
| 137 | { | ||
| 138 | int ret = 0; | ||
| 139 | struct sockaddr_un addr; | ||
| 140 | int len, num, numbytes; | ||
| 141 | int fd = -1; | ||
| 142 | int success; | ||
| 143 | unsigned char egdbuf[2], tempbuf[255], *retrievebuf; | ||
| 144 | |||
| 145 | memset(&addr, 0, sizeof(addr)); | ||
| 146 | addr.sun_family = AF_UNIX; | ||
| 147 | if (strlen(path) >= sizeof(addr.sun_path)) | ||
| 148 | return (-1); | ||
| 149 | BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); | ||
| 150 | len = offsetof(struct sockaddr_un, sun_path) + strlen(path); | ||
| 151 | fd = socket(AF_UNIX, SOCK_STREAM, 0); | ||
| 152 | if (fd == -1) return (-1); | ||
| 153 | success = 0; | ||
| 154 | while (!success) | ||
| 155 | { | ||
| 156 | if (connect(fd, (struct sockaddr *)&addr, len) == 0) | ||
| 157 | success = 1; | ||
| 158 | else | ||
| 159 | { | ||
| 160 | switch (errno) | ||
| 161 | { | ||
| 162 | #ifdef EINTR | ||
| 163 | case EINTR: | ||
| 164 | #endif | ||
| 165 | #ifdef EAGAIN | ||
| 166 | case EAGAIN: | ||
| 167 | #endif | ||
| 168 | #ifdef EINPROGRESS | ||
| 169 | case EINPROGRESS: | ||
| 170 | #endif | ||
| 171 | #ifdef EALREADY | ||
| 172 | case EALREADY: | ||
| 173 | #endif | ||
| 174 | /* No error, try again */ | ||
| 175 | break; | ||
| 176 | #ifdef EISCONN | ||
| 177 | case EISCONN: | ||
| 178 | success = 1; | ||
| 179 | break; | ||
| 180 | #endif | ||
| 181 | default: | ||
| 182 | goto err; /* failure */ | ||
| 183 | } | ||
| 184 | } | ||
| 185 | } | ||
| 186 | |||
| 187 | while(bytes > 0) | ||
| 188 | { | ||
| 189 | egdbuf[0] = 1; | ||
| 190 | egdbuf[1] = bytes < 255 ? bytes : 255; | ||
| 191 | numbytes = 0; | ||
| 192 | while (numbytes != 2) | ||
| 193 | { | ||
| 194 | num = write(fd, egdbuf + numbytes, 2 - numbytes); | ||
| 195 | if (num >= 0) | ||
| 196 | numbytes += num; | ||
| 197 | else | ||
| 198 | { | ||
| 199 | switch (errno) | ||
| 200 | { | ||
| 201 | #ifdef EINTR | ||
| 202 | case EINTR: | ||
| 203 | #endif | ||
| 204 | #ifdef EAGAIN | ||
| 205 | case EAGAIN: | ||
| 206 | #endif | ||
| 207 | /* No error, try again */ | ||
| 208 | break; | ||
| 209 | default: | ||
| 210 | ret = -1; | ||
| 211 | goto err; /* failure */ | ||
| 212 | } | ||
| 213 | } | ||
| 214 | } | ||
| 215 | numbytes = 0; | ||
| 216 | while (numbytes != 1) | ||
| 217 | { | ||
| 218 | num = read(fd, egdbuf, 1); | ||
| 219 | if (num == 0) | ||
| 220 | goto err; /* descriptor closed */ | ||
| 221 | else if (num > 0) | ||
| 222 | numbytes += num; | ||
| 223 | else | ||
| 224 | { | ||
| 225 | switch (errno) | ||
| 226 | { | ||
| 227 | #ifdef EINTR | ||
| 228 | case EINTR: | ||
| 229 | #endif | ||
| 230 | #ifdef EAGAIN | ||
| 231 | case EAGAIN: | ||
| 232 | #endif | ||
| 233 | /* No error, try again */ | ||
| 234 | break; | ||
| 235 | default: | ||
| 236 | ret = -1; | ||
| 237 | goto err; /* failure */ | ||
| 238 | } | ||
| 239 | } | ||
| 240 | } | ||
| 241 | if(egdbuf[0] == 0) | ||
| 242 | goto err; | ||
| 243 | if (buf) | ||
| 244 | retrievebuf = buf + ret; | ||
| 245 | else | ||
| 246 | retrievebuf = tempbuf; | ||
| 247 | numbytes = 0; | ||
| 248 | while (numbytes != egdbuf[0]) | ||
| 249 | { | ||
| 250 | num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); | ||
| 251 | if (num == 0) | ||
| 252 | goto err; /* descriptor closed */ | ||
| 253 | else if (num > 0) | ||
| 254 | numbytes += num; | ||
| 255 | else | ||
| 256 | { | ||
| 257 | switch (errno) | ||
| 258 | { | ||
| 259 | #ifdef EINTR | ||
| 260 | case EINTR: | ||
| 261 | #endif | ||
| 262 | #ifdef EAGAIN | ||
| 263 | case EAGAIN: | ||
| 264 | #endif | ||
| 265 | /* No error, try again */ | ||
| 266 | break; | ||
| 267 | default: | ||
| 268 | ret = -1; | ||
| 269 | goto err; /* failure */ | ||
| 270 | } | ||
| 271 | } | ||
| 272 | } | ||
| 273 | ret += egdbuf[0]; | ||
| 274 | bytes -= egdbuf[0]; | ||
| 275 | if (!buf) | ||
| 276 | RAND_seed(tempbuf, egdbuf[0]); | ||
| 277 | } | ||
| 278 | err: | ||
| 279 | if (fd != -1) close(fd); | ||
| 280 | return(ret); | ||
| 281 | } | ||
| 282 | |||
| 283 | |||
| 284 | int RAND_egd_bytes(const char *path, int bytes) | ||
| 285 | { | ||
| 286 | int num, ret = 0; | ||
| 287 | |||
| 288 | num = RAND_query_egd_bytes(path, NULL, bytes); | ||
| 289 | if (num < 1) goto err; | ||
| 290 | if (RAND_status() == 1) | ||
| 291 | ret = num; | ||
| 292 | err: | ||
| 293 | return(ret); | ||
| 294 | } | ||
| 295 | |||
| 296 | |||
| 297 | int RAND_egd(const char *path) | ||
| 298 | { | ||
| 299 | return (RAND_egd_bytes(path, 255)); | ||
| 300 | } | ||
| 301 | |||
| 302 | |||
| 303 | #endif | ||