| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit(). The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read. We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that.
|
| |
|
|
|
|
| |
C standard are all weak.
Apply __{BEGIN,END}_HIDDEN_DECLS to gdtoa{,imp}.h, hiding the
arch-specific __strtorx, __ULtox_D2A, __strtorQ, __ULtoQ_D2A symbols.
|
| |
|
|
|
|
|
| |
By default, MSVC's stdlib.h defines min(), so we need to spell out something
less common to avoid picking it up.
ok deraadt@ beck@ miod@
|
| |
|
|
| |
review by millert, binary checking process with doug, concept with guenther
|
| |
|
|
| |
other systems to fit into the same mold, so add copyright
|
| | |
|
| |
|
|
|
|
|
|
| |
Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers.
On OpenBSD, move thread_private.h as well to arc4random.h.
On Windows, use TerminateProcess on getentropy failure.
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
| |
into one if a system has an awesome getentropy(). In that case it
is valid to totally throw away the rsx state in the child. If the
getentropy() is not very good and has a lazy reseed operation, this
combining is a bad idea, and the reseed should probably continue to
use the "something old, something new" mix. _rs_allocate() can
accomodate either method, but not on the fly.
ok matthew
|
| |
|
|
|
| |
making it much easier for libressl -portable to fill in the gaps.
ok bcook beck
|
| |
|
|
|
| |
address space, and once allocated rs is never deallocated."
document the forkhandler to save reviewers time, with matthew
|
| | |
|
| |
|
|
| |
ok deraadt@ beck@ kettenis@
|
| |
|
|
|
| |
makes it much harder.
ok bcook@ kettenis@
|
| |
|
|
|
|
| |
can copy this file (plus chacha_private.h) directly and reuse it
trivially. Well, as long as they have a getentropy() as well..
ok beck
|
| |
|
|
|
|
| |
now using this as upstream code. The particular problem is systems
that contain older arc4random derivations lacking arc4random_uniform().
ok tedu miod
|
| |
|
|
| |
ok beck@ deraadt@ jsing@ guenther@
|
| |
|
|
| |
portable code path must handle that; with brent cook
|
| |
|
|
|
| |
mechanism, to aid in portability to other systems as requested.
ok matthew
|
| | |
|
| |
|
|
|
|
|
| |
Allow other non-zero return values in case we change our mind to
return an ssize_t byte count instead of simple success/fail.
ok deraadt, djm
|
| |
|
|
|
|
|
|
|
| |
MAP_INHERIT_ZERO anymore. This restores arc4random's previous
behavior where fork children would mix in some randomness from the
parent process.
New behavior noticed by deraadt
ok deraadt, tedu
|
| |
|
|
|
|
|
|
| |
Now instead of calling getpid() each time a user invokes arc4random(),
we're able to rely on the kernel zero'ing out the RNG state if the
process forks.
ok deraadt, djm
|
| |
|
|
| |
of sysctl(). Mark it with XXX while we consider.
|
| |
|
|
|
| |
call abort().
this direction discussed at length with miod beck tedu matthew etc
|
| |
|
|
| |
From Fritjof Bornebusch.
|
| | |
|
| | |
|
| |
|
|
| |
wherever it decides it would like them. first step. ok deraadt dlg djm
|
| | |
|
| |
|
|
|
|
| |
be using directly. Well, a few rare people cloned it upstream and it
will take a bit of time for them to learn.
ok various
|
| |
|
|
| |
feedback and ok djm@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
``-upper_bound % upper_bound''. Simplifies the code and makes it the
same on both ILP32 and LP64 architectures, and also slightly faster on
LP64 architectures by using a 32-bit remainder instead of a 64-bit
remainder.
Pointed out by Jorden Verwer on tech@
ok deraadt; no objections from djm or otto
|
| |
|
|
| |
ok deraadt@ djm@
|
| |
|
|
|
|
|
|
|
| |
doesn't test it, so factor out the two places that test it into a
routine and do the refreshing there. With this, arch4random_buf()
doesn't trigger superfluous calls to getpid() when filling large
buffers.
ok deraadt@, "looks nicer indeed" otto@
|
| |
|
|
| |
kurt@
|
| |
|
|
|
|
|
| |
(2^30,2^31). Nothing in the tree yet requests random numbers bounded
by this range.
report jakob!deraadt; ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
introduce two new APIs for requesting strong random numbers:
arc4random_buf() - fill an arbitrary memory range with random numbers
arc4random_uniform() - return a uniformly distributed random number
below
a specified upper bound, avoiding the bias that comes from a naive
"arc4random() % upper_bound" construction.
these mirror similarly-named functions in the kernel;
lots of discussion deraadt@ mcbride@
|
| |
|
|
|
|
|
|
|
|
|
| |
instead of the generic pthread macros since free(3) uses __arc4_getbyte()
when freeing small sized allocations and the generic pthread macros call
malloc(3).
- eliminate passing pointers to a static variable with global scope (rs)
for additional code clarity and reduction.
- shlib minor bumps for libc and libpthread due to new functions.
From andreas@ with some bits from me. okay tedu@ marc@ w/some spot
checking from millert@
|
| |
|
|
| |
to get random data without calling getpid(), ok millert@ deraadt@
|
| |
|
|
|
|
|
| |
and remove fallback code. If somebody is dumb enough to make the
sysctl fail using systrace, he deserves what he gets. Saves 7 syscalls
on process startup.
looks good miod@ ok deraadt@ tedu@
|
| | |
|
| |
|
|
| |
from original author (David Mazieres)
|
| |
|
|
| |
stir after eating 400000 words. ok + input deraadt
|
| |
|
|
| |
ok djm@
|
| |
|
|
|
| |
"Weaknesses in the Key Scheduling Algorithm of RC4", Fluhrer, Mantin and
Shamir. ok itojun@
|
| |
|
|
| |
ok deraadt and co.
|
| | |
|
| | |
|
| | |
|
