summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/arc4random (follow)
Commit message (Collapse)AuthorAgeFilesLines
* As done everywhere else, use a local version of MINIMUM() and avoidderaadt2020-05-175-21/+21
| | | | conflict against a potential define min() from some other scope.
* Using pthread_atfork instead of __register_atfork with uClibc on noMMUinoguchi2019-07-111-2/+2
| | | | | | | | uClibc on noMMU doesn't provide __register_atfork(). Reported by redbirdtek on Github issue. https://github.com/libressl-portable/portable/issues/538 ok bcook@
* Saw a mention somewhere a while back that the gotdata() function inderaadt2018-11-205-144/+27
| | | | | | | | here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
* ensure SYS_getrandom and GRND_NONBLOCK are both defined before using ↵bcook2018-03-131-4/+4
| | | | | | | getrandom(2) Based on discussion here https://github.com/libressl-portable/openbsd/pull/82 Suggested fix from jsing@
* Switch Linux getrandom() usage to non-blocking mode, continuing tobeck2017-04-291-6/+9
| | | | | | | | | | use fallback mechanims if unsuccessful. The design of Linux getrandom is broken. It has an uninitialized phase coupled with blocking behaviour, which is unacceptable from within a library at boot time without possible recovery. ok deraadt@ jsing@
* add iOS support for getentropybcook2016-09-031-1/+12
| | | | from Jacob Berkman, ok beck@
* Update the link for the getentropy(2) manual to man.openbsd.org/tb2016-08-078-16/+16
| | | | ok deraadt@
* Tighten behavior of _rs_allocate failure for portable arc4random ↵bcook2016-06-307-7/+14
| | | | | | | | | | implementations. In the event of a failure in _rs_allocate for rsx, we still have a reference to freed memory for rs on return. Not a huge deal since we subsequently abort in _rs_init, but it looks strange on its own. ok deraadt@
* Tighten behavior of _rs_allocate on Windows.bcook2016-06-301-4/+7
| | | | | | | | | | | | For Windows, we are simply using calloc, which has two annoyances: the memory has more permissions than needed by default, and it comes from the process heap, which looks like a memory leak since this memory is rightfully never freed. This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the memory to READ|WRITE and keeps the memory out of the process heap. ok deraadt@
* fix typo in comment; ok becktj2016-04-191-2/+2
|
* Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.bcook2016-01-041-2/+3
| | | | | | | | | | | | | Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@
* unify files furtherderaadt2015-09-1110-61/+61
|
* unify versions, so they are easier to diff.deraadt2015-08-254-9/+9
|
* KNFderaadt2015-08-251-6/+4
|
* Remove unneeded sys/sysctl.h on linux.bcook2015-06-131-2/+1
| | | | This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
* Not all Linux libc's include linux/sysctl.h in sys/sysctl.h.bcook2015-04-271-2/+3
| | | | Include it if we have the sysctl syscall.
* Support AIX versions without WPAR support.bcook2015-04-271-1/+5
| | | | From Michael Felt.
* add initial AIX getentropy/arc4random files. Thanks to Michael Felt.bcook2015-03-302-0/+501
|
* sys/sysctl.h includes linux/sysctl.h, remove the extra unchecked includebcook2015-03-221-2/+1
|
* Add arc4random/getentropy shims for NetBSD.bcook2015-01-192-0/+150
| | | | | | | | | | The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state after a fork, so provide an override until the fork-safe version in CVS appears in a release. These are the same as the FreeBSD shims. ok deraadt@
* back in september I did the large abstraction refactoring to allow thesederaadt2015-01-156-6/+12
| | | | other systems to fit into the same mold, so add copyright
* mix in more virtual memory and process informationbcook2015-01-071-2/+4
|
* add initial HP-UX getentropy/arc4random support.bcook2015-01-062-0/+496
| | | | | | patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
* correct the failure case for getentropy on win32bcook2014-11-111-3/+3
| | | | | | CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails. From: Dongsheng Song <dongsheng.song@gmail.com>
* Add hooks to override native arc4random_buf on FreeBSD.bcook2014-11-032-0/+149
| | | | | | | | | | | | | | | | The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.
* include header needed by older linux kernelsbcook2014-10-111-1/+2
| | | | not all versions of <linux/random.h> include <linux/types.h> by default
* preserve errno value on success.bcook2014-08-281-4/+6
| | | | | If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
* only build the getrandom path if SYS_getrandom is defined.bcook2014-08-161-3/+7
| | | | like the sysctl path
* getrandom(2) support for getentropy_linuxbcook2014-08-161-13/+10
| | | | | | | | | | | This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
* munmap correct object in (extremely unlikely, and effectively terminal)deraadt2014-08-133-6/+6
| | | | | case of failing to map the 2nd object. found by Paul Maurers
* better match proposed syscall apibcook2014-07-221-8/+2
|
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-211-6/+6
|
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-213-6/+9
| | | | | | | Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
* cast from void * before math; enh@googlederaadt2014-07-211-2/+2
|
* Move more OS-specific functionality to arc4random.h headers.bcook2014-07-204-4/+37
| | | | | | | | Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
* initial win32 ARC4_LOCK/UNLOCK implementation.bcook2014-07-201-1/+21
| | | | | It may make sense to later replace this with a Critical Section later. ok guenther@
* Demonstrate how new linux getrandom() will be called, at least untilderaadt2014-07-201-1/+37
| | | | | | it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
* remove disabled main hook; we use phdr now; ok bcookderaadt2014-07-193-21/+3
|
* tab lovederaadt2014-07-191-3/+3
|
* Move _ARC4_ATFORK handlers from thread_private.h in portable.bcook2014-07-193-3/+15
|
* move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modulesbcook2014-07-193-3/+22
|
* fixup typosbcook2014-07-193-55/+54
|
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-194-55/+55
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Cleanup portable arc4random fork detection code:matthew2014-07-183-33/+24
| | | | | | | | | | | | | | 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-184-0/+243
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderkettenis2014-07-161-1/+3
| | | | | | | Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
* Use dl_iterate_phdr() to iterate over the segments and throw the addressesderaadt2014-07-132-2/+28
| | | | | | | into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
* Provide a link to the canonical API specification.deraadt2014-07-134-4/+16
| | | | ok beck
* Take away the use of the address of main as a source of entropy. Causesbeck2014-07-133-3/+15
| | | | | | distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
* getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter2014-07-121-0/+56
| | | | OK: beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 02:11:47 +0000