summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/arc4random (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add arc4random/getentropy shims for NetBSD.bcook2015-01-192-0/+150
| | | | | | | | | | The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state after a fork, so provide an override until the fork-safe version in CVS appears in a release. These are the same as the FreeBSD shims. ok deraadt@
* back in september I did the large abstraction refactoring to allow thesederaadt2015-01-156-6/+12
| | | | other systems to fit into the same mold, so add copyright
* mix in more virtual memory and process informationbcook2015-01-071-2/+4
|
* add initial HP-UX getentropy/arc4random support.bcook2015-01-062-0/+496
| | | | | | patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
* correct the failure case for getentropy on win32bcook2014-11-111-3/+3
| | | | | | CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails. From: Dongsheng Song <dongsheng.song@gmail.com>
* Add hooks to override native arc4random_buf on FreeBSD.bcook2014-11-032-0/+149
| | | | | | | | | | | | | | | | The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.
* include header needed by older linux kernelsbcook2014-10-111-1/+2
| | | | not all versions of <linux/random.h> include <linux/types.h> by default
* preserve errno value on success.bcook2014-08-281-4/+6
| | | | | If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
* only build the getrandom path if SYS_getrandom is defined.bcook2014-08-161-3/+7
| | | | like the sysctl path
* getrandom(2) support for getentropy_linuxbcook2014-08-161-13/+10
| | | | | | | | | | | This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
* munmap correct object in (extremely unlikely, and effectively terminal)deraadt2014-08-133-6/+6
| | | | | case of failing to map the 2nd object. found by Paul Maurers
* better match proposed syscall apibcook2014-07-221-8/+2
|
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-211-6/+6
|
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-213-6/+9
| | | | | | | Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
* cast from void * before math; enh@googlederaadt2014-07-211-2/+2
|
* Move more OS-specific functionality to arc4random.h headers.bcook2014-07-204-4/+37
| | | | | | | | Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
* initial win32 ARC4_LOCK/UNLOCK implementation.bcook2014-07-201-1/+21
| | | | | It may make sense to later replace this with a Critical Section later. ok guenther@
* Demonstrate how new linux getrandom() will be called, at least untilderaadt2014-07-201-1/+37
| | | | | | it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
* remove disabled main hook; we use phdr now; ok bcookderaadt2014-07-193-21/+3
|
* tab lovederaadt2014-07-191-3/+3
|
* Move _ARC4_ATFORK handlers from thread_private.h in portable.bcook2014-07-193-3/+15
|
* move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modulesbcook2014-07-193-3/+22
|
* fixup typosbcook2014-07-193-55/+54
|
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-194-55/+55
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Cleanup portable arc4random fork detection code:matthew2014-07-183-33/+24
| | | | | | | | | | | | | | 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-184-0/+243
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderkettenis2014-07-161-1/+3
| | | | | | | Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
* Use dl_iterate_phdr() to iterate over the segments and throw the addressesderaadt2014-07-132-2/+28
| | | | | | | into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
* Provide a link to the canonical API specification.deraadt2014-07-134-4/+16
| | | | ok beck
* Take away the use of the address of main as a source of entropy. Causesbeck2014-07-133-3/+15
| | | | | | distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
* getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter2014-07-121-0/+56
| | | | OK: beck@
* Remove signed/unsigned warning, statement before declaration andwouter2014-07-123-29/+32
| | | | | | add a function to use function pointers that does not take sizeof(fptr). OK beck@
* guard inclusion of sys/sysctl.h so we can detect at compile time andbeck2014-07-121-1/+3
| | | | | keep linux distros happy that don't have it. ok bcook@
* remove gratuitous differences, ok beckderaadt2014-07-121-39/+40
|
* remove gratuitous differences, ok beck bcookderaadt2014-07-122-12/+12
|
* Solaris uses a symbolic link for /dev/urandom which harms best practice ofbeck2014-07-121-18/+34
| | | | | using O_NOFOLLOW - cope with it as best as possible by trying two different paths. - written by deraadt@ and kettenis@
* remove unused variables getentropy for OS Xbcook2014-07-091-3/+3
| | | | ok beck@
* getentropy for osx and solaris. will be needed for a portable releasebeck2014-07-082-0/+838
|
* fix oops, accidental delete.. darn copying of files between machinesbeck2014-07-081-2/+2
|
* j should be an int, like repeatbeck2014-07-081-3/+4
|
* unbreak last commit - but same intent, make re-seed less expensivebeck2014-07-081-12/+16
|
* repeat calls to getentrypy() with the same pid likely indicate reseeds.deraadt2014-07-081-3/+10
| | | | | | Since we assume the PRNG above is doing "something old, something new" folding, shortcut and do fewer repeats through the timing loop. ok beck
* fix HD() misuse; from brent cookderaadt2014-06-261-2/+2
|
* AT_BASE returns us the *address* of the start of ld.so, sobeck2014-06-251-2/+2
| | | | | use the address, not what it points to (which is always the same) ok deraadt@
* get the page of data at AT_SYSINFO_EHDRbeck2014-06-251-2/+2
| | | | ok deraadt@
* comment fixes from theobeck2014-06-251-5/+6
|
* Possibly obtain a little bit of entropy from addresses returnedbeck2014-06-251-2/+23
| | | | | by getauxval if we have it. ok deraadt@
* O_NOFOLLOW would be very nice to have here if the version of linuxbeck2014-06-251-10/+11
| | | | | we are running supports it. from enh@google.com
* unbreak build of getentropy_sysctl - we need linux/sysctl.h, andbeck2014-06-231-18/+21
| | | | RANDOM_UUID is an enum member.
* unbreak - main needs to be extern in here somewhere.beck2014-06-231-1/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-20 07:55:23 +0000