summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/arc4random (follow)
Commit message (Collapse)AuthorAgeFilesLines
* spelling fixes; from paul tagliamontejmc2022-12-261-2/+2
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* For open/openat, if the flags parameter does not contain O_CREAT, thederaadt2021-10-245-10/+10
| | | | | | | | | | | | | 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
* Update getentropy on Windows to use Cryptography Next Generation (CNG).bcook2020-11-111-18/+9
| | | | | wincrypt is deprecated and no longer works with newer Windows environments, such as in Windows Store apps.
* make fixed-sized fixed-value mib[] arrays be constderaadt2020-10-122-8/+4
| | | | ok guenther tb millert
* As done everywhere else, use a local version of MINIMUM() and avoidderaadt2020-05-175-21/+21
| | | | conflict against a potential define min() from some other scope.
* Using pthread_atfork instead of __register_atfork with uClibc on noMMUinoguchi2019-07-111-2/+2
| | | | | | | | uClibc on noMMU doesn't provide __register_atfork(). Reported by redbirdtek on Github issue. https://github.com/libressl-portable/portable/issues/538 ok bcook@
* Saw a mention somewhere a while back that the gotdata() function inderaadt2018-11-205-144/+27
| | | | | | | | here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
* ensure SYS_getrandom and GRND_NONBLOCK are both defined before using ↵bcook2018-03-131-4/+4
| | | | | | | getrandom(2) Based on discussion here https://github.com/libressl-portable/openbsd/pull/82 Suggested fix from jsing@
* Switch Linux getrandom() usage to non-blocking mode, continuing tobeck2017-04-291-6/+9
| | | | | | | | | | use fallback mechanims if unsuccessful. The design of Linux getrandom is broken. It has an uninitialized phase coupled with blocking behaviour, which is unacceptable from within a library at boot time without possible recovery. ok deraadt@ jsing@
* add iOS support for getentropybcook2016-09-031-1/+12
| | | | from Jacob Berkman, ok beck@
* Update the link for the getentropy(2) manual to man.openbsd.org/tb2016-08-078-16/+16
| | | | ok deraadt@
* Tighten behavior of _rs_allocate failure for portable arc4random ↵bcook2016-06-307-7/+14
| | | | | | | | | | implementations. In the event of a failure in _rs_allocate for rsx, we still have a reference to freed memory for rs on return. Not a huge deal since we subsequently abort in _rs_init, but it looks strange on its own. ok deraadt@
* Tighten behavior of _rs_allocate on Windows.bcook2016-06-301-4/+7
| | | | | | | | | | | | For Windows, we are simply using calloc, which has two annoyances: the memory has more permissions than needed by default, and it comes from the process heap, which looks like a memory leak since this memory is rightfully never freed. This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the memory to READ|WRITE and keeps the memory out of the process heap. ok deraadt@
* fix typo in comment; ok becktj2016-04-191-2/+2
|
* Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.bcook2016-01-041-2/+3
| | | | | | | | | | | | | Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@
* unify files furtherderaadt2015-09-1110-61/+61
|
* unify versions, so they are easier to diff.deraadt2015-08-254-9/+9
|
* KNFderaadt2015-08-251-6/+4
|
* Remove unneeded sys/sysctl.h on linux.bcook2015-06-131-2/+1
| | | | This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
* Not all Linux libc's include linux/sysctl.h in sys/sysctl.h.bcook2015-04-271-2/+3
| | | | Include it if we have the sysctl syscall.
* Support AIX versions without WPAR support.bcook2015-04-271-1/+5
| | | | From Michael Felt.
* add initial AIX getentropy/arc4random files. Thanks to Michael Felt.bcook2015-03-302-0/+501
|
* sys/sysctl.h includes linux/sysctl.h, remove the extra unchecked includebcook2015-03-221-2/+1
|
* Add arc4random/getentropy shims for NetBSD.bcook2015-01-192-0/+150
| | | | | | | | | | The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state after a fork, so provide an override until the fork-safe version in CVS appears in a release. These are the same as the FreeBSD shims. ok deraadt@
* back in september I did the large abstraction refactoring to allow thesederaadt2015-01-156-6/+12
| | | | other systems to fit into the same mold, so add copyright
* mix in more virtual memory and process informationbcook2015-01-071-2/+4
|
* add initial HP-UX getentropy/arc4random support.bcook2015-01-062-0/+496
| | | | | | patch from Kinichiro Inoguchi, tested on HP-UX 11.31 ok deraadt@
* correct the failure case for getentropy on win32bcook2014-11-111-3/+3
| | | | | | CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails. From: Dongsheng Song <dongsheng.song@gmail.com>
* Add hooks to override native arc4random_buf on FreeBSD.bcook2014-11-032-0/+149
| | | | | | | | | | | | | | | | The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.
* include header needed by older linux kernelsbcook2014-10-111-1/+2
| | | | not all versions of <linux/random.h> include <linux/types.h> by default
* preserve errno value on success.bcook2014-08-281-4/+6
| | | | | If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
* only build the getrandom path if SYS_getrandom is defined.bcook2014-08-161-3/+7
| | | | like the sysctl path
* getrandom(2) support for getentropy_linuxbcook2014-08-161-13/+10
| | | | | | | | | | | This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
* munmap correct object in (extremely unlikely, and effectively terminal)deraadt2014-08-133-6/+6
| | | | | case of failing to map the 2nd object. found by Paul Maurers
* better match proposed syscall apibcook2014-07-221-8/+2
|
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-211-6/+6
|
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-213-6/+9
| | | | | | | Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
* cast from void * before math; enh@googlederaadt2014-07-211-2/+2
|
* Move more OS-specific functionality to arc4random.h headers.bcook2014-07-204-4/+37
| | | | | | | | Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
* initial win32 ARC4_LOCK/UNLOCK implementation.bcook2014-07-201-1/+21
| | | | | It may make sense to later replace this with a Critical Section later. ok guenther@
* Demonstrate how new linux getrandom() will be called, at least untilderaadt2014-07-201-1/+37
| | | | | | it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
* remove disabled main hook; we use phdr now; ok bcookderaadt2014-07-193-21/+3
|
* tab lovederaadt2014-07-191-3/+3
|
* Move _ARC4_ATFORK handlers from thread_private.h in portable.bcook2014-07-193-3/+15
|
* move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modulesbcook2014-07-193-3/+22
|
* fixup typosbcook2014-07-193-55/+54
|
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-194-55/+55
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Cleanup portable arc4random fork detection code:matthew2014-07-183-33/+24
| | | | | | | | | | | | | | 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-184-0/+243
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on olderkettenis2014-07-161-1/+3
| | | | | | | Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 00:24:11 +0000