| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: arc4random.c,v 1.30 2015/05/13 23:15:57 justin Exp $ */ | | 1 | /* $NetBSD: arc4random.c,v 1.31 2016/03/25 22:13:23 riastradh Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2014 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2014 The NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Taylor R. Campbell. | | 8 | * by Taylor R. Campbell. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -42,27 +42,27 @@ | | | @@ -42,27 +42,27 @@ |
42 | * | | 42 | * |
43 | * The arc4random(3) API may abort the process if: | | 43 | * The arc4random(3) API may abort the process if: |
44 | * | | 44 | * |
45 | * (a) the crypto self-test fails, | | 45 | * (a) the crypto self-test fails, |
46 | * (b) pthread_atfork or thr_keycreate fail, or | | 46 | * (b) pthread_atfork or thr_keycreate fail, or |
47 | * (c) sysctl(KERN_ARND) fails when reseeding the PRNG. | | 47 | * (c) sysctl(KERN_ARND) fails when reseeding the PRNG. |
48 | * | | 48 | * |
49 | * The crypto self-test, pthread_atfork, and thr_keycreate occur only | | 49 | * The crypto self-test, pthread_atfork, and thr_keycreate occur only |
50 | * once, on the first use of any of the arc4random(3) API. KERN_ARND | | 50 | * once, on the first use of any of the arc4random(3) API. KERN_ARND |
51 | * is unlikely to fail later unless the kernel is seriously broken. | | 51 | * is unlikely to fail later unless the kernel is seriously broken. |
52 | */ | | 52 | */ |
53 | | | 53 | |
54 | #include <sys/cdefs.h> | | 54 | #include <sys/cdefs.h> |
55 | __RCSID("$NetBSD: arc4random.c,v 1.30 2015/05/13 23:15:57 justin Exp $"); | | 55 | __RCSID("$NetBSD: arc4random.c,v 1.31 2016/03/25 22:13:23 riastradh Exp $"); |
56 | | | 56 | |
57 | #include "namespace.h" | | 57 | #include "namespace.h" |
58 | #include "reentrant.h" | | 58 | #include "reentrant.h" |
59 | | | 59 | |
60 | #include <sys/bitops.h> | | 60 | #include <sys/bitops.h> |
61 | #include <sys/endian.h> | | 61 | #include <sys/endian.h> |
62 | #include <sys/errno.h> | | 62 | #include <sys/errno.h> |
63 | #include <sys/mman.h> | | 63 | #include <sys/mman.h> |
64 | #include <sys/sysctl.h> | | 64 | #include <sys/sysctl.h> |
65 | | | 65 | |
66 | #include <assert.h> | | 66 | #include <assert.h> |
67 | #include <sha2.h> | | 67 | #include <sha2.h> |
68 | #include <stdbool.h> | | 68 | #include <stdbool.h> |
| @@ -346,27 +346,28 @@ crypto_onetimestream(const void *seed, v | | | @@ -346,27 +346,28 @@ crypto_onetimestream(const void *seed, v |
346 | | | 346 | |
347 | /* | | 347 | /* |
348 | * Guarantee we can generate up to n bytes. We have | | 348 | * Guarantee we can generate up to n bytes. We have |
349 | * 2^(8*INPUTBYTES) possible inputs yielding output of | | 349 | * 2^(8*INPUTBYTES) possible inputs yielding output of |
350 | * OUTPUTBYTES*2^(8*INPUTBYTES) bytes. It suffices to require | | 350 | * OUTPUTBYTES*2^(8*INPUTBYTES) bytes. It suffices to require |
351 | * that sizeof n > (1/CHAR_BIT) log_2 n be less than | | 351 | * that sizeof n > (1/CHAR_BIT) log_2 n be less than |
352 | * (1/CHAR_BIT) log_2 of the total output stream length. We | | 352 | * (1/CHAR_BIT) log_2 of the total output stream length. We |
353 | * have | | 353 | * have |
354 | * | | 354 | * |
355 | * log_2 (o 2^(8 i)) = log_2 o + log_2 2^(8 i) | | 355 | * log_2 (o 2^(8 i)) = log_2 o + log_2 2^(8 i) |
356 | * = log_2 o + 8 i. | | 356 | * = log_2 o + 8 i. |
357 | */ | | 357 | */ |
358 | __CTASSERT(CHAR_BIT * sizeof n <= | | 358 | __CTASSERT(CHAR_BIT * sizeof n <= |
359 | (/*LINTED*/ilog2(crypto_core_OUTPUTBYTES) + 8 * crypto_core_INPUTBYTES)); | | 359 | (/*LINTED*/ilog2(crypto_core_OUTPUTBYTES) + |
| | | 360 | 8*crypto_core_INPUTBYTES)); |
360 | | | 361 | |
361 | p8 = buf; | | 362 | p8 = buf; |
362 | p32 = (uint8_t *)roundup2((uintptr_t)p8, 4); | | 363 | p32 = (uint8_t *)roundup2((uintptr_t)p8, 4); |
363 | ni = p32 - p8; | | 364 | ni = p32 - p8; |
364 | if (n < ni) | | 365 | if (n < ni) |
365 | ni = n; | | 366 | ni = n; |
366 | nb = (n - ni) / sizeof block; | | 367 | nb = (n - ni) / sizeof block; |
367 | nf = (n - ni) % sizeof block; | | 368 | nf = (n - ni) % sizeof block; |
368 | | | 369 | |
369 | _DIAGASSERT(((uintptr_t)p32 & 3) == 0); | | 370 | _DIAGASSERT(((uintptr_t)p32 & 3) == 0); |
370 | _DIAGASSERT(ni <= n); | | 371 | _DIAGASSERT(ni <= n); |
371 | _DIAGASSERT(nb <= (n / sizeof block)); | | 372 | _DIAGASSERT(nb <= (n / sizeof block)); |
372 | _DIAGASSERT(nf <= n); | | 373 | _DIAGASSERT(nf <= n); |
| @@ -434,27 +435,28 @@ arc4random_prng_addrandom(struct arc4ran | | | @@ -434,27 +435,28 @@ arc4random_prng_addrandom(struct arc4ran |
434 | /* reseed(SHA256(prng() || sysctl(KERN_ARND) || data)) */ | | 435 | /* reseed(SHA256(prng() || sysctl(KERN_ARND) || data)) */ |
435 | crypto_prng_seed(&prng->arc4_prng, buf); | | 436 | crypto_prng_seed(&prng->arc4_prng, buf); |
436 | (void)explicit_memset(buf, 0, sizeof buf); | | 437 | (void)explicit_memset(buf, 0, sizeof buf); |
437 | prng->arc4_seeded = true; | | 438 | prng->arc4_seeded = true; |
438 | } | | 439 | } |
439 | | | 440 | |
440 | #ifdef _REENTRANT | | 441 | #ifdef _REENTRANT |
441 | static struct arc4random_prng * | | 442 | static struct arc4random_prng * |
442 | arc4random_prng_create(void) | | 443 | arc4random_prng_create(void) |
443 | { | | 444 | { |
444 | struct arc4random_prng *prng; | | 445 | struct arc4random_prng *prng; |
445 | const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE)); | | 446 | const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE)); |
446 | | | 447 | |
447 | prng = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); | | 448 | prng = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, |
| | | 449 | 0); |
448 | if (prng == MAP_FAILED) | | 450 | if (prng == MAP_FAILED) |
449 | goto fail0; | | 451 | goto fail0; |
450 | if (minherit(prng, size, MAP_INHERIT_ZERO) == -1) | | 452 | if (minherit(prng, size, MAP_INHERIT_ZERO) == -1) |
451 | goto fail1; | | 453 | goto fail1; |
452 | | | 454 | |
453 | return prng; | | 455 | return prng; |
454 | | | 456 | |
455 | fail1: (void)munmap(prng, size); | | 457 | fail1: (void)munmap(prng, size); |
456 | fail0: return NULL; | | 458 | fail0: return NULL; |
457 | } | | 459 | } |
458 | #endif | | 460 | #endif |
459 | | | 461 | |
460 | #ifdef _REENTRANT | | 462 | #ifdef _REENTRANT |