Mercurial > dropbear
comparison random.c @ 511:582cb38e4eb5 insecure-nocrypto
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 06 Nov 2008 13:16:55 +0000 |
parents | 2cd2edfa11ee |
children | c1e9c81d1d27 76097ec1a29a |
comparison
equal
deleted
inserted
replaced
361:461c4b1fb35f | 511:582cb38e4eb5 |
---|---|
29 | 29 |
30 static int donerandinit = 0; | 30 static int donerandinit = 0; |
31 | 31 |
32 /* this is used to generate unique output from the same hashpool */ | 32 /* this is used to generate unique output from the same hashpool */ |
33 static uint32_t counter = 0; | 33 static uint32_t counter = 0; |
34 #define MAX_COUNTER 1<<31 /* the max value for the counter, so it won't loop */ | 34 /* the max value for the counter, so it won't integer overflow */ |
35 #define MAX_COUNTER 1<<30 | |
35 | 36 |
36 static unsigned char hashpool[SHA1_HASH_SIZE]; | 37 static unsigned char hashpool[SHA1_HASH_SIZE]; |
37 | 38 |
38 #define INIT_SEED_SIZE 32 /* 256 bits */ | 39 #define INIT_SEED_SIZE 32 /* 256 bits */ |
39 | 40 |
131 unsigned char readbuf[INIT_SEED_SIZE]; | 132 unsigned char readbuf[INIT_SEED_SIZE]; |
132 | 133 |
133 hash_state hs; | 134 hash_state hs; |
134 | 135 |
135 /* initialise so that things won't warn about | 136 /* initialise so that things won't warn about |
136 * hashing an undefined buffer */ | 137 * hashing an undefined buffer */ |
137 if (!donerandinit) { | 138 if (!donerandinit) { |
138 m_burn(hashpool, sizeof(hashpool)); | 139 m_burn(hashpool, sizeof(hashpool)); |
139 } | 140 } |
140 | 141 |
141 /* get the seed data */ | 142 /* get the seed data */ |
154 /* hash the current random pool with some unique identifiers | 155 /* hash the current random pool with some unique identifiers |
155 * for this process and point-in-time. this is used to separate | 156 * for this process and point-in-time. this is used to separate |
156 * the random pools for fork()ed processes. */ | 157 * the random pools for fork()ed processes. */ |
157 void reseedrandom() { | 158 void reseedrandom() { |
158 | 159 |
159 pid_t pid; | 160 pid_t pid; |
160 struct timeval tv; | 161 hash_state hs; |
162 struct timeval tv; | |
161 | 163 |
162 if (!donerandinit) { | 164 if (!donerandinit) { |
163 dropbear_exit("seedrandom not done"); | 165 dropbear_exit("seedrandom not done"); |
164 } | 166 } |
165 | 167 |
166 pid = getpid(); | 168 pid = getpid(); |
167 gettimeofday(&tv, NULL); | 169 gettimeofday(&tv, NULL); |
168 | 170 |
169 hash_state hs; | |
170 unsigned char hash[SHA1_HASH_SIZE]; | |
171 sha1_init(&hs); | 171 sha1_init(&hs); |
172 sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); | 172 sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); |
173 sha1_process(&hs, (void*)&pid, sizeof(pid)); | 173 sha1_process(&hs, (void*)&pid, sizeof(pid)); |
174 sha1_process(&hs, (void*)&tv, sizeof(tv)); | 174 sha1_process(&hs, (void*)&tv, sizeof(tv)); |
175 sha1_done(&hs, hashpool); | 175 sha1_done(&hs, hashpool); |
212 * */ | 212 * */ |
213 void gen_random_mpint(mp_int *max, mp_int *rand) { | 213 void gen_random_mpint(mp_int *max, mp_int *rand) { |
214 | 214 |
215 unsigned char *randbuf = NULL; | 215 unsigned char *randbuf = NULL; |
216 unsigned int len = 0; | 216 unsigned int len = 0; |
217 const char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; | 217 const unsigned char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; |
218 | 218 |
219 const int size_bits = mp_count_bits(max); | 219 const int size_bits = mp_count_bits(max); |
220 | 220 |
221 len = size_bits / 8; | 221 len = size_bits / 8; |
222 if ((size_bits % 8) != 0) { | 222 if ((size_bits % 8) != 0) { |
232 | 232 |
233 bytes_to_mp(rand, randbuf, len); | 233 bytes_to_mp(rand, randbuf, len); |
234 | 234 |
235 /* keep regenerating until we get one satisfying | 235 /* keep regenerating until we get one satisfying |
236 * 0 < rand < max */ | 236 * 0 < rand < max */ |
237 } while ( ( (max != NULL) && (mp_cmp(rand, max) != MP_LT) ) | 237 } while (mp_cmp(rand, max) != MP_LT); |
238 || (mp_cmp_d(rand, 0) != MP_GT) ); | |
239 m_burn(randbuf, len); | 238 m_burn(randbuf, len); |
240 m_free(randbuf); | 239 m_free(randbuf); |
241 } | 240 } |