Mercurial > dropbear

comparison random.c @ 511:582cb38e4eb5 insecure-nocrypto

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a) to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 06 Nov 2008 13:16:55 +0000
parents 2cd2edfa11ee
children c1e9c81d1d27 76097ec1a29a
comparison
equal deleted inserted replaced
361:461c4b1fb35f 511:582cb38e4eb5
29 29
30 static int donerandinit = 0; 30 static int donerandinit = 0;
31 31
32 /* this is used to generate unique output from the same hashpool */ 32 /* this is used to generate unique output from the same hashpool */
33 static uint32_t counter = 0; 33 static uint32_t counter = 0;
34 #define MAX_COUNTER 1<<31 /* the max value for the counter, so it won't loop */ 34 /* the max value for the counter, so it won't integer overflow */
35 #define MAX_COUNTER 1<<30
35 36
36 static unsigned char hashpool[SHA1_HASH_SIZE]; 37 static unsigned char hashpool[SHA1_HASH_SIZE];
37 38
38 #define INIT_SEED_SIZE 32 /* 256 bits */ 39 #define INIT_SEED_SIZE 32 /* 256 bits */
39 40
131 unsigned char readbuf[INIT_SEED_SIZE]; 132 unsigned char readbuf[INIT_SEED_SIZE];
132 133
133 hash_state hs; 134 hash_state hs;
134 135
135 /* initialise so that things won't warn about 136 /* initialise so that things won't warn about
136 * hashing an undefined buffer */ 137 * hashing an undefined buffer */
137 if (!donerandinit) { 138 if (!donerandinit) {
138 m_burn(hashpool, sizeof(hashpool)); 139 m_burn(hashpool, sizeof(hashpool));
139 } 140 }
140 141
141 /* get the seed data */ 142 /* get the seed data */
154 /* hash the current random pool with some unique identifiers 155 /* hash the current random pool with some unique identifiers
155 * for this process and point-in-time. this is used to separate 156 * for this process and point-in-time. this is used to separate
156 * the random pools for fork()ed processes. */ 157 * the random pools for fork()ed processes. */
157 void reseedrandom() { 158 void reseedrandom() {
158 159
159 pid_t pid; 160 pid_t pid;
160 struct timeval tv; 161 hash_state hs;
162 struct timeval tv;
161 163
162 if (!donerandinit) { 164 if (!donerandinit) {
163 dropbear_exit("seedrandom not done"); 165 dropbear_exit("seedrandom not done");
164 } 166 }
165 167
166 pid = getpid(); 168 pid = getpid();
167 gettimeofday(&tv, NULL); 169 gettimeofday(&tv, NULL);
168 170
169 hash_state hs;
170 unsigned char hash[SHA1_HASH_SIZE];
171 sha1_init(&hs); 171 sha1_init(&hs);
172 sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); 172 sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
173 sha1_process(&hs, (void*)&pid, sizeof(pid)); 173 sha1_process(&hs, (void*)&pid, sizeof(pid));
174 sha1_process(&hs, (void*)&tv, sizeof(tv)); 174 sha1_process(&hs, (void*)&tv, sizeof(tv));
175 sha1_done(&hs, hashpool); 175 sha1_done(&hs, hashpool);
212 * */ 212 * */
213 void gen_random_mpint(mp_int *max, mp_int *rand) { 213 void gen_random_mpint(mp_int *max, mp_int *rand) {
214 214
215 unsigned char *randbuf = NULL; 215 unsigned char *randbuf = NULL;
216 unsigned int len = 0; 216 unsigned int len = 0;
217 const char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 217 const unsigned char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
218 218
219 const int size_bits = mp_count_bits(max); 219 const int size_bits = mp_count_bits(max);
220 220
221 len = size_bits / 8; 221 len = size_bits / 8;
222 if ((size_bits % 8) != 0) { 222 if ((size_bits % 8) != 0) {
232 232
233 bytes_to_mp(rand, randbuf, len); 233 bytes_to_mp(rand, randbuf, len);
234 234
235 /* keep regenerating until we get one satisfying 235 /* keep regenerating until we get one satisfying
236 * 0 < rand < max */ 236 * 0 < rand < max */
237 } while ( ( (max != NULL) && (mp_cmp(rand, max) != MP_LT) ) 237 } while (mp_cmp(rand, max) != MP_LT);
238 || (mp_cmp_d(rand, 0) != MP_GT) );
239 m_burn(randbuf, len); 238 m_burn(randbuf, len);
240 m_free(randbuf); 239 m_free(randbuf);
241 } 240 }