random.c revision 276605
1238106Sdes/* 2238106Sdes * util/random.c - thread safe random generator, which is reasonably secure. 3238106Sdes * 4238106Sdes * Copyright (c) 2007, NLnet Labs. All rights reserved. 5238106Sdes * 6238106Sdes * This software is open source. 7238106Sdes * 8238106Sdes * Redistribution and use in source and binary forms, with or without 9238106Sdes * modification, are permitted provided that the following conditions 10238106Sdes * are met: 11238106Sdes * 12238106Sdes * Redistributions of source code must retain the above copyright notice, 13238106Sdes * this list of conditions and the following disclaimer. 14238106Sdes * 15238106Sdes * Redistributions in binary form must reproduce the above copyright notice, 16238106Sdes * this list of conditions and the following disclaimer in the documentation 17238106Sdes * and/or other materials provided with the distribution. 18238106Sdes * 19238106Sdes * Neither the name of the NLNET LABS nor the names of its contributors may 20238106Sdes * be used to endorse or promote products derived from this software without 21238106Sdes * specific prior written permission. 22238106Sdes * 23238106Sdes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24266114Sdes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25266114Sdes * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26266114Sdes * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27266114Sdes * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28266114Sdes * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29266114Sdes * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30266114Sdes * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31266114Sdes * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32266114Sdes * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33266114Sdes * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34238106Sdes */ 35238106Sdes 36238106Sdes/** 37238106Sdes * \file 38238106Sdes * Thread safe random functions. Similar to arc4random() with an explicit 39238106Sdes * initialisation routine. 40238106Sdes * 41238106Sdes * The code in this file is based on arc4random from 42238106Sdes * openssh-4.0p1/openbsd-compat/bsd-arc4random.c 43238106Sdes * That code is also BSD licensed. Here is their statement: 44238106Sdes * 45238106Sdes * Copyright (c) 1996, David Mazieres <dm@uun.org> 46238106Sdes * Copyright (c) 2008, Damien Miller <djm@openbsd.org> 47238106Sdes * 48238106Sdes * Permission to use, copy, modify, and distribute this software for any 49238106Sdes * purpose with or without fee is hereby granted, provided that the above 50238106Sdes * copyright notice and this permission notice appear in all copies. 51238106Sdes * 52238106Sdes * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 53238106Sdes * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 54238106Sdes * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 55238106Sdes * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 56238106Sdes * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 57238106Sdes * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 58238106Sdes * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 59238106Sdes */ 60238106Sdes#include "config.h" 61238106Sdes#include "util/random.h" 62238106Sdes#include "util/log.h" 63266114Sdes#include <time.h> 64276605Sdes 65276605Sdes#ifdef HAVE_NSS 66249141Sdes/* nspr4 */ 67249141Sdes#include "prerror.h" 68249141Sdes/* nss3 */ 69249141Sdes#include "secport.h" 70249141Sdes#include "pk11pub.h" 71249141Sdes#endif 72238106Sdes 73249141Sdes/** 74249141Sdes * Max random value. Similar to RAND_MAX, but more portable 75249141Sdes * (mingw uses only 15 bits random). 76249141Sdes */ 77249141Sdes#define MAX_VALUE 0x7fffffff 78249141Sdes 79276605Sdes#ifndef HAVE_NSS 80238106Sdesvoid 81276605Sdesub_systemseed(unsigned int ATTR_UNUSED(seed)) 82238106Sdes{ 83276605Sdes /* arc4random_uniform does not need seeds, it gets kernel entropy */ 84238106Sdes} 85238106Sdes 86238106Sdesstruct ub_randstate* 87276605Sdesub_initstate(unsigned int ATTR_UNUSED(seed), 88276605Sdes struct ub_randstate* ATTR_UNUSED(from)) 89238106Sdes{ 90276605Sdes struct ub_randstate* s = (struct ub_randstate*)malloc(1); 91238106Sdes if(!s) { 92238106Sdes log_err("malloc failure in random init"); 93238106Sdes return NULL; 94238106Sdes } 95238106Sdes return s; 96238106Sdes} 97238106Sdes 98238106Sdeslong int 99276605Sdesub_random(struct ub_randstate* ATTR_UNUSED(s)) 100238106Sdes{ 101276605Sdes /* This relies on MAX_VALUE being 0x7fffffff. */ 102276605Sdes return (long)arc4random() & MAX_VALUE; 103276605Sdes} 104238106Sdes 105276605Sdeslong int 106276605Sdesub_random_max(struct ub_randstate* state, long int x) 107276605Sdes{ 108276605Sdes (void)state; 109276605Sdes /* on OpenBSD, this does not need _seed(), or _stir() calls */ 110276605Sdes return (long)arc4random_uniform((uint32_t)x); 111238106Sdes} 112238106Sdes 113276605Sdes#else 114249141Sdes 115249141Sdes/* not much to remember for NSS since we use its pk11_random, placeholder */ 116249141Sdesstruct ub_randstate { 117249141Sdes int ready; 118249141Sdes}; 119249141Sdes 120249141Sdesvoid ub_systemseed(unsigned int ATTR_UNUSED(seed)) 121249141Sdes{ 122249141Sdes} 123249141Sdes 124249141Sdesstruct ub_randstate* ub_initstate(unsigned int ATTR_UNUSED(seed), 125249141Sdes struct ub_randstate* ATTR_UNUSED(from)) 126249141Sdes{ 127249141Sdes struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); 128249141Sdes if(!s) { 129249141Sdes log_err("malloc failure in random init"); 130249141Sdes return NULL; 131249141Sdes } 132249141Sdes return s; 133249141Sdes} 134249141Sdes 135249141Sdeslong int ub_random(struct ub_randstate* ATTR_UNUSED(state)) 136249141Sdes{ 137249141Sdes long int x; 138249141Sdes /* random 31 bit value. */ 139249141Sdes SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x)); 140249141Sdes if(s != SECSuccess) { 141249141Sdes log_err("PK11_GenerateRandom error: %s", 142249141Sdes PORT_ErrorToString(PORT_GetError())); 143249141Sdes } 144249141Sdes return x & MAX_VALUE; 145249141Sdes} 146249141Sdes 147238106Sdeslong int 148238106Sdesub_random_max(struct ub_randstate* state, long int x) 149238106Sdes{ 150238106Sdes /* make sure we fetch in a range that is divisible by x. ignore 151238106Sdes * values from d .. MAX_VALUE, instead draw a new number */ 152238106Sdes long int d = MAX_VALUE - (MAX_VALUE % x); /* d is divisible by x */ 153238106Sdes long int v = ub_random(state); 154238106Sdes while(d <= v) 155238106Sdes v = ub_random(state); 156238106Sdes return (v % x); 157238106Sdes} 158276605Sdes#endif /* HAVE_NSS */ 159238106Sdes 160238106Sdesvoid 161238106Sdesub_randfree(struct ub_randstate* s) 162238106Sdes{ 163238106Sdes if(s) 164238106Sdes free(s); 165238106Sdes /* user app must do RAND_cleanup(); */ 166238106Sdes} 167