From 41b21b0fd1e2640671f4a2f5c45905e16fcfce9a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Jul 2004 04:36:01 +0000 Subject: r1492: Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett --- source/lib/afs.c | 2 +- source/lib/genrand.c | 38 +++++++++++++++++++++++++------------- source/lib/util_uuid.c | 2 +- 3 files changed, 27 insertions(+), 15 deletions(-) (limited to 'source/lib') diff --git a/source/lib/afs.c b/source/lib/afs.c index 0830a3a0e7f..8688fde6b1c 100644 --- a/source/lib/afs.c +++ b/source/lib/afs.c @@ -116,7 +116,7 @@ static BOOL afs_createtoken(const char *username, const char *cell, p += 4; /* We need to create a session key */ - generate_random_buffer(p, 8, False); + generate_random_buffer(p, 8); /* Our client code needs the the key in the clear, it does not know the server-key ... */ diff --git a/source/lib/genrand.c b/source/lib/genrand.c index bc9f21c6403..9ccddfa4c53 100644 --- a/source/lib/genrand.c +++ b/source/lib/genrand.c @@ -24,21 +24,32 @@ static unsigned char hash[258]; static uint32 counter; -static unsigned char *reseed_data; -static size_t reseed_data_size; + +static BOOL done_reseed = False; +static void (*reseed_callback)(int *newseed); /**************************************************************** Copy any user given reseed data. *****************************************************************/ -void set_rand_reseed_data(unsigned char *data, size_t len) +void set_rand_reseed_callback(void (*fn)(int *)) { - SAFE_FREE(reseed_data); - reseed_data_size = 0; + reseed_callback = fn; + set_need_random_reseed(); +} - reseed_data = (unsigned char *)memdup(data, len); - if (reseed_data) - reseed_data_size = len; +void set_need_random_reseed(void) +{ + done_reseed = False; +} + +static void get_rand_reseed_data(int *reseed_data) +{ + if (reseed_callback) { + reseed_callback(reseed_data); + } else { + *reseed_data = 0; + } } /**************************************************************** @@ -136,6 +147,7 @@ static int do_reseed(BOOL use_fd, int fd) unsigned char seed_inbuf[40]; uint32 v1, v2; struct timeval tval; pid_t mypid; struct passwd *pw; + int reseed_data = 0; if (use_fd) { if (fd != -1) @@ -183,10 +195,11 @@ static int do_reseed(BOOL use_fd, int fd) * Add any user-given reseed data. */ + get_rand_reseed_data(&reseed_data); if (reseed_data) { size_t i; for (i = 0; i < sizeof(seed_inbuf); i++) - seed_inbuf[i] ^= reseed_data[i % reseed_data_size]; + seed_inbuf[i] ^= ((char *)(&reseed_data))[i % sizeof(reseed_data)]; } seed_random_stream(seed_inbuf, sizeof(seed_inbuf)); @@ -198,15 +211,14 @@ static int do_reseed(BOOL use_fd, int fd) Interface to the (hopefully) good crypto random number generator. ********************************************************************/ -void generate_random_buffer( unsigned char *out, int len, BOOL do_reseed_now) +void generate_random_buffer( unsigned char *out, int len) { - static BOOL done_reseed = False; static int urand_fd = -1; unsigned char md4_buf[64]; unsigned char tmp_buf[16]; unsigned char *p; - if(!done_reseed || do_reseed_now) { + if(!done_reseed) { urand_fd = do_reseed(True, urand_fd); done_reseed = True; } @@ -257,7 +269,7 @@ char *generate_random_str(size_t len) if (len > sizeof(retstr)-1) len = sizeof(retstr) -1; - generate_random_buffer( retstr, len, False); + generate_random_buffer( retstr, len); for (i = 0; i < len; i++) retstr[i] = c_list[ retstr[i] % (sizeof(c_list)-1) ]; diff --git a/source/lib/util_uuid.c b/source/lib/util_uuid.c index dc9bc920230..8f86c2109ea 100644 --- a/source/lib/util_uuid.c +++ b/source/lib/util_uuid.c @@ -57,7 +57,7 @@ void smb_uuid_generate_random(struct uuid *uu) { UUID_FLAT tmp; - generate_random_buffer(tmp.info, sizeof(tmp.info), True); + generate_random_buffer(tmp.info, sizeof(tmp.info)); smb_uuid_unpack(tmp, uu); uu->clock_seq[0] = (uu->clock_seq[0] & 0x3F) | 0x80; -- cgit