diff options
| -rw-r--r-- | curve.c | 1 | ||||
| -rw-r--r-- | curve.h | 1 | ||||
| -rw-r--r-- | curvetun/Makefile | 1 | ||||
| -rw-r--r-- | rnd.c | 49 | ||||
| -rw-r--r-- | rnd.h | 6 | ||||
| -rw-r--r-- | xio.c | 45 | ||||
| -rw-r--r-- | xio.h | 1 |
7 files changed, 58 insertions, 46 deletions
@@ -21,6 +21,7 @@ #include "curve.h" #include "xutils.h" #include "xio.h" +#include "rnd.h" #include "die.h" #include "str.h" #include "curvetun.h" @@ -13,6 +13,7 @@ #include "locking.h" #include "built_in.h" #include "xio.h" +#include "rnd.h" #include "crypto_box_curve25519xsalsa20poly1305.h" struct tai { diff --git a/curvetun/Makefile b/curvetun/Makefile index 44025ac..ce91dc2 100644 --- a/curvetun/Makefile +++ b/curvetun/Makefile @@ -10,6 +10,7 @@ curvetun-objs = xmalloc.o \ corking.o \ trie.o \ hash.o \ + rnd.o \ curve.o \ cpusched.o \ ct_usermgmt.o \ @@ -0,0 +1,49 @@ +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> + +#include "rnd.h" + +static int fd_rnd = -1; + +static void randombytes(unsigned char *x, unsigned long long xlen) +{ + int ret; + + if (fd_rnd == -1) { + for (;;) { + fd_rnd = open("/dev/urandom", O_RDONLY); + if (fd_rnd != -1) + break; + sleep(1); + } + } + + while (xlen > 0) { + if (xlen < 1048576) + ret = xlen; + else + ret = 1048576; + + ret = read(fd_rnd, x, ret); + if (ret < 1) { + sleep(1); + continue; + } + + x += ret; + xlen -= ret; + } +} + +/* Note: it's not really secure, but the name only suggests it's better to use + * than rand(3) when transferring bytes over the network in non-security + * critical structure members. secrand() is only used to fill up salts actually. + */ +int secrand(void) +{ + int ret; + randombytes((void *) &ret, sizeof(ret)); + return ret; +} @@ -0,0 +1,6 @@ +#ifndef RND_H +#define RND_H + +extern int secrand(void); + +#endif /* RND_H */ @@ -158,51 +158,6 @@ ssize_t write_exact(int fd, void *buf, size_t len, int mayexit) return num; } -static int fd_rnd = -1; - -static void randombytes(unsigned char *x, unsigned long long xlen) -{ - int ret; - - if (fd_rnd == -1) { - for (;;) { - fd_rnd = open("/dev/urandom", O_RDONLY); - if (fd_rnd != -1) - break; - sleep(1); - } - } - - while (xlen > 0) { - if (xlen < 1048576) - ret = xlen; - else - ret = 1048576; - - ret = read(fd_rnd, x, ret); - if (ret < 1) { - sleep(1); - continue; - } - - x += ret; - xlen -= ret; - } -} - -/* Note: it's not really secure, but the name only suggests it's better to use - * than rand(3) when transferring bytes over the network in non-security - * critical structure members. secrand() is only used to fill up salts actually. - */ -int secrand(void) -{ - int ret; - - randombytes((void *) &ret, sizeof(ret)); - - return ret; -} - static char const *priov[] = { [LOG_EMERG] = "EMERG:", [LOG_ALERT] = "ALERT:", @@ -16,7 +16,6 @@ extern ssize_t read_or_die(int fd, void *buf, size_t count); extern ssize_t write_or_die(int fd, const void *buf, size_t count); extern ssize_t read_exact(int fd, void *buf, size_t len, int mayexit); extern ssize_t write_exact(int fd, void *buf, size_t len, int mayexit); -extern int secrand(void); extern void to_std_log(FILE **fp); #endif /* XIO_H */ |