crypto/external/bsd/openssh/dist/random.c

   1 /*      $NetBSD: random.c,v 1.8 2009/02/16 20:53:54 christos Exp $      */
   2
   3 /*-
   4  * Copyright (c) 2000 The NetBSD Foundation, Inc.
   5  * All rights reserved.
   6  *
   7  * This code is derived from software contributed to The NetBSD Foundation
   8  * by Jason R. Thorpe.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions
  12  * are met:
  13  * 1. Redistributions of source code must retain the above copyright
  14  *    notice, this list of conditions and the following disclaimer.
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  29  * POSSIBILITY OF SUCH DAMAGE.
  30  */
  31
  32 #include "includes.h"
  33 #ifndef lint
  34 __RCSID("$NetBSD: random.c,v 1.8 2009/02/16 20:53:54 christos Exp $");
  35 #endif
  36
  37 /*
  38  * Functions for stirring in additional noise into the
  39  * cryptographically strong PRNG.
  40  * the functions are not using "arc4" in any ways, they are placed here
  41  * to make porting easy.
  42  */
  43
  44 #include <sys/types.h>
  45 #include <fcntl.h>
  46 #include <string.h>
  47 #include <unistd.h>
  48 #include <stdarg.h>
  49 #include <stdlib.h>
  50
  51 #include "pathnames.h"
  52 #include "random.h"
  53 #include "log.h"
  54
  55 static const char *rndfail = "random number device is mandatory.  see rnd(4).";
  56
  57 int
  58 arc4random_check(void)
  59 {
  60         int fd;
  61
  62         fd = open(_PATH_URANDOM, O_RDONLY, 0666);
  63         if (fd < 0) {
  64                 fatal(rndfail);
  65                 /*NOTREACHED*/
  66         }
  67         close(fd);
  68         return 0;
  69 }
  70
  71 void
  72 arc4random_buf(void *_buf, size_t n)
  73 {
  74         size_t i;
  75         u_int32_t r = 0;
  76         char *buf = (char *)_buf;
  77
  78         for (i = 0; i < n; i++) {
  79                 if (i % 4 == 0)
  80                         r = arc4random();
  81                 buf[i] = r & 0xff;
  82                 r >>= 8;
  83         }
  84         i = r = 0;
  85 }
  86
  87 /*
  88  * Calculate a uniformly distributed random number less than upper_bound
  89  * avoiding "modulo bias".
  90  *
  91  * Uniformity is achieved by generating new random numbers until the one
  92  * returned is outside the range [0, 2**32 % upper_bound).  This
  93  * guarantees the selected random number will be inside
  94  * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
  95  * after reduction modulo upper_bound.
  96  */
  97 u_int32_t
  98 arc4random_uniform(u_int32_t upper_bound)
  99 {
 100         u_int32_t r, min;
 101
 102         if (upper_bound < 2)
 103                 return 0;
 104
 105 #if (ULONG_MAX > 0xffffffffUL)
 106         min = 0x100000000UL % upper_bound;
 107 #else
 108         /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
 109         if (upper_bound > 0x80000000)
 110                 min = 1 + ~upper_bound;         /* 2**32 - upper_bound */
 111         else {
 112                 /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
 113                 min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
 114         }
 115 #endif
 116
 117         /*
 118          * This could theoretically loop forever but each retry has
 119          * p > 0.5 (worst case, usually far better) of selecting a
 120          * number inside the range we need, so it should rarely need
 121          * to re-roll.
 122          */
 123         for (;;) {
 124                 r = arc4random();
 125                 if (r >= min)
 126                         break;
 127         }
 128
 129         return r % upper_bound;
 130 }