openbsd-compat/bsd-arc4random.c

   1 /*
   2  * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
   3  *
   4  * Permission to use, copy, modify, and distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice appear in all copies.
   7  *
   8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15  */
  16
  17 #include "includes.h"
  18 #include "log.h"
  19
  20 #ifndef HAVE_ARC4RANDOM
  21
  22 #include <openssl/rand.h>
  23 #include <openssl/rc4.h>
  24 #include <openssl/err.h>
  25
  26 /* Size of key to use */
  27 #define SEED_SIZE 20
  28
  29 /* Number of bytes to reseed after */
  30 #define REKEY_BYTES     (1 << 24)
  31
  32 static int rc4_ready = 0;
  33 static RC4_KEY rc4;
  34
  35 unsigned int
  36 arc4random(void)
  37 {
  38         unsigned int r = 0;
  39         static int first_time = 1;
  40
  41         if (rc4_ready <= 0) {
  42                 if (first_time)
  43                         seed_rng();
  44                 first_time = 0;
  45                 arc4random_stir();
  46         }
  47
  48         RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
  49
  50         rc4_ready -= sizeof(r);
  51
  52         return(r);
  53 }
  54
  55 void
  56 arc4random_stir(void)
  57 {
  58         unsigned char rand_buf[SEED_SIZE];
  59         int i;
  60
  61         memset(&rc4, 0, sizeof(rc4));
  62         if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
  63                 fatal("Couldn't obtain random bytes (error %ld)",
  64                     ERR_get_error());
  65         RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
  66
  67         /*
  68          * Discard early keystream, as per recommendations in:
  69          * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
  70          */
  71         for(i = 0; i <= 256; i += sizeof(rand_buf))
  72                 RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
  73
  74         memset(rand_buf, 0, sizeof(rand_buf));
  75
  76         rc4_ready = REKEY_BYTES;
  77 }
  78 #endif /* !HAVE_ARC4RANDOM */