X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frand%2Fmd_rand.c;h=35bdbeb73ee3382be30a8b38321c808f7266ef01;hp=ce901759db14bd376ce604cc9a2ac74e67b6138b;hb=f3f3cc0ccaf528767942e6d151383209394cd7c4;hpb=1a33f6da8b86c249ba5438bc7e7f840257fac275 diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index ce901759db..35bdbeb73e 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -1,4 +1,4 @@ -/* crypto/rand/md_rand.c */ +* crypto/rand/md_rand.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #define ENTROPY_NEEDED 16 /* require 128 bits = 16 bytes of randomness */ @@ -130,6 +183,10 @@ #include +#ifdef BN_DEBUG +# define PREDICT +#endif + /* #define NORAND 1 */ /* #define PREDICT 1 */ @@ -141,6 +198,10 @@ static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; +#ifdef PREDICT +int rand_predictable=0; +#endif + const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; static void ssleay_rand_cleanup(void); @@ -148,6 +209,7 @@ static void ssleay_rand_seed(const void *buf, int num); static void ssleay_rand_add(const void *buf, int num, double add_entropy); static int ssleay_rand_bytes(unsigned char *buf, int num); static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); +static int ssleay_rand_status(void); RAND_METHOD rand_ssleay_meth={ ssleay_rand_seed, @@ -155,6 +217,7 @@ RAND_METHOD rand_ssleay_meth={ ssleay_rand_cleanup, ssleay_rand_add, ssleay_rand_pseudo_bytes, + ssleay_rand_status }; RAND_METHOD *RAND_SSLeay(void) @@ -282,13 +345,13 @@ static void ssleay_rand_add(const void *buf, int num, double add) { md[k] ^= local_md[k]; } + if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ + entropy += add; CRYPTO_w_unlock(CRYPTO_LOCK_RAND); #ifndef THREADS assert(md_c[1] == md_count[1]); #endif - if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ - entropy += add; } static void ssleay_rand_seed(const void *buf, int num) @@ -306,6 +369,10 @@ static void ssleay_rand_initialize(void) FILE *fh; #endif +#ifdef NORAND + return; +#endif + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); /* put in some default random data, we need more than just this */ #ifndef GETPID_IS_MEANINGLESS @@ -318,8 +385,8 @@ static void ssleay_rand_initialize(void) RAND_add(&l,sizeof(l),0); #ifdef DEVRANDOM - /* Use a random entropy pool device. Linux and FreeBSD have - * this. Use /dev/urandom if you can as /dev/random will block + /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD + * have this. Use /dev/urandom if you can as /dev/random may block * if it runs out of random entries. */ if ((fh = fopen(DEVRANDOM, "r")) != NULL) @@ -354,13 +421,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif #ifdef PREDICT - { - static unsigned char val=0; + if (rand_predictable) + { + static unsigned char val=0; - for (i=0; i= ENTROPY_NEEDED); + if (!ok) + { + /* If the PRNG state is not yet unpredictable, then seeing + * the PRNG output may help attackers to determine the new + * state; thus we have to decrease the entropy estimate. + * Once we've had enough initial seeding we don't bother to + * adjust the entropy count, though, because we're not ambitious + * to provide *information-theoretic* randomness. + */ + entropy -= num; + if (entropy < 0) + entropy = 0; + } st_idx=state_index; st_num=state_num; @@ -476,7 +557,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) return (ret); } -int RAND_status(void) +static int ssleay_rand_status(void) { if (!initialized) ssleay_rand_initialize(); @@ -487,6 +568,47 @@ int RAND_status(void) #include #include +int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) + { + double add_entropy=0; + SYSTEMTIME t; + + switch (iMsg) + { + case WM_KEYDOWN: + { + static WPARAM key; + if (key != wParam) + add_entropy = 0.05; + key = wParam; + } + break; + case WM_MOUSEMOVE: + { + static int lastx,lasty,lastdx,lastdy; + int x,y,dx,dy; + + x=LOWORD(lParam); + y=HIWORD(lParam); + dx=lastx-x; + dy=lasty-y; + if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) + add_entropy=.2; + lastx=x, lasty=y; + lastdx=dx, lastdy=dy; + } + break; + } + + GetSystemTime(&t); + RAND_add(&iMsg, sizeof(iMsg), add_entropy); + RAND_add(&wParam, sizeof(wParam), 0); + RAND_add(&lParam, sizeof(lParam), 0); + RAND_add(&t, sizeof(t), 0); + + return (RAND_status()); + } + /***************************************************************************** * Initialisation function for the SSL random generator. Takes the contents * of the screen as random seed.