- Add Fortuna PRNG to pgcrypto.
- Move openssl random provider to openssl.c and builtin provider
  to internal.c
- Make px_random_bytes use Fortuna, instead of giving error.
- Retarget random.c to aquiring system randomness, for initial seeding
  of Fortuna.  There is ATM 2 functions for Windows,
  reader from /dev/urandom and the regular time()/getpid() silliness.


Index: pgsql/contrib/pgcrypto/fortuna.c
===================================================================
*** /dev/null
--- pgsql/contrib/pgcrypto/fortuna.c
***************
*** 0 ****
--- 1,365 ----
+ /*
+  * fortuna.c
+  *            Fortuna-like PRNG.
+  *
+  * Copyright (c) 2005 Marko Kreen
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+  * are met:
+  * 1. Redistributions of source code must retain the above copyright
+  *      notice, this list of conditions and the following disclaimer.
+  * 2. Redistributions in binary form must reproduce the above copyright
+  *      notice, this list of conditions and the following disclaimer in the
+  *      documentation and/or other materials provided with the distribution.
+  *
+  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  * ARE DISCLAIMED.    IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+  * $PostgreSQL$
+  */
+ 
+ #include <postgres.h>
+ #include <sys/time.h>
+ #include <time.h>
+ 
+ #include "rijndael.h"
+ #include "sha2.h"
+ 
+ #include "fortuna.h"
+ 
+ 
+ /*
+  * Why Fortuna-like: There does not seem to be any definitive reference
+  * on Fortuna in the net.  Instead this implementation is based on
+  * following references:
+  * 
+  * http://en.wikipedia.org/wiki/Fortuna_(PRNG)
+  *   - Wikipedia article
+  * http://jlcooke.ca/random/
+  *   - Jean-Luc Cooke Fortuna-based /dev/random driver for Linux.
+  */
+ 
+ /*
+  * There is some confusion about whether and how to carry forward
+  * the state of the pools.  Seems like original Fortuna does not
+  * do it, resetting hash after each request.  I guess expecting
+  * feeding to happen more often that requesting.   This is absolutely
+  * unsuitable for pgcrypto, as nothing asynchronous happens here.
+  *
+  * J.L. Cooke fixed this by feeding previous hash to new re-initialized
+  * hash context.
+  *
+  * Fortuna predecessor Yarrow requires ability to query intermediate
+  * 'final result' from hash, without affecting it.
+  *
+  * This implementation uses the Yarrow method - asking intermediate
+  * results, but continuing with old state.
+  */
+ 
+ 
+ /*
+  * Algorithm parameters
+  */
+ 
+ /*
+  * How many pools.
+  *
+  * Original Fortuna uses 32 pools, that means 32'th pool is
+  * used not earlier than in 13th year.  This is a waste in
+  * pgcrypto, as we have very low-frequancy seeding.  Here
+  * is preferable to have all entropy usable in reasonable time.
+  *
+  * With 23 pools, 23th pool is used after 9 days which seems
+  * more sane.
+  *
+  * In our case the minimal cycle time would be bit longer
+  * than the system-randomness feeding frequency.
+  */
+ #define NUM_POOLS             23
+ 
+ /* in microseconds */
+ #define RESEED_INTERVAL       100000 /* 0.1 sec */
+ 
+ /* for one big request, reseed after this many bytes */
+ #define RESEED_BYTES  (1024*1024)
+ 
+ 
+ /*
+  * Algorithm constants
+  */
+ 
+ /* max sources */
+ #define MAX_SOURCES           8
+ 
+ /* Both cipher key size and hash result size */
+ #define BLOCK                 32
+ 
+ /* cipher block size */
+ #define CIPH_BLOCK            16
+ 
+ /* for internal wrappers */
+ #define MD_CTX                        SHA256_CTX
+ #define CIPH_CTX              rijndael_ctx
+ 
+ struct fortuna_state {
+       uint8                   counter[CIPH_BLOCK];
+       uint8                   result[CIPH_BLOCK];
+       uint8                   key[BLOCK];
+       MD_CTX                  pool[NUM_POOLS];
+       CIPH_CTX                ciph;
+       unsigned                source_pos[MAX_SOURCES];
+       unsigned                reseed_count;
+       struct timeval  last_reseed_time;
+ };
+ typedef struct fortuna_state FState;
+ 
+ 
+ /*
+  * Use our own wrappers here.
+  * - Need to get intermediate result from digest, without affecting it.
+  * - Need re-set key on a cipher context.
+  * - Algorithms are guaranteed to exist.
+  * - No memory allocations.
+  */
+ 
+ static void ciph_init(CIPH_CTX *ctx, const uint8 *key, int klen)
+ {
+       rijndael_set_key(ctx, (const uint32 *)key, klen, 1);
+ }
+ 
+ static void ciph_encrypt(CIPH_CTX *ctx, const uint8 *in, uint8 *out)
+ {
+       rijndael_encrypt(ctx, (const uint32 *)in, (uint32 *)out);
+ }
+ 
+ static void md_init(MD_CTX *ctx)
+ {
+       SHA256_Init(ctx);
+ }
+ 
+ static void md_update(MD_CTX *ctx, const uint8 *data, int len)
+ {
+       SHA256_Update(ctx, data, len);
+ }
+ 
+ static void md_result(MD_CTX *ctx, uint8 *dst)
+ {
+       SHA256_CTX tmp;
+       memcpy(&tmp, ctx, sizeof(*ctx));
+       SHA256_Final(dst, &tmp);
+       memset(&tmp, 0, sizeof(tmp));
+ }
+ 
+ 
+ /*
+  * initialize state
+  */
+ static void init_state(FState *st)
+ {
+       int i;
+       memset(st, 0, sizeof(*st));
+       for (i = 0; i < NUM_POOLS; i++)
+               md_init(&st->pool[i]);
+ }
+ 
+ /*
+  * Must not reseed more ofter than RESEED_PER_SEC
+  * times per second.
+  */
+ static int too_often(FState *st)
+ {
+       int ok;
+       struct timeval tv;
+       struct timeval *last = &st->last_reseed_time;
+       
+       gettimeofday(&tv, NULL);
+ 
+       ok = 0;
+       if (tv.tv_sec != last->tv_sec)
+               ok = 1;
+       else if (tv.tv_usec - last->tv_usec >= RESEED_INTERVAL)
+               ok = 1;
+ 
+       memcpy(last, &tv, sizeof(tv));
+       memset(&tv, 0, sizeof(tv));
+ 
+       return ok;
+ }
+ 
+ /*
+  * generate new key from all the pools
+  */
+ static void reseed(FState *st)
+ {
+       unsigned k;
+       unsigned n;
+       MD_CTX key_md;
+       uint8 buf[BLOCK];
+ 
+       /* check frequency */
+       if (too_often(st))
+               return;
+ 
+       /*
+        * Both #0 and #1 reseed would use only pool 0.
+        * Just skip #0 then.
+        */
+       n = ++st->reseed_count;
+ 
+       /*
+        * The goal: use k-th pool only 1/(2^k) of the time.
+        */
+       md_init(&key_md);
+       for (k = 0; k < NUM_POOLS; k++) {
+               md_result(&st->pool[k], buf);
+               md_update(&key_md, buf, BLOCK);
+ 
+               if (n & 1 || !n)
+                       break;
+               n >>= 1;
+       }
+ 
+       /* add old key into mix too */
+       md_update(&key_md, st->key, BLOCK);
+ 
+       /* now we have new key */
+       md_result(&key_md, st->key);
+ 
+       /* use new key */
+       ciph_init(&st->ciph, st->key, BLOCK);
+ 
+       memset(&key_md, 0, sizeof(key_md));
+       memset(buf, 0, BLOCK);
+       n = k = 0;
+ }
+ 
+ /*
+  * update pools
+  */
+ static void add_entropy(FState *st, unsigned src_id, const uint8 *data, 
unsigned len)
+ {
+       unsigned pos;
+       uint8 hash[BLOCK];
+       MD_CTX md;
+ 
+       /* just in case there's a bug somewhere */
+       if (src_id >= MAX_SOURCES)
+               src_id = USER_ENTROPY;
+ 
+       /* hash given data */
+       md_init(&md);
+       md_update(&md, data, len);
+       md_result(&md, hash);
+ 
+       /* update pools round-robin manner */
+       pos = st->source_pos[src_id];
+       md_update( &st->pool[pos], hash, BLOCK);
+ 
+       if (++pos >= NUM_POOLS)
+               pos = 0;
+       st->source_pos[src_id] = pos;
+ 
+       memset(hash, 0, BLOCK);
+       memset(&md, 0, sizeof(md));
+ }
+ 
+ /*
+  * Endianess does not matter.
+  * It just needs to change without repeating.
+  */
+ static void inc_counter(FState *st)
+ {
+       uint32 *val = (uint32*)st->counter;
+       if (++val[0])
+               return;
+       if (++val[1])
+               return;
+       if (++val[2])
+               return;
+       ++val[3];
+ }
+ 
+ static void extract_data(FState *st, unsigned count, uint8 *dst)
+ {
+       unsigned n;
+       unsigned block_nr = 0;
+ 
+       /*
+        * Every request should be with different key,
+        * if possible.
+        */
+       reseed(st);
+ 
+       /*
+        * If the reseed didn't happen, don't use the old data
+        * rather encrypt again.
+        */
+ 
+       while (count > 0) {
+               /* must not give out too many bytes with one key */
+               if (block_nr > (RESEED_BYTES / CIPH_BLOCK))
+               {
+                       reseed(st);
+                       block_nr = 0;
+               }
+ 
+               /* produce bytes */
+               ciph_encrypt(&st->ciph, st->counter, st->result);
+               block_nr++;
+ 
+               /* prepare for next time */
+               inc_counter(st);
+ 
+               /* copy result */
+               if (count > CIPH_BLOCK)
+                       n = CIPH_BLOCK;
+               else
+                       n = count;
+               memcpy(dst, st->result, n);
+               dst += n;
+               count -= n;
+       }
+ }
+ 
+ /*
+  * public interface
+  */
+ 
+ static FState main_state;
+ static int init_done = 0;
+ 
+ void fortuna_add_entropy(unsigned src_id, const uint8 *data, unsigned len)
+ {
+       if (!init_done)
+       {
+               init_state(&main_state);
+               init_done = 1;
+       }
+       if (!data || !len)
+               return;
+       add_entropy(&main_state, src_id, data, len);
+ }
+ 
+ void fortuna_get_bytes(unsigned len, uint8 *dst)
+ {
+       if (!init_done)
+       {
+               init_state(&main_state);
+               init_done = 1;
+       }
+       if (!dst || !len)
+               return;
+       extract_data(&main_state, len, dst);
+ }
+ 
Index: pgsql/contrib/pgcrypto/fortuna.h
===================================================================
*** /dev/null
--- pgsql/contrib/pgcrypto/fortuna.h
***************
*** 0 ****
--- 1,45 ----
+ /*
+  * fortuna.c
+  *            Fortuna PRNG.
+  *
+  * Copyright (c) 2005 Marko Kreen
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+  * are met:
+  * 1. Redistributions of source code must retain the above copyright
+  *      notice, this list of conditions and the following disclaimer.
+  * 2. Redistributions in binary form must reproduce the above copyright
+  *      notice, this list of conditions and the following disclaimer in the
+  *      documentation and/or other materials provided with the distribution.
+  *
+  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  * ARE DISCLAIMED.    IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+  * $PostgreSQL$
+  */
+ 
+ #ifndef __FORTUNA_H
+ #define __FORTUNA_H
+ 
+ /*
+  * Event source ID's
+  */
+ #define SYSTEM_ENTROPY        0
+ #define USER_ENTROPY  1
+ 
+ void fortuna_get_bytes(unsigned len, uint8 *dst);
+ void fortuna_add_entropy(unsigned src_id, const uint8 *data, unsigned len);
+ 
+ #endif
+ 
Index: pgsql/contrib/pgcrypto/Makefile
===================================================================
*** pgsql.orig/contrib/pgcrypto/Makefile
--- pgsql/contrib/pgcrypto/Makefile
***************
*** 2,25 ****
  # $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.16 2005/07/05 23:18:44 tgl 
Exp $
  #
  
! # if you don't have OpenSSL, you can use libc random() or /dev/urandom
! INT_CFLAGS = -DRAND_SILLY
! #INT_CFLAGS = -DRAND_DEV=\"/dev/urandom\"
! 
! INT_SRCS = md5.c sha1.c sha2.c internal.c blf.c rijndael.c
  INT_TESTS = sha2
  
- OSSL_CFLAGS = -DRAND_OPENSSL
  OSSL_SRCS = openssl.c
  OSSL_TESTS = des 3des cast5
  
  CF_SRCS = $(if $(subst no,,$(with_openssl)), $(OSSL_SRCS), $(INT_SRCS))
  CF_TESTS = $(if $(subst no,,$(with_openssl)), $(OSSL_TESTS), $(INT_TESTS))
! CF_CFLAGS = $(if $(subst no,,$(with_openssl)), $(OSSL_CFLAGS), $(INT_CFLAGS))
  
  PG_CPPFLAGS   = $(CF_CFLAGS)
  
! SRCS          = pgcrypto.c px.c px-hmac.c px-crypt.c misc.c random.c \
                crypt-gensalt.c crypt-blowfish.c crypt-des.c \
                crypt-md5.c $(CF_SRCS)
  
--- 2,21 ----
  # $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.16 2005/07/05 23:18:44 tgl 
Exp $
  #
  
! INT_SRCS = md5.c sha1.c sha2.c internal.c blf.c rijndael.c \
!               fortuna.c random.c
  INT_TESTS = sha2
  
  OSSL_SRCS = openssl.c
  OSSL_TESTS = des 3des cast5
  
  CF_SRCS = $(if $(subst no,,$(with_openssl)), $(OSSL_SRCS), $(INT_SRCS))
  CF_TESTS = $(if $(subst no,,$(with_openssl)), $(OSSL_TESTS), $(INT_TESTS))
! CF_CFLAGS =
  
  PG_CPPFLAGS   = $(CF_CFLAGS)
  
! SRCS          = pgcrypto.c px.c px-hmac.c px-crypt.c misc.c \
                crypt-gensalt.c crypt-blowfish.c crypt-des.c \
                crypt-md5.c $(CF_SRCS)
  
Index: pgsql/contrib/pgcrypto/internal.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/internal.c
--- pgsql/contrib/pgcrypto/internal.c
***************
*** 31,36 ****
--- 31,37 ----
  
  
  #include <postgres.h>
+ #include <time.h>
  
  #include "px.h"
  
***************
*** 39,44 ****
--- 40,52 ----
  #include "sha2.h"
  #include "blf.h"
  #include "rijndael.h"
+ #include "fortuna.h"
+ 
+ /*
+  * How often to try to acquire system entropy.  (In seconds)
+  */
+ #define SYSTEM_RESEED_FREQ    (3*60*60)
+ 
  
  #ifndef MD5_DIGEST_LENGTH
  #define MD5_DIGEST_LENGTH 16
*************** px_find_cipher(const char *name, PX_Ciph
*** 784,786 ****
--- 792,849 ----
        *res = c;
        return 0;
  }
+ 
+ /*
+  * Randomness provider
+  */
+ 
+ /*
+  * Use libc for all 'public' bytes.
+  *
+  * That way we don't expose bytes from Fortuna
+  * to the public, in case it has some bugs.
+  */
+ int
+ px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
+ {
+       int         i;
+ 
+       for (i = 0; i < count; i++)
+               *dst++ = random();
+       return i;
+ }
+ 
+ static time_t seed_time = 0;
+ static void system_reseed()
+ {
+       uint8 buf[1024];
+       int n;
+       time_t t;
+ 
+       t = time(NULL);
+       if (seed_time && (t - seed_time) < SYSTEM_RESEED_FREQ)
+               return;
+ 
+       n = px_acquire_system_randomness(buf);
+       if (n > 0)
+               fortuna_add_entropy(SYSTEM_ENTROPY, buf, n);
+ 
+       seed_time = t;
+ }
+ 
+ int
+ px_get_random_bytes(uint8 *dst, unsigned count)
+ {
+       system_reseed();
+       fortuna_get_bytes(count, dst);
+       return 0;
+ }
+ 
+ int
+ px_add_entropy(const uint8 *data, unsigned count)
+ {
+       system_reseed();
+       fortuna_add_entropy(USER_ENTROPY, data, count);
+       return 0;
+ }
+ 
Index: pgsql/contrib/pgcrypto/openssl.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/openssl.c
--- pgsql/contrib/pgcrypto/openssl.c
***************
*** 37,42 ****
--- 37,45 ----
  #include <openssl/blowfish.h>
  #include <openssl/cast.h>
  #include <openssl/des.h>
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+ 
  
  /*
   * Does OpenSSL support AES? 
*************** px_find_cipher(const char *name, PX_Ciph
*** 759,761 ****
--- 762,819 ----
        *res = c;
        return 0;
  }
+ 
+ 
+ static int    openssl_random_init = 0;
+ 
+ /*
+  * OpenSSL random should re-feeded occasionally. From /dev/urandom
+  * preferably.
+  */
+ static void init_openssl_rand()
+ {
+       if (RAND_get_rand_method() == NULL)
+               RAND_set_rand_method(RAND_SSLeay());
+       openssl_random_init = 1;
+ }
+ 
+ int
+ px_get_random_bytes(uint8 *dst, unsigned count)
+ {
+       int                     res;
+ 
+       if (!openssl_random_init)
+               init_openssl_rand();
+ 
+       res = RAND_bytes(dst, count);
+       if (res == 1)
+               return count;
+ 
+       return PXE_OSSL_RAND_ERROR;
+ }
+ 
+ int
+ px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
+ {
+       int                     res;
+ 
+       if (!openssl_random_init)
+               init_openssl_rand();
+ 
+       res = RAND_pseudo_bytes(dst, count);
+       if (res == 0 || res == 1)
+               return count;
+ 
+       return PXE_OSSL_RAND_ERROR;
+ }
+ 
+ int
+ px_add_entropy(const uint8 *data, unsigned count)
+ {
+       /*
+        * estimate 0 bits
+        */
+       RAND_add(data, count, 0);
+       return 0;
+ }
+ 
Index: pgsql/contrib/pgcrypto/px.h
===================================================================
*** pgsql.orig/contrib/pgcrypto/px.h
--- pgsql/contrib/pgcrypto/px.h
*************** int                     px_find_combo(const char *name, PX
*** 170,175 ****
--- 170,178 ----
  
  int                   px_get_random_bytes(uint8 *dst, unsigned count);
  int                   px_get_pseudo_random_bytes(uint8 *dst, unsigned count);
+ int                   px_add_entropy(const uint8 *data, unsigned count);
+ 
+ unsigned      px_acquire_system_randomness(uint8 *dst);
  
  const char *px_strerror(int err);
  
Index: pgsql/contrib/pgcrypto/random.c
===================================================================
*** pgsql.orig/contrib/pgcrypto/random.c
--- pgsql/contrib/pgcrypto/random.c
***************
*** 1,6 ****
  /*
   * random.c
!  *            Random functions.
   *
   * Copyright (c) 2001 Marko Kreen
   * All rights reserved.
--- 1,6 ----
  /*
   * random.c
!  *            Acquire randomness from system.  For seeding RNG.
   *
   * Copyright (c) 2001 Marko Kreen
   * All rights reserved.
***************
*** 34,41 ****
  
  #include "px.h"
  
  
! #if defined(RAND_DEV)
  
  #include <errno.h>
  #include <fcntl.h>
--- 34,53 ----
  
  #include "px.h"
  
+ /* how many bytes to ask from system random provider */
+ #define RND_BYTES  32
  
! /*
!  * Try to read from /dev/urandom or /dev/random on these OS'es.
!  *
!  * The list can be pretty liberal, as the device not existing
!  * is expected event.
!  */
! #if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) \
!       || defined(__NetBSD__) || defined(__DragonFly__) \
!       || defined(__darwin__) || defined(__SOLARIS__)
! 
! #define TRY_DEV_RANDOM
  
  #include <errno.h>
  #include <fcntl.h>
*************** safe_read(int fd, void *buf, size_t coun
*** 64,157 ****
        return done;
  }
  
! int
! px_get_random_bytes(uint8 *dst, unsigned count)
  {
        int                     fd;
        int                     res;
  
!       fd = open(RAND_DEV, O_RDONLY);
        if (fd == -1)
!               return PXE_DEV_READ_ERROR;
!       res = safe_read(fd, dst, count);
        close(fd);
!       return res;
  }
  
! int
! px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
! {
!       return px_get_random_bytes(dst, count);
! }
  
! #elif defined(RAND_SILLY)
  
! int
! px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
  {
!       int                     i;
  
!       for (i = 0; i < count; i++)
!               *dst++ = random();
!       return i;
  }
  
! int
! px_get_random_bytes(uint8 *dst, unsigned count)
  {
!       return PXE_NO_RANDOM;
! }
  
! #elif defined(RAND_OPENSSL)
  
! #include <openssl/evp.h>
! #include <openssl/blowfish.h>
! #include <openssl/rand.h>
! #include <openssl/err.h>
  
- static int    openssl_random_init = 0;
  
  /*
!  * OpenSSL random should re-feeded occasionally. From /dev/urandom
!  * preferably.
   */
! static void init_openssl()
! {
!       if (RAND_get_rand_method() == NULL)
!               RAND_set_rand_method(RAND_SSLeay());
!       openssl_random_init = 1;
! }
  
! int
! px_get_random_bytes(uint8 *dst, unsigned count)
! {
!       int                     res;
! 
!       if (!openssl_random_init)
!               init_openssl();
! 
!       res = RAND_bytes(dst, count);
!       if (res == 1)
!               return count;
  
!       return PXE_OSSL_RAND_ERROR;
! }
  
! int
! px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
  {
!       int                     res;
  
!       if (!openssl_random_init)
!               init_openssl();
  
!       res = RAND_pseudo_bytes(dst, count);
!       if (res == 0 || res == 1)
!               return count;
  
!       return PXE_OSSL_RAND_ERROR;
  }
  
- #else
- #error "Invalid random source"
  #endif
--- 76,244 ----
        return done;
  }
  
! static uint8 *
! try_dev_random(uint8 *dst)
  {
        int                     fd;
        int                     res;
  
!       fd = open("/dev/urandom", O_RDONLY);
        if (fd == -1)
!       {
!               fd = open("/dev/random", O_RDONLY);
!               if (fd == -1)
!                       return dst;
!       }
!       res = safe_read(fd, dst, RND_BYTES);
        close(fd);
!       if (res > 0)
!               dst += res;
!       return dst;
  }
  
! #endif
! 
! /*
!  * Try to find randomness on Windows
!  */
! #ifdef WIN32
! 
! #define TRY_WIN32_GENRAND
! #define TRY_WIN32_PERFC
  
! #define _WIN32_WINNT 0x0400
! #include <windows.h>
! #include <wincrypt.h>
  
! /*
!  * this function is from libtomcrypt
!  * 
!  * try to use Microsoft crypto API
!  */
! static uint8 * try_win32_genrand(uint8 *dst)
  {
!       int res;
!       HCRYPTPROV h = 0;
! 
!       res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL,
!                               (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET));
!       if (!res)
!               res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL,
!                               CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET | 
CRYPT_NEWKEYSET);
!       if (!res)
!               return dst;
!       
!       res = CryptGenRandom(h, NUM_BYTES, dst);
!       if (res == TRUE)
!               dst += len;
  
!       CryptReleaseContext(h, 0);
!       return dst;
  }
  
! static uint8 * try_win32_perfc(uint8 *dst)
  {
!       int res;
!       LARGE_INTEGER time;
  
!       res = QueryPerformanceCounter(&time);
!       if (!res)
!               return dst;
  
!       memcpy(dst, &time, sizeof(time));
!       return dst + sizeof(time);
! }
! 
! #endif /* WIN32 */
  
  
  /*
!  * If we are not on Windows, then hopefully we are
!  * on a unix-like system.  Use the usual suspects
!  * for randomness.
   */
! #ifndef WIN32
  
! #define TRY_UNIXSTD
  
! #include <sys/types.h>
! #include <sys/time.h>
! #include <time.h>
! #include <unistd.h>
  
! /*
!  * Everything here is predictible, only needs some patience.
!  *
!  * But there is a chance that the system-specific functions
!  * did not work.  So keep faith and try to slow the attacker down.
!  */
! static uint8 *
! try_unix_std(uint8 *dst)
  {
!       pid_t pid;
!       int x;
!       PX_MD *md;
!       struct timeval tv;
!       int res;
! 
!       /* process id */
!       pid = getpid();
!       memcpy(dst, (uint8*)&pid, sizeof(pid));
!       dst += sizeof(pid);
! 
!       /* time */
!       gettimeofday(&tv, NULL);
!       memcpy(dst, (uint8*)&tv, sizeof(tv));
!       dst += sizeof(tv);
! 
!       /* pointless, but should not hurt */
!       x = random();
!       memcpy(dst, (uint8*)&x, sizeof(x));
!       dst += sizeof(x);
! 
!       /* let's be desperate */
!       res = px_find_digest("sha1", &md);
!       if (res >= 0) {
!               uint8 *ptr;
!               uint8 stack[8192];
!               int alloc = 32*1024;
! 
!               px_md_update(md, stack, sizeof(stack));
!               ptr = px_alloc(alloc);
!               px_md_update(md, ptr, alloc);
!               px_free(ptr);
  
!               px_md_finish(md, dst);
!               px_md_free(md);
  
!               dst += 20;
!       }
  
!       return dst;
  }
  
  #endif
+ 
+ /*
+  * try to extract some randomness for initial seeding
+  *
+  * dst should have room for 1024 bytes.
+  */
+ unsigned px_acquire_system_randomness(uint8 *dst)
+ {
+       uint8 *p = dst;
+ #ifdef TRY_DEV_RANDOM
+       p = try_dev_random(p);
+ #endif
+ #ifdef TRY_WIN32_GENRAND
+       p = try_win32_genrand(p);
+ #endif
+ #ifdef TRY_WIN32_PERFC
+       p = try_win32_perfc(p);
+ #endif
+ #ifdef TRY_UNIXSTD
+       p = try_unix_std(p);
+ #endif
+       return p - dst;
+ }
+ 

--

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

Reply via email to