diff options
author | Otto Moerbeek <otto@cvs.openbsd.org> | 2005-11-30 07:51:03 +0000 |
---|---|---|
committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2005-11-30 07:51:03 +0000 |
commit | 1fcb44d8d6accf4b13417c63d21bd922f79d386a (patch) | |
tree | d5f0eb26e09410e4bf7f6d954c2e138b95ccd125 /lib | |
parent | 0f97be5213bc1c35042f4403759d8c954c4e631a (diff) |
Use sysctl(KERN_ARND) to get n bytes, instead of just 4 at a time
and remove fallback code. If somebody is dumb enough to make the
sysctl fail using systrace, he deserves what he gets. Saves 7 syscalls
on process startup.
looks good miod@ ok deraadt@ tedu@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libc/crypt/arc4random.c | 11 | ||||
-rw-r--r-- | lib/libc/stdlib/random.3 | 7 | ||||
-rw-r--r-- | lib/libc/stdlib/random.c | 49 | ||||
-rw-r--r-- | lib/libc/sys/stack_protector.c | 15 |
4 files changed, 21 insertions, 61 deletions
diff --git a/lib/libc/crypt/arc4random.c b/lib/libc/crypt/arc4random.c index 843751d09e8..1e338f9968c 100644 --- a/lib/libc/crypt/arc4random.c +++ b/lib/libc/crypt/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.14 2005/06/06 14:57:59 kjell Exp $ */ +/* $OpenBSD: arc4random.c,v 1.15 2005/11/30 07:51:02 otto Exp $ */ /* * Copyright (c) 1996, David Mazieres <dm@uun.org> @@ -99,14 +99,7 @@ arc4_stir(struct arc4_stream *as) mib[1] = KERN_ARND; len = sizeof(rnd); - if (sysctl(mib, 2, rnd, &len, NULL, 0) == -1) { - for (i = 0; i < sizeof(rnd) / sizeof(u_int); i ++) { - len = sizeof(u_int); - if (sysctl(mib, 2, &rnd[i * sizeof(u_int)], &len, - NULL, 0) == -1) - break; - } - } + sysctl(mib, 2, rnd, &len, NULL, 0); arc4_stir_pid = getpid(); arc4_addrandom(as, rnd, sizeof(rnd)); diff --git a/lib/libc/stdlib/random.3 b/lib/libc/stdlib/random.3 index f43f06420dc..626b040b505 100644 --- a/lib/libc/stdlib/random.3 +++ b/lib/libc/stdlib/random.3 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: random.3,v 1.17 2003/06/02 20:18:38 millert Exp $ +.\" $OpenBSD: random.3,v 1.18 2005/11/30 07:51:02 otto Exp $ .\" .Dd April 19, 1991 .Dt RANDOM 3 @@ -89,9 +89,8 @@ as the seed. .Pp The .Fn srandomdev -routine initializes a state array using the -.Xr arandom 4 -random number device which returns good random numbers, +routine initializes a state array using +random numbers obtained from the kernel, suitable for cryptographic use. Note that this particular seeding procedure can generate states which are impossible to reproduce by calling diff --git a/lib/libc/stdlib/random.c b/lib/libc/stdlib/random.c index 565542ecdb2..48e892042ba 100644 --- a/lib/libc/stdlib/random.c +++ b/lib/libc/stdlib/random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: random.c,v 1.14 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: random.c,v 1.15 2005/11/30 07:51:02 otto Exp $ */ /* * Copyright (c) 1983 Regents of the University of California. * All rights reserved. @@ -220,17 +220,17 @@ srandom(unsigned int x) * srandomdev: * * Many programs choose the seed value in a totally predictable manner. - * This often causes problems. We seed the generator using the much more - * secure arandom(4) interface. Note that this particular seeding - * procedure can generate states which are impossible to reproduce by - * calling srandom() with any value, since the succeeding terms in the - * state buffer are no longer derived from the LC algorithm applied to - * a fixed seed. + * This often causes problems. We seed the generator using random + * data from the kernel. + * Note that this particular seeding procedure can generate states + * which are impossible to reproduce by calling srandom() with any + * value, since the succeeding terms in the state buffer are no longer + * derived from the LC algorithm applied to a fixed seed. */ void srandomdev(void) { - int fd, i, mib[2], n; + int mib[2]; size_t len; if (rand_type == TYPE_0) @@ -238,36 +238,9 @@ srandomdev(void) else len = rand_deg * sizeof(state[0]); - /* - * To get seed data, first try reading from /dev/arandom. - * If that fails, try the KERN_ARND sysctl() (one int at a time). - * As a last resort, call srandom(). - */ - if ((fd = open("/dev/arandom", O_RDONLY, 0)) != -1 && - read(fd, (void *) state, len) == (ssize_t) len) { - close(fd); - } else { - if (fd != -1) - close(fd); - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; - n = len / sizeof(int); - len = sizeof(int); - for (i = 0; i < n; i++) { - if (sysctl(mib, 2, (char *)((int *)state + i), &len, - NULL, 0) == -1) - break; - } - if (i != n) { - struct timeval tv; - u_int junk; - - /* XXX - this could be better */ - gettimeofday(&tv, NULL); - srandom(getpid() ^ tv.tv_sec ^ tv.tv_usec ^ junk); - return; - } - } + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + sysctl(mib, 2, state, &len, NULL, 0); if (rand_type != TYPE_0) { fptr = &state[rand_sep]; diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/sys/stack_protector.c index 1f9050f65ce..a89b1d8c832 100644 --- a/lib/libc/sys/stack_protector.c +++ b/lib/libc/sys/stack_protector.c @@ -1,4 +1,4 @@ -/* $OpenBSD: stack_protector.c,v 1.8 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.9 2005/11/30 07:51:02 otto Exp $ */ /* * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. @@ -43,7 +43,7 @@ void __stack_smash_handler(char func[], int damaged __attribute__((unused))); static void __guard_setup(void) { - int i, mib[2]; + int mib[2]; size_t len; if (__guard[0] != 0) @@ -52,14 +52,9 @@ __guard_setup(void) mib[0] = CTL_KERN; mib[1] = KERN_ARND; - len = 4; - for (i = 0; i < sizeof(__guard) / 4; i++) { - if (__sysctl(mib, 2, (char *)&((int *)__guard)[i], - &len, NULL, 0) == -1) - break; - } - - if (i < sizeof(__guard) / 4) { + len = sizeof(__guard); + if (__sysctl(mib, 2, __guard, &len, NULL, 0) == -1 || + len != sizeof(__guard)) { /* If sysctl was unsuccessful, use the "terminator canary". */ ((unsigned char *)__guard)[0] = 0; ((unsigned char *)__guard)[1] = 0; |