/src/samba/third_party/heimdal/lib/krb5/crypto-rand.c

Source
/*
 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the Institute nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "krb5_locl.h"

#undef HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE

#define ENTROPY_NEEDED 128

static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;

static int
seed_something(void)
{
#ifndef NO_RANDFILE
    char buf[1024], seedfile[256];

    /* If there is a seed file, load it. But such a file cannot be trusted,
       so use 0 for the entropy estimate */
    if (RAND_file_name(seedfile, sizeof(seedfile))) {
  int fd;
  fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC);
  if (fd >= 0) {
      ssize_t ret;
      rk_cloexec(fd);
      ret = read(fd, buf, sizeof(buf));
      if (ret > 0)
    RAND_add(buf, ret, 0.0);
      close(fd);
  } else
      seedfile[0] = '\0';
    } else
  seedfile[0] = '\0';
#endif

    /* Calling RAND_status() will try to use /dev/urandom if it exists so
       we do not have to deal with it. */
    if (RAND_status() != 1) {
  /* TODO: Once a Windows CryptoAPI RAND method is defined, we
     can use that and failover to another method. */
    }

    if (RAND_status() == 1) {
#ifndef NO_RANDFILE
  /* Update the seed file */
  if (seedfile[0])
      RAND_write_file(seedfile);
#endif

  return 0;
    } else
  return -1;
}

/**
 * Fill buffer buf with len bytes of PRNG randomness that is ok to use
 * for key generation, padding and public diclosing the randomness w/o
 * disclosing the randomness source.
 *
 * This function can fail, and callers must check the return value.
 *
 * @param buf a buffer to fill with randomness
 * @param len length of memory that buf points to.
 *
 * @return return 0 on success or HEIM_ERR_RANDOM_OFFLINE if the
 * funcation failed to initialize the randomness source.
 *
 * @ingroup krb5_crypto
 */

HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_random(void *buf, size_t len)
{
    static int rng_initialized = 0;
    int ret;

    HEIMDAL_MUTEX_lock(&crypto_mutex);
    if (!rng_initialized) {
  if (seed_something()) {
            HEIMDAL_MUTEX_unlock(&crypto_mutex);
      return HEIM_ERR_RANDOM_OFFLINE;
        }
  rng_initialized = 1;
    }
    if (RAND_bytes(buf, len) <= 0)
  ret = HEIM_ERR_RANDOM_OFFLINE;
    else
  ret = 0;
    HEIMDAL_MUTEX_unlock(&crypto_mutex);

    return ret;
}

/**
 * Fill buffer buf with len bytes of PRNG randomness that is ok to use
 * for key generation, padding and public diclosing the randomness w/o
 * disclosing the randomness source.
 *
 * This function can NOT fail, instead it will abort() and program will crash.
 *
 * If this function is called after a successful krb5_init_context(),
 * the chance of it failing is low due to that krb5_init_context()
 * pulls out some random, and quite commonly the randomness sources
 * will not fail once it have started to produce good output,
 * /dev/urandom behavies that way.
 *
 * @param buf a buffer to fill with randomness
 * @param len length of memory that buf points to.
 *
 * @ingroup krb5_crypto
 */


KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_generate_random_block(void *buf, size_t len)
{
    int ret = krb5_generate_random(buf, len);
    if (ret)
  krb5_abortx(NULL, "Failed to generate random block");
}

Line	Count	Source
1		/*
2		* Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3		* (Royal Institute of Technology, Stockholm, Sweden).
4		* All rights reserved.
5		*
6		* Redistribution and use in source and binary forms, with or without
7		* modification, are permitted provided that the following conditions
8		* are met:
9		*
10		* 1. Redistributions of source code must retain the above copyright
11		* notice, this list of conditions and the following disclaimer.
12		*
13		* 2. Redistributions in binary form must reproduce the above copyright
14		* notice, this list of conditions and the following disclaimer in the
15		* documentation and/or other materials provided with the distribution.
16		*
17		* 3. Neither the name of the Institute nor the names of its contributors
18		* may be used to endorse or promote products derived from this software
19		* without specific prior written permission.
20		*
21		* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24		* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31		* SUCH DAMAGE.
32		*/
33
34		#include "krb5_locl.h"
35
36		#undef HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
37		#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
38
39		#define ENTROPY_NEEDED 128
40
41		static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
42
43		static int
44		seed_something(void)
45	0	{
46	0	#ifndef NO_RANDFILE
47	0	char buf[1024], seedfile[256];
48
49		/* If there is a seed file, load it. But such a file cannot be trusted,
50		so use 0 for the entropy estimate */
51	0	if (RAND_file_name(seedfile, sizeof(seedfile))) {
52	0	int fd;
53	0	fd = open(seedfile, O_RDONLY \| O_BINARY \| O_CLOEXEC);
54	0	if (fd >= 0) {
55	0	ssize_t ret;
56	0	rk_cloexec(fd);
57	0	ret = read(fd, buf, sizeof(buf));
58	0	if (ret > 0)
59	0	RAND_add(buf, ret, 0.0);
60	0	close(fd);
61	0	} else
62	0	seedfile[0] = '\0';
63	0	} else
64	0	seedfile[0] = '\0';
65	0	#endif
66
67		/* Calling RAND_status() will try to use /dev/urandom if it exists so
68		we do not have to deal with it. */
69	0	if (RAND_status() != 1) {
70		/* TODO: Once a Windows CryptoAPI RAND method is defined, we
71		can use that and failover to another method. */
72	0	}
73
74	0	if (RAND_status() == 1) {
75	0	#ifndef NO_RANDFILE
76		/* Update the seed file */
77	0	if (seedfile[0])
78	0	RAND_write_file(seedfile);
79	0	#endif
80
81	0	return 0;
82	0	} else
83	0	return -1;
84	0	}
85
86		/**
87		* Fill buffer buf with len bytes of PRNG randomness that is ok to use
88		* for key generation, padding and public diclosing the randomness w/o
89		* disclosing the randomness source.
90		*
91		* This function can fail, and callers must check the return value.
92		*
93		* @param buf a buffer to fill with randomness
94		* @param len length of memory that buf points to.
95		*
96		* @return return 0 on success or HEIM_ERR_RANDOM_OFFLINE if the
97		* funcation failed to initialize the randomness source.
98		*
99		* @ingroup krb5_crypto
100		*/
101
102		HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
103		KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
104		krb5_generate_random(void *buf, size_t len)
105	0	{
106	0	static int rng_initialized = 0;
107	0	int ret;
108
109	0	HEIMDAL_MUTEX_lock(&crypto_mutex);
110	0	if (!rng_initialized) {
111	0	if (seed_something()) {
112	0	HEIMDAL_MUTEX_unlock(&crypto_mutex);
113	0	return HEIM_ERR_RANDOM_OFFLINE;
114	0	}
115	0	rng_initialized = 1;
116	0	}
117	0	if (RAND_bytes(buf, len) <= 0)
118	0	ret = HEIM_ERR_RANDOM_OFFLINE;
119	0	else
120	0	ret = 0;
121	0	HEIMDAL_MUTEX_unlock(&crypto_mutex);
122
123	0	return ret;
124	0	}
125
126		/**
127		* Fill buffer buf with len bytes of PRNG randomness that is ok to use
128		* for key generation, padding and public diclosing the randomness w/o
129		* disclosing the randomness source.
130		*
131		* This function can NOT fail, instead it will abort() and program will crash.
132		*
133		* If this function is called after a successful krb5_init_context(),
134		* the chance of it failing is low due to that krb5_init_context()
135		* pulls out some random, and quite commonly the randomness sources
136		* will not fail once it have started to produce good output,
137		* /dev/urandom behavies that way.
138		*
139		* @param buf a buffer to fill with randomness
140		* @param len length of memory that buf points to.
141		*
142		* @ingroup krb5_crypto
143		*/
144
145
146		KRB5_LIB_FUNCTION void KRB5_LIB_CALL
147		krb5_generate_random_block(void *buf, size_t len)
148	0	{
149	0	int ret = krb5_generate_random(buf, len);
150	0	if (ret)
151	0	krb5_abortx(NULL, "Failed to generate random block");
152	0	}

Coverage Report

Created: 2026-06-07 07:07