8560674afd
Thanks to roberto for providing pointers to wedge this into HEAD. Approved by: roberto
308 lines
7.4 KiB
C
308 lines
7.4 KiB
C
/*
|
|
* Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
|
|
* Copyright (C) 2000-2002 Internet Software Consortium.
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
* PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
|
|
/* $Id: entropy.c,v 1.10 2009/01/18 23:48:14 tbox Exp $ */
|
|
|
|
/*
|
|
* This is the system dependent part of the ISC entropy API.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#include <windows.h>
|
|
#include <wincrypt.h>
|
|
|
|
#include <process.h>
|
|
#include <io.h>
|
|
#include <share.h>
|
|
|
|
/*
|
|
* There is only one variable in the entropy data structures that is not
|
|
* system independent, but pulling the structure that uses it into this file
|
|
* ultimately means pulling several other independent structures here also to
|
|
* resolve their interdependencies. Thus only the problem variable's type
|
|
* is defined here.
|
|
*/
|
|
#define FILESOURCE_HANDLE_TYPE HCRYPTPROV
|
|
|
|
typedef struct {
|
|
int dummy;
|
|
} isc_entropyusocketsource_t;
|
|
|
|
#include "../entropy.c"
|
|
|
|
static unsigned int
|
|
get_from_filesource(isc_entropysource_t *source, isc_uint32_t desired) {
|
|
isc_entropy_t *ent = source->ent;
|
|
unsigned char buf[128];
|
|
HCRYPTPROV hcryptprov = source->sources.file.handle;
|
|
ssize_t ndesired;
|
|
unsigned int added;
|
|
|
|
if (source->bad)
|
|
return (0);
|
|
|
|
desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);
|
|
|
|
added = 0;
|
|
while (desired > 0) {
|
|
ndesired = ISC_MIN(desired, sizeof(buf));
|
|
if (!CryptGenRandom(hcryptprov, ndesired, buf)) {
|
|
CryptReleaseContext(hcryptprov, 0);
|
|
source->bad = ISC_TRUE;
|
|
goto out;
|
|
}
|
|
|
|
entropypool_adddata(ent, buf, ndesired, ndesired * 8);
|
|
added += ndesired * 8;
|
|
desired -= ndesired;
|
|
}
|
|
|
|
out:
|
|
return (added);
|
|
}
|
|
|
|
/*
|
|
* Poll each source, trying to get data from it to stuff into the entropy
|
|
* pool.
|
|
*/
|
|
static void
|
|
fillpool(isc_entropy_t *ent, unsigned int desired, isc_boolean_t blocking) {
|
|
unsigned int added;
|
|
unsigned int remaining;
|
|
unsigned int needed;
|
|
unsigned int nsource;
|
|
isc_entropysource_t *source;
|
|
isc_entropysource_t *firstsource;
|
|
|
|
REQUIRE(VALID_ENTROPY(ent));
|
|
|
|
needed = desired;
|
|
|
|
/*
|
|
* This logic is a little strange, so an explanation is in order.
|
|
*
|
|
* If needed is 0, it means we are being asked to "fill to whatever
|
|
* we think is best." This means that if we have at least a
|
|
* partially full pool (say, > 1/4th of the pool) we probably don't
|
|
* need to add anything.
|
|
*
|
|
* Also, we will check to see if the "pseudo" count is too high.
|
|
* If it is, try to mix in better data. Too high is currently
|
|
* defined as 1/4th of the pool.
|
|
*
|
|
* Next, if we are asked to add a specific bit of entropy, make
|
|
* certain that we will do so. Clamp how much we try to add to
|
|
* (DIGEST_SIZE * 8 < needed < POOLBITS - entropy).
|
|
*
|
|
* Note that if we are in a blocking mode, we will only try to
|
|
* get as much data as we need, not as much as we might want
|
|
* to build up.
|
|
*/
|
|
if (needed == 0) {
|
|
REQUIRE(!blocking);
|
|
|
|
if ((ent->pool.entropy >= RND_POOLBITS / 4)
|
|
&& (ent->pool.pseudo <= RND_POOLBITS / 4))
|
|
return;
|
|
|
|
needed = THRESHOLD_BITS * 4;
|
|
} else {
|
|
needed = ISC_MAX(needed, THRESHOLD_BITS);
|
|
needed = ISC_MIN(needed, RND_POOLBITS);
|
|
}
|
|
|
|
/*
|
|
* In any case, clamp how much we need to how much we can add.
|
|
*/
|
|
needed = ISC_MIN(needed, RND_POOLBITS - ent->pool.entropy);
|
|
|
|
/*
|
|
* But wait! If we're not yet initialized, we need at least
|
|
* THRESHOLD_BITS
|
|
* of randomness.
|
|
*/
|
|
if (ent->initialized < THRESHOLD_BITS)
|
|
needed = ISC_MAX(needed, THRESHOLD_BITS - ent->initialized);
|
|
|
|
/*
|
|
* Poll each file source to see if we can read anything useful from
|
|
* it. XXXMLG When where are multiple sources, we should keep a
|
|
* record of which one we last used so we can start from it (or the
|
|
* next one) to avoid letting some sources build up entropy while
|
|
* others are always drained.
|
|
*/
|
|
|
|
added = 0;
|
|
remaining = needed;
|
|
if (ent->nextsource == NULL) {
|
|
ent->nextsource = ISC_LIST_HEAD(ent->sources);
|
|
if (ent->nextsource == NULL)
|
|
return;
|
|
}
|
|
source = ent->nextsource;
|
|
/*
|
|
* Remember the first source so we can break if we have looped back to
|
|
* the beginning and still have nothing
|
|
*/
|
|
firstsource = source;
|
|
again_file:
|
|
for (nsource = 0; nsource < ent->nsources; nsource++) {
|
|
unsigned int got;
|
|
|
|
if (remaining == 0)
|
|
break;
|
|
|
|
got = 0;
|
|
|
|
if (source->type == ENTROPY_SOURCETYPE_FILE)
|
|
got = get_from_filesource(source, remaining);
|
|
|
|
added += got;
|
|
|
|
remaining -= ISC_MIN(remaining, got);
|
|
|
|
source = ISC_LIST_NEXT(source, link);
|
|
if (source == NULL)
|
|
source = ISC_LIST_HEAD(ent->sources);
|
|
}
|
|
ent->nextsource = source;
|
|
|
|
/*
|
|
* Go again only if there's been progress and we've not
|
|
* gone back to the beginning
|
|
*/
|
|
if (!(ent->nextsource == firstsource && added == 0)) {
|
|
if (blocking && remaining != 0) {
|
|
goto again_file;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Here, if there are bits remaining to be had and we can block,
|
|
* check to see if we have a callback source. If so, call them.
|
|
*/
|
|
source = ISC_LIST_HEAD(ent->sources);
|
|
while ((remaining != 0) && (source != NULL)) {
|
|
unsigned int got;
|
|
|
|
got = 0;
|
|
|
|
if (source->type == ENTROPY_SOURCETYPE_CALLBACK)
|
|
got = get_from_callback(source, remaining, blocking);
|
|
|
|
added += got;
|
|
remaining -= ISC_MIN(remaining, got);
|
|
|
|
if (added >= needed)
|
|
break;
|
|
|
|
source = ISC_LIST_NEXT(source, link);
|
|
}
|
|
|
|
/*
|
|
* Mark as initialized if we've added enough data.
|
|
*/
|
|
if (ent->initialized < THRESHOLD_BITS)
|
|
ent->initialized += added;
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
* Requires "ent" be locked.
|
|
*/
|
|
static void
|
|
destroyfilesource(isc_entropyfilesource_t *source) {
|
|
CryptReleaseContext(source->handle, 0);
|
|
}
|
|
|
|
static void
|
|
destroyusocketsource(isc_entropyusocketsource_t *source) {
|
|
UNUSED(source);
|
|
}
|
|
|
|
|
|
isc_result_t
|
|
isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
|
|
isc_result_t ret;
|
|
isc_entropysource_t *source;
|
|
HCRYPTPROV hcryptprov;
|
|
DWORD errval;
|
|
BOOL err;
|
|
|
|
REQUIRE(VALID_ENTROPY(ent));
|
|
REQUIRE(fname != NULL);
|
|
|
|
LOCK(&ent->lock);
|
|
|
|
source = NULL;
|
|
|
|
/*
|
|
* The first time we just try to acquire the context
|
|
*/
|
|
err = CryptAcquireContext(&hcryptprov, NULL, NULL, PROV_RSA_FULL,
|
|
CRYPT_VERIFYCONTEXT);
|
|
if (!err){
|
|
errval = GetLastError();
|
|
ret = ISC_R_IOERROR;
|
|
goto errout;
|
|
}
|
|
|
|
source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
|
|
if (source == NULL) {
|
|
ret = ISC_R_NOMEMORY;
|
|
goto closecontext;
|
|
}
|
|
|
|
/*
|
|
* From here down, no failures can occur.
|
|
*/
|
|
source->magic = SOURCE_MAGIC;
|
|
source->type = ENTROPY_SOURCETYPE_FILE;
|
|
source->ent = ent;
|
|
source->total = 0;
|
|
source->bad = ISC_FALSE;
|
|
memset(source->name, 0, sizeof(source->name));
|
|
ISC_LINK_INIT(source, link);
|
|
source->sources.file.handle = hcryptprov;
|
|
|
|
/*
|
|
* Hook it into the entropy system.
|
|
*/
|
|
ISC_LIST_APPEND(ent->sources, source, link);
|
|
ent->nsources++;
|
|
|
|
UNLOCK(&ent->lock);
|
|
return (ISC_R_SUCCESS);
|
|
|
|
closecontext:
|
|
CryptReleaseContext(hcryptprov, 0);
|
|
|
|
errout:
|
|
if (source != NULL)
|
|
isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
|
|
|
|
UNLOCK(&ent->lock);
|
|
|
|
return (ret);
|
|
}
|
|
|
|
|
|
|
|
|