oneechanhax/phunix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
phunix/external/bsd/bind/dist/lib/isc/win32/entropy.c
David van Moolenbroek 00b67f09dd Import NetBSD named(8) 
Also known as ISC bind.  This import adds utilities such as host(1),
dig(1), and nslookup(1), as well as many other tools and libraries.

Change-Id: I035ca46e64f1965d57019e773f4ff0ef035e4aa3
2017-03-21 22:00:06 +00:00

311 lines
7.5 KiB
C
Raw Permalink Blame History

/* $NetBSD: entropy.c,v 1.6 2014/12/10 04:38:01 christos Exp $ */
/*
* Copyright (C) 2004, 2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* Id: entropy.c,v 1.10 2009/01/18 23:48:14 tbox Exp */
/*
* This is the system dependent part of the ISC entropy API.
*/
#include <config.h>
#include <windows.h>
#include <wincrypt.h>
#include <process.h>
#include <io.h>
#include <share.h>
/*
* There is only one variable in the entropy data structures that is not
* system independent, but pulling the structure that uses it into this file
* ultimately means pulling several other independent structures here also to
* resolve their interdependencies. Thus only the problem variable's type
* is defined here.
*/
#define FILESOURCE_HANDLE_TYPE HCRYPTPROV
typedef struct {
int dummy;
} isc_entropyusocketsource_t;
#include "../entropy.c"
static unsigned int
get_from_filesource(isc_entropysource_t *source, isc_uint32_t desired) {
isc_entropy_t *ent = source->ent;
unsigned char buf[128];
HCRYPTPROV hcryptprov = source->sources.file.handle;
ssize_t ndesired;
unsigned int added;
if (source->bad)
return (0);
desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);
added = 0;
while (desired > 0) {
ndesired = ISC_MIN(desired, sizeof(buf));
if (!CryptGenRandom(hcryptprov, (DWORD)ndesired, buf)) {
CryptReleaseContext(hcryptprov, 0);
source->bad = ISC_TRUE;
goto out;
}
entropypool_adddata(ent, buf,
(unsigned int)ndesired,
(unsigned int)ndesired * 8);
added += (unsigned int)ndesired * 8;
desired -= (isc_uint32_t)ndesired;
}
out:
return (added);
}
/*
* Poll each source, trying to get data from it to stuff into the entropy
* pool.
*/
static void
fillpool(isc_entropy_t *ent, unsigned int desired, isc_boolean_t blocking) {
unsigned int added;
unsigned int remaining;
unsigned int needed;
unsigned int nsource;
isc_entropysource_t *source;
isc_entropysource_t *firstsource;
REQUIRE(VALID_ENTROPY(ent));
needed = desired;
/*
* This logic is a little strange, so an explanation is in order.
*
* If needed is 0, it means we are being asked to "fill to whatever
* we think is best." This means that if we have at least a
* partially full pool (say, > 1/4th of the pool) we probably don't
* need to add anything.
*
* Also, we will check to see if the "pseudo" count is too high.
* If it is, try to mix in better data. Too high is currently
* defined as 1/4th of the pool.
*
* Next, if we are asked to add a specific bit of entropy, make
* certain that we will do so. Clamp how much we try to add to
* (DIGEST_SIZE * 8 < needed < POOLBITS - entropy).
*
* Note that if we are in a blocking mode, we will only try to
* get as much data as we need, not as much as we might want
* to build up.
*/
if (needed == 0) {
REQUIRE(!blocking);
if ((ent->pool.entropy >= RND_POOLBITS / 4)
&& (ent->pool.pseudo <= RND_POOLBITS / 4))
return;
needed = THRESHOLD_BITS * 4;
} else {
needed = ISC_MAX(needed, THRESHOLD_BITS);
needed = ISC_MIN(needed, RND_POOLBITS);
}
/*
* In any case, clamp how much we need to how much we can add.
*/
needed = ISC_MIN(needed, RND_POOLBITS - ent->pool.entropy);
/*
* But wait! If we're not yet initialized, we need at least
* THRESHOLD_BITS
* of randomness.
*/
if (ent->initialized < THRESHOLD_BITS)
needed = ISC_MAX(needed, THRESHOLD_BITS - ent->initialized);
/*
* Poll each file source to see if we can read anything useful from
* it. XXXMLG When where are multiple sources, we should keep a
* record of which one we last used so we can start from it (or the
* next one) to avoid letting some sources build up entropy while
* others are always drained.
*/
added = 0;
remaining = needed;
if (ent->nextsource == NULL) {
ent->nextsource = ISC_LIST_HEAD(ent->sources);
if (ent->nextsource == NULL)
return;
}
source = ent->nextsource;
/*
* Remember the first source so we can break if we have looped back to
* the beginning and still have nothing
*/
firstsource = source;
again_file:
for (nsource = 0; nsource < ent->nsources; nsource++) {
unsigned int got;
if (remaining == 0)
break;
got = 0;
if (source->type == ENTROPY_SOURCETYPE_FILE)
got = get_from_filesource(source, remaining);
added += got;
remaining -= ISC_MIN(remaining, got);
source = ISC_LIST_NEXT(source, link);
if (source == NULL)
source = ISC_LIST_HEAD(ent->sources);
}
ent->nextsource = source;
/*
* Go again only if there's been progress and we've not
* gone back to the beginning
*/
if (!(ent->nextsource == firstsource && added == 0)) {
if (blocking && remaining != 0) {
goto again_file;
}
}
/*
* Here, if there are bits remaining to be had and we can block,
* check to see if we have a callback source. If so, call them.
*/
source = ISC_LIST_HEAD(ent->sources);
while ((remaining != 0) && (source != NULL)) {
unsigned int got;
got = 0;
if (source->type == ENTROPY_SOURCETYPE_CALLBACK)
got = get_from_callback(source, remaining, blocking);
added += got;
remaining -= ISC_MIN(remaining, got);
if (added >= needed)
break;
source = ISC_LIST_NEXT(source, link);
}
/*
* Mark as initialized if we've added enough data.
*/
if (ent->initialized < THRESHOLD_BITS)
ent->initialized += added;
}
/*
* Requires "ent" be locked.
*/
static void
destroyfilesource(isc_entropyfilesource_t *source) {
CryptReleaseContext(source->handle, 0);
}
static void
destroyusocketsource(isc_entropyusocketsource_t *source) {
UNUSED(source);
}
isc_result_t
isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
isc_result_t ret;
isc_entropysource_t *source;
HCRYPTPROV hcryptprov;
BOOL err;
REQUIRE(VALID_ENTROPY(ent));
REQUIRE(fname != NULL);
LOCK(&ent->lock);
source = NULL;
/*
* The first time we just try to acquire the context
*/
err = CryptAcquireContext(&hcryptprov, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT);
if (!err){
(void)GetLastError();
ret = ISC_R_IOERROR;
goto errout;
}
source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
if (source == NULL) {
ret = ISC_R_NOMEMORY;
goto closecontext;
}
/*
* From here down, no failures can occur.
*/
source->magic = SOURCE_MAGIC;
source->type = ENTROPY_SOURCETYPE_FILE;
source->ent = ent;
source->total = 0;
source->bad = ISC_FALSE;
memset(source->name, 0, sizeof(source->name));
ISC_LINK_INIT(source, link);
source->sources.file.handle = hcryptprov;
/*
* Hook it into the entropy system.
*/
ISC_LIST_APPEND(ent->sources, source, link);
ent->nsources++;
UNLOCK(&ent->lock);
return (ISC_R_SUCCESS);
closecontext:
CryptReleaseContext(hcryptprov, 0);
errout:
if (source != NULL)
isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
UNLOCK(&ent->lock);
return (ret);
}
Reference in New Issue View Git Blame Copy Permalink