summaryrefslogtreecommitdiff
path: root/third_party/srtp/crypto/rng
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/srtp/crypto/rng')
-rw-r--r--third_party/srtp/crypto/rng/ctr_prng.c14
-rw-r--r--third_party/srtp/crypto/rng/prng.c18
-rw-r--r--third_party/srtp/crypto/rng/rand_source.c75
-rw-r--r--third_party/srtp/crypto/rng/rand_source_ossl.c70
4 files changed, 120 insertions, 57 deletions
diff --git a/third_party/srtp/crypto/rng/ctr_prng.c b/third_party/srtp/crypto/rng/ctr_prng.c
index ab76df36..e24b0aba 100644
--- a/third_party/srtp/crypto/rng/ctr_prng.c
+++ b/third_party/srtp/crypto/rng/ctr_prng.c
@@ -43,6 +43,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "prng.h"
/* single, global prng structure */
@@ -66,7 +70,11 @@ ctr_prng_init(rand_source_func_t random_source) {
return status;
/* initialize aes ctr context with random key */
- status = aes_icm_context_init(&ctr_prng.state, tmp_key);
+#ifdef OPENSSL
+ status = aes_icm_openssl_context_init(&ctr_prng.state, tmp_key, 30);
+#else
+ status = aes_icm_context_init(&ctr_prng.state, tmp_key, 30);
+#endif
if (status)
return status;
@@ -79,10 +87,8 @@ ctr_prng_get_octet_string(void *dest, uint32_t len) {
/*
* if we need to re-initialize the prng, do so now
- *
- * avoid 32-bit overflows by subtracting instead of adding
*/
- if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
+ if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) {
status = ctr_prng_init(ctr_prng.rand);
if (status)
return status;
diff --git a/third_party/srtp/crypto/rng/prng.c b/third_party/srtp/crypto/rng/prng.c
index 69350a48..208e2680 100644
--- a/third_party/srtp/crypto/rng/prng.c
+++ b/third_party/srtp/crypto/rng/prng.c
@@ -43,6 +43,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "prng.h"
/* single, global prng structure */
@@ -51,7 +55,7 @@ x917_prng_t x917_prng;
err_status_t
x917_prng_init(rand_source_func_t random_source) {
- v128_t tmp_key;
+ uint8_t tmp_key[16];
err_status_t status;
/* initialize output count to zero */
@@ -61,12 +65,12 @@ x917_prng_init(rand_source_func_t random_source) {
x917_prng.rand = random_source;
/* initialize secret key from random source */
- status = random_source((uint8_t *)&tmp_key, 16);
+ status = random_source(tmp_key, 16);
if (status)
return status;
/* expand aes key */
- aes_expand_encryption_key(&tmp_key, x917_prng.key);
+ aes_expand_encryption_key(tmp_key, 16, &x917_prng.key);
/* initialize prng state from random source */
status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
@@ -108,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* write data to output */
*dest++ = buffer.v8[0];
@@ -132,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
buffer.v32[0] ^= t;
/* encrypt buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
@@ -150,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* write data to output */
for (i=0; i < tail_len; i++) {
@@ -163,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
buffer.v32[0] ^= t;
/* encrypt buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
diff --git a/third_party/srtp/crypto/rng/rand_source.c b/third_party/srtp/crypto/rng/rand_source.c
index 3d01d25a..1eb6fbb0 100644
--- a/third_party/srtp/crypto/rng/rand_source.c
+++ b/third_party/srtp/crypto/rng/rand_source.c
@@ -42,15 +42,14 @@
*
*/
-#include "srtp_config.h"
+#include "config.h"
-#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM)
+#ifdef DEV_URANDOM
# include <fcntl.h> /* for open() */
# include <unistd.h> /* for close() */
-#elif (_MSC_VER >= 1400)
-#define _CRT_RAND_S
+#elif defined(HAVE_RAND_S)
+# define _CRT_RAND_S
# include <stdlib.h>
-# include <stdio.h>
#else
# include <stdio.h>
#endif
@@ -87,18 +86,11 @@ rand_source_init(void) {
dev_random_fdes = open(DEV_URANDOM, O_RDONLY);
if (dev_random_fdes < 0)
return err_status_init_fail;
-#elif defined(PJ_DEV_URANDOM)
- /* open random source for reading */
- dev_random_fdes = open(PJ_DEV_URANDOM, O_RDONLY);
- if (dev_random_fdes < 0) {
- err_report(3,"Ugh: /dev/urandom not present, using rand() instead");
- return err_status_ok; /* it's ok, it'll fallback to using rand() */
- }
-#elif (_MSC_VER >= 1400)
+#elif defined(HAVE_RAND_S)
dev_random_fdes = RAND_SOURCE_READY;
#else
- /* no random source available; let the user know */
- err_report(err_level_info, "WARNING: no real random source present!\n");
+ /* no random source available; let the user know */
+ fprintf(stderr, "WARNING: no real random source present!\n");
dev_random_fdes = RAND_SOURCE_READY;
#endif
return err_status_ok;
@@ -113,35 +105,32 @@ rand_source_get_octet_string(void *dest, uint32_t len) {
* written
*/
#ifdef DEV_URANDOM
- if (read(dev_random_fdes, dest, len) != len)
- return err_status_fail;
-#elif 0 && (_MSC_VER >= 1400) /* disabled rand_s, causing assertion 'rand_s not supported' in vs8 */
- unsigned int *dst = dest;
+ uint8_t *dst = (uint8_t *)dest;
while (len)
{
- unsigned int val = 0;
- errno_t err = rand_s(&val);
- if (err != 0)
- {
- return err_status_fail;
- }
-
- *dst++ = val;
- len--;
+ ssize_t num_read = read(dev_random_fdes, dst, len);
+ if (num_read <= 0 || num_read > len)
+ return err_status_fail;
+ len -= num_read;
+ dst += num_read;
}
-#else
+#elif defined(HAVE_RAND_S)
uint8_t *dst = (uint8_t *)dest;
-
-#ifdef PJ_DEV_URANDOM
- /* First try with /dev/urandom, if it's opened */
- if (dev_random_fdes >= 0) {
- if (read(dev_random_fdes, dest, len) == len)
- return err_status_ok; /* success */
- }
-#endif
+ while (len)
+ {
+ unsigned int val;
+ errno_t err = rand_s(&val);
+ if (err != 0)
+ return err_status_fail;
+
+ *dst++ = val & 0xff;
+ len--;
+ }
+#else
/* Generic C-library (rand()) version */
/* This is a random source of last resort */
+ uint8_t *dst = (uint8_t *)dest;
while (len)
{
int val = rand();
@@ -157,19 +146,13 @@ rand_source_get_octet_string(void *dest, uint32_t len) {
err_status_t
rand_source_deinit(void) {
-#ifndef PJ_DEV_URANDOM
if (dev_random_fdes < 0)
return err_status_dealloc_fail; /* well, we haven't really failed, *
* but there is something wrong */
+#ifdef DEV_URANDOM
+ close(dev_random_fdes);
#endif
-
-#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM)
- if (dev_random_fdes >= 0)
- close(dev_random_fdes);
-
- dev_random_fdes = RAND_SOURCE_NOT_READY;
-#endif
+ dev_random_fdes = RAND_SOURCE_NOT_READY;
return err_status_ok;
}
-
diff --git a/third_party/srtp/crypto/rng/rand_source_ossl.c b/third_party/srtp/crypto/rng/rand_source_ossl.c
new file mode 100644
index 00000000..4bca6ac8
--- /dev/null
+++ b/third_party/srtp/crypto/rng/rand_source_ossl.c
@@ -0,0 +1,70 @@
+/*
+ * rand_source_ossl.c
+ *
+ * implements a random source based on OpenSSL RAND_bytes()
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2013, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:crypto/test/aes_calc.c
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include "rand_source.h"
+#include <openssl/rand.h>
+
+
+err_status_t rand_source_init (void)
+{
+ return err_status_ok;
+}
+
+err_status_t rand_source_get_octet_string (void *dest, uint32_t len)
+{
+ if (RAND_bytes(dest, len) == 1) {
+ return err_status_ok;
+ } else {
+ return err_status_fail;
+ }
+}
+
+err_status_t rand_source_deinit (void)
+{
+ return err_status_ok;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 12:11:06 +0000