[src/netbsd-1-5]: src/lib/libcrypto Pull up rev. 1.1:

[thorpej <thorpej%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9093bfc76aed
branches:  netbsd-1-5
changeset: 488215:9093bfc76aed
user:      thorpej <thorpej%NetBSD.org@localhost>
date:      Thu Jun 22 06:56:01 2000 +0000

description:
Pull up rev. 1.1:
Add cleaned up versions of des_set_random_generator_seed(),
des_new_random_key(), and des_init_random_number_generator()
from the crypto-us libdes.

While I'm here, fix a serious bug in des_init_random_number_generator()
whereby the accumlated data to be hashed was zero'd *before* actually
being hashed.  NOTE: The bug only affects people who are not using the
rnd(4) in-kernel random number generator, and it is worth noting that
the resulting keys are not always the same, but are likely easy to
determine.

diffstat:

 lib/libcrypto/rnd_keys.c |  95 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 95 insertions(+), 0 deletions(-)

diffs (99 lines):

diff -r 1848ce0003f5 -r 9093bfc76aed lib/libcrypto/rnd_keys.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/libcrypto/rnd_keys.c  Thu Jun 22 06:56:01 2000 +0000
@@ -0,0 +1,95 @@
+/*     $NetBSD: rnd_keys.c,v 1.1.2.2 2000/06/22 06:56:01 thorpej Exp $ */
+
+#include "des_locl.h"
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <sha1.h>
+
+void
+des_set_random_generator_seed(des_cblock *seed)
+{
+
+       des_random_seed(seed);
+}
+
+/*
+ * Generate a sequence of random des keys
+ * using the random block sequence, fixup
+ * parity and skip weak keys.
+ */
+int
+des_new_random_key(des_cblock *key)
+{
+       int urandom;
+
+ again:
+       urandom = open("/dev/urandom", O_RDONLY);
+
+       if (urandom < 0)
+               des_random_key(key);
+       else {
+               if (read(urandom, key,
+                   sizeof(des_cblock)) != sizeof(des_cblock)) {
+                       close(urandom);
+                       des_random_key(key);
+               } else
+                       close(urandom);
+       }
+
+       /* random key must have odd parity and not be weak */
+       des_set_odd_parity(key);
+       if (des_is_weak_key(key))
+               goto again;
+
+       return (0);
+}
+
+/*
+ * des_init_random_number_generator:
+ *
+ * This routine takes a secret key possibly shared by a number of servers
+ * and uses it to generate a random number stream that is not shared by
+ * any of the other servers.  It does this by using the current process id,
+ * host id, and the current time to the nearest second.  The resulting
+ * stream seed is not useful information for cracking the secret key.
+ * Moreover, this routine keeps no copy of the secret key.
+ */
+void
+des_init_random_number_generator(des_cblock *seed)
+{
+       u_int64_t seed_q;
+       des_cblock seed_new;
+       SHA1_CTX sha;
+
+       u_char results[20];
+       char hname[64], accum[512];
+
+       struct timeval when;
+
+       SHA1Init(&sha);
+
+       gethostname(hname, sizeof(hname - 1));
+       gettimeofday(&when, NULL);
+
+       memcpy(&seed_q, seed, sizeof(seed_q));
+
+       snprintf(accum, sizeof(accum), "%ld%ld%d%s%d%qd",
+           when.tv_sec, when.tv_usec, getpid(), hname, getuid(),
+           (long long) seed_q);
+
+       SHA1Update(&sha, (u_char *) accum, strlen(accum));
+
+       memset(accum, 0, sizeof(accum));
+
+       SHA1Final(results, &sha);
+
+       memcpy(seed_new, results, sizeof(seed_new));
+       des_random_seed(&seed_new);
+
+       memset(seed_new, 0, sizeof(seed_new));
+       memset(results, 0, sizeof(results));
+}