diff --git a/sys/src/cmd/auth/as.c b/sys/src/cmd/auth/as.c index 59317b0af..5a4800834 100644 --- a/sys/src/cmd/auth/as.c +++ b/sys/src/cmd/auth/as.c @@ -52,7 +52,6 @@ main(int argc, char *argv[]) }ARGEND initcap(); - srand(getpid()*time(0)); if(argc >= 2) runas(argv[0], argv[1]); else @@ -96,15 +95,6 @@ usage(void) exits("usage"); } -void -memrandom(void *p, int n) -{ - uchar *cp; - - for(cp = (uchar*)p; n > 0; n--) - *cp++ = fastrand(); -} - /* * keep caphash fd open since opens of it could be disabled */ @@ -138,7 +128,7 @@ mkcap(char *from, char *to) nfrom = strlen(from); cap = emalloc(nfrom+1+nto+1+sizeof(rand)*3+1); sprint(cap, "%s@%s", from, to); - memrandom(rand, sizeof(rand)); + genrandom(rand, sizeof(rand)); key = cap+nfrom+1+nto+1; enc64(key, sizeof(rand)*3, rand, sizeof(rand)); diff --git a/sys/src/cmd/auth/authsrv.c b/sys/src/cmd/auth/authsrv.c index 0340e9e29..9c499e03f 100644 --- a/sys/src/cmd/auth/authsrv.c +++ b/sys/src/cmd/auth/authsrv.c @@ -33,7 +33,6 @@ void replyerror(char*, ...); void getraddr(char*); void mkkey(Authkey*); void mkticket(Ticketreq*, Ticket*); -void randombytes(uchar*, int); void nthash(uchar hash[MShashlen], char *passwd); void lmhash(uchar hash[MShashlen], char *passwd); void ntv2hash(uchar hash[MShashlen], char *passwd, char *user, char *dom); @@ -64,7 +63,6 @@ main(int argc, char *argv[]) if(db == 0) syslog(0, AUTHLOG, "no /lib/ndb/auth"); - srand(time(0)*getpid()); for(;;){ n = readn(0, buf, sizeof(buf)); if(n <= 0 || convM2TR(buf, n, &tr) <= 0) @@ -167,7 +165,7 @@ challengebox(Ticketreq *tr) netkey = finddeskey(NETKEYDB, tr->uid, nkbuf); if(key == nil && netkey == nil){ /* make one up so caller doesn't know it was wrong */ - randombytes((uchar*)nkbuf, DESKEYLEN); + genrandom((uchar*)nkbuf, DESKEYLEN); netkey = nkbuf; if(debug) syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr); @@ -185,7 +183,7 @@ challengebox(Ticketreq *tr) */ memset(buf, 0, sizeof(buf)); buf[0] = AuthOK; - chal = lnrand(MAXNETCHAL); + chal = nfastrand(MAXNETCHAL); sprint(buf+1, "%lud", chal); if(write(1, buf, NETCHLEN+1) < 0) exits(0); @@ -322,7 +320,7 @@ http(Ticketreq *tr) /* send back a ticket encrypted with the key */ mkticket(tr, &t); - randombytes((uchar*)t.chal, CHALLEN); + genrandom((uchar*)t.chal, CHALLEN); t.num = AuthHr; n = 0; tbuf[n++] = AuthOK; @@ -388,7 +386,7 @@ apop(Ticketreq *tr, int type) /* * Create a challenge and send it. */ - randombytes((uchar*)rb, sizeof(rb)); + genrandom((uchar*)rb, sizeof(rb)); p = chal; p += snprint(p, sizeof(chal), "<%lux%lux.%lux%lux@%s>", rb[0], rb[1], rb[2], rb[3], domainname()); @@ -502,7 +500,7 @@ vnc(Ticketreq *tr) /* * Create a challenge and send it. */ - randombytes(chal+6, VNCchallen); + genrandom(chal+6, VNCchallen); chal[0] = AuthOKvar; sprint((char*)chal+1, "%-5d", VNCchallen); if(write(1, chal, sizeof(chal)) != sizeof(chal)) @@ -514,7 +512,7 @@ vnc(Ticketreq *tr) memset(sbuf, 0, sizeof(sbuf)); secret = findsecret(KEYDB, tr->uid, sbuf); if(secret == nil){ - randombytes((uchar*)sbuf, sizeof(sbuf)); + genrandom((uchar*)sbuf, sizeof(sbuf)); secret = sbuf; } for(i = 0; i < 8; i++) @@ -565,7 +563,7 @@ chap(Ticketreq *tr) /* * Create a challenge and send it. */ - randombytes((uchar*)chal, sizeof(chal)); + genrandom((uchar*)chal, sizeof(chal)); write(1, chal, sizeof(chal)); /* @@ -682,7 +680,7 @@ mschap(Ticketreq *tr) /* * Create a challenge and send it. */ - randombytes((uchar*)chal, sizeof(chal)); + genrandom(chal, sizeof(chal)); write(1, chal, sizeof(chal)); /* @@ -1001,8 +999,8 @@ getraddr(char *dir) void mkkey(Authkey *k) { - randombytes((uchar*)k->des, DESKEYLEN); - randombytes((uchar*)k->aes, AESKEYLEN); + genrandom((uchar*)k->des, DESKEYLEN); + genrandom((uchar*)k->aes, AESKEYLEN); } void @@ -1012,19 +1010,7 @@ mkticket(Ticketreq *tr, Ticket *t) memmove(t->chal, tr->chal, CHALLEN); safecpy(t->cuid, tr->uid, sizeof(t->cuid)); safecpy(t->suid, tr->uid, sizeof(t->suid)); - randombytes((uchar*)t->key, DESKEYLEN); -} - -void -randombytes(uchar *buf, int len) -{ - int i; - - if(readfile("/dev/random", (char*)buf, len) >= 0) - return; - - for(i = 0; i < len; i++) - buf[i] = rand(); + genrandom((uchar*)t->key, DESKEYLEN); } /* diff --git a/sys/src/cmd/auth/changeuser.c b/sys/src/cmd/auth/changeuser.c index e40572769..47b0ff58e 100644 --- a/sys/src/cmd/auth/changeuser.c +++ b/sys/src/cmd/auth/changeuser.c @@ -1,5 +1,6 @@ #include #include +#include #include #include #include @@ -19,13 +20,12 @@ void main(int argc, char *argv[]) { char *u, answer[32], p9pass[32]; - int which, i, newkey, newbio, dosecret; + int which, newkey, newbio, dosecret; long t; Authkey key; Acctbio a; Fs *f; - srand(getpid()*time(0)); fmtinstall('K', deskeyfmt); which = 0; @@ -84,8 +84,7 @@ main(int argc, char *argv[]) } if(newkey){ memset(&key, 0, sizeof(key)); - for(i=0; ikeys, u); diff --git a/sys/src/cmd/auth/convkeys.c b/sys/src/cmd/auth/convkeys.c index 7886fa457..252c43f1c 100644 --- a/sys/src/cmd/auth/convkeys.c +++ b/sys/src/cmd/auth/convkeys.c @@ -74,23 +74,6 @@ main(int argc, char *argv[]) exits(nil); } -void -randombytes(uchar *p, int len) -{ - int i, fd; - - fd = open("/dev/random", OREAD); - if(fd < 0){ - fprint(2, "%s: can't open /dev/random, using rand()\n", argv0); - srand(time(0)); - for(i = 0; i < len; i++) - p[i] = rand(); - return; - } - read(fd, p, len); - close(fd); -} - int badname(char *s) { @@ -181,7 +164,7 @@ convert(char **db, int len) keydbaes = 1; } - randombytes((uchar*)p, keydboff); + genrandom((uchar*)p, keydboff); if(keydbaes){ AESstate s; diff --git a/sys/src/cmd/auth/convkeys2.c b/sys/src/cmd/auth/convkeys2.c index bb4e3e41d..5d06e1f20 100644 --- a/sys/src/cmd/auth/convkeys2.c +++ b/sys/src/cmd/auth/convkeys2.c @@ -12,7 +12,6 @@ int usepass; int convert(char*, char*, Authkey*, int); void usage(void); -void randombytes(uchar*, int); void main(int argc, char *argv[]) @@ -101,7 +100,7 @@ convert(char *p, char *np, Authkey *key, int len) if(verb) print("%s\n", &p[off]); } - randombytes((uchar*)np, KEYDBOFF); + genrandom((uchar*)np, KEYDBOFF); len = (len*KEYDBLEN) + KEYDBOFF; oldCBCencrypt(key->des, np, len); return len; @@ -113,20 +112,3 @@ usage(void) fprint(2, "usage: convkeys2 keyfile\n"); exits("usage"); } - -void -randombytes(uchar *p, int len) -{ - int i, fd; - - fd = open("/dev/random", OREAD); - if(fd < 0){ - fprint(2, "convkeys2: can't open /dev/random, using rand()\n"); - srand(time(0)); - for(i = 0; i < len; i++) - p[i] = rand(); - return; - } - read(fd, p, len); - close(fd); -} diff --git a/sys/src/cmd/auth/cron.c b/sys/src/cmd/auth/cron.c index 57f1479a9..63142b159 100644 --- a/sys/src/cmd/auth/cron.c +++ b/sys/src/cmd/auth/cron.c @@ -191,7 +191,6 @@ main(int argc, char *argv[]) fatal("cron already running: %r"); argv0 = "cron"; - srand(getpid()*time(0)); last = time(0); for(;;){ readalljobs(); @@ -656,15 +655,6 @@ qidcmp(Qid a, Qid b) return(a.path != b.path || a.vers != b.vers); } -void -memrandom(void *p, int n) -{ - uchar *cp; - - for(cp = (uchar*)p; n > 0; n--) - *cp++ = fastrand(); -} - /* * keep caphash fd open since opens of it could be disabled */ @@ -699,7 +689,7 @@ mkcap(char *from, char *to) ncap = nfrom + 1 + nto + 1 + sizeof(rand)*3 + 1; cap = emalloc(ncap); snprint(cap, ncap, "%s@%s", from, to); - memrandom(rand, sizeof(rand)); + genrandom(rand, sizeof(rand)); key = cap+nfrom+1+nto+1; enc64(key, sizeof(rand)*3, rand, sizeof(rand)); diff --git a/sys/src/cmd/auth/factotum/apop.c b/sys/src/cmd/auth/factotum/apop.c index a900d8f4f..e46b33d3c 100644 --- a/sys/src/cmd/auth/factotum/apop.c +++ b/sys/src/cmd/auth/factotum/apop.c @@ -261,7 +261,7 @@ doreply(State *s, char *user, char *response) goto err; } - memrandom(s->tr.chal, CHALLEN); + genrandom((uchar*)s->tr.chal, CHALLEN); safecpy(s->tr.uid, user, sizeof(s->tr.uid)); alarm(30*1000); if(_asrequest(s->asfd, &s->tr) < 0){ diff --git a/sys/src/cmd/auth/factotum/chap.c b/sys/src/cmd/auth/factotum/chap.c index e6e0f6b8f..9559b3941 100644 --- a/sys/src/cmd/auth/factotum/chap.c +++ b/sys/src/cmd/auth/factotum/chap.c @@ -188,7 +188,7 @@ chapwrite(Fsstate *fss, void *va, uint n) if(user == nil) break; - memrandom(pchal, MSchallenv2); + genrandom((uchar*)pchal, MSchallenv2); /* ChallengeHash() */ ds = sha1(pchal, MSchallenv2, nil, nil); @@ -579,7 +579,7 @@ domschap2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *res *p++ = t >> 48; *p++ = t >> 56; - memrandom(p, 8); + genrandom(p, 8); p += 8; /* 64bit: client nonce */ *p++ = 0; /* 32bit: unknown data */ @@ -617,7 +617,7 @@ domschap2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *res * LmResponse = Cat(HMAC_MD5(LmHash, Cat(SC, CC)), CC) */ s = hmac_md5(chal, 8, hash, MShashlen, nil, nil); - memrandom((uchar*)r->LMresp+16, 8); + genrandom((uchar*)r->LMresp+16, 8); hmac_md5((uchar*)r->LMresp+16, 8, hash, MShashlen, (uchar*)r->LMresp, s); /* diff --git a/sys/src/cmd/auth/factotum/dat.h b/sys/src/cmd/auth/factotum/dat.h index eb89d0d2f..ecf4a0bf6 100644 --- a/sys/src/cmd/auth/factotum/dat.h +++ b/sys/src/cmd/auth/factotum/dat.h @@ -203,7 +203,6 @@ char *getnvramkey(int); void initcap(void); int isclient(char*); int matchattr(Attr*, Attr*, Attr*); -void memrandom(void*, int); char *mkcap(char*, char*); int phaseerror(Fsstate*, char*); char *phasename(Fsstate*, int, char*); diff --git a/sys/src/cmd/auth/factotum/p9sk1.c b/sys/src/cmd/auth/factotum/p9sk1.c index ea7eaa5ad..0d43ad6a2 100644 --- a/sys/src/cmd/auth/factotum/p9sk1.c +++ b/sys/src/cmd/auth/factotum/p9sk1.c @@ -88,7 +88,7 @@ p9skinit(Proto *p, Fsstate *fss) switch(s->vers){ case 1: fss->phase = CHaveChal; - memrandom(s->cchal, CHALLEN); + genrandom((uchar*)s->cchal, CHALLEN); break; case 2: fss->phase = CNeedTreq; @@ -108,7 +108,7 @@ p9skinit(Proto *p, Fsstate *fss) safecpy(s->tr.authid, _strfindattr(k->attr, "user"), sizeof(s->tr.authid)); safecpy(s->tr.authdom, _strfindattr(k->attr, "dom"), sizeof(s->tr.authdom)); s->key = k; - memrandom(s->tr.chal, sizeof s->tr.chal); + genrandom((uchar*)s->tr.chal, sizeof s->tr.chal); switch(s->vers){ case 1: fss->phase = SNeedChal; @@ -449,7 +449,7 @@ mkserverticket(State *s, char *tbuf, int tbuflen) memmove(t.chal, tr->chal, CHALLEN); strcpy(t.cuid, tr->uid); strcpy(t.suid, tr->uid); - memrandom(t.key, DESKEYLEN); + genrandom((uchar*)t.key, DESKEYLEN); t.num = AuthTc; ret = convT2M(&t, tbuf, tbuflen, (Authkey*)s->key->priv); t.num = AuthTs; diff --git a/sys/src/cmd/auth/factotum/util.c b/sys/src/cmd/auth/factotum/util.c index 411935bc1..3fdae8ea0 100644 --- a/sys/src/cmd/auth/factotum/util.c +++ b/sys/src/cmd/auth/factotum/util.c @@ -566,15 +566,6 @@ matchattr(Attr *pat, Attr *a0, Attr *a1) return 1; } -void -memrandom(void *p, int n) -{ - uchar *cp; - - for(cp = (uchar*)p; n > 0; n--) - *cp++ = fastrand(); -} - /* * keep caphash fd open since opens of it could be disabled */ @@ -608,7 +599,7 @@ mkcap(char *from, char *to) nfrom = strlen(from); cap = emalloc(nfrom+1+nto+1+sizeof(rand)*3+1); sprint(cap, "%s@%s", from, to); - memrandom(rand, sizeof(rand)); + genrandom(rand, sizeof(rand)); key = cap+nfrom+1+nto+1; enc64(key, sizeof(rand)*3, rand, sizeof(rand)); diff --git a/sys/src/cmd/auth/guard.srv.c b/sys/src/cmd/auth/guard.srv.c index 013cd7945..999e2cda6 100644 --- a/sys/src/cmd/auth/guard.srv.c +++ b/sys/src/cmd/auth/guard.srv.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include "authcmdlib.h" @@ -57,7 +58,6 @@ main(int argc, char *argv[]) getraddr(argv[argc-1]); argv0 = "guard"; - srand((getpid()*1103515245)^time(0)); notify(catchalarm); /* @@ -69,7 +69,7 @@ main(int argc, char *argv[]) /* * challenge-response */ - chal = lnrand(MAXNETCHAL); + chal = nfastrand(MAXNETCHAL); sprint(buf, "challenge: %lud\nresponse: ", chal); n = strlen(buf) + 1; if(write(1, buf, n) != n){ diff --git a/sys/src/cmd/auth/keyfs.c b/sys/src/cmd/auth/keyfs.c index d23cfb6ba..0265fde46 100644 --- a/sys/src/cmd/auth/keyfs.c +++ b/sys/src/cmd/auth/keyfs.c @@ -696,24 +696,6 @@ dostat(User *user, ulong qtype, void *p, int n) return convD2M(&d, p, n); } - -void -randombytes(uchar *p, int len) -{ - int i, fd; - - fd = open("/dev/random", OREAD); - if(fd < 0){ - fprint(2, "keyfs: can't open /dev/random, using rand()\n"); - srand(time(0)); - for(i = 0; i < len; i++) - p[i] = rand(); - return; - } - read(fd, p, len); - close(fd); -} - void writeusers(void) { @@ -740,7 +722,7 @@ writeusers(void) /* pack into buffer */ buf = emalloc(keydboff + nu*keydblen); p = buf; - randombytes(p, keydboff); + genrandom(p, keydboff); p += keydboff; for(i = 0; i < Nuser; i++) for(u = users[i]; u != nil; u = u->link){ diff --git a/sys/src/cmd/auth/secstore/secstore.c b/sys/src/cmd/auth/secstore/secstore.c index f3d5a1571..78aa039ab 100644 --- a/sys/src/cmd/auth/secstore/secstore.c +++ b/sys/src/cmd/auth/secstore/secstore.c @@ -148,16 +148,14 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey) static int putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey) { - int i, n, fd, ivo, bufi, done; + int n, fd, ivo, bufi, done; char s[Maxmsg]; uchar skey[SHA1dlen], b[CHK+Maxmsg], IV[AESbsize]; AESstate aes; DigestState *sha; /* create initialization vector */ - srand(time(0)); /* doesn't need to be unpredictable */ - for(i=0; i