diff options
Diffstat (limited to 'random')
| -rw-r--r-- | random/ChangeLog | 5 | ||||
| -rw-r--r-- | random/Makefile.am | 4 | ||||
| -rw-r--r-- | random/rand-internal.h | 10 | ||||
| -rw-r--r-- | random/random-csprng.c | 100 | ||||
| -rw-r--r-- | random/random-daemon.c | 16 | ||||
| -rw-r--r-- | random/random-fips.c | 70 | ||||
| -rw-r--r-- | random/random.c | 8 | ||||
| -rw-r--r-- | random/random.h | 8 | ||||
| -rw-r--r-- | random/rndegd.c | 14 | ||||
| -rw-r--r-- | random/rndhw.c | 12 | ||||
| -rw-r--r-- | random/rndlinux.c | 16 | ||||
| -rw-r--r-- | random/rndunix.c | 24 | ||||
| -rw-r--r-- | random/rndw32.c | 62 | ||||
| -rw-r--r-- | random/rndw32ce.c | 8 |
14 files changed, 175 insertions, 182 deletions
diff --git a/random/ChangeLog b/random/ChangeLog index f70f30b4..7784d44e 100644 --- a/random/ChangeLog +++ b/random/ChangeLog @@ -64,14 +64,14 @@ 2008-09-15 Werner Koch <wk@g10code.com> * random.c (_gcry_random_init_external_test): New. - (_gcry_random_run_external_test): New. + (_gcry_random_run_external_test): New. (_gcry_random_deinit_external_test): New. * random-fips.c (struct rng_context): Turn TEST_DT_COUNTER into a 32 bit integer. (x931_get_dt): Ditto. (selftest_kat): Intialize it accordingly. (_gcry_rngfips_init_external_test): New. - (_gcry_rngfips_run_external_test): New. + (_gcry_rngfips_run_external_test): New. (_gcry_rngfips_deinit_external_test): New. 2008-09-05 Werner Koch <wk@g10code.com> @@ -173,4 +173,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - diff --git a/random/Makefile.am b/random/Makefile.am index 2058d563..603226d8 100644 --- a/random/Makefile.am +++ b/random/Makefile.am @@ -20,7 +20,7 @@ # Need to include ../src in addition to top_srcdir because gcrypt.h is # a built header. -AM_CPPFLAGS = -I../src -I$(top_srcdir)/src +AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) noinst_LTLIBRARIES = librandom.la @@ -38,7 +38,7 @@ random-fips.c \ rndhw.c if USE_RANDOM_DAEMON -librandom_la_SOURCES += random-daemon.c +librandom_la_SOURCES += random-daemon.c endif USE_RANDOM_DAEMON diff --git a/random/rand-internal.h b/random/rand-internal.h index 2cce9065..a04a2d41 100644 --- a/random/rand-internal.h +++ b/random/rand-internal.h @@ -24,7 +24,7 @@ /* Constants used to define the origin of random added to the pool. The code is sensitive to the order of the values. */ -enum random_origins +enum random_origins { RANDOM_ORIGIN_INIT = 0, /* Used only for initialization. */ RANDOM_ORIGIN_EXTERNAL = 1, /* Added from an external source. */ @@ -54,7 +54,7 @@ gcry_error_t _gcry_rngcsprng_add_bytes (const void *buf, size_t buflen, int quality); void *_gcry_rngcsprng_get_bytes (size_t nbytes, enum gcry_random_level level); -void *_gcry_rngcsprng_get_bytes_secure (size_t nbytes, +void *_gcry_rngcsprng_get_bytes_secure (size_t nbytes, enum gcry_random_level level); void _gcry_rngcsprng_randomize (void *buffer, size_t length, enum gcry_random_level level); @@ -71,7 +71,7 @@ gcry_error_t _gcry_rngfips_add_bytes (const void *buf, size_t buflen, int quality); void *_gcry_rngfips_get_bytes (size_t nbytes, enum gcry_random_level level); -void *_gcry_rngfips_get_bytes_secure (size_t nbytes, +void *_gcry_rngfips_get_bytes_secure (size_t nbytes, enum gcry_random_level level); void _gcry_rngfips_randomize (void *buffer, size_t length, enum gcry_random_level level); @@ -119,7 +119,7 @@ int _gcry_rndw32_gather_random (void (*add) (const void *, size_t, enum random_origins), enum random_origins origin, size_t length, int level); -void _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, +void _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, enum random_origins), enum random_origins origin ); @@ -128,7 +128,7 @@ int _gcry_rndw32ce_gather_random (void (*add) (const void *, size_t, enum random_origins), enum random_origins origin, size_t length, int level); -void _gcry_rndw32ce_gather_random_fast (void (*add)(const void*, size_t, +void _gcry_rndw32ce_gather_random_fast (void (*add)(const void*, size_t, enum random_origins), enum random_origins origin ); diff --git a/random/random-csprng.c b/random/random-csprng.c index 1d2e5191..096a6748 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -101,11 +101,11 @@ up. Its allocated size is POOLSIZE+BLOCKLEN. Note that this is also an indication on whether the module has been fully initialized. */ -static unsigned char *rndpool; +static unsigned char *rndpool; /* KEYPOOL is used as a scratch copy to read out random from RNDPOOL. Its allocated size is also POOLSIZE+BLOCKLEN. */ -static unsigned char *keypool; +static unsigned char *keypool; /* This is the offset into RNDPOOL where the next random bytes are to be mixed in. */ @@ -221,7 +221,7 @@ static struct test this flag in a locked state because a wrong value does not harm and the trhead will find out itself that the daemon does not work and set it (again) to false. */ -static int allow_daemon; +static int allow_daemon; /* During initialization, the user may set a non-default socket name for accessing the random daemon. If this value is NULL, the @@ -234,12 +234,12 @@ static char *daemon_socket_name; /* --- Prototypes --- */ static void read_pool (byte *buffer, size_t length, int level ); -static void add_randomness (const void *buffer, size_t length, +static void add_randomness (const void *buffer, size_t length, enum random_origins origin); static void random_poll (void); static void do_fast_random_poll (void); -static int (*getfnc_gather_random (void))(void (*)(const void*, size_t, - enum random_origins), +static int (*getfnc_gather_random (void))(void (*)(const void*, size_t, + enum random_origins), enum random_origins, size_t, int); static void (*getfnc_fast_random_poll (void))(void (*)(const void*, size_t, enum random_origins), @@ -271,7 +271,7 @@ initialize_basics(void) err = ath_mutex_init (&pool_lock); if (err) log_fatal ("failed to create the pool lock: %s\n", strerror (err) ); - + err = ath_mutex_init (&nonce_buffer_lock); if (err) log_fatal ("failed to create the nonce buffer lock: %s\n", @@ -283,7 +283,7 @@ initialize_basics(void) /* Make sure that we are still using the values we have traditionally used for the random levels. */ - gcry_assert (GCRY_WEAK_RANDOM == 0 + gcry_assert (GCRY_WEAK_RANDOM == 0 && GCRY_STRONG_RANDOM == 1 && GCRY_VERY_STRONG_RANDOM == 2); } @@ -293,7 +293,7 @@ initialize_basics(void) static void lock_pool (void) { - int err; + int err; err = ath_mutex_lock (&pool_lock); if (err) @@ -305,7 +305,7 @@ lock_pool (void) static void unlock_pool (void) { - int err; + int err; pool_is_locked = 0; err = ath_mutex_unlock (&pool_lock); @@ -345,7 +345,7 @@ initialize(void) faked_rng = 1; slow_gather_fnc = gather_faked; } - + /* Setup the fast entropy gathering function. */ fast_gather_fnc = getfnc_fast_random_poll (); @@ -427,7 +427,7 @@ _gcry_rngcsprng_use_daemon (int onoff) { #ifdef USE_RANDOM_DAEMON int last; - + /* This is not really thread safe. However it is expected that this function is being called during initialization and at that point we are for other reasons not really thread safe. We do not want @@ -472,7 +472,7 @@ _gcry_rngcsprng_add_bytes (const void *buf, size_t buflen, int quality) quality = 100; else if (quality < 0) quality = 0; - + if (!buf) return gpg_error (GPG_ERR_INV_ARG); @@ -496,9 +496,9 @@ _gcry_rngcsprng_add_bytes (const void *buf, size_t buflen, int quality) buflen -= nbytes; } return 0; -} +} + - /* Public function to fill the buffer with LENGTH bytes of cryptographically strong random bytes. Level GCRY_WEAK_RANDOM is not very strong, GCRY_STRONG_RANDOM is strong enough for most @@ -564,13 +564,13 @@ _gcry_rngcsprng_randomize (void *buffer, size_t length, Mix the pool: |........blocks*20byte........|20byte|..44byte..| - <..44byte..> <20byte> + <..44byte..> <20byte> | | | +------+ +---------------------------|----------+ v v |........blocks*20byte........|20byte|..44byte..| - <.....64bytes.....> + <.....64bytes.....> | +----------------------------------+ Hash @@ -590,7 +590,7 @@ _gcry_rngcsprng_randomize (void *buffer, size_t length, |.............................|20byte|..44byte..| <20byte><20byte><..44byte..> - and so on until we did this for all blocks. + and so on until we did this for all blocks. To better protect against implementation errors in this code, we xor a digest of the entire pool into the pool before mixing. @@ -627,7 +627,7 @@ mix_pool(unsigned char *pool) for (i=0; i < 20; i++) pool[i] ^= failsafe_digest[i]; } - + p = pool; for (n=1; n < POOLBLOCKS; n++) { @@ -636,10 +636,10 @@ mix_pool(unsigned char *pool) p += DIGESTLEN; if (p+DIGESTLEN+BLOCKLEN < pend) memcpy (hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN); - else + else { unsigned char *pp = p + DIGESTLEN; - + for (i=DIGESTLEN; i < BLOCKLEN; i++ ) { if ( pp >= pend ) @@ -647,7 +647,7 @@ mix_pool(unsigned char *pool) hashbuf[i] = *pp++; } } - + _gcry_rmd160_mixblock ( &md, hashbuf); memcpy(p, hashbuf, 20 ); } @@ -705,7 +705,7 @@ lock_seed_file (int fd, const char *fname, int for_write) if (backoff > 2) /* Show the first message after ~2.25 seconds. */ log_info( _("waiting for lock on `%s'...\n"), fname); - + tv.tv_sec = backoff; tv.tv_usec = 250000; select (0, NULL, NULL, NULL, &tv); @@ -744,7 +744,7 @@ read_seed_file (void) if (!seed_file_name) return 0; - + #ifdef HAVE_DOSISH_SYSTEM fd = open( seed_file_name, O_RDONLY | O_BINARY ); #else @@ -785,7 +785,7 @@ read_seed_file (void) allow_seed_file_update = 1; return 0; } - if (sb.st_size != POOLSIZE ) + if (sb.st_size != POOLSIZE ) { log_info(_("warning: invalid size of random_seed file - not used\n") ); close(fd); @@ -795,7 +795,7 @@ read_seed_file (void) do { n = read( fd, buffer, POOLSIZE ); - } + } while (n == -1 && errno == EINTR ); if (n != POOLSIZE) @@ -804,12 +804,12 @@ read_seed_file (void) close(fd);/*NOTREACHED*/ return 0; } - + close(fd); add_randomness( buffer, POOLSIZE, RANDOM_ORIGIN_INIT ); /* add some minor entropy to the pool now (this will also force a mixing) */ - { + { pid_t x = getpid(); add_randomness( &x, sizeof(x), RANDOM_ORIGIN_INIT ); } @@ -817,7 +817,7 @@ read_seed_file (void) time_t x = time(NULL); add_randomness( &x, sizeof(x), RANDOM_ORIGIN_INIT ); } - { + { clock_t x = clock(); add_randomness( &x, sizeof(x), RANDOM_ORIGIN_INIT ); } @@ -865,7 +865,7 @@ _gcry_rngcsprng_update_seed_file (void) /* Copy the entropy pool to a scratch pool and mix both of them. */ for (i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool; - i < POOLWORDS; i++, dp++, sp++ ) + i < POOLWORDS; i++, dp++, sp++ ) { *dp = *sp + ADD_VALUE; } @@ -896,19 +896,19 @@ _gcry_rngcsprng_update_seed_file (void) close (fd); } #endif /*LOCK_SEED_FILE*/ - else + else { do { i = write (fd, keypool, POOLSIZE ); - } + } while (i == -1 && errno == EINTR); - if (i != POOLSIZE) + if (i != POOLSIZE) log_info (_("can't write `%s': %s\n"),seed_file_name, strerror(errno)); if (close(fd)) log_info (_("can't close `%s': %s\n"),seed_file_name, strerror(errno)); } - + unlock_pool (); } @@ -928,7 +928,7 @@ read_pool (byte *buffer, size_t length, int level) Note that we keep a pid in a static variable as well as in a stack based one; the latter is to detect ill behaving thread libraries, ignoring the pool mutexes. */ - static volatile pid_t my_pid = (pid_t)(-1); + static volatile pid_t my_pid = (pid_t)(-1); volatile pid_t my_pid2; gcry_assert (pool_is_locked); @@ -936,7 +936,7 @@ read_pool (byte *buffer, size_t length, int level) retry: /* Get our own pid, so that we can detect a fork. */ my_pid2 = getpid (); - if (my_pid == (pid_t)(-1)) + if (my_pid == (pid_t)(-1)) my_pid = my_pid2; if ( my_pid != my_pid2 ) { @@ -987,7 +987,7 @@ read_pool (byte *buffer, size_t length, int level) if (level == GCRY_VERY_STRONG_RANDOM && pool_balance < length) { size_t needed; - + if (pool_balance < 0) pool_balance = 0; needed = length - pool_balance; @@ -1004,7 +1004,7 @@ read_pool (byte *buffer, size_t length, int level) /* Always do a fast random poll (we have to use the unlocked version). */ do_fast_random_poll(); - + /* Mix the pid in so that we for sure won't deliver the same random after a fork. */ { @@ -1037,7 +1037,7 @@ read_pool (byte *buffer, size_t length, int level) pool_readpos = 0; pool_balance--; } - + if (pool_balance < 0) pool_balance = 0; @@ -1112,13 +1112,13 @@ random_poll() /* Runtime determination of the slow entropy gathering module. */ static int (* -getfnc_gather_random (void))(void (*)(const void*, size_t, - enum random_origins), +getfnc_gather_random (void))(void (*)(const void*, size_t, + enum random_origins), enum random_origins, size_t, int) { - int (*fnc)(void (*)(const void*, size_t, enum random_origins), + int (*fnc)(void (*)(const void*, size_t, enum random_origins), enum random_origins, size_t, int); - + #if USE_RNDLINUX if ( !access (NAME_OF_DEV_RANDOM, R_OK) && !access (NAME_OF_DEV_URANDOM, R_OK)) @@ -1186,13 +1186,13 @@ do_fast_random_poll (void) /* Continue with the generic functions. */ #if HAVE_GETHRTIME - { + { hrtime_t tv; tv = gethrtime(); add_randomness( &tv, sizeof(tv), RANDOM_ORIGIN_FASTPOLL ); } #elif HAVE_GETTIMEOFDAY - { + { struct timeval tv; if( gettimeofday( &tv, NULL ) ) BUG(); @@ -1217,7 +1217,7 @@ do_fast_random_poll (void) #ifdef HAVE_GETRUSAGE # ifdef RUSAGE_SELF - { + { struct rusage buf; /* QNX/Neutrino does return ENOSYS - so we just ignore it and add whatever is in buf. In a chroot environment it might not work @@ -1240,7 +1240,7 @@ do_fast_random_poll (void) time_t x = time(NULL); add_randomness( &x, sizeof(x), RANDOM_ORIGIN_FASTPOLL ); } - { + { clock_t x = clock(); add_randomness( &x, sizeof(x), RANDOM_ORIGIN_FASTPOLL ); } @@ -1292,10 +1292,10 @@ gather_faked (void (*add)(const void*, size_t, enum random_origins), static int initialized=0; size_t n; char *buffer, *p; - + (void)add; (void)level; - + if ( !initialized ) { log_info(_("WARNING: using insecure random number generator!!\n")); @@ -1371,7 +1371,7 @@ _gcry_rngcsprng_create_nonce (void *buffer, size_t length) p = nonce_buffer; memcpy (p, &xpid, sizeof xpid); p += sizeof xpid; - memcpy (p, &atime, sizeof atime); + memcpy (p, &atime, sizeof atime); /* Initialize the never changing private part of 64 bits. */ gcry_randomize (nonce_buffer+20, 8, GCRY_WEAK_RANDOM); diff --git a/random/random-daemon.c b/random/random-daemon.c index 2e03ba00..d8bfe4c6 100644 --- a/random/random-daemon.c +++ b/random/random-daemon.c @@ -53,7 +53,7 @@ static ath_mutex_t daemon_lock = ATH_MUTEX_INITIALIZER; /* The socket connected to the daemon. */ -static int daemon_socket = -1; +static int daemon_socket = -1; /* Creates a socket connected to the daemon. On success, store the socket fd in *SOCK. Returns error code. */ @@ -78,7 +78,7 @@ connect_to_socket (const char *socketname, int *sock) } /* Set up address. */ - srvr_addr = gcry_malloc (sizeof *srvr_addr); + srvr_addr = gcry_malloc (sizeof *srvr_addr); if (! srvr_addr) { log_error ("malloc failed: %s\n", strerror (errno)); @@ -148,7 +148,7 @@ static int writen (int fd, const void *buffer, size_t length) { ssize_t n; - + while (length) { do @@ -171,7 +171,7 @@ readn (int fd, void *buf, size_t buflen, size_t *ret_nread) size_t nleft = buflen; int nread; char *p; - + p = buf; while (nleft > 0) { @@ -180,7 +180,7 @@ readn (int fd, void *buf, size_t buflen, size_t *ret_nread) { if (nread == EINTR) nread = 0; - else + else return -1; } else if (!nread) @@ -262,7 +262,7 @@ call_daemon (const char *socketname, err = gcry_error_from_errno (errno); break; } - + /* Retrieve response. */ rc = readn (daemon_socket, buf, 2, &nread); @@ -310,7 +310,7 @@ call_daemon (const char *socketname, log_error ("read error: %s\n", gcry_strerror (err)); break; } - + if (nread != nbytes) { log_error ("too little random data read\n"); @@ -333,7 +333,7 @@ call_daemon (const char *socketname, support GCRY_STRONG_RANDOM and GCRY_VERY_STRONG_RANDOM here. Return 0 on success. */ int -_gcry_daemon_randomize (const char *socketname, +_gcry_daemon_randomize (const char *socketname, void *buffer, size_t length, enum gcry_random_level level) { diff --git a/random/random-fips.c b/random/random-fips.c index f9a21d08..307d2b2a 100644 --- a/random/random-fips.c +++ b/random/random-fips.c @@ -157,7 +157,7 @@ struct rng_context /* We need to keep track of the process which did the initialization so that we can detect a fork. The volatile modifier is required so that the compiler does not optimize it away in case the getpid - function is badly attributed. */ + function is badly attributed. */ pid_t key_init_pid; pid_t seed_init_pid; }; @@ -200,10 +200,10 @@ basic_initialization (void) if (my_errno) log_fatal ("failed to create the RNG lock: %s\n", strerror (my_errno)); fips_rng_is_locked = 0; - + /* Make sure that we are still using the values we have traditionally used for the random levels. */ - gcry_assert (GCRY_WEAK_RANDOM == 0 + gcry_assert (GCRY_WEAK_RANDOM == 0 && GCRY_STRONG_RANDOM == 1 && GCRY_VERY_STRONG_RANDOM == 2); @@ -262,7 +262,7 @@ check_guards (rng_context_t rng_ctx) timestamp we construct is made up the real time and three counters: Buffer: 00112233445566778899AABBCCDDEEFF - !--+---!!-+-!!+!!--+---!!--+---! + !--+---!!-+-!!+!!--+---!!--+---! seconds ---------/ | | | | microseconds -----------/ | | | counter2 -------------------/ | | @@ -272,7 +272,7 @@ check_guards (rng_context_t rng_ctx) Counter 2 is just 12 bits wide and used to track fractions of milliseconds whereas counters 1 and 0 are combined to a free running 64 bit counter. */ -static void +static void x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) { gcry_assert (length == 16); /* This length is required for use with AES. */ @@ -281,7 +281,7 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) /* If the random context indicates that a test DT should be used, take the DT value from the context. For safety reasons we do this only if the context is not one of the regular contexts. */ - if (rng_ctx->test_dt_ptr + if (rng_ctx->test_dt_ptr && rng_ctx != nonce_context && rng_ctx != std_rng_context && rng_ctx != strong_rng_context) @@ -301,7 +301,7 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) static u32 last_sec, last_usec; static u32 counter1, counter0; static u16 counter2; - + unsigned int usec; struct timeval tv; @@ -350,11 +350,11 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) /* Add the free running counter. */ buffer[8] = ((counter1 >> 24) & 0xff); buffer[9] = ((counter1 >> 16) & 0xff); - buffer[10] = ((counter1 >> 8) & 0xff); + buffer[10] = ((counter1 >> 8) & 0xff); buffer[11] = ((counter1) & 0xff); buffer[12] = ((counter0 >> 24) & 0xff); buffer[13] = ((counter0 >> 16) & 0xff); - buffer[14] = ((counter0 >> 8) & 0xff); + buffer[14] = ((counter0 >> 8) & 0xff); buffer[15] = ((counter0) & 0xff); /* Bump up that counter. */ if (!++counter0) @@ -372,7 +372,7 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) the result at R. R needs to be provided by the caller with a size of at least LENGTH bytes. */ static void -xor_buffer (unsigned char *r, +xor_buffer (unsigned char *r, const unsigned char *a, const unsigned char *b, size_t length) { for ( ; length; length--, a++, b++, r++) @@ -383,7 +383,7 @@ xor_buffer (unsigned char *r, /* Encrypt LENGTH bytes of INPUT to OUTPUT using KEY. LENGTH needs to be 16. */ static void -encrypt_aes (gcry_cipher_hd_t key, +encrypt_aes (gcry_cipher_hd_t key, unsigned char *output, const unsigned char *input, size_t length) { gpg_error_t err; @@ -406,7 +406,7 @@ encrypt_aes (gcry_cipher_hd_t key, On return the result is stored at RESULT_R and the SEED_V is updated. May only be used while holding the lock. */ static void -x931_aes (unsigned char result_R[16], +x931_aes (unsigned char result_R[16], unsigned char datetime_DT[16], unsigned char seed_V[16], gcry_cipher_hd_t key, unsigned char intermediate_I[16], unsigned char temp_xor[16]) @@ -415,7 +415,7 @@ x931_aes (unsigned char result_R[16], Let V be a 128-bit seed value which is also kept secret, and XOR be the exclusive-or operator. Let DT be a date/time vector which - is updated on each iteration. I is a intermediate value. + is updated on each iteration. I is a intermediate value. I = ede*K(DT) */ encrypt_aes (key, intermediate_I, datetime_DT, 16); @@ -509,7 +509,7 @@ x931_aes_driver (unsigned char *output, size_t length, rng_context_t rng_ctx) } memcpy (rng_ctx->compare_value, result_buffer, 16); } - + /* Append to outbut. */ memcpy (output, result_buffer, nbytes); wipememory (result_buffer, 16); @@ -564,7 +564,7 @@ get_entropy (size_t nbytes) X931_AES_KEYLEN, GCRY_VERY_STRONG_RANDOM); #elif USE_RNDW32 - do + do { rc = _gcry_rndw32_gather_random (entropy_collect_cb, 0, X931_AES_KEYLEN, @@ -762,7 +762,7 @@ _gcry_rngfips_initialize (int full) std_rng_context = gcry_xcalloc_secure (1, sizeof *std_rng_context); setup_guards (std_rng_context); - + strong_rng_context = gcry_xcalloc_secure (1, sizeof *strong_rng_context); setup_guards (strong_rng_context); } @@ -807,9 +807,9 @@ _gcry_rngfips_add_bytes (const void *buf, size_t buflen, int quality) (void)buflen; (void)quality; return 0; /* Not implemented. */ -} +} + - /* Public function to fill the buffer with LENGTH bytes of cryptographically strong random bytes. Level GCRY_WEAK_RANDOM is here mapped to GCRY_STRONG_RANDOM, GCRY_STRONG_RANDOM is strong @@ -820,7 +820,7 @@ _gcry_rngfips_randomize (void *buffer, size_t length, enum gcry_random_level level) { _gcry_rngfips_initialize (1); /* Auto-initialize if needed. */ - + lock_rng (); if (level == GCRY_VERY_STRONG_RANDOM) get_random (buffer, length, strong_rng_context); @@ -850,7 +850,7 @@ _gcry_rngfips_create_nonce (void *buffer, size_t length) static gcry_err_code_t selftest_kat (selftest_report_func_t report) { - static struct + static struct { const unsigned char key[16]; const unsigned char dt[16]; @@ -880,7 +880,7 @@ selftest_kat (selftest_report_func_t report) 0x13, 0xd3, 0x13, 0xfa, 0x20, 0xe9, 0x8d, 0xbc }, { 0xc8, 0xd1, 0xe5, 0x11, 0x59, 0x52, 0xf7, 0xfa, 0x37, 0x38, 0xb4, 0xc5, 0xce, 0xb2, 0xb0, 0x9a }, - { 0x0d, 0x9c, 0xc5, 0x0d, 0x16, 0xe1, 0xbc, 0xed, + { 0x0d, 0x9c, 0xc5, 0x0d, 0x16, 0xe1, 0xbc, 0xed, 0xcf, 0x60, 0x62, 0x09, 0x9d, 0x20, 0x83, 0x7e } } }, { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, @@ -892,7 +892,7 @@ selftest_kat (selftest_report_func_t report) 0x63, 0x19, 0x37, 0x6f, 0x15, 0x22, 0x57, 0x56 }, { 0x7a, 0x14, 0x76, 0x77, 0x95, 0x17, 0x7e, 0xc8, 0x92, 0xe8, 0xdd, 0x15, 0xcb, 0x1f, 0xbc, 0xb1 }, - { 0x25, 0x3e, 0x2e, 0xa2, 0x41, 0x1b, 0xdd, 0xf5, + { 0x25, 0x3e, 0x2e, 0xa2, 0x41, 0x1b, 0xdd, 0xf5, 0x21, 0x48, 0x41, 0x71, 0xb3, 0x8d, 0x2f, 0x4c } } } }; int tvidx, ridx; @@ -905,7 +905,7 @@ selftest_kat (selftest_report_func_t report) test_ctx = gcry_xcalloc (1, sizeof *test_ctx); setup_guards (test_ctx); - + lock_rng (); for (tvidx=0; tvidx < DIM (tv); tvidx++) @@ -927,15 +927,15 @@ selftest_kat (selftest_report_func_t report) goto leave; } test_ctx->key_init_pid = getpid (); - + /* Setup the seed. */ memcpy (test_ctx->seed_V, tv[tvidx].v, 16); test_ctx->is_seeded = 1; test_ctx->seed_init_pid = getpid (); - + /* Setup a DT value. */ test_ctx->test_dt_ptr = tv[tvidx].dt; - test_ctx->test_dt_counter = ( (tv[tvidx].dt[12] << 24) + test_ctx->test_dt_counter = ( (tv[tvidx].dt[12] << 24) |(tv[tvidx].dt[13] << 16) |(tv[tvidx].dt[14] << 8) |(tv[tvidx].dt[15]) ); @@ -949,7 +949,7 @@ selftest_kat (selftest_report_func_t report) errtxt = "X9.31 RNG core function failed"; goto leave; } - + /* Compare it to the known value. */ if (memcmp (result, tv[tvidx].r[ridx], 16)) { @@ -1026,9 +1026,9 @@ _gcry_rngfips_init_external_test (void **r_context, unsigned int flags, rng_context_t test_ctx; _gcry_rngfips_initialize (1); /* Auto-initialize if needed. */ - + if (!r_context - || !key || keylen != 16 + || !key || keylen != 16 || !seed || seedlen != 16 || !dt || dtlen != 16 ) return GPG_ERR_INV_ARG; @@ -1037,7 +1037,7 @@ _gcry_rngfips_init_external_test (void **r_context, unsigned int flags, if (!test_ctx) return gpg_err_code_from_syserror (); setup_guards (test_ctx); - + /* Setup the key. */ err = gcry_cipher_open (&test_ctx->cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_ECB, @@ -1050,18 +1050,18 @@ _gcry_rngfips_init_external_test (void **r_context, unsigned int flags, goto leave; test_ctx->key_init_pid = getpid (); - + /* Setup the seed. */ memcpy (test_ctx->seed_V, seed, seedlen); test_ctx->is_seeded = 1; test_ctx->seed_init_pid = getpid (); - + /* Setup a DT value. Because our context structure only stores a pointer we copy the DT value to the extra space we allocated in the test_ctx and set the pointer to that address. */ memcpy ((unsigned char*)test_ctx + sizeof *test_ctx, dt, dtlen); - test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof *test_ctx; - test_ctx->test_dt_counter = ( (test_ctx->test_dt_ptr[12] << 24) + test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof *test_ctx; + test_ctx->test_dt_counter = ( (test_ctx->test_dt_ptr[12] << 24) |(test_ctx->test_dt_ptr[13] << 16) |(test_ctx->test_dt_ptr[14] << 8) |(test_ctx->test_dt_ptr[15]) ); @@ -1114,5 +1114,3 @@ _gcry_rngfips_deinit_external_test (void *context) gcry_free (test_ctx); } } - - diff --git a/random/random.c b/random/random.c index 8465abbd..40661ab0 100644 --- a/random/random.c +++ b/random/random.c @@ -161,10 +161,10 @@ gcry_random_add_bytes (const void *buf, size_t buflen, int quality) return 0; /* No need for this in fips mode. */ else return _gcry_rngcsprng_add_bytes (buf, buflen, quality); -} +} + - -/* Helper function. */ +/* Helper function. */ static void do_randomize (void *buffer, size_t length, enum gcry_random_level level) { @@ -288,7 +288,7 @@ _gcry_random_selftest (selftest_report_func_t report) success the test context is stored at R_CONTEXT; on failure NULL is stored at R_CONTEXT and an error code is returned. */ gcry_err_code_t -_gcry_random_init_external_test (void **r_context, +_gcry_random_init_external_test (void **r_context, unsigned int flags, const void *key, size_t keylen, const void *seed, size_t seedlen, diff --git a/random/random.h b/random/random.h index 9075d9a3..7a9585cd 100644 --- a/random/random.h +++ b/random/random.h @@ -39,13 +39,13 @@ void _gcry_update_random_seed_file (void); byte *_gcry_get_random_bits( size_t nbits, int level, int secure ); void _gcry_fast_random_poll( void ); -gcry_err_code_t _gcry_random_init_external_test (void **r_context, +gcry_err_code_t _gcry_random_init_external_test (void **r_context, unsigned int flags, const void *key, size_t keylen, const void *seed, size_t seedlen, - const void *dt, + const void *dt, size_t dtlen); gcry_err_code_t _gcry_random_run_external_test (void *context, char *buffer, size_t buflen); @@ -66,7 +66,3 @@ int _gcry_daemon_create_nonce (const char *socketname, #endif /*USE_RANDOM_DAEMON*/ #endif /*G10_RANDOM_H*/ - - - - diff --git a/random/rndegd.c b/random/rndegd.c index c194225e..464edf3d 100644 --- a/random/rndegd.c +++ b/random/rndegd.c @@ -79,8 +79,8 @@ do_write( int fd, void *buf, size_t nbytes ) { size_t nleft = nbytes; int nwritten; - - while( nleft > 0 ) + + while( nleft > 0 ) { nwritten = write( fd, buf, nleft); if( nwritten < 0 ) @@ -105,7 +105,7 @@ do_read( int fd, void *buf, size_t nbytes ) do { n = read(fd, (char*)buf + nread, nbytes ); - } + } while( n == -1 && errno == EINTR ); if( n == -1) return nread? nread:-1; @@ -113,7 +113,7 @@ do_read( int fd, void *buf, size_t nbytes ) return -1; nread += n; nbytes -= n; - } + } while( nread < nbytes ); return nread; } @@ -177,13 +177,13 @@ _gcry_rndegd_connect_socket (int nofail) if (strlen(name)+1 >= sizeof addr.sun_path) log_fatal ("EGD socketname is too long\n"); - + memset( &addr, 0, sizeof addr ); addr.sun_family = AF_UNIX; - strcpy( addr.sun_path, name ); + strcpy( addr.sun_path, name ); addr_len = (offsetof( struct sockaddr_un, sun_path ) + strlen( addr.sun_path )); - + fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1 && !nofail) log_fatal("can't create unix domain socket: %s\n", strerror(errno) ); diff --git a/random/rndhw.c b/random/rndhw.c index 0961d106..82faab45 100644 --- a/random/rndhw.c +++ b/random/rndhw.c @@ -44,7 +44,7 @@ poll_padlock (void (*add)(const void*, size_t, enum random_origins), volatile char buffer[64+8] __attribute__ ((aligned (8))); volatile char *p; unsigned int nbytes, status; - + /* Peter Gutmann's cryptlib tests again whether the RNG is enabled but we don't do so. We would have to do this also for our AES implementaion and that is definitely too time consuming. There @@ -55,7 +55,7 @@ poll_padlock (void (*add)(const void*, size_t, enum random_origins), nbytes = 0; while (nbytes < 64) { - asm volatile + asm volatile ("movl %1, %%edi\n\t" /* Set buffer. */ "xorl %%edx, %%edx\n\t" /* Request up to 8 bytes. */ ".byte 0x0f, 0xa7, 0xc0\n\t" /* XSTORE RNG. */ @@ -75,13 +75,13 @@ poll_padlock (void (*add)(const void*, size_t, enum random_origins), break; /* Don't get into the loop with the fast flag set. */ p += (status & 0x1f); } - else + else { /* If there was an error we need to break the loop and record that there is something wrong with the padlock RNG. */ rng_failed = 1; - break; + break; } } @@ -114,7 +114,7 @@ _gcry_rndhw_poll_fast (void (*add)(const void*, size_t, enum random_origins), #ifdef USE_PADLOCK if ((_gcry_get_hw_features () & HWF_PADLOCK_RNG)) poll_padlock (add, origin, 1); -#endif +#endif } @@ -132,7 +132,7 @@ _gcry_rndhw_poll_slow (void (*add)(const void*, size_t, enum random_origins), #ifdef USE_PADLOCK if ((_gcry_get_hw_features () & HWF_PADLOCK_RNG)) nbytes += poll_padlock (add, origin, 0); -#endif +#endif return nbytes; } diff --git a/random/rndlinux.c b/random/rndlinux.c index ec140a83..5b84a19c 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -71,8 +71,8 @@ open_device ( const char *name ) /* We used to do the following check, however it turned out that this is not portable since more OSes provide a random device which is - sometimes implemented as another device type. - + sometimes implemented as another device type. + struct stat sb; if( fstat( fd, &sb ) ) @@ -133,7 +133,7 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, fd_set rfds; struct timeval tv; int rc; - + FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = delay; @@ -159,16 +159,16 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, continue; } - do + do { int nbytes = length < sizeof(buffer)? length : sizeof(buffer); n = read(fd, buffer, nbytes ); - if( n >= 0 && n > nbytes ) + if( n >= 0 && n > nbytes ) { log_error("bogus read from random device (n=%d)\n", n ); n = nbytes; } - } + } while( n == -1 && errno == EINTR ); if ( n == -1 ) log_fatal("read error on random device: %s\n", strerror(errno)); @@ -176,9 +176,9 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, length -= n; } memset(buffer, 0, sizeof(buffer) ); - + if (any_need_entropy) _gcry_random_progress ("need_entropy", 'X', (int)want, (int)want); - + return 0; /* success */ } diff --git a/random/rndunix.c b/random/rndunix.c index 2db718da..cc5eb145 100644 --- a/random/rndunix.c +++ b/random/rndunix.c @@ -51,32 +51,32 @@ Subject: Re: LGPL for the windows entropy gatherer To: wk@gnupg.org Date: Wed, 22 Aug 2007 03:05:42 +1200 - + Hi, - + >As of now libgcrypt is GPL under Windows due to that module and some people >would really like to see it under LGPL too. Can you do such a license change >to LGPL version 2? Note that LGPL give the user the option to relicense it >under GPL, so the change would be pretty easy and backwar compatible. - + Sure. I assumed that since GPG was GPLd, you'd prefer the GPL for the entropy code as well, but Ian asked for LGPL as an option so as of the next release I'll have LGPL in there. You can consider it to be retroactive, so your current version will be LGPLd as well. - + Peter. ========== From: pgut001 <pgut001@cs.auckland.ac.nz> Subject: Re: LGPL for the windows entropy gatherer To: wk@gnupg.org Date: Wed, 22 Aug 2007 20:50:08 +1200 - + >Would you mind to extend this also to the Unix entropy gatherer which is >still used on systems without /dev/random and when EGD is not installed? That >would be the last GPLed piece in Libgcrypt. - + Sure, it covers the entire entropy-gathering subsystem. - + Peter. ========= */ @@ -325,10 +325,10 @@ static struct RI { /* This is a complex and screwball program. Some systems have things * like rX_dmn, x = integer, for RAID systems, but the statistics are * pretty dodgy */ -#ifdef __QNXNTO__ +#ifdef __QNXNTO__ { "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3), NULL, 0, 0, 0, 0 }, -#endif +#endif #if 0 /* The following aren't enabled since they're somewhat slow and not very * unpredictable, however they give an indication of the sort of sources @@ -591,19 +591,19 @@ slow_poll(FILE *dbgfp, int dbgall, size_t *nbytes ) { /* FIXME: Because we run several tools at once it is unlikely that we will see a block in select at all. */ - if (!any_need_entropy + if (!any_need_entropy || last_so_far != (gather_buffer_size - bufPos) ) { last_so_far = gather_buffer_size - bufPos; _gcry_random_progress ("need_entropy", 'X', - last_so_far, + last_so_far, gather_buffer_size); any_need_entropy = 1; } delay = 10; /* Use 10 seconds henceforth. */ /* Note that the fd_set is setup again at the end of this loop. */ } - + /* One of the sources has data available, read it into the buffer */ for (i = 0; dataSources[i].path != NULL; i++) { if( dataSources[i].pipe && FD_ISSET(dataSources[i].pipeFD, &fds)) { diff --git a/random/rndw32.c b/random/rndw32.c index c48eba76..f8a83b60 100644 --- a/random/rndw32.c +++ b/random/rndw32.c @@ -74,7 +74,7 @@ #include <stdlib.h> #include <errno.h> #include <string.h> -#ifdef __GNUC__ +#ifdef __GNUC__ #include <stdint.h> #endif @@ -141,22 +141,22 @@ typedef DWORD (WINAPI *NTPOWERINFORMATION) /* Type definitions for function pointers to call CryptoAPI functions. */ typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *phProv, LPCTSTR pszContainer, - LPCTSTR pszProvider, + LPCTSTR pszProvider, DWORD dwProvType, DWORD dwFlags); typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV hProv, DWORD dwLen, BYTE *pbBuffer); typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV hProv, DWORD dwFlags); -/* Somewhat alternative functionality available as a direct call, for +/* Somewhat alternative functionality available as a direct call, for Windows XP and newer. This is the CryptoAPI RNG, which isn't anywhere near as good as the HW RNG, but we use it if it's present on the basis - that at least it can't make things any worse. This direct access version + that at least it can't make things any worse. This direct access version is only available under Windows XP, we don't go out of our way to access - the more general CryptoAPI one since the main purpose of using it is to - take advantage of any possible future hardware RNGs that may be added, + the more general CryptoAPI one since the main purpose of using it is to + take advantage of any possible future hardware RNGs that may be added, for example via TCPA devices. */ -typedef BOOL (WINAPI *RTLGENRANDOM)(PVOID RandomBuffer, +typedef BOOL (WINAPI *RTLGENRANDOM)(PVOID RandomBuffer, ULONG RandomBufferLength); @@ -167,13 +167,13 @@ typedef BOOL (WINAPI *RTLGENRANDOM)(PVOID RandomBuffer, #define SMBType char #define SensorType char -typedef struct +typedef struct { SensorType iType; /* Type of sensor. */ int Count; /* Number of sensor for that type. */ } SharedIndex; -typedef struct +typedef struct { SensorType ssType; /* Type of sensor */ unsigned char ssName[12]; /* Name of sensor */ @@ -252,7 +252,7 @@ static int system_is_w2000; /* True if running on W2000. */ /* Try and connect to the system RNG if there's one present. */ -static void +static void init_system_rng (void) { system_rng_available = 0; @@ -268,16 +268,16 @@ init_system_rng (void) GetProcAddress (hAdvAPI32, "CryptGenRandom"); pCryptReleaseContext = (CRYPTRELEASECONTEXT) GetProcAddress (hAdvAPI32, "CryptReleaseContext"); - - /* Get a pointer to the native randomness function if it's available. + + /* Get a pointer to the native randomness function if it's available. This isn't exported by name, so we have to get it by ordinal. */ pRtlGenRandom = (RTLGENRANDOM) GetProcAddress (hAdvAPI32, "SystemFunction036"); - /* Try and connect to the PIII RNG CSP. The AMD 768 southbridge (from - the 760 MP chipset) also has a hardware RNG, but there doesn't appear - to be any driver support for this as there is for the Intel RNG so we - can't do much with it. OTOH the Intel RNG is also effectively dead + /* Try and connect to the PIII RNG CSP. The AMD 768 southbridge (from + the 760 MP chipset) also has a hardware RNG, but there doesn't appear + to be any driver support for this as there is for the Intel RNG so we + can't do much with it. OTOH the Intel RNG is also effectively dead as well, mostly due to virtually nonexistent support/marketing by Intel, it's included here mostly for form's sake. */ if ( (!pCryptAcquireContext || !pCryptGenRandom || !pCryptReleaseContext @@ -293,7 +293,7 @@ init_system_rng (void) /* Read data from the system RNG if availavle. */ -static void +static void read_system_rng (void (*add)(const void*, size_t, enum random_origins), enum random_origins requester) { @@ -330,7 +330,7 @@ read_system_rng (void (*add)(const void*, size_t, enum random_origins), /* Read data from MBM. This communicates via shared memory, so all we need to do is map a file and read the data out. */ static void -read_mbm_data (void (*add)(const void*, size_t, enum random_origins), +read_mbm_data (void (*add)(const void*, size_t, enum random_origins), enum random_origins requester) { HANDLE hMBMData; @@ -355,7 +355,7 @@ read_mbm_data (void (*add)(const void*, size_t, enum random_origins), /* Fallback method using the registry to poll the statistics. */ static void -registry_poll (void (*add)(const void*, size_t, enum random_origins), +registry_poll (void (*add)(const void*, size_t, enum random_origins), enum random_origins requester) { static int cbPerfData = PERFORMANCE_BUFFER_SIZE; @@ -421,7 +421,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), if (getenv ("GNUPG_RNDW32_NOPERF")) { static int shown; - + if (!shown) { shown = 1; @@ -436,7 +436,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), dwSize = cbPerfData; if ( debug_me ) log_debug ("rndw32#slow_gatherer_nt: get perf data\n" ); - + status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL, NULL, (LPBYTE) pPerfData, &dwSize); if (status == ERROR_SUCCESS) @@ -455,7 +455,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), else { static int been_here; - + /* Silence the error message. In particular under Wine (as of 2008) we would get swamped with such diagnotiscs. One such diagnotiscs should be enough. */ @@ -481,7 +481,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), static void -slow_gatherer ( void (*add)(const void*, size_t, enum random_origins), +slow_gatherer ( void (*add)(const void*, size_t, enum random_origins), enum random_origins requester ) { static int is_initialized = 0; @@ -568,7 +568,7 @@ slow_gatherer ( void (*add)(const void*, size_t, enum random_origins), is_initialized = 1; } - + read_system_rng ( add, requester ); read_mbm_data ( add, requester ); @@ -579,7 +579,7 @@ slow_gatherer ( void (*add)(const void*, size_t, enum random_origins), In any case the network statistics return almost no randomness. */ { LPBYTE lpBuffer; - + if (hNetAPI32 && !pNetStatisticsGet (NULL, is_workstation ? L"LanmanWorkstation" : @@ -599,7 +599,7 @@ slow_gatherer ( void (*add)(const void*, size_t, enum random_origins), { char diskPerformance[SIZEOF_DISK_PERFORMANCE_STRUCT + 8]; char szDevice[50]; - + /* Check whether we can access this device. */ snprintf (szDevice, sizeof szDevice, "\\\\.\\PhysicalDrive%d", drive_no); @@ -607,7 +607,7 @@ slow_gatherer ( void (*add)(const void*, size_t, enum random_origins), NULL, OPEN_EXISTING, 0, NULL); if (hDevice == INVALID_HANDLE_VALUE) break; /* No more drives. */ - + /* Note: This only works if you have turned on the disk performance counters with 'diskperf -y'. These counters are off by default. */ dwSize = sizeof diskPerformance; @@ -949,7 +949,7 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, shouldn't really be a problem. Under WinCE it's completely platform- dependant, if there's no hardware performance counter available, it uses the 1ms system timer. - + Another feature of the TSC (although it doesn't really affect us here) is that mobile CPUs will turn off the TSC when they idle, Pentiums will change the rate of the counter when they clock-throttle (to @@ -957,11 +957,11 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, it off when both threads are idle (this more or less makes sense, since the CPU will be in the halted state and not executing any instructions to count). - + To make things unambiguous, we detect a CPU new enough to call RDTSC directly by checking for CPUID capabilities, and fall back to QPC if this isn't present. */ -#ifdef __GNUC__ +#ifdef __GNUC__ /* FIXME: We would need to implement the CPU feature tests first. */ /* if (cpu_has_feature_rdtsc) */ /* { */ @@ -975,7 +975,7 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, #endif /*!__GNUC__*/ { LARGE_INTEGER performanceCount; - + if (QueryPerformanceCounter (&performanceCount)) { if ( debug_me ) diff --git a/random/rndw32ce.c b/random/rndw32ce.c index 6cd5d57e..b485eef2 100644 --- a/random/rndw32ce.c +++ b/random/rndw32ce.c @@ -82,7 +82,7 @@ _gcry_rndw32ce_gather_random (void (*add)(const void*, size_t, if (length+8 < buflen) buflen = length+8; /* Return a bit more than requested. */ - if (!CryptAcquireContext (&prov, NULL, NULL, PROV_RSA_FULL, + if (!CryptAcquireContext (&prov, NULL, NULL, PROV_RSA_FULL, (CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) ) log_debug ("CryptAcquireContext failed: rc=%d\n", (int)GetLastError ()); else @@ -184,16 +184,16 @@ _gcry_rndw32ce_gather_random_fast (void (*add)(const void*, size_t, (*add) ( &userTime, sizeof (userTime), origin ); } - + /* In case the OEM provides a high precision timer get this. If none is available the default implementation returns the GetTickCount. */ { LARGE_INTEGER performanceCount; - + if (QueryPerformanceCounter (&performanceCount)) (*add) (&performanceCount, sizeof (performanceCount), origin); } - + } |