1 /*****************************************************************************
2 * rand.c : non-predictible random bytes generator
3 *****************************************************************************
4 * Copyright © 2007 Rémi Denis-Courmont
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
20 *****************************************************************************/
30 #include <sys/types.h>
38 * Pseudo-random number generator using a HMAC-MD5 in counter mode.
39 * Probably not very secure (expert patches welcome) but definitely
40 * better than rand() which is defined to be reproducible...
44 static uint8_t okey[BLOCK_SIZE], ikey[BLOCK_SIZE];
46 static void vlc_rand_init (void)
48 #if defined (__OpenBSD__) || defined (__OpenBSD_kernel__)
49 static const char randfile[] = "/dev/random";
51 static const char randfile[] = "/dev/urandom";
53 uint8_t key[BLOCK_SIZE];
55 /* Get non-predictible value as key for HMAC */
56 int fd = open (randfile, O_RDONLY);
60 for (size_t i = 0; i < sizeof (key);)
62 ssize_t val = read (fd, key + i, sizeof (key) - i);
67 /* Precompute outer and inner keys for HMAC */
68 for (size_t i = 0; i < sizeof (key); i++)
70 okey[i] = key[i] ^ 0x5c;
71 ikey[i] = key[i] ^ 0x36;
78 void vlc_rand_bytes (void *buf, size_t len)
80 static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
81 static uint64_t counter = 0;
83 uint64_t stamp = NTPtime64 ();
88 struct md5_s mdi, mdo;
90 pthread_mutex_lock (&lock);
94 pthread_mutex_unlock (&lock);
97 AddMD5 (&mdi, ikey, sizeof (ikey));
98 AddMD5 (&mdi, &stamp, sizeof (stamp));
99 AddMD5 (&mdi, &val, sizeof (val));
102 AddMD5 (&mdo, okey, sizeof (okey));
103 AddMD5 (&mdo, mdi.p_digest, sizeof (mdi.p_digest));
106 if (len < sizeof (mdo.p_digest))
108 memcpy (buf, mdo.p_digest, len);
112 memcpy (buf, mdo.p_digest, sizeof (mdo.p_digest));
113 len -= sizeof (mdo.p_digest);
114 buf = ((uint8_t *)buf) + sizeof (mdo.p_digest);
120 #include <wincrypt.h>
122 void vlc_rand_bytes (void *buf, size_t len)
126 uint8_t *p_buf = (uint8_t *)buf;
128 /* fill buffer with pseudo-random data */
133 if (count < sizeof (val))
135 memcpy (p_buf, &val, count);
139 memcpy (p_buf, &val, sizeof (val));
140 count -= sizeof (val);
141 p_buf += sizeof (val);
144 /* acquire default encryption context */
145 if( CryptAcquireContext(
146 &hProv, // Variable to hold returned handle.
147 NULL, // Use default key container.
148 MS_DEF_PROV, // Use default CSP.
149 PROV_RSA_FULL, // Type of provider to acquire.
152 /* fill buffer with pseudo-random data, intial buffer content
153 is used as auxillary random seed */
154 CryptGenRandom(hProv, len, buf);
155 CryptReleaseContext(hProv, 0);