1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/lib/util/genrand.c
Dmitry Antipov cea9b25571 lib:util: prefer size_t for random data generation functions
Prefer 'size_t' over 'int' in generate_random_buffer(),
generate_secret_buffer() and generate_nonce_buffer() to
match an underlying gnutls_rnd() calls.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16 23:29:32 +00:00

88 lines
2.5 KiB
C

/*
Unix SMB/CIFS implementation.
Functions to create reasonable random numbers for crypto use.
Copyright (C) Jeremy Allison 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "replace.h"
#include "lib/util/fault.h"
#include "lib/util/genrand.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
/*
* Details about the GnuTLS CSPRNG:
*
* https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
*/
_NORETURN_ static void genrand_panic(int err,
const char *location,
const char *func)
{
char buf[200];
snprintf(buf, sizeof(buf),
"%s:%s: GnuTLS could not generate a random buffer: %s [%d]\n",
location, func, gnutls_strerror_name(err), err);
smb_panic(buf);
}
_PUBLIC_ void generate_random_buffer(uint8_t *out, size_t len)
{
/* Random number generator for temporary keys. */
int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
if (ret != 0) {
genrand_panic(ret, __location__, __func__);
}
}
_PUBLIC_ void generate_secret_buffer(uint8_t *out, size_t len)
{
/*
* Random number generator for long term keys.
*
* The key generator, will re-seed after a fixed amount of bytes is
* generated (typically less than the nonce), and will also re-seed
* based on time, i.e., after few hours of operation without reaching
* the limit for a re-seed. For its re-seed it mixes data obtained
* from the OS random device with the previous key.
*/
int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len);
if (ret != 0) {
genrand_panic(ret, __location__, __func__);
}
}
_PUBLIC_ void generate_nonce_buffer(uint8_t *out, size_t len)
{
/*
* Random number generator for nonce and initialization vectors.
*
* The nonce generator will reseed after outputting a fixed amount of
* bytes (typically few megabytes), or after few hours of operation
* without reaching the limit has passed.
*/
int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len);
if (ret != 0) {
genrand_panic(ret, __location__, __func__);
}
}