diff options
Diffstat (limited to 'compat')
-rw-r--r-- | compat/arc4random.c | 12 | ||||
-rw-r--r-- | compat/chacha_private.h | 4 | ||||
-rw-r--r-- | compat/getentropy_aix.c | 6 | ||||
-rw-r--r-- | compat/getentropy_hpux.c | 4 | ||||
-rw-r--r-- | compat/getentropy_linux.c | 4 | ||||
-rw-r--r-- | compat/getentropy_osx.c | 4 | ||||
-rw-r--r-- | compat/getentropy_solaris.c | 4 | ||||
-rw-r--r-- | compat/posix_win.c | 113 |
8 files changed, 111 insertions, 40 deletions
diff --git a/compat/arc4random.c b/compat/arc4random.c index 2bb4dbf..1ec8e1e 100644 --- a/compat/arc4random.c +++ b/compat/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */ +/* $OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $ */ /* * Copyright (c) 1996, David Mazieres <dm@uun.org> @@ -49,6 +49,8 @@ #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ static struct _rs { size_t rs_have; /* valid bytes at end of rs_buf */ @@ -78,7 +80,7 @@ _rs_init(u_char *buf, size_t n) _exit(1); } - chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); + chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8); chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); } @@ -86,6 +88,7 @@ static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; + uint32_t rekey_fuzz = 0; if (getentropy(rnd, sizeof rnd) == -1) _getentropy_fail(); @@ -100,7 +103,10 @@ _rs_stir(void) rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs->rs_count = 1600000; + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void diff --git a/compat/chacha_private.h b/compat/chacha_private.h index 7c3680f..b0427b6 100644 --- a/compat/chacha_private.h +++ b/compat/chacha_private.h @@ -4,7 +4,7 @@ D. J. Bernstein Public domain. */ -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ +/* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */ typedef unsigned char u8; typedef unsigned int u32; @@ -52,7 +52,7 @@ static const char sigma[16] = "expand 32-byte k"; static const char tau[16] = "expand 16-byte k"; static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) { const char *constants; diff --git a/compat/getentropy_aix.c b/compat/getentropy_aix.c index 422e685..9d085cf 100644 --- a/compat/getentropy_aix.c +++ b/compat/getentropy_aix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_aix.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_aix.c,v 1.9 2022/12/26 07:18:50 jmc Exp $ */ /* * Copyright (c) 2015 Michael Felt <aixtools@gmail.com> @@ -21,7 +21,7 @@ * http://man.openbsd.org/getentropy.2 */ /* - * -lperfstat is needed for the psuedo entropy data + * -lperfstat is needed for the pseudo entropy data */ #include <sys/mman.h> @@ -134,7 +134,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/compat/getentropy_hpux.c b/compat/getentropy_hpux.c index c981880..7188ae5 100644 --- a/compat/getentropy_hpux.c +++ b/compat/getentropy_hpux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_hpux.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_hpux.c,v 1.8 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -138,7 +138,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c index bc7a6be..c7c39c2 100644 --- a/compat/getentropy_linux.c +++ b/compat/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.47 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.48 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -212,7 +212,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open("/dev/urandom", flags, 0); + fd = open("/dev/urandom", flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/compat/getentropy_osx.c b/compat/getentropy_osx.c index 5d4067b..db028d1 100644 --- a/compat/getentropy_osx.c +++ b/compat/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.13 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.14 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -158,7 +158,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open("/dev/urandom", flags, 0); + fd = open("/dev/urandom", flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index cf5b9bf..e36426c 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.14 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.15 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -164,7 +164,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/compat/posix_win.c b/compat/posix_win.c index 30c93cd..b3a4687 100644 --- a/compat/posix_win.c +++ b/compat/posix_win.c @@ -148,6 +148,49 @@ wsa_errno(int err) return -1; } +/* + * Employ a similar trick to cpython (pycore_fileutils.h) where the CRT report + * handler is disabled while checking if a descriptor is a socket or a file + */ +#if defined _MSC_VER && _MSC_VER >= 1900 + +#include <crtdbg.h> +#include <stdlib.h> + +static void noop_handler(const wchar_t *expression, const wchar_t *function, + const wchar_t *file, unsigned int line, uintptr_t pReserved) +{ + return; +} + +#define BEGIN_SUPPRESS_IPH \ + _invalid_parameter_handler old_handler = _set_thread_local_invalid_parameter_handler(noop_handler) +#define END_SUPPRESS_IPH \ + _set_thread_local_invalid_parameter_handler(old_handler) + +#else + +#define BEGIN_SUPPRESS_IPH +#define END_SUPPRESS_IPH + +#endif + +static int +is_socket(int fd) +{ + intptr_t hd; + + BEGIN_SUPPRESS_IPH; + hd = _get_osfhandle(fd); + END_SUPPRESS_IPH; + + if (hd == (intptr_t)INVALID_HANDLE_VALUE) { + return 1; /* fd is not file descriptor */ + } + + return 0; +} + int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { @@ -160,24 +203,31 @@ posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) int posix_close(int fd) { - if (closesocket(fd) == SOCKET_ERROR) { - int err = WSAGetLastError(); - return (err == WSAENOTSOCK || err == WSAEBADF || - err == WSANOTINITIALISED) ? - close(fd) : wsa_errno(err); + int rc; + + if (is_socket(fd)) { + if ((rc = closesocket(fd)) == SOCKET_ERROR) { + int err = WSAGetLastError(); + rc = wsa_errno(err); + } + } else { + rc = close(fd); } - return 0; + return rc; } ssize_t posix_read(int fd, void *buf, size_t count) { - ssize_t rc = recv(fd, buf, count, 0); - if (rc == SOCKET_ERROR) { - int err = WSAGetLastError(); - return (err == WSAENOTSOCK || err == WSAEBADF || - err == WSANOTINITIALISED) ? - read(fd, buf, count) : wsa_errno(err); + ssize_t rc; + + if (is_socket(fd)) { + if ((rc = recv(fd, buf, count, 0)) == SOCKET_ERROR) { + int err = WSAGetLastError(); + rc = wsa_errno(err); + } + } else { + rc = read(fd, buf, count); } return rc; } @@ -185,12 +235,13 @@ posix_read(int fd, void *buf, size_t count) ssize_t posix_write(int fd, const void *buf, size_t count) { - ssize_t rc = send(fd, buf, count, 0); - if (rc == SOCKET_ERROR) { - int err = WSAGetLastError(); - return (err == WSAENOTSOCK || err == WSAEBADF || - err == WSANOTINITIALISED) ? - write(fd, buf, count) : wsa_errno(err); + ssize_t rc; + if (is_socket(fd)) { + if ((rc = send(fd, buf, count, 0)) == SOCKET_ERROR) { + rc = wsa_errno(WSAGetLastError()); + } + } else { + rc = write(fd, buf, count); } return rc; } @@ -199,17 +250,32 @@ int posix_getsockopt(int sockfd, int level, int optname, void *optval, socklen_t *optlen) { - int rc = getsockopt(sockfd, level, optname, (char *)optval, optlen); - return rc == 0 ? 0 : wsa_errno(WSAGetLastError()); - + int rc; + if (is_socket(sockfd)) { + rc = getsockopt(sockfd, level, optname, (char *)optval, optlen); + if (rc != 0) { + rc = wsa_errno(WSAGetLastError()); + } + } else { + rc = -1; + } + return rc; } int posix_setsockopt(int sockfd, int level, int optname, const void *optval, socklen_t optlen) { - int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen); - return rc == 0 ? 0 : wsa_errno(WSAGetLastError()); + int rc; + if (is_socket(sockfd)) { + rc = setsockopt(sockfd, level, optname, (char *)optval, optlen); + if (rc != 0) { + rc = wsa_errno(WSAGetLastError()); + } + } else { + rc = -1; + } + return rc; } uid_t getuid(void) @@ -241,5 +307,4 @@ int gettimeofday(struct timeval * tp, struct timezone * tzp) tp->tv_usec = (long)(system_time.wMilliseconds * 1000); return 0; } - #endif |