static in_port_t rds_update_next_port(in_port_t port) { (void) random_get_pseudo_bytes((uint8_t *)&port, sizeof (in_port_t)); if (port < rds_smallest_port) port = rds_smallest_port; return (port); }
void oce_gen_hkey(char *hkey, int key_size) { int i; int nkeys = key_size/sizeof (uint32_t); for (i = 0; i < nkeys; i++) { (void) random_get_pseudo_bytes( (uint8_t *)&hkey[i * sizeof (uint32_t)], sizeof (uint32_t)); } }
/*ARGSUSED*/ krb5_error_code KRB5_CALLCONV krb5_c_random_make_octets(krb5_context context, krb5_data *data) { /* * Solaris kerberos uses /dev/[u]random */ #ifndef _KERNEL /* User space code */ krb5_error_code err = 0; CK_RV rv; KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, user space using " "krb5_get_random_octets()\n"); rv = C_GenerateRandom(krb_ctx_hSession(context), (CK_BYTE_PTR)data->data, (CK_ULONG)data->length); if (rv != CKR_OK) { KRB5_LOG(KRB5_ERR, "C_GenerateRandom failed in " "krb5_c_random_make_octets: rv = 0x%x.", rv); err = PKCS_ERR; } if (err != 0) { KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, error"); return (err); } #else /* Kernel code section */ /* * Solaris Kerberos: for kernel code we use the randomness generator native * to Solaris 9. We avoid global variables and other nastiness this way. * * Using random_get_pseudo_bytes() instead of random_get_bytes() because it * will not return an error code if there isn't enough entropy but will use * a pseudo random algorithm to produce randomness. Most of the time it * should be as good as random_get_bytes() and we don't have to worry about * dealing with a non-fatal error. */ KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, kernel using " "random_get_pseudo_bytes()\n "); if(random_get_pseudo_bytes((uint8_t *)data->data, data->length) != 0) { KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, " "random_get_pseudo_bytes() error.\n"); return(KRB5_CRYPTO_INTERNAL); } #endif /* !_KERNEL */ KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() end\n"); return(0); }
static void sctp_init_faddr(sctp_t *sctp, sctp_faddr_t *fp, in6_addr_t *addr, mblk_t *timer_mp) { sctp_stack_t *sctps = sctp->sctp_sctps; ASSERT(fp->ixa != NULL); bcopy(addr, &fp->faddr, sizeof (*addr)); if (IN6_IS_ADDR_V4MAPPED(addr)) { fp->isv4 = 1; /* Make sure that sfa_pmss is a multiple of SCTP_ALIGN. */ fp->sfa_pmss = (sctps->sctps_initial_mtu - sctp->sctp_hdr_len) & ~(SCTP_ALIGN - 1); fp->ixa->ixa_flags |= IXAF_IS_IPV4; } else { fp->isv4 = 0; fp->sfa_pmss = (sctps->sctps_initial_mtu - sctp->sctp_hdr6_len) & ~(SCTP_ALIGN - 1); fp->ixa->ixa_flags &= ~IXAF_IS_IPV4; } fp->cwnd = sctps->sctps_slow_start_initial * fp->sfa_pmss; fp->rto = MIN(sctp->sctp_rto_initial, sctp->sctp_init_rto_max); SCTP_MAX_RTO(sctp, fp); fp->srtt = -1; fp->rtt_updates = 0; fp->strikes = 0; fp->max_retr = sctp->sctp_pp_max_rxt; /* Mark it as not confirmed. */ fp->state = SCTP_FADDRS_UNCONFIRMED; fp->hb_interval = sctp->sctp_hb_interval; fp->ssthresh = sctps->sctps_initial_ssthresh; fp->suna = 0; fp->pba = 0; fp->acked = 0; fp->lastactive = fp->hb_expiry = ddi_get_lbolt64(); fp->timer_mp = timer_mp; fp->hb_pending = B_FALSE; fp->hb_enabled = B_TRUE; fp->df = 1; fp->pmtu_discovered = 0; fp->next = NULL; fp->T3expire = 0; (void) random_get_pseudo_bytes((uint8_t *)&fp->hb_secret, sizeof (fp->hb_secret)); fp->rxt_unacked = 0; sctp_get_dest(sctp, fp); }
/* * Compress a buffer, uncompress the newly compressed buffer, then * compare it to the original. Do this for all 9 compression levels. */ static int splat_zlib_test1(struct file *file, void *arg) { void *src = NULL, *dst = NULL, *chk = NULL; int i, rc, level; src = vmalloc(BUFFER_SIZE); if (src == NULL) { rc = -ENOMEM; goto out; } dst = vmalloc(BUFFER_SIZE); if (dst == NULL) { rc = -ENOMEM; goto out; } chk = vmalloc(BUFFER_SIZE); if (chk == NULL) { rc = -ENOMEM; goto out; } /* Source buffer is a repeating 1024 byte random pattern. */ random_get_pseudo_bytes(src, sizeof(uint8_t) * 1024); for (i = 1; i < 128; i++) memcpy(src + (i * 1024), src, 1024); for (level = 1; level <= 9; level++) if ((rc = splat_zlib_test1_check(file, src, dst, chk, level))) break; out: if (src) vfree(src); if (dst) vfree(dst); if (chk) vfree(chk); return rc; }
int sfxge_toeplitz_hash_init(sfxge_t *sp) { int rc; uint8_t toeplitz_key[SFXGE_TOEPLITZ_KEY_LEN]; (void) random_get_pseudo_bytes(toeplitz_key, sizeof (toeplitz_key)); if ((rc = efx_rx_scale_mode_set(sp->s_enp, EFX_RX_HASHALG_TOEPLITZ, (1 << EFX_RX_HASH_IPV4) | (1 << EFX_RX_HASH_TCPIPV4) | (1 << EFX_RX_HASH_IPV6) | (1 << EFX_RX_HASH_TCPIPV6), B_TRUE)) != 0) return (rc); if ((rc = efx_rx_scale_key_set(sp->s_enp, toeplitz_key, sizeof (toeplitz_key))) != 0) return (rc); sp->s_toeplitz_cache = toeplitz_cache_init(toeplitz_key); return (0); }
int sctp_listen(sctp_t *sctp) { sctp_tf_t *tf; RUN_SCTP(sctp); /* * TCP handles listen() increasing the backlog, need to check * if it should be handled here too */ if (sctp->sctp_state > SCTPS_BOUND) { WAKE_SCTP(sctp); return (EINVAL); } /* Do an anonymous bind for unbound socket doing listen(). */ if (sctp->sctp_nsaddrs == 0) { struct sockaddr_storage ss; int ret; bzero(&ss, sizeof (ss)); ss.ss_family = sctp->sctp_family; WAKE_SCTP(sctp); if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss, sizeof (ss))) != 0) return (ret); RUN_SCTP(sctp) } sctp->sctp_state = SCTPS_LISTEN; (void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN); sctp->sctp_last_secret_update = lbolt64; bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN); tf = &sctp_listen_fanout[SCTP_LISTEN_HASH(ntohs(sctp->sctp_lport))]; sctp_listen_hash_insert(tf, sctp); WAKE_SCTP(sctp); return (0); }
uint64_t unique_insert(uint64_t value) { avl_index_t idx; unique_t *un = kmem_alloc(sizeof (unique_t), KM_SLEEP); un->un_value = value; mutex_enter(&unique_mtx); while (un->un_value == 0 || un->un_value & ~UNIQUE_MASK || avl_find(&unique_avl, un, &idx)) { mutex_exit(&unique_mtx); (void) random_get_pseudo_bytes((void*)&un->un_value, sizeof (un->un_value)); un->un_value &= UNIQUE_MASK; mutex_enter(&unique_mtx); } avl_insert(&unique_avl, un, idx); mutex_exit(&unique_mtx); return (un->un_value); }
void auth_random_set_data(uchar_t *data, unsigned int length) { (void) random_get_pseudo_bytes(data, length); }
/* ARGSUSED */ chap_validation_status_type iscsit_radius_chap_validate(char *target_chap_name, char *initiator_chap_name, uint8_t *challenge, uint32_t challenge_length, uint8_t *target_response, uint32_t response_length, uint8_t identifier, iscsi_ipaddr_t rad_svr_ip_addr, uint32_t rad_svr_port, uint8_t *rad_svr_shared_secret, uint32_t rad_svr_shared_secret_len) { chap_validation_status_type validation_status; char lbolt[64]; int rcv_status; void *socket; radius_packet_data_t req; radius_packet_data_t resp; MD5_CTX context; uint8_t md5_digest[16]; /* MD5 digest length 16 */ uint8_t random_number[16]; if (rad_svr_shared_secret_len == 0) { /* The secret must not be empty (section 3, RFC 2865) */ cmn_err(CE_WARN, "empty RADIUS shared secret"); return (CHAP_VALIDATION_BAD_RADIUS_SECRET); } bzero(&req, sizeof (radius_packet_data_t)); req.identifier = identifier; req.code = RAD_ACCESS_REQ; set_radius_attrs(&req, target_chap_name, target_response, response_length, challenge, challenge_length); /* Prepare the request authenticator */ MD5Init(&context); bzero(&md5_digest, 16); /* First, the shared secret */ MD5Update(&context, rad_svr_shared_secret, rad_svr_shared_secret_len); /* Then a unique number - use lbolt plus a random number */ bzero(&lbolt, sizeof (lbolt)); (void) snprintf(lbolt, sizeof (lbolt), "%lx", ddi_get_lbolt()); MD5Update(&context, (uint8_t *)lbolt, strlen(lbolt)); bzero(&random_number, sizeof (random_number)); (void) random_get_pseudo_bytes(random_number, sizeof (random_number)); MD5Update(&context, random_number, sizeof (random_number)); MD5Final(md5_digest, &context); bcopy(md5_digest, &req.authenticator, RAD_AUTHENTICATOR_LEN); socket = idm_socreate(PF_INET, SOCK_DGRAM, 0); if (socket == NULL) { /* Error obtaining socket for RADIUS use */ return (CHAP_VALIDATION_RADIUS_ACCESS_ERROR); } /* Send the authentication access request to the RADIUS server */ if (iscsit_snd_radius_request(socket, rad_svr_ip_addr, rad_svr_port, &req) != 0) { idm_soshutdown(socket); idm_sodestroy(socket); return (CHAP_VALIDATION_RADIUS_ACCESS_ERROR); } bzero(&resp, sizeof (radius_packet_data_t)); /* Analyze the response coming through from the same socket. */ rcv_status = iscsit_rcv_radius_response(socket, rad_svr_shared_secret, rad_svr_shared_secret_len, req.authenticator, &resp); if (rcv_status == RAD_RSP_RCVD_SUCCESS) { if (resp.code == RAD_ACCESS_ACPT) { validation_status = CHAP_VALIDATION_PASSED; } else if (resp.code == RAD_ACCESS_REJ) { validation_status = CHAP_VALIDATION_INVALID_RESPONSE; } else { validation_status = CHAP_VALIDATION_UNKNOWN_RADIUS_CODE; } } else if (rcv_status == RAD_RSP_RCVD_AUTH_FAILED) { validation_status = CHAP_VALIDATION_BAD_RADIUS_SECRET; } else { validation_status = CHAP_VALIDATION_RADIUS_ACCESS_ERROR; } /* Done! Close the socket. */ idm_soshutdown(socket); idm_sodestroy(socket); return (validation_status); }
int osi_readRandom(void *data, afs_size_t len) { random_get_pseudo_bytes(data, len); return 0; }
int sctp_listen(sctp_t *sctp) { sctp_tf_t *tf; sctp_stack_t *sctps = sctp->sctp_sctps; conn_t *connp = sctp->sctp_connp; RUN_SCTP(sctp); /* * TCP handles listen() increasing the backlog, need to check * if it should be handled here too */ if (sctp->sctp_state > SCTPS_BOUND || (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { WAKE_SCTP(sctp); return (EINVAL); } /* Do an anonymous bind for unbound socket doing listen(). */ if (sctp->sctp_nsaddrs == 0) { struct sockaddr_storage ss; int ret; bzero(&ss, sizeof (ss)); ss.ss_family = connp->conn_family; WAKE_SCTP(sctp); if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss, sizeof (ss))) != 0) return (ret); RUN_SCTP(sctp) } /* Cache things in the ixa without any refhold */ ASSERT(!(connp->conn_ixa->ixa_free_flags & IXA_FREE_CRED)); connp->conn_ixa->ixa_cred = connp->conn_cred; connp->conn_ixa->ixa_cpid = connp->conn_cpid; if (is_system_labeled()) connp->conn_ixa->ixa_tsl = crgetlabel(connp->conn_cred); sctp->sctp_state = SCTPS_LISTEN; (void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN); sctp->sctp_last_secret_update = ddi_get_lbolt64(); bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN); /* * If there is an association limit, allocate and initialize * the counter struct. Note that since listen can be called * multiple times, the struct may have been allready allocated. */ if (!list_is_empty(&sctps->sctps_listener_conf) && sctp->sctp_listen_cnt == NULL) { sctp_listen_cnt_t *slc; uint32_t ratio; ratio = sctp_find_listener_conf(sctps, ntohs(connp->conn_lport)); if (ratio != 0) { uint32_t mem_ratio, tot_buf; slc = kmem_alloc(sizeof (sctp_listen_cnt_t), KM_SLEEP); /* * Calculate the connection limit based on * the configured ratio and maxusers. Maxusers * are calculated based on memory size, * ~ 1 user per MB. Note that the conn_rcvbuf * and conn_sndbuf may change after a * connection is accepted. So what we have * is only an approximation. */ if ((tot_buf = connp->conn_rcvbuf + connp->conn_sndbuf) < MB) { mem_ratio = MB / tot_buf; slc->slc_max = maxusers / ratio * mem_ratio; } else { mem_ratio = tot_buf / MB; slc->slc_max = maxusers / ratio / mem_ratio; } /* At least we should allow some associations! */ if (slc->slc_max < sctp_min_assoc_listener) slc->slc_max = sctp_min_assoc_listener; slc->slc_cnt = 1; slc->slc_drop = 0; sctp->sctp_listen_cnt = slc; } } tf = &sctps->sctps_listen_fanout[SCTP_LISTEN_HASH( ntohs(connp->conn_lport))]; sctp_listen_hash_insert(tf, sctp); WAKE_SCTP(sctp); return (0); }
void iscsiAuthRandomSetData(uchar_t *data, unsigned int length) { (void) random_get_pseudo_bytes(data, length); }
/* ARGSUSED */ int tswtcl_process(mblk_t **mpp, tswtcl_data_t *tswtcl_data, ipp_action_id_t *next_action) { ipha_t *ipha; hrtime_t now; ip6_t *ip6_hdr; uint32_t pkt_len; mblk_t *mp = *mpp; hrtime_t deltaT; uint64_t bitsinwin; uint32_t min = 0, additive, rnd; tswtcl_cfg_t *cfg_parms = tswtcl_data->cfg_parms; if (mp == NULL) { tswtcl0dbg(("tswtcl_process: null mp!\n")); atomic_add_64(&tswtcl_data->epackets, 1); return (EINVAL); } if (mp->b_datap->db_type != M_DATA) { if ((mp->b_cont != NULL) && (mp->b_cont->b_datap->db_type == M_DATA)) { mp = mp->b_cont; } else { tswtcl0dbg(("tswtcl_process: no data\n")); atomic_add_64(&tswtcl_data->epackets, 1); return (EINVAL); } } /* Figure out the ToS/Traffic Class and length from the message */ if ((mp->b_wptr - mp->b_rptr) < IP_SIMPLE_HDR_LENGTH) { if (!pullupmsg(mp, IP_SIMPLE_HDR_LENGTH)) { tswtcl0dbg(("tswtcl_process: pullup error\n")); atomic_add_64(&tswtcl_data->epackets, 1); return (EINVAL); } } ipha = (ipha_t *)mp->b_rptr; if (IPH_HDR_VERSION(ipha) == IPV4_VERSION) { pkt_len = ntohs(ipha->ipha_length); } else { ip6_hdr = (ip6_t *)mp->b_rptr; pkt_len = ntohs(ip6_hdr->ip6_plen) + ip_hdr_length_v6(mp, ip6_hdr); } /* Convert into bits */ pkt_len <<= 3; /* Get current time */ now = gethrtime(); /* Update the avg_rate and win_front tswtcl_data */ mutex_enter(&tswtcl_data->tswtcl_lock); /* avg_rate = bits/sec and window in msec */ bitsinwin = ((uint64_t)tswtcl_data->avg_rate * cfg_parms->window / 1000) + pkt_len; deltaT = now - tswtcl_data->win_front + cfg_parms->nsecwindow; tswtcl_data->avg_rate = (uint64_t)bitsinwin * METER_SEC_TO_NSEC / deltaT; tswtcl_data->win_front = now; if (tswtcl_data->avg_rate <= cfg_parms->committed_rate) { *next_action = cfg_parms->green_action; } else if (tswtcl_data->avg_rate <= cfg_parms->peak_rate) { /* * Compute the probability: * * p0 = (avg_rate - committed_rate) / avg_rate * * Yellow with probability p0 * Green with probability (1 - p0) * */ uint32_t aminusc; /* Get a random no. betweeen 0 and avg_rate */ (void) random_get_pseudo_bytes((uint8_t *)&additive, sizeof (additive)); rnd = min + (additive % (tswtcl_data->avg_rate - min + 1)); aminusc = tswtcl_data->avg_rate - cfg_parms->committed_rate; if (aminusc >= rnd) { *next_action = cfg_parms->yellow_action; } else { *next_action = cfg_parms->green_action; } } else { /* * Compute the probability: * * p1 = (avg_rate - peak_rate) / avg_rate * p2 = (peak_rate - committed_rate) / avg_rate * * Red with probability p1 * Yellow with probability p2 * Green with probability (1 - (p1 + p2)) * */ uint32_t aminusp; /* Get a random no. betweeen 0 and avg_rate */ (void) random_get_pseudo_bytes((uint8_t *)&additive, sizeof (additive)); rnd = min + (additive % (tswtcl_data->avg_rate - min + 1)); aminusp = tswtcl_data->avg_rate - cfg_parms->peak_rate; if (aminusp >= rnd) { *next_action = cfg_parms->red_action; } else if ((cfg_parms->pminusc + aminusp) >= rnd) { *next_action = cfg_parms->yellow_action; } else { *next_action = cfg_parms->green_action; } } mutex_exit(&tswtcl_data->tswtcl_lock); /* Update Stats */ if (*next_action == cfg_parms->green_action) { atomic_add_64(&tswtcl_data->green_packets, 1); atomic_add_64(&tswtcl_data->green_bits, pkt_len); } else if (*next_action == cfg_parms->yellow_action) { atomic_add_64(&tswtcl_data->yellow_packets, 1); atomic_add_64(&tswtcl_data->yellow_bits, pkt_len); } else { ASSERT(*next_action == cfg_parms->red_action); atomic_add_64(&tswtcl_data->red_packets, 1); atomic_add_64(&tswtcl_data->red_bits, pkt_len); } return (0); }