Tor  0.4.3.0-alpha-dev
crypto_rand.c
Go to the documentation of this file.
1 /* Copyright (c) 2001, Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file crypto_rand.c
9  *
10  * \brief Functions for initialising and seeding (pseudo-)random
11  * number generators, and working with randomness.
12  **/
13 
14 #define CRYPTO_RAND_PRIVATE
15 
17 
18 #ifdef _WIN32
19 #include <windows.h>
20 #include <wincrypt.h>
21 #endif /* defined(_WIN32) */
22 
24 #include "lib/crypt_ops/compat_openssl.h"
26 #include "lib/encoding/binascii.h"
27 #include "lib/intmath/weakrng.h"
28 #include "lib/log/log.h"
29 #include "lib/log/util_bug.h"
30 #include "lib/malloc/malloc.h"
31 #include "lib/sandbox/sandbox.h"
33 #include "lib/string/util_string.h"
35 #include "lib/fs/files.h"
36 
37 #include "lib/defs/digest_sizes.h"
39 #include "lib/ctime/di_ops.h"
40 
41 #ifdef ENABLE_NSS
43 #endif
44 
45 #ifdef ENABLE_OPENSSL
46 DISABLE_GCC_WARNING(redundant-decls)
47 #include <openssl/rand.h>
48 #include <openssl/sha.h>
49 ENABLE_GCC_WARNING(redundant-decls)
50 #endif /* defined(ENABLE_OPENSSL) */
51 
52 #ifdef ENABLE_NSS
53 #include <pk11pub.h>
54 #include <secerr.h>
55 #include <prerror.h>
56 #endif
57 
58 #if __GNUC__ && GCC_VERSION >= 402
59 #if GCC_VERSION >= 406
60 #pragma GCC diagnostic pop
61 #else
62 #pragma GCC diagnostic warning "-Wredundant-decls"
63 #endif
64 #endif /* __GNUC__ && GCC_VERSION >= 402 */
65 
66 #ifdef HAVE_FCNTL_H
67 #include <fcntl.h>
68 #endif
69 #ifdef HAVE_SYS_FCNTL_H
70 #include <sys/fcntl.h>
71 #endif
72 #ifdef HAVE_SYS_STAT_H
73 #include <sys/stat.h>
74 #endif
75 #ifdef HAVE_UNISTD_H
76 #include <unistd.h>
77 #endif
78 #ifdef HAVE_SYS_SYSCALL_H
79 #include <sys/syscall.h>
80 #endif
81 #ifdef HAVE_SYS_RANDOM_H
82 #include <sys/random.h>
83 #endif
84 
85 #include <string.h>
86 #include <errno.h>
87 
88 /**
89  * How many bytes of entropy we add at once.
90  *
91  * This is how much entropy OpenSSL likes to add right now, so maybe it will
92  * work for us too.
93  **/
94 #define ADD_ENTROPY 32
95 
96 /**
97  * Longest recognized DNS query.
98  **/
99 #define MAX_DNS_LABEL_SIZE 63
100 
101 /**
102  * Largest strong entropy request permitted.
103  **/
104 #define MAX_STRONGEST_RAND_SIZE 256
105 
106 /**
107  * Set the seed of the weak RNG to a random value.
108  **/
109 void
111 {
112  unsigned seed;
113  crypto_rand((void*)&seed, sizeof(seed));
114  tor_init_weak_random(rng, seed);
115 }
116 
117 #ifdef TOR_UNIT_TESTS
118 int break_strongest_rng_syscall = 0;
119 int break_strongest_rng_fallback = 0;
120 #endif
121 
122 /**
123  * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
124  * via system calls, storing it into <b>out</b>. Return 0 on success, -1 on
125  * failure. A maximum request size of 256 bytes is imposed.
126  **/
127 static int
128 crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
129 {
131 
132  /* We only log at notice-level here because in the case that this function
133  * fails the crypto_strongest_rand_raw() caller will log with a warning-level
134  * message and let crypto_strongest_rand() error out and finally terminating
135  * Tor with an assertion error.
136  */
137 
138 #ifdef TOR_UNIT_TESTS
139  if (break_strongest_rng_syscall)
140  return -1;
141 #endif
142 
143 #if defined(_WIN32)
144  static int provider_set = 0;
145  static HCRYPTPROV provider;
146 
147  if (!provider_set) {
148  if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
149  CRYPT_VERIFYCONTEXT)) {
150  log_notice(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
151  return -1;
152  }
153  provider_set = 1;
154  }
155  if (!CryptGenRandom(provider, out_len, out)) {
156  log_notice(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
157  return -1;
158  }
159 
160  return 0;
161 #elif defined(__linux__) && defined(SYS_getrandom)
162  static int getrandom_works = 1; /* Be optimistic about our chances... */
163 
164  /* getrandom() isn't as straightforward as getentropy(), and has
165  * no glibc wrapper.
166  *
167  * As far as I can tell from getrandom(2) and the source code, the
168  * requests we issue will always succeed (though it will block on the
169  * call if /dev/urandom isn't seeded yet), since we are NOT specifying
170  * GRND_NONBLOCK and the request is <= 256 bytes.
171  *
172  * The manpage is unclear on what happens if a signal interrupts the call
173  * while the request is blocked due to lack of entropy....
174  *
175  * We optimistically assume that getrandom() is available and functional
176  * because it is the way of the future, and 2 branch mispredicts pale in
177  * comparison to the overheads involved with failing to open
178  * /dev/srandom followed by opening and reading from /dev/urandom.
179  */
180  if (PREDICT_LIKELY(getrandom_works)) {
181  long ret;
182  /* A flag of '0' here means to read from '/dev/urandom', and to
183  * block if insufficient entropy is available to service the
184  * request.
185  */
186  const unsigned int flags = 0;
187  do {
188  ret = syscall(SYS_getrandom, out, out_len, flags);
189  } while (ret == -1 && ((errno == EINTR) ||(errno == EAGAIN)));
190 
191  if (PREDICT_UNLIKELY(ret == -1)) {
192  /* LCOV_EXCL_START we can't actually make the syscall fail in testing. */
193  tor_assert(errno != EAGAIN);
194  tor_assert(errno != EINTR);
195 
196  /* Useful log message for errno. */
197  if (errno == ENOSYS) {
198  log_notice(LD_CRYPTO, "Can't get entropy from getrandom()."
199  " You are running a version of Tor built to support"
200  " getrandom(), but the kernel doesn't implement this"
201  " function--probably because it is too old?"
202  " Trying fallback method instead.");
203  } else {
204  log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s."
205  " Trying fallback method instead.",
206  strerror(errno));
207  }
208 
209  getrandom_works = 0; /* Don't bother trying again. */
210  return -1;
211  /* LCOV_EXCL_STOP */
212  }
213 
214  tor_assert(ret == (long)out_len);
215  return 0;
216  }
217 
218  return -1; /* getrandom() previously failed unexpectedly. */
219 #elif defined(HAVE_GETENTROPY)
220  /* getentropy() is what Linux's getrandom() wants to be when it grows up.
221  * the only gotcha is that requests are limited to 256 bytes.
222  */
223  return getentropy(out, out_len);
224 #else
225  (void) out;
226 #endif /* defined(_WIN32) || ... */
227 
228  /* This platform doesn't have a supported syscall based random. */
229  return -1;
230 }
231 
232 /**
233  * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
234  * via the per-platform fallback mechanism, storing it into <b>out</b>.
235  * Return 0 on success, -1 on failure. A maximum request size of 256 bytes
236  * is imposed.
237  **/
238 static int
239 crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
240 {
241 #ifdef TOR_UNIT_TESTS
242  if (break_strongest_rng_fallback)
243  return -1;
244 #endif
245 
246 #ifdef _WIN32
247  /* Windows exclusively uses crypto_strongest_rand_syscall(). */
248  (void)out;
249  (void)out_len;
250  return -1;
251 #else /* !defined(_WIN32) */
252  static const char *filenames[] = {
253  "/dev/srandom", "/dev/urandom", "/dev/random", NULL
254  };
255  int fd, i;
256  size_t n;
257 
258  for (i = 0; filenames[i]; ++i) {
259  log_debug(LD_FS, "Considering %s as entropy source", filenames[i]);
260  fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0);
261  if (fd<0) continue;
262  log_info(LD_CRYPTO, "Reading entropy from \"%s\"", filenames[i]);
263  n = read_all_from_fd(fd, (char*)out, out_len);
264  close(fd);
265  if (n != out_len) {
266  /* LCOV_EXCL_START
267  * We can't make /dev/foorandom actually fail. */
268  log_notice(LD_CRYPTO,
269  "Error reading from entropy source %s (read only %lu bytes).",
270  filenames[i],
271  (unsigned long)n);
272  return -1;
273  /* LCOV_EXCL_STOP */
274  }
275 
276  return 0;
277  }
278 
279  return -1;
280 #endif /* defined(_WIN32) */
281 }
282 
283 /**
284  * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
285  * storing it into <b>out</b>. Return 0 on success, -1 on failure. A maximum
286  * request size of 256 bytes is imposed.
287  **/
288 STATIC int
289 crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
290 {
291  static const size_t sanity_min_size = 16;
292  static const int max_attempts = 3;
294 
295  /* For buffers >= 16 bytes (128 bits), we sanity check the output by
296  * zero filling the buffer and ensuring that it actually was at least
297  * partially modified.
298  *
299  * Checking that any individual byte is non-zero seems like it would
300  * fail too often (p = out_len * 1/256) for comfort, but this is an
301  * "adjust according to taste" sort of check.
302  */
303  memwipe(out, 0, out_len);
304  for (int i = 0; i < max_attempts; i++) {
305  /* Try to use the syscall/OS favored mechanism to get strong entropy. */
306  if (crypto_strongest_rand_syscall(out, out_len) != 0) {
307  /* Try to use the less-favored mechanism to get strong entropy. */
308  if (crypto_strongest_rand_fallback(out, out_len) != 0) {
309  /* Welp, we tried. Hopefully the calling code terminates the process
310  * since we're basically boned without good entropy.
311  */
312  log_warn(LD_CRYPTO,
313  "Cannot get strong entropy: no entropy source found.");
314  return -1;
315  }
316  }
317 
318  if ((out_len < sanity_min_size) || !safe_mem_is_zero((char*)out, out_len))
319  return 0;
320  }
321 
322  /* LCOV_EXCL_START
323  *
324  * We tried max_attempts times to fill a buffer >= 128 bits long,
325  * and each time it returned all '0's. Either the system entropy
326  * source is busted, or the user should go out and buy a ticket to
327  * every lottery on the planet.
328  */
329  log_warn(LD_CRYPTO, "Strong OS entropy returned all zero buffer.");
330 
331  return -1;
332  /* LCOV_EXCL_STOP */
333 }
334 
335 /**
336  * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
337  * storing it into <b>out</b>.
338  **/
339 void
340 crypto_strongest_rand(uint8_t *out, size_t out_len)
341 {
342  crypto_strongest_rand_(out, out_len);
343 }
344 
345 /**
346  * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
347  * storing it into <b>out</b>. (Mockable version.)
348  **/
349 MOCK_IMPL(void,
350 crypto_strongest_rand_,(uint8_t *out, size_t out_len))
351 {
352 #define DLEN DIGEST512_LEN
353 
354  /* We're going to hash DLEN bytes from the system RNG together with some
355  * bytes from the PRNGs from our crypto librar(y/ies), in order to yield
356  * DLEN bytes.
357  */
358  uint8_t inp[DLEN*3];
359  uint8_t tmp[DLEN];
360  tor_assert(out);
361  while (out_len) {
362  memset(inp, 0, sizeof(inp));
363 #ifdef ENABLE_OPENSSL
364  RAND_bytes(inp, DLEN);
365 #endif
366 #ifdef ENABLE_NSS
367  PK11_GenerateRandom(inp+DLEN, DLEN);
368 #endif
369  if (crypto_strongest_rand_raw(inp+DLEN*2, DLEN) < 0) {
370  // LCOV_EXCL_START
371  log_err(LD_CRYPTO, "Failed to load strong entropy when generating an "
372  "important key. Exiting.");
373  /* Die with an assertion so we get a stack trace. */
374  tor_assert(0);
375  // LCOV_EXCL_STOP
376  }
377  if (out_len >= DLEN) {
378  crypto_digest512((char*)out, (char*)inp, sizeof(inp), DIGEST_SHA512);
379  out += DLEN;
380  out_len -= DLEN;
381  } else {
382  crypto_digest512((char*)tmp, (char*)inp, sizeof(inp), DIGEST_SHA512);
383  memcpy(out, tmp, out_len);
384  break;
385  }
386  }
387  memwipe(tmp, 0, sizeof(tmp));
388  memwipe(inp, 0, sizeof(inp));
389 #undef DLEN
390 }
391 
392 #ifdef ENABLE_OPENSSL
393 /**
394  * Seed OpenSSL's random number generator with bytes from the operating
395  * system. Return 0 on success, -1 on failure.
396  **/
397 static int
398 crypto_seed_openssl_rng(void)
399 {
400  int rand_poll_ok = 0, load_entropy_ok = 0;
401  uint8_t buf[ADD_ENTROPY];
402 
403  /* OpenSSL has a RAND_poll function that knows about more kinds of
404  * entropy than we do. We'll try calling that, *and* calling our own entropy
405  * functions. If one succeeds, we'll accept the RNG as seeded. */
406  rand_poll_ok = RAND_poll();
407  if (rand_poll_ok == 0)
408  log_warn(LD_CRYPTO, "RAND_poll() failed."); // LCOV_EXCL_LINE
409 
410  load_entropy_ok = !crypto_strongest_rand_raw(buf, sizeof(buf));
411  if (load_entropy_ok) {
412  RAND_seed(buf, sizeof(buf));
413  }
414 
415  memwipe(buf, 0, sizeof(buf));
416 
417  if ((rand_poll_ok || load_entropy_ok) && RAND_status() == 1)
418  return 0;
419  else
420  return -1;
421 }
422 #endif /* defined(ENABLE_OPENSSL) */
423 
424 #ifdef ENABLE_NSS
425 /**
426  * Seed OpenSSL's random number generator with bytes from the operating
427  * system. Return 0 on success, -1 on failure.
428  **/
429 static int
430 crypto_seed_nss_rng(void)
431 {
432  uint8_t buf[ADD_ENTROPY];
433 
434  int load_entropy_ok = !crypto_strongest_rand_raw(buf, sizeof(buf));
435  if (load_entropy_ok) {
436  if (PK11_RandomUpdate(buf, sizeof(buf)) != SECSuccess) {
437  load_entropy_ok = 0;
438  }
439  }
440 
441  memwipe(buf, 0, sizeof(buf));
442 
443  return load_entropy_ok ? 0 : -1;
444 }
445 #endif /* defined(ENABLE_NSS) */
446 
447 /**
448  * Seed the RNG for any and all crypto libraries that we're using with bytes
449  * from the operating system. Return 0 on success, -1 on failure.
450  */
451 int
453 {
454  int seeded = 0;
455 #ifdef ENABLE_NSS
456  if (crypto_seed_nss_rng() < 0)
457  return -1;
458  ++seeded;
459 #endif
460 #ifdef ENABLE_OPENSSL
461  if (crypto_seed_openssl_rng() < 0)
462  return -1;
463  ++seeded;
464 #endif
465  tor_assert(seeded);
466  return 0;
467 }
468 
469 /**
470  * Write <b>n</b> bytes of strong random data to <b>to</b>. Supports mocking
471  * for unit tests.
472  *
473  * This function is not allowed to fail; if it would fail to generate strong
474  * entropy, it must terminate the process instead.
475  **/
476 MOCK_IMPL(void,
477 crypto_rand, (char *to, size_t n))
478 {
479  crypto_rand_unmocked(to, n);
480 }
481 
482 /**
483  * Write <b>n</b> bytes of strong random data to <b>to</b>. Most callers
484  * will want crypto_rand instead.
485  *
486  * This function is not allowed to fail; if it would fail to generate strong
487  * entropy, it must terminate the process instead.
488  **/
489 void
490 crypto_rand_unmocked(char *to, size_t n)
491 {
492  if (n == 0)
493  return;
494 
495  tor_assert(n < INT_MAX);
496  tor_assert(to);
497 
498 #ifdef ENABLE_NSS
499  SECStatus s = PK11_GenerateRandom((unsigned char*)to, (int)n);
500  if (s != SECSuccess) {
501  /* NSS rather sensibly might refuse to generate huge amounts of random
502  * data at once. Unfortunately, our unit test do this in a couple of
503  * places. To solve this issue, we use our XOF to stretch a shorter
504  * output when a longer one is needed.
505  *
506  * Yes, this is secure. */
507 
508  /* This is longer than it needs to be; 1600 bits == 200 bytes is the
509  * state-size of SHA3. */
510 #define BUFLEN 512
511  tor_assert(PR_GetError() == SEC_ERROR_INVALID_ARGS && n > BUFLEN);
512  unsigned char buf[BUFLEN];
513  s = PK11_GenerateRandom(buf, BUFLEN);
514  tor_assert(s == SECSuccess);
515  crypto_xof_t *xof = crypto_xof_new();
516  crypto_xof_add_bytes(xof, buf, BUFLEN);
517  crypto_xof_squeeze_bytes(xof, (unsigned char *)to, n);
518  crypto_xof_free(xof);
519  memwipe(buf, 0, BUFLEN);
520 
521 #undef BUFLEN
522  }
523 #else /* !defined(ENABLE_NSS) */
524  int r = RAND_bytes((unsigned char*)to, (int)n);
525  /* We consider a PRNG failure non-survivable. Let's assert so that we get a
526  * stack trace about where it happened.
527  */
528  tor_assert(r >= 0);
529 #endif /* defined(ENABLE_NSS) */
530 }
531 
532 /**
533  * Draw an unsigned 32-bit integer uniformly at random.
534  */
535 uint32_t
537 {
538  uint32_t rand;
539  crypto_rand((void*)&rand, sizeof(rand));
540  return rand;
541 }
542 
543 /**
544  * Generate and return a new random hostname starting with <b>prefix</b>,
545  * ending with <b>suffix</b>, and containing no fewer than
546  * <b>min_rand_len</b> and no more than <b>max_rand_len</b> random base32
547  * characters. Does not check for failure.
548  *
549  * Clip <b>max_rand_len</b> to MAX_DNS_LABEL_SIZE.
550  **/
551 char *
552 crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
553  const char *suffix)
554 {
555  char *result, *rand_bytes;
556  int randlen, rand_bytes_len;
557  size_t resultlen, prefixlen;
558 
559  if (max_rand_len > MAX_DNS_LABEL_SIZE)
560  max_rand_len = MAX_DNS_LABEL_SIZE;
561  if (min_rand_len > max_rand_len)
562  min_rand_len = max_rand_len;
563 
564  randlen = crypto_rand_int_range(min_rand_len, max_rand_len+1);
565 
566  prefixlen = strlen(prefix);
567  resultlen = prefixlen + strlen(suffix) + randlen + 16;
568 
569  rand_bytes_len = ((randlen*5)+7)/8;
570  if (rand_bytes_len % 5)
571  rand_bytes_len += 5 - (rand_bytes_len%5);
572  rand_bytes = tor_malloc(rand_bytes_len);
573  crypto_rand(rand_bytes, rand_bytes_len);
574 
575  result = tor_malloc(resultlen);
576  memcpy(result, prefix, prefixlen);
577  base32_encode(result+prefixlen, resultlen-prefixlen,
578  rand_bytes, rand_bytes_len);
579  tor_free(rand_bytes);
580  strlcpy(result+prefixlen+randlen, suffix, resultlen-(prefixlen+randlen));
581 
582  return result;
583 }
584 
585 /**
586  * Return a randomly chosen element of <b>sl</b>; or NULL if <b>sl</b>
587  * is empty.
588  **/
589 void *
591 {
592  int len = smartlist_len(sl);
593  if (len)
594  return smartlist_get(sl,crypto_rand_int(len));
595  return NULL; /* no elements to choose from */
596 }
597 
598 /**
599  * Scramble the elements of <b>sl</b> into a random order.
600  **/
601 void
603 {
604  int i;
605  /* From the end of the list to the front, choose at random from the
606  positions we haven't looked at yet, and swap that position into the
607  current position. Remember to give "no swap" the same probability as
608  any other swap. */
609  for (i = smartlist_len(sl)-1; i > 0; --i) {
610  int j = crypto_rand_int(i+1);
611  smartlist_swap(sl, i, j);
612  }
613 }
614 
615 /** Make sure that openssl is using its default PRNG. Return 1 if we had to
616  * adjust it; 0 otherwise. */
617 int
619 {
620 #ifdef ENABLE_OPENSSL
621  RAND_METHOD *default_method;
622  default_method = RAND_OpenSSL();
623  if (RAND_get_rand_method() != default_method) {
624  log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
625  "a replacement the OpenSSL RNG. Resetting it to the default "
626  "implementation.");
627  RAND_set_rand_method(default_method);
628  return 1;
629  }
630 #endif /* defined(ENABLE_OPENSSL) */
631  return 0;
632 }
#define crypto_xof_free(xof)
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:477
static int crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:239
uint32_t crypto_rand_u32(void)
Definition: crypto_rand.c:536
Common functions for using (pseudo-)random number generators.
Header for smartlist.c.
Headers for di_ops.c.
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void crypto_seed_weak_rng(tor_weak_rng_t *rng)
Definition: crypto_rand.c:110
int crypto_force_rand_ssleay(void)
Definition: crypto_rand.c:618
#define MAX_DNS_LABEL_SIZE
Definition: crypto_rand.c:99
void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
#define tor_assert(expr)
Definition: util_bug.h:102
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
int crypto_rand_int_range(unsigned int min, unsigned int max)
void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
#define tor_free(p)
Definition: malloc.h:52
Header for util_string.c.
#define ADD_ENTROPY
Definition: crypto_rand.c:94
Headers for util_malloc.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
void crypto_strongest_rand_(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:350
#define sandbox_intern_string(s)
Definition: sandbox.h:112
void smartlist_shuffle(smartlist_t *sl)
Definition: crypto_rand.c:602
#define STATIC
Definition: testsupport.h:32
void crypto_rand_unmocked(char *to, size_t n)
Definition: crypto_rand.c:490
Common functions for cryptographic routines.
static void smartlist_swap(smartlist_t *sl, int idx1, int idx2)
STATIC int crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:289
Header file for sandbox.c.
int crypto_rand_int(unsigned int max)
Header for binascii.c.
Header for weakrng.c.
#define LD_FS
Definition: log.h:70
Headers for crypto_digest.c.
ssize_t read_all_from_fd(int fd, char *buf, size_t count)
Definition: files.c:181
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:340
Macros to implement mocking and selective exposure for the test code.
Header for compat_string.c.
Wrappers for reading and writing data to files on disk.
Definitions for common sizes of cryptographic digests.
int safe_mem_is_zero(const void *mem, size_t sz)
Definition: di_ops.c:224
static int crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:128
#define MAX_STRONGEST_RAND_SIZE
Definition: crypto_rand.c:104
int crypto_seed_rng(void)
Definition: crypto_rand.c:452
Headers for log.c.
void tor_init_weak_random(tor_weak_rng_t *rng, unsigned seed)
Definition: weakrng.c:22
#define LD_CRYPTO
Definition: log.h:64
Macros to manage assertions, fatal and non-fatal.
crypto_xof_t * crypto_xof_new(void)
char * crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, const char *suffix)
Definition: crypto_rand.c:552
Headers for crypto_nss_mgt.c.
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:590
int crypto_digest512(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)