Changeset View
Changeset View
Standalone View
Standalone View
sys/netipsec/key.c
Show First 20 Lines • Show All 4,754 Lines • ▼ Show 20 Lines | |||||
#endif /* IPSEC_DEBUG2 */ | #endif /* IPSEC_DEBUG2 */ | ||||
} | } | ||||
u_long | u_long | ||||
key_random() | key_random() | ||||
{ | { | ||||
u_long value; | u_long value; | ||||
key_randomfill(&value, sizeof(value)); | arc4random_buf(&value, sizeof(value)); | ||||
return value; | return value; | ||||
} | |||||
void | |||||
key_randomfill(void *p, size_t l) | |||||
{ | |||||
size_t n; | |||||
u_long v; | |||||
static int warn = 1; | |||||
n = 0; | |||||
n = (size_t)read_random(p, (u_int)l); | |||||
/* last resort */ | |||||
while (n < l) { | |||||
v = random(); | |||||
bcopy(&v, (u_int8_t *)p + n, | |||||
l - n < sizeof(v) ? l - n : sizeof(v)); | |||||
n += sizeof(v); | |||||
if (warn) { | |||||
printf("WARNING: pseudo-random number generator " | |||||
"used for IPsec processing\n"); | |||||
warn = 0; | |||||
} | |||||
} | |||||
} | } | ||||
/* | /* | ||||
* map SADB_SATYPE_* to IPPROTO_*. | * map SADB_SATYPE_* to IPPROTO_*. | ||||
* if satype == SADB_SATYPE then satype is mapped to ~0. | * if satype == SADB_SATYPE then satype is mapped to ~0. | ||||
* OUT: | * OUT: | ||||
* 0: invalid satype. | * 0: invalid satype. | ||||
*/ | */ | ||||
▲ Show 20 Lines • Show All 3,825 Lines • Show Last 20 Lines |