Return-Path: Delivered-To: apmail-apr-commits-archive@www.apache.org Received: (qmail 15802 invoked from network); 21 Jul 2007 02:16:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Jul 2007 02:16:51 -0000 Received: (qmail 37283 invoked by uid 500); 21 Jul 2007 02:16:53 -0000 Delivered-To: apmail-apr-commits-archive@apr.apache.org Received: (qmail 37250 invoked by uid 500); 21 Jul 2007 02:16:52 -0000 Mailing-List: contact commits-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: dev@apr.apache.org List-Id: Delivered-To: mailing list commits@apr.apache.org Received: (qmail 37239 invoked by uid 99); 21 Jul 2007 02:16:52 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jul 2007 19:16:52 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jul 2007 19:16:50 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 24A8C1A981A; Fri, 20 Jul 2007 19:16:30 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r558224 - in /apr/apr/trunk: include/apr_random.h random/unix/apr_random.c Date: Sat, 21 Jul 2007 02:16:30 -0000 To: commits@apr.apache.org From: davi@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070721021630.24A8C1A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: davi Date: Fri Jul 20 19:16:29 2007 New Revision: 558224 URL: http://svn.apache.org/viewvc?view=rev&rev=558224 Log: Document and add extern "C" linkage declaration to the apr_random.h header. Modified: apr/apr/trunk/include/apr_random.h apr/apr/trunk/random/unix/apr_random.c Modified: apr/apr/trunk/include/apr_random.h URL: http://svn.apache.org/viewvc/apr/apr/trunk/include/apr_random.h?view=diff&rev=558224&r1=558223&r2=558224 ============================================================================== --- apr/apr/trunk/include/apr_random.h (original) +++ apr/apr/trunk/include/apr_random.h Fri Jul 20 19:16:29 2007 @@ -17,16 +17,33 @@ #ifndef APR_RANDOM_H #define APR_RANDOM_H -#include +/** + * @file apr_random.h + * @brief APR PRNG routines + */ + +#include "apr_pools.h" +#include "apr_thread_proc.h" + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/** + * @defgroup apr_random PRNG Routines + * @ingroup APR + * @{ + */ typedef struct apr_crypto_hash_t apr_crypto_hash_t; typedef void apr_crypto_hash_init_t(apr_crypto_hash_t *hash); -typedef void apr_crypto_hash_add_t(apr_crypto_hash_t *hash,const void *data, +typedef void apr_crypto_hash_add_t(apr_crypto_hash_t *hash, const void *data, apr_size_t bytes); typedef void apr_crypto_hash_finish_t(apr_crypto_hash_t *hash, unsigned char *result); + /* FIXME: make this opaque */ struct apr_crypto_hash_t { apr_crypto_hash_init_t *init; @@ -36,39 +53,101 @@ void *data; }; +/** + * Allocate and initialize the SHA-256 context + * @param p The pool to allocate from + */ APR_DECLARE(apr_crypto_hash_t *) apr_crypto_sha256_new(apr_pool_t *p); +/** Opaque PRNG structure. */ typedef struct apr_random_t apr_random_t; -APR_DECLARE(void) apr_random_init(apr_random_t *g,apr_pool_t *p, +/** + * Initialize a PRNG state + * @param g The PRNG state + * @param p The pool to allocate from + * @param pool_hash Pool hash functions + * @param key_hash Key hash functions + * @param prng_hash PRNG hash functions + */ +APR_DECLARE(void) apr_random_init(apr_random_t *g, apr_pool_t *p, apr_crypto_hash_t *pool_hash, apr_crypto_hash_t *key_hash, apr_crypto_hash_t *prng_hash); +/** + * Allocate and initialize (apr_crypto_sha256_new) a new PRNG state. + * @param p The pool to allocate from + */ APR_DECLARE(apr_random_t *) apr_random_standard_new(apr_pool_t *p); + +/** + * Mix the randomness pools. + * @param g The PRNG state + * @param entropy_ Entropy buffer + * @param bytes Length of entropy_ in bytes + */ APR_DECLARE(void) apr_random_add_entropy(apr_random_t *g, const void *entropy_, apr_size_t bytes); +/** + * Generate cryptographically insecure random bytes. + * @param g The RNG state + * @param random Buffer to fill with random bytes + * @param bytes Length of buffer in bytes + */ APR_DECLARE(apr_status_t) apr_random_insecure_bytes(apr_random_t *g, void *random, apr_size_t bytes); + +/** + * Generate cryptographically secure random bytes. + * @param g The RNG state + * @param random Buffer to fill with random bytes + * @param bytes Length of buffer in bytes + */ APR_DECLARE(apr_status_t) apr_random_secure_bytes(apr_random_t *g, void *random, apr_size_t bytes); +/** + * Ensures that E bits of conditional entropy are mixed into the PRNG + * before any further randomness is extracted. + * @param g The RNG state + */ APR_DECLARE(void) apr_random_barrier(apr_random_t *g); + +/** + * Return APR_SUCCESS if the cryptographic PRNG has been seeded with + * enough data, APR_ENOTENOUGHENTROPY otherwise. + * @param r The RNG state + */ APR_DECLARE(apr_status_t) apr_random_secure_ready(apr_random_t *r); + +/** + * Return APR_SUCCESS if the PRNG has been seeded with enough data, + * APR_ENOTENOUGHENTROPY otherwise. + * @param r The PRNG state + */ APR_DECLARE(apr_status_t) apr_random_insecure_ready(apr_random_t *r); -/* Call this in the child after forking to mix the randomness - pools. Note that its generally a bad idea to fork a process with a - real PRNG in it - better to have the PRNG externally and get the - randomness from there. However, if you really must do it, then you - should supply all your entropy to all the PRNGs - don't worry, they - won't produce the same output. - - Note that apr_proc_fork() calls this for you, so only weird - applications need ever call it themselves. -*/ -struct apr_proc_t; -APR_DECLARE(void) apr_random_after_fork(struct apr_proc_t *proc); +/** + * Mix the randomness pools after forking. + * @param proc The resulting process handle from apr_proc_fork() + * @remark Call this in the child after forking to mix the randomness + * pools. Note that its generally a bad idea to fork a process with a + * real PRNG in it - better to have the PRNG externally and get the + * randomness from there. However, if you really must do it, then you + * should supply all your entropy to all the PRNGs - don't worry, they + * won't produce the same output. + * @remark Note that apr_proc_fork() calls this for you, so only weird + * applications need ever call it themselves. + * @internal + */ +APR_DECLARE(void) apr_random_after_fork(apr_proc_t *proc); + +/** @} */ + +#ifdef __cplusplus +} +#endif -#endif /* ndef APR_RANDOM_H */ +#endif /* !APR_RANDOM_H */ Modified: apr/apr/trunk/random/unix/apr_random.c URL: http://svn.apache.org/viewvc/apr/apr/trunk/random/unix/apr_random.c?view=diff&rev=558224&r1=558223&r2=558224 ============================================================================== --- apr/apr/trunk/random/unix/apr_random.c (original) +++ apr/apr/trunk/random/unix/apr_random.c Fri Jul 20 19:16:29 2007 @@ -14,7 +14,10 @@ * limitations under the License. */ /* - * See the paper "???" by Ben Laurie for an explanation of this PRNG. + * See the paper "On Randomness" by Ben Laurie for an explanation of this PRNG. + * http://www.apache-ssl.org/randomness.pdf + * XXX: Is there a formal proof of this PRNG? Couldn't we use the more popular + * Mersenne Twister PRNG (and BSD licensed)? */ #include "apr.h"