Skip to content

Commit a60090f

Browse files
sjlombardosjlombardo
committed
changes to random seeding
1 parent 2d9f0d5 commit a60090f

File tree

1 file changed

+18
-7
lines changed

1 file changed

+18
-7
lines changed

src/crypto_libtomcrypt.c

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,19 @@ static int sqlcipher_ltc_activate(void *ctx) {
1919
ltc_ctx *ltc = (ltc_ctx*)ctx;
2020
sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
2121
if(ltc_init == 0) {
22+
int random_buffer_sz = 256;
23+
char random_buffer[random_buffer_sz];
24+
2225
if(register_prng(&fortuna_desc) != CRYPT_OK) return SQLITE_ERROR;
2326
if(register_cipher(&rijndael_desc) != CRYPT_OK) return SQLITE_ERROR;
2427
if(register_hash(&sha1_desc) != CRYPT_OK) return SQLITE_ERROR;
2528
if(fortuna_start(&(ltc->prng)) != CRYPT_OK) return SQLITE_ERROR;
29+
30+
sqlite3_randomness(random_buffer_sz, random_buffer);
31+
if(sqlcipher_ltc_add_random(ctx, random_buffer, random_buffer_sz) != SQLITE_OK) return SQLITE_ERROR;
32+
if(sqlcipher_ltc_add_random(ctx, &ltc, sizeof(ltc_ctx *)) != SQLITE_OK) return SQLITE_ERROR;
33+
if(fortuna_ready(&(ltc->prng)) != CRYPT_OK) return SQLITE_ERROR;
34+
2635
ltc_init = 1;
2736
}
2837
sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
@@ -40,14 +49,8 @@ static const char* sqlcipher_ltc_get_provider_name(void *ctx) {
4049

4150
static int sqlcipher_ltc_random(void *ctx, void *buffer, int length) {
4251
int random_value;
43-
int random_buffer_sz = 256;
44-
char random_buffer[random_buffer_sz];
4552

4653
ltc_ctx *ltc = (ltc_ctx*)ctx;
47-
sqlite3_randomness(sizeof(random_value), &random_value);
48-
sqlite3_snprintf(random_buffer_sz, random_buffer, "%d", random_value);
49-
if(sqlcipher_ltc_add_random(ctx, random_buffer, random_buffer_sz) != SQLITE_OK) return SQLITE_ERROR;
50-
if(fortuna_ready(&(ltc->prng)) != CRYPT_OK) return SQLITE_ERROR;
5154
fortuna_read(buffer, length, &(ltc->prng));
5255
return SQLITE_OK;
5356
}
@@ -62,17 +65,25 @@ static int sqlcipher_ltc_hmac(void *ctx, unsigned char *hmac_key, int key_sz, un
6265
if((rc = hmac_process(&hmac, in, in_sz)) != CRYPT_OK) return SQLITE_ERROR;
6366
if((rc = hmac_process(&hmac, in2, in2_sz)) != CRYPT_OK) return SQLITE_ERROR;
6467
if((rc = hmac_done(&hmac, out, &outlen)) != CRYPT_OK) return SQLITE_ERROR;
65-
sqlcipher_ltc_add_random(ctx, out, outlen);
6668
return SQLITE_OK;
6769
}
6870

6971
static int sqlcipher_ltc_kdf(void *ctx, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
7072
int rc, hash_idx;
7173
unsigned long outlen = key_sz;
74+
unsigned long random_buffer_sz = 256;
75+
char random_buffer[random_buffer_sz];
7276

7377
hash_idx = find_hash("sha1");
7478
if((rc = pkcs_5_alg2(pass, pass_sz, salt, salt_sz,
7579
workfactor, hash_idx, key, &outlen)) != CRYPT_OK) return SQLITE_ERROR;
80+
81+
// improve entropy of foruna
82+
if((rc = pkcs_5_alg2(key, key_sz, salt, salt_sz,
83+
1, hash_idx, random_buffer, &random_buffer_sz)) != CRYPT_OK) return SQLITE_ERROR;
84+
85+
sqlcipher_ltc_add_random(ctx, random_buffer, random_buffer_sz);
86+
7687
return SQLITE_OK;
7788
}
7889

0 commit comments

Comments
 (0)