Improved entropy gathering.

[originally from svn r750]

be_nossh.c

@@ -25,3 +25,5 @@ void random_destroy_seed(void) {
 void noise_ultralight(DWORD data) {
 }
 
+void noise_regular(void) {
+}

noise.c

@@ -81,6 +81,34 @@ void noise_get_light(void (*func) (void *, int)) {
     }
 }
 
+/*
+ * This function is called on a timer, and it will monitor
+ * frequently changing quantities such as the state of physical and
+ * virtual memory, the state of the process's message queue, which
+ * window is in the foreground, which owns the clipboard, etc.
+ */
+void noise_regular(void) {
+    HWND w;
+    DWORD z;
+    POINT pt;
+    MEMORYSTATUS memstat;
+    FILETIME times[4];
+
+    w = GetForegroundWindow(); random_add_noise(&w, sizeof(w));
+    w = GetCapture(); random_add_noise(&w, sizeof(w));
+    w = GetClipboardOwner(); random_add_noise(&w, sizeof(w));
+    z = GetQueueStatus(QS_ALLEVENTS); random_add_noise(&z, sizeof(z));
+
+    GetCursorPos(&pt); random_add_noise(&pt, sizeof(pt));
+
+    GlobalMemoryStatus(&memstat); random_add_noise(&memstat, sizeof(memstat));
+
+    GetThreadTimes(GetCurrentThread(), times, times+1, times+2, times+3);
+    random_add_noise(&times, sizeof(times));
+    GetProcessTimes(GetCurrentProcess(), times, times+1, times+2, times+3);
+    random_add_noise(&times, sizeof(times));
+}
+
 /*
  * This function is called on every keypress or mouse move, and
  * will add the current Windows time and performance monitor

plink.c

@@ -557,6 +557,8 @@ int main(int argc, char **argv) {
                 socket = sklist[i];
                 wp = (WPARAM)socket;
 		if (!WSAEnumNetworkEvents(socket, netevent, &things)) {
+                    noise_ultralight(socket);
+                    noise_ultralight(things.lNetworkEvents);
 		    if (things.lNetworkEvents & FD_READ)
 			connopen &= select_result(wp, (LPARAM)FD_READ);
 		    if (things.lNetworkEvents & FD_CLOSE)
@@ -568,6 +570,7 @@ int main(int argc, char **argv) {
 		}
 	    }
         } else if (n == 1) {
+            noise_ultralight(idata.len);
             if (idata.len > 0) {
                 back->send(idata.buffer, idata.len);
             } else {

putty.h

@@ -260,8 +260,9 @@ void sys_cursor(int x, int y);
 /*
  * Exports from noise.c.
  */
-void noise_get_heavy(void (*func) (void *, int));
+void noise_get_heavy(void (*func)(void *, int));
-void noise_get_light(void (*func) (void *, int));
+void noise_get_light(void (*func)(void *, int));
+void noise_regular(void);
 void noise_ultralight(DWORD data);
 void random_save_seed(void);
 void random_destroy_seed(void);

sshbn.c

@@ -11,6 +11,20 @@
 unsigned short bnZero[1] = { 0 };
 unsigned short bnOne[2] = { 1, 1 };
 
+/*
+ * The Bignum format is an array of `unsigned short'. The first
+ * element of the array counts the remaining elements. The
+ * remaining elements express the actual number, base 2^16, _least_
+ * significant digit first. (So it's trivial to extract the bit
+ * with value 2^n for any n.)
+ *
+ * All Bignums in this module are positive. Negative numbers must
+ * be dealt with outside it.
+ *
+ * INVARIANT: the most significant word of any Bignum must be
+ * nonzero.
+ */
+
 Bignum Zero = bnZero, One = bnOne;
 
 Bignum newbn(int length) {

sshrand.c

@@ -39,6 +39,7 @@ struct RandPool {
 };
 
 static struct RandPool pool;
+static int random_active = 0;
 
 void random_stir(void) {
     word32 block[HASHINPUT/sizeof(word32)];
@@ -114,6 +115,9 @@ void random_add_noise(void *noise, int length) {
     unsigned char *p = noise;
     int i;
 
+    if (!random_active)
+        return;
+
     /*
      * This function processes HASHINPUT bytes into only HASHSIZE
      * bytes, so _if_ we were getting incredibly high entropy
@@ -176,6 +180,8 @@ static void random_add_heavynoise_bitbybit(void *noise, int length) {
 void random_init(void) {
     memset(&pool, 0, sizeof(pool));    /* just to start with */
 
+    random_active = 1;
+
     noise_get_heavy(random_add_heavynoise_bitbybit);
 }
 

window.c

@@ -1051,6 +1051,7 @@ static LRESULT CALLBACK WndProc (HWND hwnd, UINT message,
 	    enact_pending_netevent();
 	if (inbuf_head)
 	    term_out();
+        noise_regular();
         HideCaret(hwnd);
 	term_update();
         ShowCaret(hwnd);
@@ -1288,10 +1289,9 @@ static LRESULT CALLBACK WndProc (HWND hwnd, UINT message,
       case WM_MOUSEMOVE:
 	/*
 	 * Add the mouse position and message time to the random
-	 * number noise, if we're using ssh.
+	 * number noise.
 	 */
-	if (cfg.protocol == PROT_SSH)
+        noise_ultralight(lParam);
-	    noise_ultralight(lParam);
 
 	if (wParam & (MK_LBUTTON | MK_MBUTTON | MK_RBUTTON)) {
 	    Mouse_Button b;
@@ -1486,10 +1486,9 @@ static LRESULT CALLBACK WndProc (HWND hwnd, UINT message,
       case WM_SYSKEYUP:
 	/*
 	 * Add the scan code and keypress timing to the random
-	 * number noise, if we're using ssh.
+	 * number noise.
 	 */
-	if (cfg.protocol == PROT_SSH)
+        noise_ultralight(lParam);
-	    noise_ultralight(lParam);
 
 	/*
 	 * We don't do TranslateMessage since it disassociates the

winnet.c

@@ -225,6 +225,7 @@ void try_send(Socket s) {
         }
 
 	nsent = send(s->s, s->head->buf + s->head->bufpos, len, urgentflag);
+        noise_ultralight(nsent);
 	if (nsent <= 0) {
 	    err = (nsent < 0 ? WSAGetLastError() : 0);
 	    if (err == WSAEWOULDBLOCK) {
@@ -346,6 +347,8 @@ int select_result(WPARAM wParam, LPARAM lParam) {
 	fatalbox(winsock_error_string(err));
     }
 
+    noise_ultralight(lParam);
+
     switch (WSAGETSELECTEVENT(lParam)) {
       case FD_READ:
 	ret = recv(s->s, buf, sizeof(buf), 0);
@@ -376,6 +379,7 @@ int select_result(WPARAM wParam, LPARAM lParam) {
          * which is good enough to keep going at least. */
         ioctlsocket(s->s, SIOCATMARK, &atmark);
         ret = recv(s->s, buf, sizeof(buf), MSG_OOB);
+        noise_ultralight(ret);
         if (ret <= 0) {
             fatalbox(ret == 0 ? "Internal networking trouble" :
                      winsock_error_string(WSAGetLastError()));