mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
61783db5b5
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8023)
172 lines
4.5 KiB
C
172 lines
4.5 KiB
C
/*
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/opensslconf.h>
|
|
|
|
#ifndef OPENSSL_SYS_VXWORKS
|
|
NON_EMPTY_TRANSLATION_UNIT
|
|
#else
|
|
# include <openssl/rand.h>
|
|
# include "rand_lcl.h"
|
|
# include "internal/rand_int.h"
|
|
# include "internal/cryptlib.h"
|
|
# include <version.h>
|
|
# include <taskLib.h>
|
|
|
|
# if defined(OPENSSL_RAND_SEED_NONE)
|
|
/* none means none */
|
|
# undef OPENSSL_RAND_SEED_OS
|
|
# endif
|
|
|
|
# if defined(OPENSSL_RAND_SEED_OS)
|
|
# if _WRS_VXWORKS_MAJOR >= 7
|
|
# define RAND_SEED_VXRANDLIB
|
|
# else
|
|
# error "VxWorks <7 only support RAND_SEED_NONE"
|
|
# endif
|
|
# endif
|
|
|
|
# if defined(RAND_SEED_VXRANDLIB)
|
|
# include <randomNumGen.h>
|
|
# endif
|
|
|
|
/* Macro to convert two thirty two bit values into a sixty four bit one */
|
|
# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
|
|
|
|
static uint64_t get_time_stamp(void)
|
|
{
|
|
struct timespec ts;
|
|
|
|
if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
|
|
return TWO32TO64(ts.tv_sec, ts.tv_nsec);
|
|
return time(NULL);
|
|
}
|
|
|
|
static uint64_t get_timer_bits(void)
|
|
{
|
|
uint64_t res = OPENSSL_rdtsc();
|
|
struct timespec ts;
|
|
|
|
if (res != 0)
|
|
return res;
|
|
|
|
if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
|
|
return TWO32TO64(ts.tv_sec, ts.tv_nsec);
|
|
return time(NULL);
|
|
}
|
|
|
|
/*
|
|
* empty implementation
|
|
* vxworks does not need to init/cleanup or keep open the random lib
|
|
*/
|
|
int rand_pool_init(void)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
void rand_pool_cleanup(void)
|
|
{
|
|
}
|
|
|
|
void rand_pool_keep_random_devices_open(int keep)
|
|
{
|
|
}
|
|
|
|
int rand_pool_add_additional_data(RAND_POOL *pool)
|
|
{
|
|
struct {
|
|
CRYPTO_THREAD_ID tid;
|
|
uint64_t time;
|
|
} data;
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
/*
|
|
* Add some noise from the thread id and a high resolution timer.
|
|
* The thread id adds a little randomness if the drbg is accessed
|
|
* concurrently (which is the case for the <master> drbg).
|
|
*/
|
|
data.tid = CRYPTO_THREAD_get_current_id();
|
|
data.time = get_timer_bits();
|
|
|
|
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
|
}
|
|
|
|
int rand_pool_add_nonce_data(RAND_POOL *pool)
|
|
{
|
|
struct {
|
|
pid_t pid;
|
|
CRYPTO_THREAD_ID tid;
|
|
uint64_t time;
|
|
} data;
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
/*
|
|
* Add process id, thread id, and a high resolution timestamp to
|
|
* ensure that the nonce is unique with high probability for
|
|
* different process instances.
|
|
*/
|
|
data.pid = getpid();
|
|
data.tid = CRYPTO_THREAD_get_current_id();
|
|
data.time = get_time_stamp();
|
|
|
|
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
|
}
|
|
|
|
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
|
{
|
|
# if defined(RAND_SEED_VXRANDLIB)
|
|
/* vxRandLib based entropy method */
|
|
size_t bytes_needed;
|
|
|
|
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
|
if (bytes_needed > 0)
|
|
{
|
|
int retryCount = 0;
|
|
STATUS result = ERROR;
|
|
unsigned char *buffer;
|
|
|
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
|
while ((result != OK) && (retryCount < 10)) {
|
|
RANDOM_NUM_GEN_STATUS status = randStatus();
|
|
|
|
if ((status == RANDOM_NUM_GEN_ENOUGH_ENTROPY)
|
|
|| (status == RANDOM_NUM_GEN_MAX_ENTROPY) ) {
|
|
result = randBytes(buffer, bytes_needed);
|
|
if (result == OK)
|
|
rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
|
|
/*
|
|
* no else here: randStatus said ok, if randBytes failed
|
|
* it will result in another loop or no entropy
|
|
*/
|
|
} else {
|
|
/*
|
|
* give a minimum delay here to allow OS to collect more
|
|
* entropy. taskDelay duration will depend on the system tick,
|
|
* this is by design as the sw-random lib uses interrupts
|
|
* which will at least happen during ticks
|
|
*/
|
|
taskDelay(5);
|
|
}
|
|
retryCount++;
|
|
}
|
|
}
|
|
return rand_pool_entropy_available(pool);
|
|
# else
|
|
/*
|
|
* SEED_NONE means none, without randlib we dont have entropy and
|
|
* rely on it being added externally
|
|
*/
|
|
return rand_pool_entropy_available(pool);
|
|
# endif /* defined(RAND_SEED_VXRANDLIB) */
|
|
}
|
|
|
|
#endif /* OPENSSL_SYS_VXWORKS */
|