mirror of
https://github.com/openssl/openssl.git
synced 2025-01-24 13:55:42 +08:00
08edd447c9
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
108 lines
3.4 KiB
C
108 lines
3.4 KiB
C
/*
|
|
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "internal/cryptlib.h"
|
|
#include <openssl/opensslconf.h>
|
|
#include "crypto/rand_pool.h"
|
|
#include "prov/seeding.h"
|
|
|
|
#ifdef OPENSSL_RAND_SEED_RDCPU
|
|
# if defined(OPENSSL_SYS_TANDEM) && defined(_TNS_X_TARGET)
|
|
# include <builtin.h> /* _rdrand64 */
|
|
# include <string.h> /* memcpy */
|
|
# else
|
|
size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
|
|
size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
|
|
# endif
|
|
|
|
static size_t get_hardware_random_value(unsigned char *buf, size_t len);
|
|
|
|
/*
|
|
* Acquire entropy using Intel-specific cpu instructions
|
|
*
|
|
* Uses the RDSEED instruction if available, otherwise uses
|
|
* RDRAND if available.
|
|
*
|
|
* For the differences between RDSEED and RDRAND, and why RDSEED
|
|
* is the preferred choice, see https://goo.gl/oK3KcN
|
|
*
|
|
* Returns the total entropy count, if it exceeds the requested
|
|
* entropy count. Otherwise, returns an entropy count of 0.
|
|
*/
|
|
size_t prov_acquire_entropy_from_cpu(RAND_POOL *pool)
|
|
{
|
|
size_t bytes_needed;
|
|
unsigned char *buffer;
|
|
|
|
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
|
if (bytes_needed > 0) {
|
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
|
|
|
if (buffer != NULL) {
|
|
if (get_hardware_random_value(buffer, bytes_needed) == bytes_needed) {
|
|
rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
|
|
} else {
|
|
rand_pool_add_end(pool, 0, 0);
|
|
}
|
|
}
|
|
}
|
|
|
|
return rand_pool_entropy_available(pool);
|
|
}
|
|
|
|
#if defined(OPENSSL_SYS_TANDEM) && defined(_TNS_X_TARGET)
|
|
/* Obtain random bytes from the x86 hardware random function in 64 bit chunks */
|
|
static size_t get_hardware_random_value(unsigned char *buf, size_t len)
|
|
{
|
|
size_t bytes_remaining = len;
|
|
|
|
while (bytes_remaining > 0) {
|
|
/* Always use 64 bit fetch, then use the lower bytes as needed. */
|
|
/* The platform is big-endian. */
|
|
uint64_t random_value = 0;
|
|
|
|
if (_rdrand64(&random_value) != 0) {
|
|
unsigned char *random_buffer = (unsigned char *)&random_value;
|
|
|
|
if (bytes_remaining >= sizeof(random_value)) {
|
|
memcpy(buf, random_buffer, sizeof(random_value));
|
|
bytes_remaining -= sizeof(random_value);
|
|
buf += sizeof(random_value);
|
|
} else {
|
|
memcpy(buf,
|
|
random_buffer + (sizeof(random_value) - bytes_remaining),
|
|
bytes_remaining);
|
|
bytes_remaining = 0; /* This will terminate the loop */
|
|
}
|
|
} else
|
|
break;
|
|
}
|
|
if (bytes_remaining == 0)
|
|
return len;
|
|
return 0;
|
|
}
|
|
#else
|
|
static size_t get_hardware_random_value(unsigned char *buf, size_t len) {
|
|
/* Whichever comes first, use RDSEED, RDRAND or nothing */
|
|
if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
|
|
if (OPENSSL_ia32_rdseed_bytes(buf, len) != len)
|
|
return 0;
|
|
} else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
|
|
if (OPENSSL_ia32_rdrand_bytes(buf, len) != len)
|
|
return 0;
|
|
} else
|
|
return 0;
|
|
return len;
|
|
}
|
|
#endif
|
|
|
|
#else
|
|
NON_EMPTY_TRANSLATION_UNIT
|
|
#endif
|