mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
8e2bec9b8a
openssl/crypto/rand/rand_vms.c
Richard Levitte 8e2bec9b8a Remove ambiguity in rand_pool_add[_end] return value 
When these two functions returned zero, it could mean:

1. that an error occured.  In their case, the error is an overflow of
   the pool, i.e. the correct response from the caller would be to
   stop trying to fill the pool.
2. that there isn't enought entropy acquired yet, i.e. the correct
   response from the caller would be to try and add more entropy to
   the pool.

Because of this ambiguity, the returned zero turns out to be useless.
This change makes the returned value more consistent.  1 means the
addition of new entropy was successful, 0 means it wasn't.  To know if
the pool has been filled enough, the caller will have to call some
other function, such as rand_pool_entropy_available().

Fixes #5846

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5876)
2018-04-04 20:14:51 +02:00

157 lines
4.7 KiB
C
Raw Blame History

/*
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "e_os.h"
#if defined(OPENSSL_SYS_VMS)
# include "internal/cryptlib.h"
# include <openssl/rand.h>
# include "internal/rand_int.h"
# include "rand_lcl.h"
# include <descrip.h>
# include <jpidef.h>
# include <ssdef.h>
# include <starlet.h>
# include <efndef>
# ifdef __DECC
# pragma message disable DOLLARID
# endif
# ifndef OPENSSL_RAND_SEED_OS
# error "Unsupported seeding method configured; must be os"
# endif
/*
* Use 32-bit pointers almost everywhere. Define the type to which to cast a
* pointer passed to an external function.
*/
# if __INITIAL_POINTER_SIZE == 64
# define PTR_T __void_ptr64
# pragma pointer_size save
# pragma pointer_size 32
# else
# define PTR_T void *
# endif
static struct items_data_st {
short length, code; /* length is number of bytes */
} items_data[] = {
{4, JPI$_BUFIO},
{4, JPI$_CPUTIM},
{4, JPI$_DIRIO},
{4, JPI$_IMAGECOUNT},
{8, JPI$_LAST_LOGIN_I},
{8, JPI$_LOGINTIM},
{4, JPI$_PAGEFLTS},
{4, JPI$_PID},
{4, JPI$_PPGCNT},
{4, JPI$_WSPEAK},
{4, JPI$_FINALEXC},
{0, 0}
};
/*
* We assume there we get about 4 bits of entropy per byte from the items
* above, with a bit of scrambling added rand_pool_acquire_entropy()
*/
#define ENTROPY_BITS_PER_BYTE 4
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
/* determine the number of items in the JPI array */
struct items_data_st item_entry;
size_t item_entry_count = OSSL_NELEM(items_data);
/* Create the 32-bit JPI itemlist array to hold item_data content */
struct {
uint16_t length, code;
uint32_t *buffer;
uint32_t *retlen;
} item[item_entry_count], *pitem;
struct items_data_st *pitems_data;
/* 8 bytes (two longs) per entry max */
uint32_t data_buffer[(item_entry_count * 2) + 4];
uint32_t iosb[2];
uint32_t sys_time[2];
uint32_t *ptr;
size_t i, j ;
size_t tmp_length = 0;
size_t total_length = 0;
size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_BITS_PER_BYTE);
size_t bytes_remaining = rand_pool_bytes_remaining(pool);
/* Setup itemlist for GETJPI */
pitems_data = items_data;
for (pitem = item; pitems_data->length != 0; pitem++) {
pitem->length = pitems_data->length;
pitem->code = pitems_data->code;
pitem->buffer = &data_buffer[total_length];
pitem->retlen = 0;
/* total_length is in longwords */
total_length += pitems_data->length / 4;
pitems_data++;
}
pitem->length = pitem->code = 0;
/* Fill data_buffer with various info bits from this process */
if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) != SS$_NORMAL)
return 0;
/* Now twist that data to seed the SSL random number init */
for (i = 0; i < total_length; i++) {
sys$gettim((struct _generic_64 *)&sys_time[0]);
srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i);
if (i == (total_length - 1)) { /* for JPI$_FINALEXC */
ptr = &data_buffer[i];
for (j = 0; j < 4; j++) {
data_buffer[i + j] = ptr[j];
/* OK to use rand() just to scramble the seed */
data_buffer[i + j] ^= (sys_time[0] ^ rand());
tmp_length++;
}
} else {
/* OK to use rand() just to scramble the seed */
data_buffer[i] ^= (sys_time[0] ^ rand());
}
}
total_length += (tmp_length - 1);
/* Change the total length to number of bytes */
total_length *= 4;
/*
* If we can't feed the requirements from the caller, we're in deep trouble.
*/
if (!ossl_assert(total_length >= bytes_needed)) {
char neededstr[20];
char availablestr[20];
BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed);
BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length);
RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY,
RAND_R_RANDOM_POOL_UNDERFLOW);
ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ",
availablestr);
return 0;
}
/*
* Try not to overfeed the pool
*/
if (total_length > bytes_remaining)
total_length = bytes_remaining;
rand_pool_add(pool, (PTR_T)data_buffer, total_length,
total_length * ENTROPY_BITS_PER_BYTE);
return rand_pool_entropy_available(pool);
}
#endif
Reference in New Issue View Git Blame Copy Permalink