/*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/*
- * Modified by VMS Software, Inc (2016)
- * Eliminate looping through all processes (performance)
- * Add additional randomizations using rand() function
- */
-
-#include <openssl/rand.h>
-#include "rand_lcl.h"
+#include "e_os.h"
#if defined(OPENSSL_SYS_VMS)
+# include <unistd.h>
+# include "internal/cryptlib.h"
+# include <openssl/rand.h>
+# include "internal/rand_int.h"
+# include "rand_lcl.h"
# include <descrip.h>
# include <jpidef.h>
# include <ssdef.h>
# pragma message disable DOLLARID
# endif
+# ifndef OPENSSL_RAND_SEED_OS
+# error "Unsupported seeding method configured; must be os"
+# endif
+
/*
* Use 32-bit pointers almost everywhere. Define the type to which to cast a
* pointer passed to an external function.
# define PTR_T __void_ptr64
# pragma pointer_size save
# pragma pointer_size 32
-# else /* __INITIAL_POINTER_SIZE == 64 */
+# else
# define PTR_T void *
-# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+# endif
static struct items_data_st {
short length, code; /* length is number of bytes */
{4, JPI$_PPGCNT},
{4, JPI$_WSPEAK},
{4, JPI$_FINALEXC},
- {0, 0} /* zero terminated */
+ {0, 0}
};
-int RAND_poll(void)
-{
+/*
+ * We assume there we get about 4 bits of entropy per byte from the items
+ * above, with a bit of scrambling added rand_pool_acquire_entropy()
+ */
+#define ENTROPY_BITS_PER_BYTE 4
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
/* determine the number of items in the JPI array */
-
struct items_data_st item_entry;
- int item_entry_count = sizeof(items_data)/sizeof(item_entry);
-
- /* Create the JPI itemlist array to hold item_data content */
-
+ size_t item_entry_count = OSSL_NELEM(items_data);
+ /* Create the 32-bit JPI itemlist array to hold item_data content */
struct {
- short length, code;
- int *buffer;
- int *retlen;
- } item[item_entry_count], *pitem; /* number of entries in items_data */
-
+ uint16_t length, code;
+ uint32_t *buffer;
+ uint32_t *retlen;
+ } item[item_entry_count], *pitem;
struct items_data_st *pitems_data;
- int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */
- int iosb[2];
- int sys_time[2];
- int *ptr;
- int i, j ;
- int tmp_length = 0;
- int total_length = 0;
-
- pitems_data = items_data;
- pitem = item;
-
+ /* 8 bytes (two longs) per entry max */
+ uint32_t data_buffer[(item_entry_count * 2) + 4];
+ uint32_t iosb[2];
+ uint32_t sys_time[2];
+ uint32_t *ptr;
+ size_t i, j ;
+ size_t tmp_length = 0;
+ size_t total_length = 0;
+ size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_BITS_PER_BYTE);
+ size_t bytes_remaining = rand_pool_bytes_remaining(pool);
/* Setup itemlist for GETJPI */
- while (pitems_data->length) {
+ pitems_data = items_data;
+ for (pitem = item; pitems_data->length != 0; pitem++) {
pitem->length = pitems_data->length;
pitem->code = pitems_data->code;
pitem->buffer = &data_buffer[total_length];
pitem->retlen = 0;
/* total_length is in longwords */
- total_length += pitems_data->length/4;
+ total_length += pitems_data->length / 4;
pitems_data++;
- pitem ++;
}
pitem->length = pitem->code = 0;
/* Fill data_buffer with various info bits from this process */
- /* and twist that data to seed the SSL random number init */
-
- if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) {
- for (i = 0; i < total_length; i++) {
- sys$gettim((struct _generic_64 *)&sys_time[0]);
- srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i);
-
- if (i == (total_length - 1)) { /* for JPI$_FINALEXC */
- ptr = &data_buffer[i];
- for (j = 0; j < 4; j++) {
- data_buffer[i + j] = ptr[j];
- /* OK to use rand() just to scramble the seed */
- data_buffer[i + j] ^= (sys_time[0] ^ rand());
- tmp_length++;
- }
- } else {
+ if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) != SS$_NORMAL)
+ return 0;
+
+ /* Now twist that data to seed the SSL random number init */
+ for (i = 0; i < total_length; i++) {
+ sys$gettim((struct _generic_64 *)&sys_time[0]);
+ srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i);
+
+ if (i == (total_length - 1)) { /* for JPI$_FINALEXC */
+ ptr = &data_buffer[i];
+ for (j = 0; j < 4; j++) {
+ data_buffer[i + j] = ptr[j];
/* OK to use rand() just to scramble the seed */
- data_buffer[i] ^= (sys_time[0] ^ rand());
+ data_buffer[i + j] ^= (sys_time[0] ^ rand());
+ tmp_length++;
}
+ } else {
+ /* OK to use rand() just to scramble the seed */
+ data_buffer[i] ^= (sys_time[0] ^ rand());
}
+ }
+
+ total_length += (tmp_length - 1);
- total_length += (tmp_length - 1);
+ /* Change the total length to number of bytes */
+ total_length *= 4;
- /* size of seed is total_length*4 bytes (64bytes) */
- RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2);
- } else {
+ /*
+ * If we can't feed the requirements from the caller, we're in deep trouble.
+ */
+ if (!ossl_assert(total_length >= bytes_needed)) {
+ char neededstr[20];
+ char availablestr[20];
+
+ BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed);
+ BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length);
+ RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY,
+ RAND_R_RANDOM_POOL_UNDERFLOW);
+ ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ",
+ availablestr);
return 0;
}
- return 1;
+ /*
+ * Try not to overfeed the pool
+ */
+ if (total_length > bytes_remaining)
+ total_length = bytes_remaining;
+
+ rand_pool_add(pool, (PTR_T)data_buffer, total_length,
+ total_length * ENTROPY_BITS_PER_BYTE);
+ return rand_pool_entropy_available(pool);
+}
+
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+ struct {
+ pid_t pid;
+ CRYPTO_THREAD_ID tid;
+ uint64_t time;
+ } data = { 0 };
+
+ /*
+ * Add process id, thread id, and a high resolution timestamp to
+ * ensure that the nonce is unique whith high probability for
+ * different process instances.
+ */
+ data.pid = getpid();
+ data.tid = CRYPTO_THREAD_get_current_id();
+ sys$gettim_prec((struct _generic_64 *)&data.time);
+
+ return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+ struct {
+ CRYPTO_THREAD_ID tid;
+ uint64_t time;
+ } data = { 0 };
+
+ /*
+ * Add some noise from the thread id and a high resolution timer.
+ * The thread id adds a little randomness if the drbg is accessed
+ * concurrently (which is the case for the <master> drbg).
+ */
+ data.tid = CRYPTO_THREAD_get_current_id();
+ sys$gettim_prec((struct _generic_64 *)&data.time);
+
+ return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
}
#endif