2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Licensed under the Apache License 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 * https://www.openssl.org/source/license.html
15 * or in the file LICENSE in the source distribution.
18 #ifndef OSSL_CRYPTO_RAND_H
19 # define OSSL_CRYPTO_RAND_H
21 # include <openssl/rand.h>
22 # include "crypto/rand_pool.h"
25 * Defines related to seed sources
29 * set this to a comma-separated list of 'random' device files to try out. By
30 * default, we will try to read at least one of these files
32 # define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom"
33 # if defined(__linux) && !defined(__ANDROID__)
34 # ifndef DEVRANDOM_WAIT
35 # define DEVRANDOM_WAIT "/dev/random"
38 * Linux kernels 4.8 and later changes how their random device works and there
39 * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2)
40 * should be used instead.
42 # ifndef DEVRANDOM_SAFE_KERNEL
43 # define DEVRANDOM_SAFE_KERNEL 4, 8
46 * Some operating systems do not permit select(2) on their random devices,
47 * defining this to zero will force the use of read(2) to extract one byte
50 # ifndef DEVRANDM_WAIT_USE_SELECT
51 # define DEVRANDM_WAIT_USE_SELECT 1
54 * Define the shared memory identifier used to indicate if the operating
55 * system has properly seeded the DEVRANDOM source.
57 # ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID
58 # define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114
64 #if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
66 * set this to a comma-separated list of 'egd' sockets to try out. These
67 * sockets will be tried in the order listed in case accessing the device
68 * files listed in DEVRANDOM did not return enough randomness.
70 # define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
73 void rand_cleanup_int(void);
76 * Initialise the random pool reseeding sources.
78 * Returns 1 on success and 0 on failure.
80 int rand_pool_init(void);
83 * Finalise the random pool reseeding sources.
85 void rand_pool_cleanup(void);
88 * Control the random pool use of open file descriptors.
90 void rand_pool_keep_random_devices_open(int keep
);
95 void ossl_random_add_conf_module(void);
98 * Get and cleanup random seed material.
100 size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE
*handle
,
101 unsigned char **pout
, int entropy
,
102 size_t min_len
, size_t max_len
);
103 void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE
*handle
,
104 unsigned char *buf
, size_t len
);
105 size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE
*handle
,
106 unsigned char **pout
, size_t min_len
, size_t max_len
,
107 const void *salt
, size_t salt_len
);
108 void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE
*handle
,
109 unsigned char *buf
, size_t len
);
112 * Get seeding material from the operating system sources.
114 size_t ossl_pool_acquire_entropy(RAND_POOL
*pool
);
115 int ossl_pool_add_nonce_data(RAND_POOL
*pool
);