int rand_pool_add_additional_data(RAND_POOL *pool) { struct { CRYPTO_THREAD_ID tid; uint64_t time; } data = { 0 }; /* * Add some noise from the thread id and a high resolution timer. * The thread id adds a little randomness if the drbg is accessed * concurrently (which is the case for the <master> drbg). */ data.tid = CRYPTO_THREAD_get_current_id(); data.time = get_timer_bits(); return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); }
/* * Generate additional data that can be used for the drbg. The data does * not need to contain entropy, but it's useful if it contains at least * some bits that are unpredictable. * * Returns 0 on failure. * * On success it allocates a buffer at |*pout| and returns the length of * the data. The buffer should get freed using OPENSSL_secure_clear_free(). */ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len) { RAND_POOL *pool; CRYPTO_THREAD_ID thread_id; size_t len; #ifdef OPENSSL_SYS_UNIX pid_t pid; #elif defined(OPENSSL_SYS_WIN32) DWORD pid; #endif uint64_t tbits; pool = RAND_POOL_new(0, 0, max_len); if (pool == NULL) return 0; #ifdef OPENSSL_SYS_UNIX pid = getpid(); RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0); #elif defined(OPENSSL_SYS_WIN32) pid = GetCurrentProcessId(); RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0); #endif thread_id = CRYPTO_THREAD_get_current_id(); if (thread_id != 0) RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0); tbits = get_timer_bits(); if (tbits != 0) RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0); /* TODO: Use RDSEED? */ len = RAND_POOL_length(pool); if (len != 0) *pout = RAND_POOL_detach(pool); RAND_POOL_free(pool); return len; }