int rand_pool_add_additional_data(RAND_POOL *pool) { struct { CRYPTO_THREAD_ID tid; uint64_t time; } data = { 0 }; /* * Add some noise from the thread id and a high resolution timer. * The thread id adds a little randomness if the drbg is accessed * concurrently (which is the case for the <master> drbg). */ data.tid = CRYPTO_THREAD_get_current_id(); data.time = get_timer_bits(); return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); }
int rand_pool_add_nonce_data(RAND_POOL *pool) { struct { pid_t pid; CRYPTO_THREAD_ID tid; uint64_t time; } data = { 0 }; /* * Add process id, thread id, and a high resolution timestamp to * ensure that the nonce is unique whith high probability for * different process instances. */ data.pid = getpid(); data.tid = CRYPTO_THREAD_get_current_id(); data.time = get_time_stamp(); return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); }
/* * The following algorithm repeatedly samples the real-time clock (RTC) to * generate a sequence of unpredictable data. The algorithm relies upon the * uneven execution speed of the code (due to factors such as cache misses, * interrupts, bus activity, and scheduling) and upon the rather large * relative difference between the speed of the clock and the rate at which * it can be read. If it is ported to an environment where execution speed * is more constant or where the RTC ticks at a much slower rate, or the * clock can be read with fewer instructions, it is likely that the results * would be far more predictable. This should only be used for legacy * platforms. * * As a precaution, we assume only 2 bits of entropy per byte. */ size_t rand_pool_acquire_entropy(RAND_POOL *pool) { short int code; int i, k; size_t bytes_needed; struct timespec ts; unsigned char v; # ifdef OPENSSL_SYS_VOS_HPPA long duration; extern void s$sleep(long *_duration, short int *_code); # else long long duration; extern void s$sleep2(long long *_duration, short int *_code); # endif bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/); for (i = 0; i < bytes_needed; i++) { /* * burn some cpu; hope for interrupts, cache collisions, bus * interference, etc. */ for (k = 0; k < 99; k++) ts.tv_nsec = random(); # ifdef OPENSSL_SYS_VOS_HPPA /* sleep for 1/1024 of a second (976 us). */ duration = 1; s$sleep(&duration, &code); # else /* sleep for 1/65536 of a second (15 us). */ duration = 1; s$sleep2(&duration, &code); # endif /* Get wall clock time, take 8 bits. */ clock_gettime(CLOCK_REALTIME, &ts); v = (unsigned char)(ts.tv_nsec & 0xFF); rand_pool_add(pool, arg, &v, sizeof(v) , 2); } return rand_pool_entropy_available(pool); }
/* * Restart |drbg|, using the specified entropy or additional input * * Tries its best to get the drbg instantiated by all means, * regardless of its current state. * * Optionally, a |buffer| of |len| random bytes can be passed, * which is assumed to contain at least |entropy| bits of entropy. * * If |entropy| > 0, the buffer content is used as entropy input. * * If |entropy| == 0, the buffer content is used as additional input * * Returns 1 on success, 0 on failure. * * This function is used internally only. */ int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *buffer, size_t len, size_t entropy) { int reseeded = 0; const unsigned char *adin = NULL; size_t adinlen = 0; if (drbg->pool != NULL) { RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); rand_pool_free(drbg->pool); drbg->pool = NULL; } if (buffer != NULL) { if (entropy > 0) { if (drbg->max_entropylen < len) { RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_INPUT_TOO_LONG); return 0; } if (entropy > 8 * len) { RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE); return 0; } /* will be picked up by the rand_drbg_get_entropy() callback */ drbg->pool = rand_pool_new(entropy, len, len); if (drbg->pool == NULL) return 0; rand_pool_add(drbg->pool, buffer, len, entropy); } else { if (drbg->max_adinlen < len) { RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ADDITIONAL_INPUT_TOO_LONG); return 0; } adin = buffer; adinlen = len; } } /* repair error state */ if (drbg->state == DRBG_ERROR) RAND_DRBG_uninstantiate(drbg); /* repair uninitialized state */ if (drbg->state == DRBG_UNINITIALISED) { /* reinstantiate drbg */ RAND_DRBG_instantiate(drbg, (const unsigned char *) ossl_pers_string, sizeof(ossl_pers_string) - 1); /* already reseeded. prevent second reseeding below */ reseeded = (drbg->state == DRBG_READY); } /* refresh current state if entropy or additional input has been provided */ if (drbg->state == DRBG_READY) { if (adin != NULL) { /* * mix in additional input without reseeding * * Similar to RAND_DRBG_reseed(), but the provided additional * data |adin| is mixed into the current state without pulling * entropy from the trusted entropy source using get_entropy(). * This is not a reseeding in the strict sense of NIST SP 800-90A. */ drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); } else if (reseeded == 0) { /* do a full reseeding if it has not been done yet above */ RAND_DRBG_reseed(drbg, NULL, 0, 0); } } /* check whether a given entropy pool was cleared properly during reseed */ if (drbg->pool != NULL) { drbg->state = DRBG_ERROR; RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); rand_pool_free(drbg->pool); drbg->pool = NULL; return 0; } return drbg->state == DRBG_READY; }