mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
Upgrade openssl from 1.1.0e to 1.1.1b, with source code. 4.0.78
This commit is contained in:
parent
8f1c992379
commit
96dbd7bced
1476 changed files with 616554 additions and 4 deletions
4
trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info
vendored
Normal file
4
trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
randfile.c rand_lib.c rand_err.c rand_egd.c \
|
||||
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
438
trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c
vendored
Normal file
438
trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c
vendored
Normal file
|
@ -0,0 +1,438 @@
|
|||
/*
|
||||
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "internal/thread_once.h"
|
||||
#include "internal/thread_once.h"
|
||||
#include "rand_lcl.h"
|
||||
/*
|
||||
* Implementation of NIST SP 800-90A CTR DRBG.
|
||||
*/
|
||||
|
||||
static void inc_128(RAND_DRBG_CTR *ctr)
|
||||
{
|
||||
int i;
|
||||
unsigned char c;
|
||||
unsigned char *p = &ctr->V[15];
|
||||
|
||||
for (i = 0; i < 16; i++, p--) {
|
||||
c = *p;
|
||||
c++;
|
||||
*p = c;
|
||||
if (c != 0) {
|
||||
/* If we didn't wrap around, we're done. */
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
|
||||
{
|
||||
size_t i, n;
|
||||
|
||||
if (in == NULL || inlen == 0)
|
||||
return;
|
||||
|
||||
/*
|
||||
* Any zero padding will have no effect on the result as we
|
||||
* are XORing. So just process however much input we have.
|
||||
*/
|
||||
n = inlen < ctr->keylen ? inlen : ctr->keylen;
|
||||
for (i = 0; i < n; i++)
|
||||
ctr->K[i] ^= in[i];
|
||||
if (inlen <= ctr->keylen)
|
||||
return;
|
||||
|
||||
n = inlen - ctr->keylen;
|
||||
if (n > 16) {
|
||||
/* Should never happen */
|
||||
n = 16;
|
||||
}
|
||||
for (i = 0; i < n; i++)
|
||||
ctr->V[i] ^= in[i + ctr->keylen];
|
||||
}
|
||||
|
||||
/*
|
||||
* Process a complete block using BCC algorithm of SP 800-90A 10.3.3
|
||||
*/
|
||||
__owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,
|
||||
const unsigned char *in)
|
||||
{
|
||||
int i, outlen = AES_BLOCK_SIZE;
|
||||
|
||||
for (i = 0; i < 16; i++)
|
||||
out[i] ^= in[i];
|
||||
|
||||
if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE)
|
||||
|| outlen != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Handle several BCC operations for as much data as we need for K and X
|
||||
*/
|
||||
__owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)
|
||||
{
|
||||
if (!ctr_BCC_block(ctr, ctr->KX, in)
|
||||
|| !ctr_BCC_block(ctr, ctr->KX + 16, in))
|
||||
return 0;
|
||||
if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
|
||||
* see 10.3.1 stage 7.
|
||||
*/
|
||||
__owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr)
|
||||
{
|
||||
memset(ctr->KX, 0, 48);
|
||||
memset(ctr->bltmp, 0, 16);
|
||||
if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp))
|
||||
return 0;
|
||||
ctr->bltmp[3] = 1;
|
||||
if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp))
|
||||
return 0;
|
||||
if (ctr->keylen != 16) {
|
||||
ctr->bltmp[3] = 2;
|
||||
if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Process several blocks into BCC algorithm, some possibly partial
|
||||
*/
|
||||
__owur static int ctr_BCC_update(RAND_DRBG_CTR *ctr,
|
||||
const unsigned char *in, size_t inlen)
|
||||
{
|
||||
if (in == NULL || inlen == 0)
|
||||
return 1;
|
||||
|
||||
/* If we have partial block handle it first */
|
||||
if (ctr->bltmp_pos) {
|
||||
size_t left = 16 - ctr->bltmp_pos;
|
||||
|
||||
/* If we now have a complete block process it */
|
||||
if (inlen >= left) {
|
||||
memcpy(ctr->bltmp + ctr->bltmp_pos, in, left);
|
||||
if (!ctr_BCC_blocks(ctr, ctr->bltmp))
|
||||
return 0;
|
||||
ctr->bltmp_pos = 0;
|
||||
inlen -= left;
|
||||
in += left;
|
||||
}
|
||||
}
|
||||
|
||||
/* Process zero or more complete blocks */
|
||||
for (; inlen >= 16; in += 16, inlen -= 16) {
|
||||
if (!ctr_BCC_blocks(ctr, in))
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Copy any remaining partial block to the temporary buffer */
|
||||
if (inlen > 0) {
|
||||
memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen);
|
||||
ctr->bltmp_pos += inlen;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
__owur static int ctr_BCC_final(RAND_DRBG_CTR *ctr)
|
||||
{
|
||||
if (ctr->bltmp_pos) {
|
||||
memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos);
|
||||
if (!ctr_BCC_blocks(ctr, ctr->bltmp))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
__owur static int ctr_df(RAND_DRBG_CTR *ctr,
|
||||
const unsigned char *in1, size_t in1len,
|
||||
const unsigned char *in2, size_t in2len,
|
||||
const unsigned char *in3, size_t in3len)
|
||||
{
|
||||
static unsigned char c80 = 0x80;
|
||||
size_t inlen;
|
||||
unsigned char *p = ctr->bltmp;
|
||||
int outlen = AES_BLOCK_SIZE;
|
||||
|
||||
if (!ctr_BCC_init(ctr))
|
||||
return 0;
|
||||
if (in1 == NULL)
|
||||
in1len = 0;
|
||||
if (in2 == NULL)
|
||||
in2len = 0;
|
||||
if (in3 == NULL)
|
||||
in3len = 0;
|
||||
inlen = in1len + in2len + in3len;
|
||||
/* Initialise L||N in temporary block */
|
||||
*p++ = (inlen >> 24) & 0xff;
|
||||
*p++ = (inlen >> 16) & 0xff;
|
||||
*p++ = (inlen >> 8) & 0xff;
|
||||
*p++ = inlen & 0xff;
|
||||
|
||||
/* NB keylen is at most 32 bytes */
|
||||
*p++ = 0;
|
||||
*p++ = 0;
|
||||
*p++ = 0;
|
||||
*p = (unsigned char)((ctr->keylen + 16) & 0xff);
|
||||
ctr->bltmp_pos = 8;
|
||||
if (!ctr_BCC_update(ctr, in1, in1len)
|
||||
|| !ctr_BCC_update(ctr, in2, in2len)
|
||||
|| !ctr_BCC_update(ctr, in3, in3len)
|
||||
|| !ctr_BCC_update(ctr, &c80, 1)
|
||||
|| !ctr_BCC_final(ctr))
|
||||
return 0;
|
||||
/* Set up key K */
|
||||
if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1))
|
||||
return 0;
|
||||
/* X follows key K */
|
||||
if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen,
|
||||
AES_BLOCK_SIZE)
|
||||
|| outlen != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX,
|
||||
AES_BLOCK_SIZE)
|
||||
|| outlen != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
if (ctr->keylen != 16)
|
||||
if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16,
|
||||
AES_BLOCK_SIZE)
|
||||
|| outlen != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* NB the no-df Update in SP800-90A specifies a constant input length
|
||||
* of seedlen, however other uses of this algorithm pad the input with
|
||||
* zeroes if necessary and have up to two parameters XORed together,
|
||||
* so we handle both cases in this function instead.
|
||||
*/
|
||||
__owur static int ctr_update(RAND_DRBG *drbg,
|
||||
const unsigned char *in1, size_t in1len,
|
||||
const unsigned char *in2, size_t in2len,
|
||||
const unsigned char *nonce, size_t noncelen)
|
||||
{
|
||||
RAND_DRBG_CTR *ctr = &drbg->data.ctr;
|
||||
int outlen = AES_BLOCK_SIZE;
|
||||
|
||||
/* correct key is already set up. */
|
||||
inc_128(ctr);
|
||||
if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE)
|
||||
|| outlen != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
|
||||
/* If keylen longer than 128 bits need extra encrypt */
|
||||
if (ctr->keylen != 16) {
|
||||
inc_128(ctr);
|
||||
if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V,
|
||||
AES_BLOCK_SIZE)
|
||||
|| outlen != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
}
|
||||
inc_128(ctr);
|
||||
if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE)
|
||||
|| outlen != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
|
||||
/* If 192 bit key part of V is on end of K */
|
||||
if (ctr->keylen == 24) {
|
||||
memcpy(ctr->V + 8, ctr->V, 8);
|
||||
memcpy(ctr->V, ctr->K + 24, 8);
|
||||
}
|
||||
|
||||
if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
|
||||
/* If no input reuse existing derived value */
|
||||
if (in1 != NULL || nonce != NULL || in2 != NULL)
|
||||
if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len))
|
||||
return 0;
|
||||
/* If this a reuse input in1len != 0 */
|
||||
if (in1len)
|
||||
ctr_XOR(ctr, ctr->KX, drbg->seedlen);
|
||||
} else {
|
||||
ctr_XOR(ctr, in1, in1len);
|
||||
ctr_XOR(ctr, in2, in2len);
|
||||
}
|
||||
|
||||
if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
__owur static int drbg_ctr_instantiate(RAND_DRBG *drbg,
|
||||
const unsigned char *entropy, size_t entropylen,
|
||||
const unsigned char *nonce, size_t noncelen,
|
||||
const unsigned char *pers, size_t perslen)
|
||||
{
|
||||
RAND_DRBG_CTR *ctr = &drbg->data.ctr;
|
||||
|
||||
if (entropy == NULL)
|
||||
return 0;
|
||||
|
||||
memset(ctr->K, 0, sizeof(ctr->K));
|
||||
memset(ctr->V, 0, sizeof(ctr->V));
|
||||
if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
|
||||
return 0;
|
||||
if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
__owur static int drbg_ctr_reseed(RAND_DRBG *drbg,
|
||||
const unsigned char *entropy, size_t entropylen,
|
||||
const unsigned char *adin, size_t adinlen)
|
||||
{
|
||||
if (entropy == NULL)
|
||||
return 0;
|
||||
if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
__owur static int drbg_ctr_generate(RAND_DRBG *drbg,
|
||||
unsigned char *out, size_t outlen,
|
||||
const unsigned char *adin, size_t adinlen)
|
||||
{
|
||||
RAND_DRBG_CTR *ctr = &drbg->data.ctr;
|
||||
|
||||
if (adin != NULL && adinlen != 0) {
|
||||
if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
|
||||
return 0;
|
||||
/* This means we reuse derived value */
|
||||
if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
|
||||
adin = NULL;
|
||||
adinlen = 1;
|
||||
}
|
||||
} else {
|
||||
adinlen = 0;
|
||||
}
|
||||
|
||||
for ( ; ; ) {
|
||||
int outl = AES_BLOCK_SIZE;
|
||||
|
||||
inc_128(ctr);
|
||||
if (outlen < 16) {
|
||||
/* Use K as temp space as it will be updated */
|
||||
if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V,
|
||||
AES_BLOCK_SIZE)
|
||||
|| outl != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
memcpy(out, ctr->K, outlen);
|
||||
break;
|
||||
}
|
||||
if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE)
|
||||
|| outl != AES_BLOCK_SIZE)
|
||||
return 0;
|
||||
out += 16;
|
||||
outlen -= 16;
|
||||
if (outlen == 0)
|
||||
break;
|
||||
}
|
||||
|
||||
if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int drbg_ctr_uninstantiate(RAND_DRBG *drbg)
|
||||
{
|
||||
EVP_CIPHER_CTX_free(drbg->data.ctr.ctx);
|
||||
EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);
|
||||
OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));
|
||||
return 1;
|
||||
}
|
||||
|
||||
static RAND_DRBG_METHOD drbg_ctr_meth = {
|
||||
drbg_ctr_instantiate,
|
||||
drbg_ctr_reseed,
|
||||
drbg_ctr_generate,
|
||||
drbg_ctr_uninstantiate
|
||||
};
|
||||
|
||||
int drbg_ctr_init(RAND_DRBG *drbg)
|
||||
{
|
||||
RAND_DRBG_CTR *ctr = &drbg->data.ctr;
|
||||
size_t keylen;
|
||||
|
||||
switch (drbg->type) {
|
||||
default:
|
||||
/* This can't happen, but silence the compiler warning. */
|
||||
return 0;
|
||||
case NID_aes_128_ctr:
|
||||
keylen = 16;
|
||||
ctr->cipher = EVP_aes_128_ecb();
|
||||
break;
|
||||
case NID_aes_192_ctr:
|
||||
keylen = 24;
|
||||
ctr->cipher = EVP_aes_192_ecb();
|
||||
break;
|
||||
case NID_aes_256_ctr:
|
||||
keylen = 32;
|
||||
ctr->cipher = EVP_aes_256_ecb();
|
||||
break;
|
||||
}
|
||||
|
||||
drbg->meth = &drbg_ctr_meth;
|
||||
|
||||
ctr->keylen = keylen;
|
||||
if (ctr->ctx == NULL)
|
||||
ctr->ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctr->ctx == NULL)
|
||||
return 0;
|
||||
drbg->strength = keylen * 8;
|
||||
drbg->seedlen = keylen + 16;
|
||||
|
||||
if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
|
||||
/* df initialisation */
|
||||
static const unsigned char df_key[32] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
|
||||
};
|
||||
|
||||
if (ctr->ctx_df == NULL)
|
||||
ctr->ctx_df = EVP_CIPHER_CTX_new();
|
||||
if (ctr->ctx_df == NULL)
|
||||
return 0;
|
||||
/* Set key schedule for df_key */
|
||||
if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1))
|
||||
return 0;
|
||||
|
||||
drbg->min_entropylen = ctr->keylen;
|
||||
drbg->max_entropylen = DRBG_MAX_LENGTH;
|
||||
drbg->min_noncelen = drbg->min_entropylen / 2;
|
||||
drbg->max_noncelen = DRBG_MAX_LENGTH;
|
||||
drbg->max_perslen = DRBG_MAX_LENGTH;
|
||||
drbg->max_adinlen = DRBG_MAX_LENGTH;
|
||||
} else {
|
||||
drbg->min_entropylen = drbg->seedlen;
|
||||
drbg->max_entropylen = drbg->seedlen;
|
||||
/* Nonce not used */
|
||||
drbg->min_noncelen = 0;
|
||||
drbg->max_noncelen = 0;
|
||||
drbg->max_perslen = drbg->seedlen;
|
||||
drbg->max_adinlen = drbg->seedlen;
|
||||
}
|
||||
|
||||
drbg->max_request = 1 << 16;
|
||||
|
||||
return 1;
|
||||
}
|
1159
trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c
vendored
Normal file
1159
trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
158
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_egd.c
vendored
Normal file
158
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_egd.c
vendored
Normal file
|
@ -0,0 +1,158 @@
|
|||
/*
|
||||
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_EGD
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/e_os2.h>
|
||||
# include <openssl/rand.h>
|
||||
|
||||
/*
|
||||
* Query an EGD
|
||||
*/
|
||||
|
||||
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
|
||||
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
int RAND_egd(const char *path)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
int RAND_egd_bytes(const char *path, int bytes)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
# else
|
||||
|
||||
# include OPENSSL_UNISTD
|
||||
# include <stddef.h>
|
||||
# include <sys/types.h>
|
||||
# include <sys/socket.h>
|
||||
# ifndef NO_SYS_UN_H
|
||||
# ifdef OPENSSL_SYS_VXWORKS
|
||||
# include <streams/un.h>
|
||||
# else
|
||||
# include <sys/un.h>
|
||||
# endif
|
||||
# else
|
||||
struct sockaddr_un {
|
||||
short sun_family; /* AF_UNIX */
|
||||
char sun_path[108]; /* path name (gag) */
|
||||
};
|
||||
# endif /* NO_SYS_UN_H */
|
||||
# include <string.h>
|
||||
# include <errno.h>
|
||||
|
||||
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
|
||||
{
|
||||
FILE *fp = NULL;
|
||||
struct sockaddr_un addr;
|
||||
int mybuffer, ret = -1, i, numbytes, fd;
|
||||
unsigned char tempbuf[255];
|
||||
|
||||
if (bytes > (int)sizeof(tempbuf))
|
||||
return -1;
|
||||
|
||||
/* Make socket. */
|
||||
memset(&addr, 0, sizeof(addr));
|
||||
addr.sun_family = AF_UNIX;
|
||||
if (strlen(path) >= sizeof(addr.sun_path))
|
||||
return -1;
|
||||
strcpy(addr.sun_path, path);
|
||||
i = offsetof(struct sockaddr_un, sun_path) + strlen(path);
|
||||
fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
|
||||
return -1;
|
||||
setbuf(fp, NULL);
|
||||
|
||||
/* Try to connect */
|
||||
for ( ; ; ) {
|
||||
if (connect(fd, (struct sockaddr *)&addr, i) == 0)
|
||||
break;
|
||||
# ifdef EISCONN
|
||||
if (errno == EISCONN)
|
||||
break;
|
||||
# endif
|
||||
switch (errno) {
|
||||
# ifdef EINTR
|
||||
case EINTR:
|
||||
# endif
|
||||
# ifdef EAGAIN
|
||||
case EAGAIN:
|
||||
# endif
|
||||
# ifdef EINPROGRESS
|
||||
case EINPROGRESS:
|
||||
# endif
|
||||
# ifdef EALREADY
|
||||
case EALREADY:
|
||||
# endif
|
||||
/* No error, try again */
|
||||
break;
|
||||
default:
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
/* Make request, see how many bytes we can get back. */
|
||||
tempbuf[0] = 1;
|
||||
tempbuf[1] = bytes;
|
||||
if (fwrite(tempbuf, sizeof(char), 2, fp) != 2 || fflush(fp) == EOF)
|
||||
goto err;
|
||||
if (fread(tempbuf, sizeof(char), 1, fp) != 1 || tempbuf[0] == 0)
|
||||
goto err;
|
||||
numbytes = tempbuf[0];
|
||||
|
||||
/* Which buffer are we using? */
|
||||
mybuffer = buf == NULL;
|
||||
if (mybuffer)
|
||||
buf = tempbuf;
|
||||
|
||||
/* Read bytes. */
|
||||
i = fread(buf, sizeof(char), numbytes, fp);
|
||||
if (i < numbytes)
|
||||
goto err;
|
||||
ret = numbytes;
|
||||
if (mybuffer)
|
||||
RAND_add(tempbuf, i, i);
|
||||
|
||||
err:
|
||||
if (fp != NULL)
|
||||
fclose(fp);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int RAND_egd_bytes(const char *path, int bytes)
|
||||
{
|
||||
int num;
|
||||
|
||||
num = RAND_query_egd_bytes(path, NULL, bytes);
|
||||
if (num < 0)
|
||||
return -1;
|
||||
if (RAND_status() != 1)
|
||||
return -1;
|
||||
return num;
|
||||
}
|
||||
|
||||
int RAND_egd(const char *path)
|
||||
{
|
||||
return RAND_egd_bytes(path, 255);
|
||||
}
|
||||
|
||||
# endif
|
||||
|
||||
#endif
|
135
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c
vendored
Normal file
135
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c
vendored
Normal file
|
@ -0,0 +1,135 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/randerr.h>
|
||||
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
|
||||
static const ERR_STRING_DATA RAND_str_functs[] = {
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0),
|
||||
"rand_drbg_enable_locking"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0),
|
||||
"RAND_DRBG_generate"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0),
|
||||
"rand_drbg_get_entropy"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0),
|
||||
"rand_drbg_get_nonce"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0),
|
||||
"RAND_DRBG_instantiate"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0),
|
||||
"RAND_DRBG_set_defaults"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
|
||||
"RAND_DRBG_uninstantiate"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0),
|
||||
"rand_pool_acquire_entropy"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
|
||||
"rand_pool_add_begin"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
|
||||
"rand_pool_bytes_needed"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
|
||||
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
static const ERR_STRING_DATA RAND_str_reasons[] = {
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG),
|
||||
"additional input too long"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED),
|
||||
"already instantiated"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE),
|
||||
"argument out of range"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED),
|
||||
"drbg already initialized"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED),
|
||||
"drbg not initialised"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG),
|
||||
"entropy input too long"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE),
|
||||
"entropy out of range"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED),
|
||||
"error entropy pool was ignored"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG),
|
||||
"error initialising drbg"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG),
|
||||
"error instantiating drbg"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
|
||||
"error retrieving additional input"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY),
|
||||
"error retrieving entropy"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE),
|
||||
"error retrieving nonce"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK),
|
||||
"failed to create lock"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED),
|
||||
"Function not implemented"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE),
|
||||
"Not a regular file"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED),
|
||||
"no drbg implementation selected"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED),
|
||||
"parent locking not enabled"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK),
|
||||
"parent strength too weak"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG),
|
||||
"personalisation string too long"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED),
|
||||
"prediction resistance not supported"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW),
|
||||
"random pool overflow"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW),
|
||||
"random pool underflow"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG),
|
||||
"request too large for drbg"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED),
|
||||
"too little nonce requested"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED),
|
||||
"too much nonce requested"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
|
||||
"unsupported drbg flags"},
|
||||
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE),
|
||||
"unsupported drbg type"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
int ERR_load_RAND_strings(void)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
|
||||
ERR_load_strings_const(RAND_str_functs);
|
||||
ERR_load_strings_const(RAND_str_reasons);
|
||||
}
|
||||
#endif
|
||||
return 1;
|
||||
}
|
293
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h
vendored
Normal file
293
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h
vendored
Normal file
|
@ -0,0 +1,293 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef HEADER_RAND_LCL_H
|
||||
# define HEADER_RAND_LCL_H
|
||||
|
||||
# include <openssl/aes.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/sha.h>
|
||||
# include <openssl/hmac.h>
|
||||
# include <openssl/ec.h>
|
||||
# include <openssl/rand_drbg.h>
|
||||
# include "internal/tsan_assist.h"
|
||||
|
||||
# include "internal/numbers.h"
|
||||
|
||||
/* How many times to read the TSC as a randomness source. */
|
||||
# define TSC_READ_COUNT 4
|
||||
|
||||
/* Maximum reseed intervals */
|
||||
# define MAX_RESEED_INTERVAL (1 << 24)
|
||||
# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */
|
||||
|
||||
/* Default reseed intervals */
|
||||
# define MASTER_RESEED_INTERVAL (1 << 8)
|
||||
# define SLAVE_RESEED_INTERVAL (1 << 16)
|
||||
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
|
||||
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||
*
|
||||
* NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
|
||||
*
|
||||
* We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
|
||||
*/
|
||||
# define DRBG_MAX_LENGTH INT32_MAX
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Maximum allocation size for RANDOM_POOL buffers
|
||||
*
|
||||
* The max_len value for the buffer provided to the rand_drbg_get_entropy()
|
||||
* callback is currently 2^31 bytes (2 gigabytes), if a derivation function
|
||||
* is used. Since this is much too large to be allocated, the rand_pool_new()
|
||||
* function chooses more modest values as default pool length, bounded
|
||||
* by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
|
||||
*
|
||||
* The choice of the RAND_POOL_FACTOR is large enough such that the
|
||||
* RAND_POOL can store a random input which has a lousy entropy rate of
|
||||
* 8/256 (= 0.03125) bits per byte. This input will be sent through the
|
||||
* derivation function which 'compresses' the low quality input into a
|
||||
* high quality output.
|
||||
*
|
||||
* The factor 1.5 below is the pessimistic estimate for the extra amount
|
||||
* of entropy required when no get_nonce() callback is defined.
|
||||
*/
|
||||
# define RAND_POOL_FACTOR 256
|
||||
# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \
|
||||
3 * (RAND_DRBG_STRENGTH / 16))
|
||||
/*
|
||||
* = (RAND_POOL_FACTOR * \
|
||||
* 1.5 * (RAND_DRBG_STRENGTH / 8))
|
||||
*/
|
||||
|
||||
|
||||
/* DRBG status values */
|
||||
typedef enum drbg_status_e {
|
||||
DRBG_UNINITIALISED,
|
||||
DRBG_READY,
|
||||
DRBG_ERROR
|
||||
} DRBG_STATUS;
|
||||
|
||||
|
||||
/* instantiate */
|
||||
typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
|
||||
const unsigned char *ent,
|
||||
size_t entlen,
|
||||
const unsigned char *nonce,
|
||||
size_t noncelen,
|
||||
const unsigned char *pers,
|
||||
size_t perslen);
|
||||
/* reseed */
|
||||
typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
|
||||
const unsigned char *ent,
|
||||
size_t entlen,
|
||||
const unsigned char *adin,
|
||||
size_t adinlen);
|
||||
/* generate output */
|
||||
typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
|
||||
unsigned char *out,
|
||||
size_t outlen,
|
||||
const unsigned char *adin,
|
||||
size_t adinlen);
|
||||
/* uninstantiate */
|
||||
typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx);
|
||||
|
||||
|
||||
/*
|
||||
* The DRBG methods
|
||||
*/
|
||||
|
||||
typedef struct rand_drbg_method_st {
|
||||
RAND_DRBG_instantiate_fn instantiate;
|
||||
RAND_DRBG_reseed_fn reseed;
|
||||
RAND_DRBG_generate_fn generate;
|
||||
RAND_DRBG_uninstantiate_fn uninstantiate;
|
||||
} RAND_DRBG_METHOD;
|
||||
|
||||
|
||||
/*
|
||||
* The state of a DRBG AES-CTR.
|
||||
*/
|
||||
typedef struct rand_drbg_ctr_st {
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
EVP_CIPHER_CTX *ctx_df;
|
||||
const EVP_CIPHER *cipher;
|
||||
size_t keylen;
|
||||
unsigned char K[32];
|
||||
unsigned char V[16];
|
||||
/* Temporary block storage used by ctr_df */
|
||||
unsigned char bltmp[16];
|
||||
size_t bltmp_pos;
|
||||
unsigned char KX[48];
|
||||
} RAND_DRBG_CTR;
|
||||
|
||||
|
||||
/*
|
||||
* The 'random pool' acts as a dumb container for collecting random
|
||||
* input from various entropy sources. The pool has no knowledge about
|
||||
* whether its randomness is fed into a legacy RAND_METHOD via RAND_add()
|
||||
* or into a new style RAND_DRBG. It is the callers duty to 1) initialize the
|
||||
* random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
|
||||
* 4) cleanup the random pool again.
|
||||
*
|
||||
* The random pool contains no locking mechanism because its scope and
|
||||
* lifetime is intended to be restricted to a single stack frame.
|
||||
*/
|
||||
struct rand_pool_st {
|
||||
unsigned char *buffer; /* points to the beginning of the random pool */
|
||||
size_t len; /* current number of random bytes contained in the pool */
|
||||
|
||||
int attached; /* true pool was attached to existing buffer */
|
||||
|
||||
size_t min_len; /* minimum number of random bytes requested */
|
||||
size_t max_len; /* maximum number of random bytes (allocated buffer size) */
|
||||
size_t entropy; /* current entropy count in bits */
|
||||
size_t entropy_requested; /* requested entropy count in bits */
|
||||
};
|
||||
|
||||
/*
|
||||
* The state of all types of DRBGs, even though we only have CTR mode
|
||||
* right now.
|
||||
*/
|
||||
struct rand_drbg_st {
|
||||
CRYPTO_RWLOCK *lock;
|
||||
RAND_DRBG *parent;
|
||||
int secure; /* 1: allocated on the secure heap, 0: otherwise */
|
||||
int type; /* the nid of the underlying algorithm */
|
||||
/*
|
||||
* Stores the value of the rand_fork_count global as of when we last
|
||||
* reseeded. The DRBG reseeds automatically whenever drbg->fork_count !=
|
||||
* rand_fork_count. Used to provide fork-safety and reseed this DRBG in
|
||||
* the child process.
|
||||
*/
|
||||
int fork_count;
|
||||
unsigned short flags; /* various external flags */
|
||||
|
||||
/*
|
||||
* The random_data is used by RAND_add()/drbg_add() to attach random
|
||||
* data to the global drbg, such that the rand_drbg_get_entropy() callback
|
||||
* can pull it during instantiation and reseeding. This is necessary to
|
||||
* reconcile the different philosophies of the RAND and the RAND_DRBG
|
||||
* with respect to how randomness is added to the RNG during reseeding
|
||||
* (see PR #4328).
|
||||
*/
|
||||
struct rand_pool_st *seed_pool;
|
||||
|
||||
/*
|
||||
* Auxiliary pool for additional data.
|
||||
*/
|
||||
struct rand_pool_st *adin_pool;
|
||||
|
||||
/*
|
||||
* The following parameters are setup by the per-type "init" function.
|
||||
*
|
||||
* Currently the only type is CTR_DRBG, its init function is drbg_ctr_init().
|
||||
*
|
||||
* The parameters are closely related to the ones described in
|
||||
* section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one
|
||||
* crucial difference: In the NIST standard, all counts are given
|
||||
* in bits, whereas in OpenSSL entropy counts are given in bits
|
||||
* and buffer lengths are given in bytes.
|
||||
*
|
||||
* Since this difference has lead to some confusion in the past,
|
||||
* (see [GitHub Issue #2443], formerly [rt.openssl.org #4055])
|
||||
* the 'len' suffix has been added to all buffer sizes for
|
||||
* clarification.
|
||||
*/
|
||||
|
||||
int strength;
|
||||
size_t max_request;
|
||||
size_t min_entropylen, max_entropylen;
|
||||
size_t min_noncelen, max_noncelen;
|
||||
size_t max_perslen, max_adinlen;
|
||||
|
||||
/* Counts the number of generate requests since the last reseed. */
|
||||
unsigned int reseed_gen_counter;
|
||||
/*
|
||||
* Maximum number of generate requests until a reseed is required.
|
||||
* This value is ignored if it is zero.
|
||||
*/
|
||||
unsigned int reseed_interval;
|
||||
/* Stores the time when the last reseeding occurred */
|
||||
time_t reseed_time;
|
||||
/*
|
||||
* Specifies the maximum time interval (in seconds) between reseeds.
|
||||
* This value is ignored if it is zero.
|
||||
*/
|
||||
time_t reseed_time_interval;
|
||||
/*
|
||||
* Counts the number of reseeds since instantiation.
|
||||
* This value is ignored if it is zero.
|
||||
*
|
||||
* This counter is used only for seed propagation from the <master> DRBG
|
||||
* to its two children, the <public> and <private> DRBG. This feature is
|
||||
* very special and its sole purpose is to ensure that any randomness which
|
||||
* is added by RAND_add() or RAND_seed() will have an immediate effect on
|
||||
* the output of RAND_bytes() resp. RAND_priv_bytes().
|
||||
*/
|
||||
TSAN_QUALIFIER unsigned int reseed_prop_counter;
|
||||
unsigned int reseed_next_counter;
|
||||
|
||||
size_t seedlen;
|
||||
DRBG_STATUS state;
|
||||
|
||||
/* Application data, mainly used in the KATs. */
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
|
||||
/* Implementation specific data (currently only one implementation) */
|
||||
union {
|
||||
RAND_DRBG_CTR ctr;
|
||||
} data;
|
||||
|
||||
/* Implementation specific methods */
|
||||
RAND_DRBG_METHOD *meth;
|
||||
|
||||
/* Callback functions. See comments in rand_lib.c */
|
||||
RAND_DRBG_get_entropy_fn get_entropy;
|
||||
RAND_DRBG_cleanup_entropy_fn cleanup_entropy;
|
||||
RAND_DRBG_get_nonce_fn get_nonce;
|
||||
RAND_DRBG_cleanup_nonce_fn cleanup_nonce;
|
||||
};
|
||||
|
||||
/* The global RAND method, and the global buffer and DRBG instance. */
|
||||
extern RAND_METHOD rand_meth;
|
||||
|
||||
/*
|
||||
* A "generation count" of forks. Incremented in the child process after a
|
||||
* fork. Since rand_fork_count is increment-only, and only ever written to in
|
||||
* the child process of the fork, which is guaranteed to be single-threaded, no
|
||||
* locking is needed for normal (read) accesses; the rest of pthread fork
|
||||
* processing is assumed to introduce the necessary memory barriers. Sibling
|
||||
* children of a given parent will produce duplicate values, but this is not
|
||||
* problematic because the reseeding process pulls input from the system CSPRNG
|
||||
* and/or other global sources, so the siblings will end up generating
|
||||
* different output streams.
|
||||
*/
|
||||
extern int rand_fork_count;
|
||||
|
||||
/* DRBG helpers */
|
||||
int rand_drbg_restart(RAND_DRBG *drbg,
|
||||
const unsigned char *buffer, size_t len, size_t entropy);
|
||||
size_t rand_drbg_seedlen(RAND_DRBG *drbg);
|
||||
/* locking api */
|
||||
int rand_drbg_lock(RAND_DRBG *drbg);
|
||||
int rand_drbg_unlock(RAND_DRBG *drbg);
|
||||
int rand_drbg_enable_locking(RAND_DRBG *drbg);
|
||||
|
||||
|
||||
/* initializes the AES-CTR DRBG implementation */
|
||||
int drbg_ctr_init(RAND_DRBG *drbg);
|
||||
|
||||
#endif
|
859
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c
vendored
Normal file
859
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c
vendored
Normal file
|
@ -0,0 +1,859 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/opensslconf.h>
|
||||
#include "internal/rand_int.h"
|
||||
#include <openssl/engine.h>
|
||||
#include "internal/thread_once.h"
|
||||
#include "rand_lcl.h"
|
||||
#include "e_os.h"
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
/* non-NULL if default_RAND_meth is ENGINE-provided */
|
||||
static ENGINE *funct_ref;
|
||||
static CRYPTO_RWLOCK *rand_engine_lock;
|
||||
#endif
|
||||
static CRYPTO_RWLOCK *rand_meth_lock;
|
||||
static const RAND_METHOD *default_RAND_meth;
|
||||
static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
|
||||
|
||||
int rand_fork_count;
|
||||
|
||||
static CRYPTO_RWLOCK *rand_nonce_lock;
|
||||
static int rand_nonce_count;
|
||||
|
||||
static int rand_inited = 0;
|
||||
|
||||
#ifdef OPENSSL_RAND_SEED_RDTSC
|
||||
/*
|
||||
* IMPORTANT NOTE: It is not currently possible to use this code
|
||||
* because we are not sure about the amount of randomness it provides.
|
||||
* Some SP900 tests have been run, but there is internal skepticism.
|
||||
* So for now this code is not used.
|
||||
*/
|
||||
# error "RDTSC enabled? Should not be possible!"
|
||||
|
||||
/*
|
||||
* Acquire entropy from high-speed clock
|
||||
*
|
||||
* Since we get some randomness from the low-order bits of the
|
||||
* high-speed clock, it can help.
|
||||
*
|
||||
* Returns the total entropy count, if it exceeds the requested
|
||||
* entropy count. Otherwise, returns an entropy count of 0.
|
||||
*/
|
||||
size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
|
||||
{
|
||||
unsigned char c;
|
||||
int i;
|
||||
|
||||
if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
|
||||
for (i = 0; i < TSC_READ_COUNT; i++) {
|
||||
c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
|
||||
rand_pool_add(pool, &c, 1, 4);
|
||||
}
|
||||
}
|
||||
return rand_pool_entropy_available(pool);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_RAND_SEED_RDCPU
|
||||
size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
|
||||
size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
|
||||
|
||||
extern unsigned int OPENSSL_ia32cap_P[];
|
||||
|
||||
/*
|
||||
* Acquire entropy using Intel-specific cpu instructions
|
||||
*
|
||||
* Uses the RDSEED instruction if available, otherwise uses
|
||||
* RDRAND if available.
|
||||
*
|
||||
* For the differences between RDSEED and RDRAND, and why RDSEED
|
||||
* is the preferred choice, see https://goo.gl/oK3KcN
|
||||
*
|
||||
* Returns the total entropy count, if it exceeds the requested
|
||||
* entropy count. Otherwise, returns an entropy count of 0.
|
||||
*/
|
||||
size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
|
||||
{
|
||||
size_t bytes_needed;
|
||||
unsigned char *buffer;
|
||||
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
if (bytes_needed > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
|
||||
if (buffer != NULL) {
|
||||
/* Whichever comes first, use RDSEED, RDRAND or nothing */
|
||||
if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
|
||||
if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
|
||||
== bytes_needed) {
|
||||
rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
|
||||
}
|
||||
} else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
|
||||
if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
|
||||
== bytes_needed) {
|
||||
rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
|
||||
}
|
||||
} else {
|
||||
rand_pool_add_end(pool, 0, 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return rand_pool_entropy_available(pool);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Implements the get_entropy() callback (see RAND_DRBG_set_callbacks())
|
||||
*
|
||||
* If the DRBG has a parent, then the required amount of entropy input
|
||||
* is fetched using the parent's RAND_DRBG_generate().
|
||||
*
|
||||
* Otherwise, the entropy is polled from the system entropy sources
|
||||
* using rand_pool_acquire_entropy().
|
||||
*
|
||||
* If a random pool has been added to the DRBG using RAND_add(), then
|
||||
* its entropy will be used up first.
|
||||
*/
|
||||
size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
|
||||
unsigned char **pout,
|
||||
int entropy, size_t min_len, size_t max_len,
|
||||
int prediction_resistance)
|
||||
{
|
||||
size_t ret = 0;
|
||||
size_t entropy_available = 0;
|
||||
RAND_POOL *pool;
|
||||
|
||||
if (drbg->parent && drbg->strength > drbg->parent->strength) {
|
||||
/*
|
||||
* We currently don't support the algorithm from NIST SP 800-90C
|
||||
* 10.1.2 to use a weaker DRBG as source
|
||||
*/
|
||||
RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (drbg->seed_pool != NULL) {
|
||||
pool = drbg->seed_pool;
|
||||
pool->entropy_requested = entropy;
|
||||
} else {
|
||||
pool = rand_pool_new(entropy, min_len, max_len);
|
||||
if (pool == NULL)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (drbg->parent) {
|
||||
size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
|
||||
if (buffer != NULL) {
|
||||
size_t bytes = 0;
|
||||
|
||||
/*
|
||||
* Get random from parent, include our state as additional input.
|
||||
* Our lock is already held, but we need to lock our parent before
|
||||
* generating bits from it. (Note: taking the lock will be a no-op
|
||||
* if locking if drbg->parent->lock == NULL.)
|
||||
*/
|
||||
rand_drbg_lock(drbg->parent);
|
||||
if (RAND_DRBG_generate(drbg->parent,
|
||||
buffer, bytes_needed,
|
||||
prediction_resistance,
|
||||
NULL, 0) != 0)
|
||||
bytes = bytes_needed;
|
||||
drbg->reseed_next_counter
|
||||
= tsan_load(&drbg->parent->reseed_prop_counter);
|
||||
rand_drbg_unlock(drbg->parent);
|
||||
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
entropy_available = rand_pool_entropy_available(pool);
|
||||
}
|
||||
|
||||
} else {
|
||||
if (prediction_resistance) {
|
||||
/*
|
||||
* We don't have any entropy sources that comply with the NIST
|
||||
* standard to provide prediction resistance (see NIST SP 800-90C,
|
||||
* Section 5.4).
|
||||
*/
|
||||
RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY,
|
||||
RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Get entropy by polling system entropy sources. */
|
||||
entropy_available = rand_pool_acquire_entropy(pool);
|
||||
}
|
||||
|
||||
if (entropy_available > 0) {
|
||||
ret = rand_pool_length(pool);
|
||||
*pout = rand_pool_detach(pool);
|
||||
}
|
||||
|
||||
err:
|
||||
if (drbg->seed_pool == NULL)
|
||||
rand_pool_free(pool);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks())
|
||||
*
|
||||
*/
|
||||
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
|
||||
unsigned char *out, size_t outlen)
|
||||
{
|
||||
if (drbg->seed_pool == NULL)
|
||||
OPENSSL_secure_clear_free(out, outlen);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Implements the get_nonce() callback (see RAND_DRBG_set_callbacks())
|
||||
*
|
||||
*/
|
||||
size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
|
||||
unsigned char **pout,
|
||||
int entropy, size_t min_len, size_t max_len)
|
||||
{
|
||||
size_t ret = 0;
|
||||
RAND_POOL *pool;
|
||||
|
||||
struct {
|
||||
void * instance;
|
||||
int count;
|
||||
} data = { 0 };
|
||||
|
||||
pool = rand_pool_new(0, min_len, max_len);
|
||||
if (pool == NULL)
|
||||
return 0;
|
||||
|
||||
if (rand_pool_add_nonce_data(pool) == 0)
|
||||
goto err;
|
||||
|
||||
data.instance = drbg;
|
||||
CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock);
|
||||
|
||||
if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)
|
||||
goto err;
|
||||
|
||||
ret = rand_pool_length(pool);
|
||||
*pout = rand_pool_detach(pool);
|
||||
|
||||
err:
|
||||
rand_pool_free(pool);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks())
|
||||
*
|
||||
*/
|
||||
void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
|
||||
unsigned char *out, size_t outlen)
|
||||
{
|
||||
OPENSSL_secure_clear_free(out, outlen);
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate additional data that can be used for the drbg. The data does
|
||||
* not need to contain entropy, but it's useful if it contains at least
|
||||
* some bits that are unpredictable.
|
||||
*
|
||||
* Returns 0 on failure.
|
||||
*
|
||||
* On success it allocates a buffer at |*pout| and returns the length of
|
||||
* the data. The buffer should get freed using OPENSSL_secure_clear_free().
|
||||
*/
|
||||
size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout)
|
||||
{
|
||||
size_t ret = 0;
|
||||
|
||||
if (rand_pool_add_additional_data(pool) == 0)
|
||||
goto err;
|
||||
|
||||
ret = rand_pool_length(pool);
|
||||
*pout = rand_pool_detach(pool);
|
||||
|
||||
err:
|
||||
return ret;
|
||||
}
|
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
|
||||
{
|
||||
rand_pool_reattach(pool, out);
|
||||
}
|
||||
|
||||
void rand_fork(void)
|
||||
{
|
||||
rand_fork_count++;
|
||||
}
|
||||
|
||||
DEFINE_RUN_ONCE_STATIC(do_rand_init)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
rand_engine_lock = CRYPTO_THREAD_lock_new();
|
||||
if (rand_engine_lock == NULL)
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
rand_meth_lock = CRYPTO_THREAD_lock_new();
|
||||
if (rand_meth_lock == NULL)
|
||||
goto err1;
|
||||
|
||||
rand_nonce_lock = CRYPTO_THREAD_lock_new();
|
||||
if (rand_nonce_lock == NULL)
|
||||
goto err2;
|
||||
|
||||
if (!rand_pool_init())
|
||||
goto err3;
|
||||
|
||||
rand_inited = 1;
|
||||
return 1;
|
||||
|
||||
err3:
|
||||
CRYPTO_THREAD_lock_free(rand_nonce_lock);
|
||||
rand_nonce_lock = NULL;
|
||||
err2:
|
||||
CRYPTO_THREAD_lock_free(rand_meth_lock);
|
||||
rand_meth_lock = NULL;
|
||||
err1:
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
CRYPTO_THREAD_lock_free(rand_engine_lock);
|
||||
rand_engine_lock = NULL;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
void rand_cleanup_int(void)
|
||||
{
|
||||
const RAND_METHOD *meth = default_RAND_meth;
|
||||
|
||||
if (!rand_inited)
|
||||
return;
|
||||
|
||||
if (meth != NULL && meth->cleanup != NULL)
|
||||
meth->cleanup();
|
||||
RAND_set_rand_method(NULL);
|
||||
rand_pool_cleanup();
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
CRYPTO_THREAD_lock_free(rand_engine_lock);
|
||||
rand_engine_lock = NULL;
|
||||
#endif
|
||||
CRYPTO_THREAD_lock_free(rand_meth_lock);
|
||||
rand_meth_lock = NULL;
|
||||
CRYPTO_THREAD_lock_free(rand_nonce_lock);
|
||||
rand_nonce_lock = NULL;
|
||||
rand_inited = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* RAND_close_seed_files() ensures that any seed file decriptors are
|
||||
* closed after use.
|
||||
*/
|
||||
void RAND_keep_random_devices_open(int keep)
|
||||
{
|
||||
if (RUN_ONCE(&rand_init, do_rand_init))
|
||||
rand_pool_keep_random_devices_open(keep);
|
||||
}
|
||||
|
||||
/*
|
||||
* RAND_poll() reseeds the default RNG using random input
|
||||
*
|
||||
* The random input is obtained from polling various entropy
|
||||
* sources which depend on the operating system and are
|
||||
* configurable via the --with-rand-seed configure option.
|
||||
*/
|
||||
int RAND_poll(void)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
RAND_POOL *pool = NULL;
|
||||
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth == RAND_OpenSSL()) {
|
||||
/* fill random pool and seed the master DRBG */
|
||||
RAND_DRBG *drbg = RAND_DRBG_get0_master();
|
||||
|
||||
if (drbg == NULL)
|
||||
return 0;
|
||||
|
||||
rand_drbg_lock(drbg);
|
||||
ret = rand_drbg_restart(drbg, NULL, 0, 0);
|
||||
rand_drbg_unlock(drbg);
|
||||
|
||||
return ret;
|
||||
|
||||
} else {
|
||||
/* fill random pool and seed the current legacy RNG */
|
||||
pool = rand_pool_new(RAND_DRBG_STRENGTH,
|
||||
RAND_DRBG_STRENGTH / 8,
|
||||
RAND_POOL_MAX_LENGTH);
|
||||
if (pool == NULL)
|
||||
return 0;
|
||||
|
||||
if (rand_pool_acquire_entropy(pool) == 0)
|
||||
goto err;
|
||||
|
||||
if (meth->add == NULL
|
||||
|| meth->add(rand_pool_buffer(pool),
|
||||
rand_pool_length(pool),
|
||||
(rand_pool_entropy(pool) / 8.0)) == 0)
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
err:
|
||||
rand_pool_free(pool);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Allocate memory and initialize a new random pool
|
||||
*/
|
||||
|
||||
RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
|
||||
{
|
||||
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
|
||||
|
||||
if (pool == NULL) {
|
||||
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
pool->min_len = min_len;
|
||||
pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
|
||||
RAND_POOL_MAX_LENGTH : max_len;
|
||||
|
||||
pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
|
||||
if (pool->buffer == NULL) {
|
||||
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
pool->entropy_requested = entropy_requested;
|
||||
|
||||
return pool;
|
||||
|
||||
err:
|
||||
OPENSSL_free(pool);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Attach new random pool to the given buffer
|
||||
*
|
||||
* This function is intended to be used only for feeding random data
|
||||
* provided by RAND_add() and RAND_seed() into the <master> DRBG.
|
||||
*/
|
||||
RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
|
||||
size_t entropy)
|
||||
{
|
||||
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
|
||||
|
||||
if (pool == NULL) {
|
||||
RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* The const needs to be cast away, but attached buffers will not be
|
||||
* modified (in contrary to allocated buffers which are zeroed and
|
||||
* freed in the end).
|
||||
*/
|
||||
pool->buffer = (unsigned char *) buffer;
|
||||
pool->len = len;
|
||||
|
||||
pool->attached = 1;
|
||||
|
||||
pool->min_len = pool->max_len = pool->len;
|
||||
pool->entropy = entropy;
|
||||
|
||||
return pool;
|
||||
}
|
||||
|
||||
/*
|
||||
* Free |pool|, securely erasing its buffer.
|
||||
*/
|
||||
void rand_pool_free(RAND_POOL *pool)
|
||||
{
|
||||
if (pool == NULL)
|
||||
return;
|
||||
|
||||
/*
|
||||
* Although it would be advisable from a cryptographical viewpoint,
|
||||
* we are not allowed to clear attached buffers, since they are passed
|
||||
* to rand_pool_attach() as `const unsigned char*`.
|
||||
* (see corresponding comment in rand_pool_attach()).
|
||||
*/
|
||||
if (!pool->attached)
|
||||
OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
|
||||
OPENSSL_free(pool);
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the |pool|'s buffer to the caller (readonly).
|
||||
*/
|
||||
const unsigned char *rand_pool_buffer(RAND_POOL *pool)
|
||||
{
|
||||
return pool->buffer;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the |pool|'s entropy to the caller.
|
||||
*/
|
||||
size_t rand_pool_entropy(RAND_POOL *pool)
|
||||
{
|
||||
return pool->entropy;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the |pool|'s buffer length to the caller.
|
||||
*/
|
||||
size_t rand_pool_length(RAND_POOL *pool)
|
||||
{
|
||||
return pool->len;
|
||||
}
|
||||
|
||||
/*
|
||||
* Detach the |pool| buffer and return it to the caller.
|
||||
* It's the responsibility of the caller to free the buffer
|
||||
* using OPENSSL_secure_clear_free() or to re-attach it
|
||||
* again to the pool using rand_pool_reattach().
|
||||
*/
|
||||
unsigned char *rand_pool_detach(RAND_POOL *pool)
|
||||
{
|
||||
unsigned char *ret = pool->buffer;
|
||||
pool->buffer = NULL;
|
||||
pool->entropy = 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Re-attach the |pool| buffer. It is only allowed to pass
|
||||
* the |buffer| which was previously detached from the same pool.
|
||||
*/
|
||||
void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
|
||||
{
|
||||
pool->buffer = buffer;
|
||||
OPENSSL_cleanse(pool->buffer, pool->len);
|
||||
pool->len = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
|
||||
* need to obtain at least |bits| bits of entropy?
|
||||
*/
|
||||
#define ENTROPY_TO_BYTES(bits, entropy_factor) \
|
||||
(((bits) * (entropy_factor) + 7) / 8)
|
||||
|
||||
|
||||
/*
|
||||
* Checks whether the |pool|'s entropy is available to the caller.
|
||||
* This is the case when entropy count and buffer length are high enough.
|
||||
* Returns
|
||||
*
|
||||
* |entropy| if the entropy count and buffer size is large enough
|
||||
* 0 otherwise
|
||||
*/
|
||||
size_t rand_pool_entropy_available(RAND_POOL *pool)
|
||||
{
|
||||
if (pool->entropy < pool->entropy_requested)
|
||||
return 0;
|
||||
|
||||
if (pool->len < pool->min_len)
|
||||
return 0;
|
||||
|
||||
return pool->entropy;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns the (remaining) amount of entropy needed to fill
|
||||
* the random pool.
|
||||
*/
|
||||
|
||||
size_t rand_pool_entropy_needed(RAND_POOL *pool)
|
||||
{
|
||||
if (pool->entropy < pool->entropy_requested)
|
||||
return pool->entropy_requested - pool->entropy;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns the number of bytes needed to fill the pool, assuming
|
||||
* the input has 1 / |entropy_factor| entropy bits per data bit.
|
||||
* In case of an error, 0 is returned.
|
||||
*/
|
||||
|
||||
size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
|
||||
{
|
||||
size_t bytes_needed;
|
||||
size_t entropy_needed = rand_pool_entropy_needed(pool);
|
||||
|
||||
if (entropy_factor < 1) {
|
||||
RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor);
|
||||
|
||||
if (bytes_needed > pool->max_len - pool->len) {
|
||||
/* not enough space left */
|
||||
RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (pool->len < pool->min_len &&
|
||||
bytes_needed < pool->min_len - pool->len)
|
||||
/* to meet the min_len requirement */
|
||||
bytes_needed = pool->min_len - pool->len;
|
||||
|
||||
return bytes_needed;
|
||||
}
|
||||
|
||||
/* Returns the remaining number of bytes available */
|
||||
size_t rand_pool_bytes_remaining(RAND_POOL *pool)
|
||||
{
|
||||
return pool->max_len - pool->len;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add random bytes to the random pool.
|
||||
*
|
||||
* It is expected that the |buffer| contains |len| bytes of
|
||||
* random input which contains at least |entropy| bits of
|
||||
* randomness.
|
||||
*
|
||||
* Returns 1 if the added amount is adequate, otherwise 0
|
||||
*/
|
||||
int rand_pool_add(RAND_POOL *pool,
|
||||
const unsigned char *buffer, size_t len, size_t entropy)
|
||||
{
|
||||
if (len > pool->max_len - pool->len) {
|
||||
RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (pool->buffer == NULL) {
|
||||
RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (len > 0) {
|
||||
memcpy(pool->buffer + pool->len, buffer, len);
|
||||
pool->len += len;
|
||||
pool->entropy += entropy;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Start to add random bytes to the random pool in-place.
|
||||
*
|
||||
* Reserves the next |len| bytes for adding random bytes in-place
|
||||
* and returns a pointer to the buffer.
|
||||
* The caller is allowed to copy up to |len| bytes into the buffer.
|
||||
* If |len| == 0 this is considered a no-op and a NULL pointer
|
||||
* is returned without producing an error message.
|
||||
*
|
||||
* After updating the buffer, rand_pool_add_end() needs to be called
|
||||
* to finish the udpate operation (see next comment).
|
||||
*/
|
||||
unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
|
||||
{
|
||||
if (len == 0)
|
||||
return NULL;
|
||||
|
||||
if (len > pool->max_len - pool->len) {
|
||||
RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (pool->buffer == NULL) {
|
||||
RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return pool->buffer + pool->len;
|
||||
}
|
||||
|
||||
/*
|
||||
* Finish to add random bytes to the random pool in-place.
|
||||
*
|
||||
* Finishes an in-place update of the random pool started by
|
||||
* rand_pool_add_begin() (see previous comment).
|
||||
* It is expected that |len| bytes of random input have been added
|
||||
* to the buffer which contain at least |entropy| bits of randomness.
|
||||
* It is allowed to add less bytes than originally reserved.
|
||||
*/
|
||||
int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
|
||||
{
|
||||
if (len > pool->max_len - pool->len) {
|
||||
RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (len > 0) {
|
||||
pool->len += len;
|
||||
pool->entropy += entropy;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int RAND_set_rand_method(const RAND_METHOD *meth)
|
||||
{
|
||||
if (!RUN_ONCE(&rand_init, do_rand_init))
|
||||
return 0;
|
||||
|
||||
CRYPTO_THREAD_write_lock(rand_meth_lock);
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE_finish(funct_ref);
|
||||
funct_ref = NULL;
|
||||
#endif
|
||||
default_RAND_meth = meth;
|
||||
CRYPTO_THREAD_unlock(rand_meth_lock);
|
||||
return 1;
|
||||
}
|
||||
|
||||
const RAND_METHOD *RAND_get_rand_method(void)
|
||||
{
|
||||
const RAND_METHOD *tmp_meth = NULL;
|
||||
|
||||
if (!RUN_ONCE(&rand_init, do_rand_init))
|
||||
return NULL;
|
||||
|
||||
CRYPTO_THREAD_write_lock(rand_meth_lock);
|
||||
if (default_RAND_meth == NULL) {
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e;
|
||||
|
||||
/* If we have an engine that can do RAND, use it. */
|
||||
if ((e = ENGINE_get_default_RAND()) != NULL
|
||||
&& (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
|
||||
funct_ref = e;
|
||||
default_RAND_meth = tmp_meth;
|
||||
} else {
|
||||
ENGINE_finish(e);
|
||||
default_RAND_meth = &rand_meth;
|
||||
}
|
||||
#else
|
||||
default_RAND_meth = &rand_meth;
|
||||
#endif
|
||||
}
|
||||
tmp_meth = default_RAND_meth;
|
||||
CRYPTO_THREAD_unlock(rand_meth_lock);
|
||||
return tmp_meth;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
int RAND_set_rand_engine(ENGINE *engine)
|
||||
{
|
||||
const RAND_METHOD *tmp_meth = NULL;
|
||||
|
||||
if (!RUN_ONCE(&rand_init, do_rand_init))
|
||||
return 0;
|
||||
|
||||
if (engine != NULL) {
|
||||
if (!ENGINE_init(engine))
|
||||
return 0;
|
||||
tmp_meth = ENGINE_get_RAND(engine);
|
||||
if (tmp_meth == NULL) {
|
||||
ENGINE_finish(engine);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
CRYPTO_THREAD_write_lock(rand_engine_lock);
|
||||
/* This function releases any prior ENGINE so call it first */
|
||||
RAND_set_rand_method(tmp_meth);
|
||||
funct_ref = engine;
|
||||
CRYPTO_THREAD_unlock(rand_engine_lock);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
void RAND_seed(const void *buf, int num)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->seed != NULL)
|
||||
meth->seed(buf, num);
|
||||
}
|
||||
|
||||
void RAND_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->add != NULL)
|
||||
meth->add(buf, num, randomness);
|
||||
}
|
||||
|
||||
/*
|
||||
* This function is not part of RAND_METHOD, so if we're not using
|
||||
* the default method, then just call RAND_bytes(). Otherwise make
|
||||
* sure we're instantiated and use the private DRBG.
|
||||
*/
|
||||
int RAND_priv_bytes(unsigned char *buf, int num)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
RAND_DRBG *drbg;
|
||||
int ret;
|
||||
|
||||
if (meth != RAND_OpenSSL())
|
||||
return RAND_bytes(buf, num);
|
||||
|
||||
drbg = RAND_DRBG_get0_private();
|
||||
if (drbg == NULL)
|
||||
return 0;
|
||||
|
||||
ret = RAND_DRBG_bytes(drbg, buf, num);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int RAND_bytes(unsigned char *buf, int num)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->bytes != NULL)
|
||||
return meth->bytes(buf, num);
|
||||
RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#if OPENSSL_API_COMPAT < 0x10100000L
|
||||
int RAND_pseudo_bytes(unsigned char *buf, int num)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->pseudorand != NULL)
|
||||
return meth->pseudorand(buf, num);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
int RAND_status(void)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->status != NULL)
|
||||
return meth->status();
|
||||
return 0;
|
||||
}
|
707
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c
vendored
Normal file
707
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c
vendored
Normal file
|
@ -0,0 +1,707 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef _GNU_SOURCE
|
||||
# define _GNU_SOURCE
|
||||
#endif
|
||||
#include "e_os.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/rand.h>
|
||||
#include "rand_lcl.h"
|
||||
#include "internal/rand_int.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#if defined(__linux)
|
||||
# include <sys/syscall.h>
|
||||
#endif
|
||||
#if defined(__FreeBSD__)
|
||||
# include <sys/types.h>
|
||||
# include <sys/sysctl.h>
|
||||
# include <sys/param.h>
|
||||
#endif
|
||||
#if defined(__OpenBSD__) || defined(__NetBSD__)
|
||||
# include <sys/param.h>
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
|
||||
# include <sys/types.h>
|
||||
# include <sys/stat.h>
|
||||
# include <fcntl.h>
|
||||
# include <unistd.h>
|
||||
# include <sys/time.h>
|
||||
|
||||
static uint64_t get_time_stamp(void);
|
||||
static uint64_t get_timer_bits(void);
|
||||
|
||||
/* Macro to convert two thirty two bit values into a sixty four bit one */
|
||||
# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
|
||||
|
||||
/*
|
||||
* Check for the existence and support of POSIX timers. The standard
|
||||
* says that the _POSIX_TIMERS macro will have a positive value if they
|
||||
* are available.
|
||||
*
|
||||
* However, we want an additional constraint: that the timer support does
|
||||
* not require an extra library dependency. Early versions of glibc
|
||||
* require -lrt to be specified on the link line to access the timers,
|
||||
* so this needs to be checked for.
|
||||
*
|
||||
* It is worse because some libraries define __GLIBC__ but don't
|
||||
* support the version testing macro (e.g. uClibc). This means
|
||||
* an extra check is needed.
|
||||
*
|
||||
* The final condition is:
|
||||
* "have posix timers and either not glibc or glibc without -lrt"
|
||||
*
|
||||
* The nested #if sequences are required to avoid using a parameterised
|
||||
* macro that might be undefined.
|
||||
*/
|
||||
# undef OSSL_POSIX_TIMER_OKAY
|
||||
# if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
|
||||
# if defined(__GLIBC__)
|
||||
# if defined(__GLIBC_PREREQ)
|
||||
# if __GLIBC_PREREQ(2, 17)
|
||||
# define OSSL_POSIX_TIMER_OKAY
|
||||
# endif
|
||||
# endif
|
||||
# else
|
||||
# define OSSL_POSIX_TIMER_OKAY
|
||||
# endif
|
||||
# endif
|
||||
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
|
||||
|
||||
#if defined(OPENSSL_RAND_SEED_NONE)
|
||||
/* none means none. this simplifies the following logic */
|
||||
# undef OPENSSL_RAND_SEED_OS
|
||||
# undef OPENSSL_RAND_SEED_GETRANDOM
|
||||
# undef OPENSSL_RAND_SEED_LIBRANDOM
|
||||
# undef OPENSSL_RAND_SEED_DEVRANDOM
|
||||
# undef OPENSSL_RAND_SEED_RDTSC
|
||||
# undef OPENSSL_RAND_SEED_RDCPU
|
||||
# undef OPENSSL_RAND_SEED_EGD
|
||||
#endif
|
||||
|
||||
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
|
||||
!defined(OPENSSL_RAND_SEED_NONE)
|
||||
# error "UEFI and VXWorks only support seeding NONE"
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_SYS_VXWORKS)
|
||||
/* empty implementation */
|
||||
int rand_pool_init(void)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
void rand_pool_cleanup(void)
|
||||
{
|
||||
}
|
||||
|
||||
void rand_pool_keep_random_devices_open(int keep)
|
||||
{
|
||||
}
|
||||
|
||||
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
||||
{
|
||||
return rand_pool_entropy_available(pool);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
|
||||
|| defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
|
||||
|| defined(OPENSSL_SYS_UEFI))
|
||||
|
||||
# if defined(OPENSSL_SYS_VOS)
|
||||
|
||||
# ifndef OPENSSL_RAND_SEED_OS
|
||||
# error "Unsupported seeding method configured; must be os"
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32)
|
||||
# error "Unsupported HP-PA and IA32 at the same time."
|
||||
# endif
|
||||
# if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32)
|
||||
# error "Must have one of HP-PA or IA32"
|
||||
# endif
|
||||
|
||||
/*
|
||||
* The following algorithm repeatedly samples the real-time clock (RTC) to
|
||||
* generate a sequence of unpredictable data. The algorithm relies upon the
|
||||
* uneven execution speed of the code (due to factors such as cache misses,
|
||||
* interrupts, bus activity, and scheduling) and upon the rather large
|
||||
* relative difference between the speed of the clock and the rate at which
|
||||
* it can be read. If it is ported to an environment where execution speed
|
||||
* is more constant or where the RTC ticks at a much slower rate, or the
|
||||
* clock can be read with fewer instructions, it is likely that the results
|
||||
* would be far more predictable. This should only be used for legacy
|
||||
* platforms.
|
||||
*
|
||||
* As a precaution, we assume only 2 bits of entropy per byte.
|
||||
*/
|
||||
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
||||
{
|
||||
short int code;
|
||||
int i, k;
|
||||
size_t bytes_needed;
|
||||
struct timespec ts;
|
||||
unsigned char v;
|
||||
# ifdef OPENSSL_SYS_VOS_HPPA
|
||||
long duration;
|
||||
extern void s$sleep(long *_duration, short int *_code);
|
||||
# else
|
||||
long long duration;
|
||||
extern void s$sleep2(long long *_duration, short int *_code);
|
||||
# endif
|
||||
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
|
||||
|
||||
for (i = 0; i < bytes_needed; i++) {
|
||||
/*
|
||||
* burn some cpu; hope for interrupts, cache collisions, bus
|
||||
* interference, etc.
|
||||
*/
|
||||
for (k = 0; k < 99; k++)
|
||||
ts.tv_nsec = random();
|
||||
|
||||
# ifdef OPENSSL_SYS_VOS_HPPA
|
||||
/* sleep for 1/1024 of a second (976 us). */
|
||||
duration = 1;
|
||||
s$sleep(&duration, &code);
|
||||
# else
|
||||
/* sleep for 1/65536 of a second (15 us). */
|
||||
duration = 1;
|
||||
s$sleep2(&duration, &code);
|
||||
# endif
|
||||
|
||||
/* Get wall clock time, take 8 bits. */
|
||||
clock_gettime(CLOCK_REALTIME, &ts);
|
||||
v = (unsigned char)(ts.tv_nsec & 0xFF);
|
||||
rand_pool_add(pool, arg, &v, sizeof(v) , 2);
|
||||
}
|
||||
return rand_pool_entropy_available(pool);
|
||||
}
|
||||
|
||||
void rand_pool_cleanup(void)
|
||||
{
|
||||
}
|
||||
|
||||
void rand_pool_keep_random_devices_open(int keep)
|
||||
{
|
||||
}
|
||||
|
||||
# else
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_EGD) && \
|
||||
(defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
|
||||
# error "Seeding uses EGD but EGD is turned off or no device given"
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
|
||||
# error "Seeding uses urandom but DEVRANDOM is not configured"
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_OS)
|
||||
# if !defined(DEVRANDOM)
|
||||
# error "OS seeding requires DEVRANDOM to be configured"
|
||||
# endif
|
||||
# define OPENSSL_RAND_SEED_GETRANDOM
|
||||
# define OPENSSL_RAND_SEED_DEVRANDOM
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_LIBRANDOM)
|
||||
# error "librandom not (yet) supported"
|
||||
# endif
|
||||
|
||||
# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
/*
|
||||
* sysctl_random(): Use sysctl() to read a random number from the kernel
|
||||
* Returns the number of bytes returned in buf on success, -1 on failure.
|
||||
*/
|
||||
static ssize_t sysctl_random(char *buf, size_t buflen)
|
||||
{
|
||||
int mib[2];
|
||||
size_t done = 0;
|
||||
size_t len;
|
||||
|
||||
/*
|
||||
* Note: sign conversion between size_t and ssize_t is safe even
|
||||
* without a range check, see comment in syscall_random()
|
||||
*/
|
||||
|
||||
/*
|
||||
* On FreeBSD old implementations returned longs, newer versions support
|
||||
* variable sizes up to 256 byte. The code below would not work properly
|
||||
* when the sysctl returns long and we want to request something not a
|
||||
* multiple of longs, which should never be the case.
|
||||
*/
|
||||
if (!ossl_assert(buflen % sizeof(long) == 0)) {
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
|
||||
* filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
|
||||
* it returns a variable number of bytes with the current version supporting
|
||||
* up to 256 bytes.
|
||||
* Just return an error on older NetBSD versions.
|
||||
*/
|
||||
#if defined(__NetBSD__) && __NetBSD_Version__ < 400000000
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
#endif
|
||||
|
||||
mib[0] = CTL_KERN;
|
||||
mib[1] = KERN_ARND;
|
||||
|
||||
do {
|
||||
len = buflen;
|
||||
if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
|
||||
return done > 0 ? done : -1;
|
||||
done += len;
|
||||
buf += len;
|
||||
buflen -= len;
|
||||
} while (buflen > 0);
|
||||
|
||||
return done;
|
||||
}
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
/*
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
static ssize_t syscall_random(void *buf, size_t buflen)
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
* get_entropy() callback of the RAND_DRBG. It is roughly bounded by
|
||||
*
|
||||
* 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
|
||||
*
|
||||
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
|
||||
* between size_t and ssize_t is safe even without a range check.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Do runtime detection to find getentropy().
|
||||
*
|
||||
* Known OSs that should support this:
|
||||
* - Darwin since 16 (OSX 10.12, IOS 10.0).
|
||||
* - Solaris since 11.3
|
||||
* - OpenBSD since 5.6
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
*/
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
if (getentropy != NULL)
|
||||
return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# else
|
||||
union {
|
||||
void *p;
|
||||
int (*f)(void *buffer, size_t length);
|
||||
} p_getentropy;
|
||||
|
||||
/*
|
||||
* We could cache the result of the lookup, but we normally don't
|
||||
* call this function often.
|
||||
*/
|
||||
ERR_set_mark();
|
||||
p_getentropy.p = DSO_global_lookup("getentropy");
|
||||
ERR_pop_to_mark();
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
|
||||
/* Linux supports this since version 3.17 */
|
||||
# if defined(__linux) && defined(SYS_getrandom)
|
||||
return syscall(SYS_getrandom, buf, buflen, 0);
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
# endif
|
||||
}
|
||||
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
|
||||
static const char *random_device_paths[] = { DEVRANDOM };
|
||||
static struct random_device {
|
||||
int fd;
|
||||
dev_t dev;
|
||||
ino_t ino;
|
||||
mode_t mode;
|
||||
dev_t rdev;
|
||||
} random_devices[OSSL_NELEM(random_device_paths)];
|
||||
static int keep_random_devices_open = 1;
|
||||
|
||||
/*
|
||||
* Verify that the file descriptor associated with the random source is
|
||||
* still valid. The rationale for doing this is the fact that it is not
|
||||
* uncommon for daemons to close all open file handles when daemonizing.
|
||||
* So the handle might have been closed or even reused for opening
|
||||
* another file.
|
||||
*/
|
||||
static int check_random_device(struct random_device * rd)
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
return rd->fd != -1
|
||||
&& fstat(rd->fd, &st) != -1
|
||||
&& rd->dev == st.st_dev
|
||||
&& rd->ino == st.st_ino
|
||||
&& ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
|
||||
&& rd->rdev == st.st_rdev;
|
||||
}
|
||||
|
||||
/*
|
||||
* Open a random device if required and return its file descriptor or -1 on error
|
||||
*/
|
||||
static int get_random_device(size_t n)
|
||||
{
|
||||
struct stat st;
|
||||
struct random_device * rd = &random_devices[n];
|
||||
|
||||
/* reuse existing file descriptor if it is (still) valid */
|
||||
if (check_random_device(rd))
|
||||
return rd->fd;
|
||||
|
||||
/* open the random device ... */
|
||||
if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
|
||||
return rd->fd;
|
||||
|
||||
/* ... and cache its relevant stat(2) data */
|
||||
if (fstat(rd->fd, &st) != -1) {
|
||||
rd->dev = st.st_dev;
|
||||
rd->ino = st.st_ino;
|
||||
rd->mode = st.st_mode;
|
||||
rd->rdev = st.st_rdev;
|
||||
} else {
|
||||
close(rd->fd);
|
||||
rd->fd = -1;
|
||||
}
|
||||
|
||||
return rd->fd;
|
||||
}
|
||||
|
||||
/*
|
||||
* Close a random device making sure it is a random device
|
||||
*/
|
||||
static void close_random_device(size_t n)
|
||||
{
|
||||
struct random_device * rd = &random_devices[n];
|
||||
|
||||
if (check_random_device(rd))
|
||||
close(rd->fd);
|
||||
rd->fd = -1;
|
||||
}
|
||||
|
||||
int rand_pool_init(void)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < OSSL_NELEM(random_devices); i++)
|
||||
random_devices[i].fd = -1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void rand_pool_cleanup(void)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < OSSL_NELEM(random_devices); i++)
|
||||
close_random_device(i);
|
||||
}
|
||||
|
||||
void rand_pool_keep_random_devices_open(int keep)
|
||||
{
|
||||
if (!keep)
|
||||
rand_pool_cleanup();
|
||||
|
||||
keep_random_devices_open = keep;
|
||||
}
|
||||
|
||||
# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
|
||||
|
||||
int rand_pool_init(void)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
void rand_pool_cleanup(void)
|
||||
{
|
||||
}
|
||||
|
||||
void rand_pool_keep_random_devices_open(int keep)
|
||||
{
|
||||
}
|
||||
|
||||
# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
|
||||
|
||||
/*
|
||||
* Try the various seeding methods in turn, exit when successful.
|
||||
*
|
||||
* TODO(DRBG): If more than one entropy source is available, is it
|
||||
* preferable to stop as soon as enough entropy has been collected
|
||||
* (as favored by @rsalz) or should one rather be defensive and add
|
||||
* more entropy than requested and/or from different sources?
|
||||
*
|
||||
* Currently, the user can select multiple entropy sources in the
|
||||
* configure step, yet in practice only the first available source
|
||||
* will be used. A more flexible solution has been requested, but
|
||||
* currently it is not clear how this can be achieved without
|
||||
* overengineering the problem. There are many parameters which
|
||||
* could be taken into account when selecting the order and amount
|
||||
* of input from the different entropy sources (trust, quality,
|
||||
* possibility of blocking).
|
||||
*/
|
||||
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
||||
{
|
||||
# if defined(OPENSSL_RAND_SEED_NONE)
|
||||
return rand_pool_entropy_available(pool);
|
||||
# else
|
||||
size_t bytes_needed;
|
||||
size_t entropy_available = 0;
|
||||
unsigned char *buffer;
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
{
|
||||
ssize_t bytes;
|
||||
/* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
int attempts = 3;
|
||||
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
bytes = syscall_random(buffer, bytes_needed);
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
attempts = 3; /* reset counter after successful attempt */
|
||||
} else if (bytes < 0 && errno != EINTR) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
entropy_available = rand_pool_entropy_available(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_LIBRANDOM)
|
||||
{
|
||||
/* Not yet implemented. */
|
||||
}
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
{
|
||||
size_t i;
|
||||
|
||||
for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
|
||||
ssize_t bytes = 0;
|
||||
/* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
if (fd == -1)
|
||||
continue;
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
bytes = read(fd, buffer, bytes_needed);
|
||||
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
attempts = 3; /* reset counter after successful attempt */
|
||||
} else if (bytes < 0 && errno != EINTR) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (bytes < 0 || !keep_random_devices_open)
|
||||
close_random_device(i);
|
||||
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
}
|
||||
entropy_available = rand_pool_entropy_available(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
}
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_RDTSC)
|
||||
entropy_available = rand_acquire_entropy_from_tsc(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_RDCPU)
|
||||
entropy_available = rand_acquire_entropy_from_cpu(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_EGD)
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
if (bytes_needed > 0) {
|
||||
static const char *paths[] = { DEVRANDOM_EGD, NULL };
|
||||
int i;
|
||||
|
||||
for (i = 0; paths[i] != NULL; i++) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
if (buffer != NULL) {
|
||||
size_t bytes = 0;
|
||||
int num = RAND_query_egd_bytes(paths[i],
|
||||
buffer, (int)bytes_needed);
|
||||
if (num == (int)bytes_needed)
|
||||
bytes = bytes_needed;
|
||||
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
entropy_available = rand_pool_entropy_available(pool);
|
||||
}
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
}
|
||||
}
|
||||
# endif
|
||||
|
||||
return rand_pool_entropy_available(pool);
|
||||
# endif
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
|
||||
int rand_pool_add_nonce_data(RAND_POOL *pool)
|
||||
{
|
||||
struct {
|
||||
pid_t pid;
|
||||
CRYPTO_THREAD_ID tid;
|
||||
uint64_t time;
|
||||
} data = { 0 };
|
||||
|
||||
/*
|
||||
* Add process id, thread id, and a high resolution timestamp to
|
||||
* ensure that the nonce is unique with high probability for
|
||||
* different process instances.
|
||||
*/
|
||||
data.pid = getpid();
|
||||
data.tid = CRYPTO_THREAD_get_current_id();
|
||||
data.time = get_time_stamp();
|
||||
|
||||
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
||||
}
|
||||
|
||||
int rand_pool_add_additional_data(RAND_POOL *pool)
|
||||
{
|
||||
struct {
|
||||
CRYPTO_THREAD_ID tid;
|
||||
uint64_t time;
|
||||
} data = { 0 };
|
||||
|
||||
/*
|
||||
* Add some noise from the thread id and a high resolution timer.
|
||||
* The thread id adds a little randomness if the drbg is accessed
|
||||
* concurrently (which is the case for the <master> drbg).
|
||||
*/
|
||||
data.tid = CRYPTO_THREAD_get_current_id();
|
||||
data.time = get_timer_bits();
|
||||
|
||||
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Get the current time with the highest possible resolution
|
||||
*
|
||||
* The time stamp is added to the nonce, so it is optimized for not repeating.
|
||||
* The current time is ideal for this purpose, provided the computer's clock
|
||||
* is synchronized.
|
||||
*/
|
||||
static uint64_t get_time_stamp(void)
|
||||
{
|
||||
# if defined(OSSL_POSIX_TIMER_OKAY)
|
||||
{
|
||||
struct timespec ts;
|
||||
|
||||
if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
|
||||
return TWO32TO64(ts.tv_sec, ts.tv_nsec);
|
||||
}
|
||||
# endif
|
||||
# if defined(__unix__) \
|
||||
|| (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
|
||||
{
|
||||
struct timeval tv;
|
||||
|
||||
if (gettimeofday(&tv, NULL) == 0)
|
||||
return TWO32TO64(tv.tv_sec, tv.tv_usec);
|
||||
}
|
||||
# endif
|
||||
return time(NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
* Get an arbitrary timer value of the highest possible resolution
|
||||
*
|
||||
* The timer value is added as random noise to the additional data,
|
||||
* which is not considered a trusted entropy sourec, so any result
|
||||
* is acceptable.
|
||||
*/
|
||||
static uint64_t get_timer_bits(void)
|
||||
{
|
||||
uint64_t res = OPENSSL_rdtsc();
|
||||
|
||||
if (res != 0)
|
||||
return res;
|
||||
|
||||
# if defined(__sun) || defined(__hpux)
|
||||
return gethrtime();
|
||||
# elif defined(_AIX)
|
||||
{
|
||||
timebasestruct_t t;
|
||||
|
||||
read_wall_time(&t, TIMEBASE_SZ);
|
||||
return TWO32TO64(t.tb_high, t.tb_low);
|
||||
}
|
||||
# elif defined(OSSL_POSIX_TIMER_OKAY)
|
||||
{
|
||||
struct timespec ts;
|
||||
|
||||
# ifdef CLOCK_BOOTTIME
|
||||
# define CLOCK_TYPE CLOCK_BOOTTIME
|
||||
# elif defined(_POSIX_MONOTONIC_CLOCK)
|
||||
# define CLOCK_TYPE CLOCK_MONOTONIC
|
||||
# else
|
||||
# define CLOCK_TYPE CLOCK_REALTIME
|
||||
# endif
|
||||
|
||||
if (clock_gettime(CLOCK_TYPE, &ts) == 0)
|
||||
return TWO32TO64(ts.tv_sec, ts.tv_nsec);
|
||||
}
|
||||
# endif
|
||||
# if defined(__unix__) \
|
||||
|| (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
|
||||
{
|
||||
struct timeval tv;
|
||||
|
||||
if (gettimeofday(&tv, NULL) == 0)
|
||||
return TWO32TO64(tv.tv_sec, tv.tv_usec);
|
||||
}
|
||||
# endif
|
||||
return time(NULL);
|
||||
}
|
||||
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
|
528
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c
vendored
Normal file
528
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c
vendored
Normal file
|
@ -0,0 +1,528 @@
|
|||
/*
|
||||
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "e_os.h"
|
||||
|
||||
#if defined(OPENSSL_SYS_VMS)
|
||||
# define __NEW_STARLET 1 /* New starlet definitions since VMS 7.0 */
|
||||
# include <unistd.h>
|
||||
# include "internal/cryptlib.h"
|
||||
# include <openssl/rand.h>
|
||||
# include "internal/rand_int.h"
|
||||
# include "rand_lcl.h"
|
||||
# include <descrip.h>
|
||||
# include <dvidef.h>
|
||||
# include <jpidef.h>
|
||||
# include <rmidef.h>
|
||||
# include <syidef.h>
|
||||
# include <ssdef.h>
|
||||
# include <starlet.h>
|
||||
# include <efndef.h>
|
||||
# include <gen64def.h>
|
||||
# include <iosbdef.h>
|
||||
# include <iledef.h>
|
||||
# include <lib$routines.h>
|
||||
# ifdef __DECC
|
||||
# pragma message disable DOLLARID
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_RAND_SEED_OS
|
||||
# error "Unsupported seeding method configured; must be os"
|
||||
# endif
|
||||
|
||||
/* We need to make sure we have the right size pointer in some cases */
|
||||
# if __INITIAL_POINTER_SIZE == 64
|
||||
# pragma pointer_size save
|
||||
# pragma pointer_size 32
|
||||
# endif
|
||||
typedef uint32_t *uint32_t__ptr32;
|
||||
# if __INITIAL_POINTER_SIZE == 64
|
||||
# pragma pointer_size restore
|
||||
# endif
|
||||
|
||||
struct item_st {
|
||||
short length, code; /* length is number of bytes */
|
||||
};
|
||||
|
||||
static const struct item_st DVI_item_data[] = {
|
||||
{4, DVI$_ERRCNT},
|
||||
{4, DVI$_REFCNT},
|
||||
};
|
||||
|
||||
static const struct item_st JPI_item_data[] = {
|
||||
{4, JPI$_BUFIO},
|
||||
{4, JPI$_CPUTIM},
|
||||
{4, JPI$_DIRIO},
|
||||
{4, JPI$_IMAGECOUNT},
|
||||
{4, JPI$_PAGEFLTS},
|
||||
{4, JPI$_PID},
|
||||
{4, JPI$_PPGCNT},
|
||||
{4, JPI$_WSPEAK},
|
||||
/*
|
||||
* Note: the direct result is just a 32-bit address. However, it points
|
||||
* to a list of 4 32-bit words, so we make extra space for them so we can
|
||||
* do in-place replacement of values
|
||||
*/
|
||||
{16, JPI$_FINALEXC},
|
||||
};
|
||||
|
||||
static const struct item_st JPI_item_data_64bit[] = {
|
||||
{8, JPI$_LAST_LOGIN_I},
|
||||
{8, JPI$_LOGINTIM},
|
||||
};
|
||||
|
||||
static const struct item_st RMI_item_data[] = {
|
||||
{4, RMI$_COLPG},
|
||||
{4, RMI$_MWAIT},
|
||||
{4, RMI$_CEF},
|
||||
{4, RMI$_PFW},
|
||||
{4, RMI$_LEF},
|
||||
{4, RMI$_LEFO},
|
||||
{4, RMI$_HIB},
|
||||
{4, RMI$_HIBO},
|
||||
{4, RMI$_SUSP},
|
||||
{4, RMI$_SUSPO},
|
||||
{4, RMI$_FPG},
|
||||
{4, RMI$_COM},
|
||||
{4, RMI$_COMO},
|
||||
{4, RMI$_CUR},
|
||||
#if defined __alpha
|
||||
{4, RMI$_FRLIST},
|
||||
{4, RMI$_MODLIST},
|
||||
#endif
|
||||
{4, RMI$_FAULTS},
|
||||
{4, RMI$_PREADS},
|
||||
{4, RMI$_PWRITES},
|
||||
{4, RMI$_PWRITIO},
|
||||
{4, RMI$_PREADIO},
|
||||
{4, RMI$_GVALFLTS},
|
||||
{4, RMI$_WRTINPROG},
|
||||
{4, RMI$_FREFLTS},
|
||||
{4, RMI$_DZROFLTS},
|
||||
{4, RMI$_SYSFAULTS},
|
||||
{4, RMI$_ISWPCNT},
|
||||
{4, RMI$_DIRIO},
|
||||
{4, RMI$_BUFIO},
|
||||
{4, RMI$_MBREADS},
|
||||
{4, RMI$_MBWRITES},
|
||||
{4, RMI$_LOGNAM},
|
||||
{4, RMI$_FCPCALLS},
|
||||
{4, RMI$_FCPREAD},
|
||||
{4, RMI$_FCPWRITE},
|
||||
{4, RMI$_FCPCACHE},
|
||||
{4, RMI$_FCPCPU},
|
||||
{4, RMI$_FCPHIT},
|
||||
{4, RMI$_FCPSPLIT},
|
||||
{4, RMI$_FCPFAULT},
|
||||
{4, RMI$_ENQNEW},
|
||||
{4, RMI$_ENQCVT},
|
||||
{4, RMI$_DEQ},
|
||||
{4, RMI$_BLKAST},
|
||||
{4, RMI$_ENQWAIT},
|
||||
{4, RMI$_ENQNOTQD},
|
||||
{4, RMI$_DLCKSRCH},
|
||||
{4, RMI$_DLCKFND},
|
||||
{4, RMI$_NUMLOCKS},
|
||||
{4, RMI$_NUMRES},
|
||||
{4, RMI$_ARRLOCPK},
|
||||
{4, RMI$_DEPLOCPK},
|
||||
{4, RMI$_ARRTRAPK},
|
||||
{4, RMI$_TRCNGLOS},
|
||||
{4, RMI$_RCVBUFFL},
|
||||
{4, RMI$_ENQNEWLOC},
|
||||
{4, RMI$_ENQNEWIN},
|
||||
{4, RMI$_ENQNEWOUT},
|
||||
{4, RMI$_ENQCVTLOC},
|
||||
{4, RMI$_ENQCVTIN},
|
||||
{4, RMI$_ENQCVTOUT},
|
||||
{4, RMI$_DEQLOC},
|
||||
{4, RMI$_DEQIN},
|
||||
{4, RMI$_DEQOUT},
|
||||
{4, RMI$_BLKLOC},
|
||||
{4, RMI$_BLKIN},
|
||||
{4, RMI$_BLKOUT},
|
||||
{4, RMI$_DIRIN},
|
||||
{4, RMI$_DIROUT},
|
||||
/* We currently get a fault when trying these. TODO: To be figured out. */
|
||||
#if 0
|
||||
{140, RMI$_MSCP_EVERYTHING}, /* 35 32-bit words */
|
||||
{152, RMI$_DDTM_ALL}, /* 38 32-bit words */
|
||||
{80, RMI$_TMSCP_EVERYTHING} /* 20 32-bit words */
|
||||
#endif
|
||||
{4, RMI$_LPZ_PAGCNT},
|
||||
{4, RMI$_LPZ_HITS},
|
||||
{4, RMI$_LPZ_MISSES},
|
||||
{4, RMI$_LPZ_EXPCNT},
|
||||
{4, RMI$_LPZ_ALLOCF},
|
||||
{4, RMI$_LPZ_ALLOC2},
|
||||
{4, RMI$_ACCESS},
|
||||
{4, RMI$_ALLOC},
|
||||
{4, RMI$_FCPCREATE},
|
||||
{4, RMI$_VOLWAIT},
|
||||
{4, RMI$_FCPTURN},
|
||||
{4, RMI$_FCPERASE},
|
||||
{4, RMI$_OPENS},
|
||||
{4, RMI$_FIDHIT},
|
||||
{4, RMI$_FIDMISS},
|
||||
{4, RMI$_FILHDR_HIT},
|
||||
{4, RMI$_DIRFCB_HIT},
|
||||
{4, RMI$_DIRFCB_MISS},
|
||||
{4, RMI$_DIRDATA_HIT},
|
||||
{4, RMI$_EXTHIT},
|
||||
{4, RMI$_EXTMISS},
|
||||
{4, RMI$_QUOHIT},
|
||||
{4, RMI$_QUOMISS},
|
||||
{4, RMI$_STORAGMAP_HIT},
|
||||
{4, RMI$_VOLLCK},
|
||||
{4, RMI$_SYNCHLCK},
|
||||
{4, RMI$_SYNCHWAIT},
|
||||
{4, RMI$_ACCLCK},
|
||||
{4, RMI$_XQPCACHEWAIT},
|
||||
{4, RMI$_DIRDATA_MISS},
|
||||
{4, RMI$_FILHDR_MISS},
|
||||
{4, RMI$_STORAGMAP_MISS},
|
||||
{4, RMI$_PROCCNTMAX},
|
||||
{4, RMI$_PROCBATCNT},
|
||||
{4, RMI$_PROCINTCNT},
|
||||
{4, RMI$_PROCNETCNT},
|
||||
{4, RMI$_PROCSWITCHCNT},
|
||||
{4, RMI$_PROCBALSETCNT},
|
||||
{4, RMI$_PROCLOADCNT},
|
||||
{4, RMI$_BADFLTS},
|
||||
{4, RMI$_EXEFAULTS},
|
||||
{4, RMI$_HDRINSWAPS},
|
||||
{4, RMI$_HDROUTSWAPS},
|
||||
{4, RMI$_IOPAGCNT},
|
||||
{4, RMI$_ISWPCNTPG},
|
||||
{4, RMI$_OSWPCNT},
|
||||
{4, RMI$_OSWPCNTPG},
|
||||
{4, RMI$_RDFAULTS},
|
||||
{4, RMI$_TRANSFLTS},
|
||||
{4, RMI$_WRTFAULTS},
|
||||
#if defined __alpha
|
||||
{4, RMI$_USERPAGES},
|
||||
#endif
|
||||
{4, RMI$_VMSPAGES},
|
||||
{4, RMI$_TTWRITES},
|
||||
{4, RMI$_BUFOBJPAG},
|
||||
{4, RMI$_BUFOBJPAGPEAK},
|
||||
{4, RMI$_BUFOBJPAGS01},
|
||||
{4, RMI$_BUFOBJPAGS2},
|
||||
{4, RMI$_BUFOBJPAGMAXS01},
|
||||
{4, RMI$_BUFOBJPAGMAXS2},
|
||||
{4, RMI$_BUFOBJPAGPEAKS01},
|
||||
{4, RMI$_BUFOBJPAGPEAKS2},
|
||||
{4, RMI$_BUFOBJPGLTMAXS01},
|
||||
{4, RMI$_BUFOBJPGLTMAXS2},
|
||||
{4, RMI$_DLCK_INCMPLT},
|
||||
{4, RMI$_DLCKMSGS_IN},
|
||||
{4, RMI$_DLCKMSGS_OUT},
|
||||
{4, RMI$_MCHKERRS},
|
||||
{4, RMI$_MEMERRS},
|
||||
};
|
||||
|
||||
static const struct item_st RMI_item_data_64bit[] = {
|
||||
#if defined __ia64
|
||||
{8, RMI$_FRLIST},
|
||||
{8, RMI$_MODLIST},
|
||||
#endif
|
||||
{8, RMI$_LCKMGR_REQCNT},
|
||||
{8, RMI$_LCKMGR_REQTIME},
|
||||
{8, RMI$_LCKMGR_SPINCNT},
|
||||
{8, RMI$_LCKMGR_SPINTIME},
|
||||
{8, RMI$_CPUINTSTK},
|
||||
{8, RMI$_CPUMPSYNCH},
|
||||
{8, RMI$_CPUKERNEL},
|
||||
{8, RMI$_CPUEXEC},
|
||||
{8, RMI$_CPUSUPER},
|
||||
{8, RMI$_CPUUSER},
|
||||
#if defined __ia64
|
||||
{8, RMI$_USERPAGES},
|
||||
#endif
|
||||
{8, RMI$_TQETOTAL},
|
||||
{8, RMI$_TQESYSUB},
|
||||
{8, RMI$_TQEUSRTIMR},
|
||||
{8, RMI$_TQEUSRWAKE},
|
||||
};
|
||||
|
||||
static const struct item_st SYI_item_data[] = {
|
||||
{4, SYI$_PAGEFILE_FREE},
|
||||
};
|
||||
|
||||
/*
|
||||
* Input:
|
||||
* items_data - an array of lengths and codes
|
||||
* items_data_num - number of elements in that array
|
||||
*
|
||||
* Output:
|
||||
* items - pre-allocated ILE3 array to be filled.
|
||||
* It's assumed to have items_data_num elements plus
|
||||
* one extra for the terminating NULL element
|
||||
* databuffer - pre-allocated 32-bit word array.
|
||||
*
|
||||
* Returns the number of elements used in databuffer
|
||||
*/
|
||||
static size_t prepare_item_list(const struct item_st *items_input,
|
||||
size_t items_input_num,
|
||||
ILE3 *items,
|
||||
uint32_t__ptr32 databuffer)
|
||||
{
|
||||
size_t data_sz = 0;
|
||||
|
||||
for (; items_input_num-- > 0; items_input++, items++) {
|
||||
|
||||
items->ile3$w_code = items_input->code;
|
||||
/* Special treatment of JPI$_FINALEXC */
|
||||
if (items->ile3$w_code == JPI$_FINALEXC)
|
||||
items->ile3$w_length = 4;
|
||||
else
|
||||
items->ile3$w_length = items_input->length;
|
||||
|
||||
items->ile3$ps_bufaddr = databuffer;
|
||||
items->ile3$ps_retlen_addr = 0;
|
||||
|
||||
databuffer += items_input->length / sizeof(databuffer[0]);
|
||||
data_sz += items_input->length;
|
||||
}
|
||||
/* Terminating NULL entry */
|
||||
items->ile3$w_length = items->ile3$w_code = 0;
|
||||
items->ile3$ps_bufaddr = items->ile3$ps_retlen_addr = NULL;
|
||||
|
||||
return data_sz / sizeof(databuffer[0]);
|
||||
}
|
||||
|
||||
static void massage_JPI(ILE3 *items)
|
||||
{
|
||||
/*
|
||||
* Special treatment of JPI$_FINALEXC
|
||||
* The result of that item's data buffer is a 32-bit address to a list of
|
||||
* 4 32-bit words.
|
||||
*/
|
||||
for (; items->ile3$w_length != 0; items++) {
|
||||
if (items->ile3$w_code == JPI$_FINALEXC) {
|
||||
uint32_t *data = items->ile3$ps_bufaddr;
|
||||
uint32_t *ptr = (uint32_t *)*data;
|
||||
size_t j;
|
||||
|
||||
/*
|
||||
* We know we made space for 4 32-bit words, so we can do in-place
|
||||
* replacement.
|
||||
*/
|
||||
for (j = 0; j < 4; j++)
|
||||
data[j] = ptr[j];
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* This number expresses how many bits of data contain 1 bit of entropy.
|
||||
*
|
||||
* For the moment, we assume about 0.05 entropy bits per data bit, or 1
|
||||
* bit of entropy per 20 data bits.
|
||||
*/
|
||||
#define ENTROPY_FACTOR 20
|
||||
|
||||
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
||||
{
|
||||
ILE3 JPI_items_64bit[OSSL_NELEM(JPI_item_data_64bit) + 1];
|
||||
ILE3 RMI_items_64bit[OSSL_NELEM(RMI_item_data_64bit) + 1];
|
||||
ILE3 DVI_items[OSSL_NELEM(DVI_item_data) + 1];
|
||||
ILE3 JPI_items[OSSL_NELEM(JPI_item_data) + 1];
|
||||
ILE3 RMI_items[OSSL_NELEM(RMI_item_data) + 1];
|
||||
ILE3 SYI_items[OSSL_NELEM(SYI_item_data) + 1];
|
||||
union {
|
||||
/* This ensures buffer starts at 64 bit boundary */
|
||||
uint64_t dummy;
|
||||
uint32_t buffer[OSSL_NELEM(JPI_item_data_64bit) * 2
|
||||
+ OSSL_NELEM(RMI_item_data_64bit) * 2
|
||||
+ OSSL_NELEM(DVI_item_data)
|
||||
+ OSSL_NELEM(JPI_item_data)
|
||||
+ OSSL_NELEM(RMI_item_data)
|
||||
+ OSSL_NELEM(SYI_item_data)
|
||||
+ 4 /* For JPI$_FINALEXC */];
|
||||
} data;
|
||||
size_t total_elems = 0;
|
||||
size_t total_length = 0;
|
||||
size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_FACTOR);
|
||||
size_t bytes_remaining = rand_pool_bytes_remaining(pool);
|
||||
|
||||
/* Take all the 64-bit items first, to ensure proper alignment of data */
|
||||
total_elems +=
|
||||
prepare_item_list(JPI_item_data_64bit, OSSL_NELEM(JPI_item_data_64bit),
|
||||
JPI_items_64bit, &data.buffer[total_elems]);
|
||||
total_elems +=
|
||||
prepare_item_list(RMI_item_data_64bit, OSSL_NELEM(RMI_item_data_64bit),
|
||||
RMI_items_64bit, &data.buffer[total_elems]);
|
||||
/* Now the 32-bit items */
|
||||
total_elems += prepare_item_list(DVI_item_data, OSSL_NELEM(DVI_item_data),
|
||||
DVI_items, &data.buffer[total_elems]);
|
||||
total_elems += prepare_item_list(JPI_item_data, OSSL_NELEM(JPI_item_data),
|
||||
JPI_items, &data.buffer[total_elems]);
|
||||
total_elems += prepare_item_list(RMI_item_data, OSSL_NELEM(RMI_item_data),
|
||||
RMI_items, &data.buffer[total_elems]);
|
||||
total_elems += prepare_item_list(SYI_item_data, OSSL_NELEM(SYI_item_data),
|
||||
SYI_items, &data.buffer[total_elems]);
|
||||
total_length = total_elems * sizeof(data.buffer[0]);
|
||||
|
||||
/* Fill data.buffer with various info bits from this process */
|
||||
{
|
||||
uint32_t status;
|
||||
uint32_t efn;
|
||||
IOSB iosb;
|
||||
$DESCRIPTOR(SYSDEVICE,"SYS$SYSDEVICE:");
|
||||
|
||||
if ((status = sys$getdviw(EFN$C_ENF, 0, &SYSDEVICE, DVI_items,
|
||||
0, 0, 0, 0, 0)) != SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items_64bit, 0, 0, 0))
|
||||
!= SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items, 0, 0, 0))
|
||||
!= SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = sys$getsyiw(EFN$C_ENF, 0, 0, SYI_items, 0, 0, 0))
|
||||
!= SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* The RMI service is a bit special, as there is no synchronous
|
||||
* variant, so we MUST create an event flag to synchronise on.
|
||||
*/
|
||||
if ((status = lib$get_ef(&efn)) != SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = sys$getrmi(efn, 0, 0, RMI_items_64bit, &iosb, 0, 0))
|
||||
!= SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if (iosb.iosb$l_getxxi_status != SS$_NORMAL) {
|
||||
lib$signal(iosb.iosb$l_getxxi_status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = sys$getrmi(efn, 0, 0, RMI_items, &iosb, 0, 0))
|
||||
!= SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
if (iosb.iosb$l_getxxi_status != SS$_NORMAL) {
|
||||
lib$signal(iosb.iosb$l_getxxi_status);
|
||||
return 0;
|
||||
}
|
||||
if ((status = lib$free_ef(&efn)) != SS$_NORMAL) {
|
||||
lib$signal(status);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
massage_JPI(JPI_items);
|
||||
|
||||
/*
|
||||
* If we can't feed the requirements from the caller, we're in deep trouble.
|
||||
*/
|
||||
if (!ossl_assert(total_length >= bytes_needed)) {
|
||||
char neededstr[20];
|
||||
char availablestr[20];
|
||||
|
||||
BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed);
|
||||
BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length);
|
||||
RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY,
|
||||
RAND_R_RANDOM_POOL_UNDERFLOW);
|
||||
ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ",
|
||||
availablestr);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Try not to overfeed the pool
|
||||
*/
|
||||
if (total_length > bytes_remaining)
|
||||
total_length = bytes_remaining;
|
||||
|
||||
/* We give the pessimistic value for the amount of entropy */
|
||||
rand_pool_add(pool, (unsigned char *)data.buffer, total_length,
|
||||
8 * total_length / ENTROPY_FACTOR);
|
||||
return rand_pool_entropy_available(pool);
|
||||
}
|
||||
|
||||
int rand_pool_add_nonce_data(RAND_POOL *pool)
|
||||
{
|
||||
struct {
|
||||
pid_t pid;
|
||||
CRYPTO_THREAD_ID tid;
|
||||
uint64_t time;
|
||||
} data = { 0 };
|
||||
|
||||
/*
|
||||
* Add process id, thread id, and a high resolution timestamp
|
||||
* (where available, which is OpenVMS v8.4 and up) to ensure that
|
||||
* the nonce is unique whith high probability for different process
|
||||
* instances.
|
||||
*/
|
||||
data.pid = getpid();
|
||||
data.tid = CRYPTO_THREAD_get_current_id();
|
||||
#if __CRTL_VER >= 80400000
|
||||
sys$gettim_prec(&data.time);
|
||||
#else
|
||||
sys$gettim((void*)&data.time);
|
||||
#endif
|
||||
|
||||
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
||||
}
|
||||
|
||||
int rand_pool_add_additional_data(RAND_POOL *pool)
|
||||
{
|
||||
struct {
|
||||
CRYPTO_THREAD_ID tid;
|
||||
uint64_t time;
|
||||
} data = { 0 };
|
||||
|
||||
/*
|
||||
* Add some noise from the thread id and a high resolution timer.
|
||||
* The thread id adds a little randomness if the drbg is accessed
|
||||
* concurrently (which is the case for the <master> drbg).
|
||||
*/
|
||||
data.tid = CRYPTO_THREAD_get_current_id();
|
||||
sys$gettim_prec(&data.time);
|
||||
|
||||
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
||||
}
|
||||
|
||||
int rand_pool_init(void)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
void rand_pool_cleanup(void)
|
||||
{
|
||||
}
|
||||
|
||||
void rand_pool_keep_random_devices_open(int keep)
|
||||
{
|
||||
}
|
||||
|
||||
#endif
|
185
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c
vendored
Normal file
185
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c
vendored
Normal file
|
@ -0,0 +1,185 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/rand.h>
|
||||
#include "rand_lcl.h"
|
||||
#include "internal/rand_int.h"
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
|
||||
|
||||
# ifndef OPENSSL_RAND_SEED_OS
|
||||
# error "Unsupported seeding method configured; must be os"
|
||||
# endif
|
||||
|
||||
# include <windows.h>
|
||||
/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
|
||||
# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601
|
||||
# define USE_BCRYPTGENRANDOM
|
||||
# endif
|
||||
|
||||
# ifdef USE_BCRYPTGENRANDOM
|
||||
# include <bcrypt.h>
|
||||
# pragma comment(lib, "bcrypt.lib")
|
||||
# ifndef STATUS_SUCCESS
|
||||
# define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
|
||||
# endif
|
||||
# else
|
||||
# include <wincrypt.h>
|
||||
/*
|
||||
* Intel hardware RNG CSP -- available from
|
||||
* http://developer.intel.com/design/security/rng/redist_license.htm
|
||||
*/
|
||||
# define PROV_INTEL_SEC 22
|
||||
# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
|
||||
# endif
|
||||
|
||||
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
||||
{
|
||||
# ifndef USE_BCRYPTGENRANDOM
|
||||
HCRYPTPROV hProvider;
|
||||
# endif
|
||||
unsigned char *buffer;
|
||||
size_t bytes_needed;
|
||||
size_t entropy_available = 0;
|
||||
|
||||
|
||||
# ifdef OPENSSL_RAND_SEED_RDTSC
|
||||
entropy_available = rand_acquire_entropy_from_tsc(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
# ifdef OPENSSL_RAND_SEED_RDCPU
|
||||
entropy_available = rand_acquire_entropy_from_cpu(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
# ifdef USE_BCRYPTGENRANDOM
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
if (buffer != NULL) {
|
||||
size_t bytes = 0;
|
||||
if (BCryptGenRandom(NULL, buffer, bytes_needed,
|
||||
BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
|
||||
bytes = bytes_needed;
|
||||
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
entropy_available = rand_pool_entropy_available(pool);
|
||||
}
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# else
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
if (buffer != NULL) {
|
||||
size_t bytes = 0;
|
||||
/* poll the CryptoAPI PRNG */
|
||||
if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
|
||||
if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
|
||||
bytes = bytes_needed;
|
||||
|
||||
CryptReleaseContext(hProvider, 0);
|
||||
}
|
||||
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
entropy_available = rand_pool_entropy_available(pool);
|
||||
}
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
if (buffer != NULL) {
|
||||
size_t bytes = 0;
|
||||
/* poll the Pentium PRG with CryptoAPI */
|
||||
if (CryptAcquireContextW(&hProvider, NULL,
|
||||
INTEL_DEF_PROV, PROV_INTEL_SEC,
|
||||
CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
|
||||
if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
|
||||
bytes = bytes_needed;
|
||||
|
||||
CryptReleaseContext(hProvider, 0);
|
||||
}
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
entropy_available = rand_pool_entropy_available(pool);
|
||||
}
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
return rand_pool_entropy_available(pool);
|
||||
}
|
||||
|
||||
|
||||
int rand_pool_add_nonce_data(RAND_POOL *pool)
|
||||
{
|
||||
struct {
|
||||
DWORD pid;
|
||||
DWORD tid;
|
||||
FILETIME time;
|
||||
} data = { 0 };
|
||||
|
||||
/*
|
||||
* Add process id, thread id, and a high resolution timestamp to
|
||||
* ensure that the nonce is unique whith high probability for
|
||||
* different process instances.
|
||||
*/
|
||||
data.pid = GetCurrentProcessId();
|
||||
data.tid = GetCurrentThreadId();
|
||||
GetSystemTimeAsFileTime(&data.time);
|
||||
|
||||
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
||||
}
|
||||
|
||||
int rand_pool_add_additional_data(RAND_POOL *pool)
|
||||
{
|
||||
struct {
|
||||
DWORD tid;
|
||||
LARGE_INTEGER time;
|
||||
} data = { 0 };
|
||||
|
||||
/*
|
||||
* Add some noise from the thread id and a high resolution timer.
|
||||
* The thread id adds a little randomness if the drbg is accessed
|
||||
* concurrently (which is the case for the <master> drbg).
|
||||
*/
|
||||
data.tid = GetCurrentThreadId();
|
||||
QueryPerformanceCounter(&data.time);
|
||||
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
|
||||
}
|
||||
|
||||
# if OPENSSL_API_COMPAT < 0x10100000L
|
||||
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
|
||||
{
|
||||
RAND_poll();
|
||||
return RAND_status();
|
||||
}
|
||||
|
||||
void RAND_screen(void)
|
||||
{
|
||||
RAND_poll();
|
||||
}
|
||||
# endif
|
||||
|
||||
int rand_pool_init(void)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
void rand_pool_cleanup(void)
|
||||
{
|
||||
}
|
||||
|
||||
void rand_pool_keep_random_devices_open(int keep)
|
||||
{
|
||||
}
|
||||
|
||||
#endif
|
314
trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c
vendored
Normal file
314
trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c
vendored
Normal file
|
@ -0,0 +1,314 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/rand_drbg.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
# include <unixio.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
#ifndef OPENSSL_NO_POSIX_IO
|
||||
# include <sys/stat.h>
|
||||
# include <fcntl.h>
|
||||
# ifdef _WIN32
|
||||
# include <windows.h>
|
||||
# include <io.h>
|
||||
# define stat _stat
|
||||
# define chmod _chmod
|
||||
# define open _open
|
||||
# define fdopen _fdopen
|
||||
# define fstat _fstat
|
||||
# define fileno _fileno
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Following should not be needed, and we could have been stricter
|
||||
* and demand S_IS*. But some systems just don't comply... Formally
|
||||
* below macros are "anatomically incorrect", because normally they
|
||||
* would look like ((m) & MASK == TYPE), but since MASK availability
|
||||
* is as questionable, we settle for this poor-man fallback...
|
||||
*/
|
||||
# if !defined(S_ISREG)
|
||||
# define S_ISREG(m) ((m) & S_IFREG)
|
||||
# endif
|
||||
|
||||
#define RAND_BUF_SIZE 1024
|
||||
#define RFILE ".rnd"
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
/*
|
||||
* __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
|
||||
* to make sure the FILE* is a 32-bit pointer no matter what. We know that
|
||||
* stdio functions return this type (a study of stdio.h proves it).
|
||||
*
|
||||
* This declaration is a nasty hack to get around vms' extension to fopen for
|
||||
* passing in sharing options being disabled by /STANDARD=ANSI89
|
||||
*/
|
||||
static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
|
||||
(__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
|
||||
# define VMS_OPEN_ATTRS \
|
||||
"shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
|
||||
# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Note that these functions are intended for seed files only. Entropy
|
||||
* devices and EGD sockets are handled in rand_unix.c If |bytes| is
|
||||
* -1 read the complete file; otherwise read the specified amount.
|
||||
*/
|
||||
int RAND_load_file(const char *file, long bytes)
|
||||
{
|
||||
/*
|
||||
* The load buffer size exceeds the chunk size by the comfortable amount
|
||||
* of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
|
||||
* to avoid calling RAND_add() with a small final chunk. Instead, such
|
||||
* a small final chunk will be added together with the previous chunk
|
||||
* (unless it's the only one).
|
||||
*/
|
||||
#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
|
||||
unsigned char buf[RAND_LOAD_BUF_SIZE];
|
||||
|
||||
#ifndef OPENSSL_NO_POSIX_IO
|
||||
struct stat sb;
|
||||
#endif
|
||||
int i, n, ret = 0;
|
||||
FILE *in;
|
||||
|
||||
if (bytes == 0)
|
||||
return 0;
|
||||
|
||||
if ((in = openssl_fopen(file, "rb")) == NULL) {
|
||||
RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
|
||||
ERR_add_error_data(2, "Filename=", file);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_POSIX_IO
|
||||
if (fstat(fileno(in), &sb) < 0) {
|
||||
RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR);
|
||||
ERR_add_error_data(2, "Filename=", file);
|
||||
fclose(in);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (bytes < 0) {
|
||||
if (S_ISREG(sb.st_mode))
|
||||
bytes = sb.st_size;
|
||||
else
|
||||
bytes = RAND_DRBG_STRENGTH;
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* On VMS, setbuf() will only take 32-bit pointers, and a compilation
|
||||
* with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
|
||||
* However, we trust that the C RTL will never give us a FILE pointer
|
||||
* above the first 4 GB of memory, so we simply turn off the warning
|
||||
* temporarily.
|
||||
*/
|
||||
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
|
||||
# pragma environment save
|
||||
# pragma message disable maylosedata2
|
||||
#endif
|
||||
/*
|
||||
* Don't buffer, because even if |file| is regular file, we have
|
||||
* no control over the buffer, so why would we want a copy of its
|
||||
* contents lying around?
|
||||
*/
|
||||
setbuf(in, NULL);
|
||||
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
|
||||
# pragma environment restore
|
||||
#endif
|
||||
|
||||
for ( ; ; ) {
|
||||
if (bytes > 0)
|
||||
n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
|
||||
else
|
||||
n = RAND_LOAD_BUF_SIZE;
|
||||
i = fread(buf, 1, n, in);
|
||||
#ifdef EINTR
|
||||
if (ferror(in) && errno == EINTR){
|
||||
clearerr(in);
|
||||
if (i == 0)
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
if (i == 0)
|
||||
break;
|
||||
|
||||
RAND_add(buf, i, (double)i);
|
||||
ret += i;
|
||||
|
||||
/* If given a bytecount, and we did it, break. */
|
||||
if (bytes > 0 && (bytes -= i) <= 0)
|
||||
break;
|
||||
}
|
||||
|
||||
OPENSSL_cleanse(buf, sizeof(buf));
|
||||
fclose(in);
|
||||
if (!RAND_status()) {
|
||||
RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
|
||||
ERR_add_error_data(2, "Filename=", file);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int RAND_write_file(const char *file)
|
||||
{
|
||||
unsigned char buf[RAND_BUF_SIZE];
|
||||
int ret = -1;
|
||||
FILE *out = NULL;
|
||||
#ifndef OPENSSL_NO_POSIX_IO
|
||||
struct stat sb;
|
||||
|
||||
if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) {
|
||||
RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_NOT_A_REGULAR_FILE);
|
||||
ERR_add_error_data(2, "Filename=", file);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Collect enough random data. */
|
||||
if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1)
|
||||
return -1;
|
||||
|
||||
#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
|
||||
!defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
|
||||
{
|
||||
# ifndef O_BINARY
|
||||
# define O_BINARY 0
|
||||
# endif
|
||||
/*
|
||||
* chmod(..., 0600) is too late to protect the file, permissions
|
||||
* should be restrictive from the start
|
||||
*/
|
||||
int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
|
||||
if (fd != -1)
|
||||
out = fdopen(fd, "wb");
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
/*
|
||||
* VMS NOTE: Prior versions of this routine created a _new_ version of
|
||||
* the rand file for each call into this routine, then deleted all
|
||||
* existing versions named ;-1, and finally renamed the current version
|
||||
* as ';1'. Under concurrent usage, this resulted in an RMS race
|
||||
* condition in rename() which could orphan files (see vms message help
|
||||
* for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares
|
||||
* the top-level version of the rand file. Note that there may still be
|
||||
* conditions where the top-level rand file is locked. If so, this code
|
||||
* will then create a new version of the rand file. Without the delete
|
||||
* and rename code, this can result in ascending file versions that stop
|
||||
* at version 32767, and this routine will then return an error. The
|
||||
* remedy for this is to recode the calling application to avoid
|
||||
* concurrent use of the rand file, or synchronize usage at the
|
||||
* application level. Also consider whether or not you NEED a persistent
|
||||
* rand file in a concurrent use situation.
|
||||
*/
|
||||
out = openssl_fopen(file, "rb+");
|
||||
#endif
|
||||
|
||||
if (out == NULL)
|
||||
out = openssl_fopen(file, "wb");
|
||||
if (out == NULL) {
|
||||
RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
|
||||
ERR_add_error_data(2, "Filename=", file);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
|
||||
/*
|
||||
* Yes it's late to do this (see above comment), but better than nothing.
|
||||
*/
|
||||
chmod(file, 0600);
|
||||
#endif
|
||||
|
||||
ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
|
||||
fclose(out);
|
||||
OPENSSL_cleanse(buf, RAND_BUF_SIZE);
|
||||
return ret;
|
||||
}
|
||||
|
||||
const char *RAND_file_name(char *buf, size_t size)
|
||||
{
|
||||
char *s = NULL;
|
||||
size_t len;
|
||||
int use_randfile = 1;
|
||||
|
||||
#if defined(_WIN32) && defined(CP_UTF8)
|
||||
DWORD envlen;
|
||||
WCHAR *var;
|
||||
|
||||
/* Look up various environment variables. */
|
||||
if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) {
|
||||
use_randfile = 0;
|
||||
if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0
|
||||
&& (envlen = GetEnvironmentVariableW(var = L"USERPROFILE",
|
||||
NULL, 0)) == 0)
|
||||
envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0);
|
||||
}
|
||||
|
||||
/* If we got a value, allocate space to hold it and then get it. */
|
||||
if (envlen != 0) {
|
||||
int sz;
|
||||
WCHAR *val = _alloca(envlen * sizeof(WCHAR));
|
||||
|
||||
if (GetEnvironmentVariableW(var, val, envlen) < envlen
|
||||
&& (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
|
||||
NULL, NULL)) != 0) {
|
||||
s = _alloca(sz);
|
||||
if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
|
||||
NULL, NULL) == 0)
|
||||
s = NULL;
|
||||
}
|
||||
}
|
||||
#else
|
||||
if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
|
||||
use_randfile = 0;
|
||||
s = ossl_safe_getenv("HOME");
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef DEFAULT_HOME
|
||||
if (!use_randfile && s == NULL)
|
||||
s = DEFAULT_HOME;
|
||||
#endif
|
||||
if (s == NULL || *s == '\0')
|
||||
return NULL;
|
||||
|
||||
len = strlen(s);
|
||||
if (use_randfile) {
|
||||
if (len + 1 >= size)
|
||||
return NULL;
|
||||
strcpy(buf, s);
|
||||
} else {
|
||||
if (len + 1 + strlen(RFILE) + 1 >= size)
|
||||
return NULL;
|
||||
strcpy(buf, s);
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
strcat(buf, "/");
|
||||
#endif
|
||||
strcat(buf, RFILE);
|
||||
}
|
||||
|
||||
return buf;
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue