/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/cryptlib.h"
#include <openssl/rand.h>
#include <openssl/crypto.h>
-#include "rand_lcl.h"
-#include "internal/rand_int.h"
+#include "rand_local.h"
+#include "crypto/rand.h"
#include <stdio.h>
#include "internal/dso.h"
+
#ifdef __linux
# include <sys/syscall.h>
# ifdef DEVRANDOM_WAIT
# include <sys/utsname.h>
# endif
#endif
-#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI)
+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI)
# include <sys/types.h>
# include <sys/sysctl.h>
# include <sys/param.h>
#endif
-#if defined(__OpenBSD__) || defined(__NetBSD__)
+#if defined(__OpenBSD__)
# include <sys/param.h>
#endif
# define OSSL_POSIX_TIMER_OKAY
# endif
# endif
-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS))
+ || defined(__DJGPP__) */
#if defined(OPENSSL_RAND_SEED_NONE)
/* none means none. this simplifies the following logic */
* when the sysctl returns long and we want to request something not a
* multiple of longs, which should never be the case.
*/
+#if defined(__FreeBSD__)
if (!ossl_assert(buflen % sizeof(long) == 0)) {
errno = EINVAL;
return -1;
}
+#endif
/*
* On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
mib[1] = KERN_ARND;
do {
- len = buflen;
+ len = buflen > 256 ? 256 : buflen;
if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
return done > 0 ? done : -1;
done += len;
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
# if defined(__linux) && !defined(__NR_getrandom)
-# if defined(__arm__) && defined(__NR_SYSCALL_BASE)
+# if defined(__arm__)
# define __NR_getrandom (__NR_SYSCALL_BASE+384)
# elif defined(__i386__)
# define __NR_getrandom 355
-# elif defined(__x86_64__) && !defined(__ILP32__)
-# define __NR_getrandom 318
+# elif defined(__x86_64__)
+# if defined(__ILP32__)
+# define __NR_getrandom (__X32_SYSCALL_BIT + 318)
+# else
+# define __NR_getrandom 318
+# endif
+# elif defined(__xtensa__)
+# define __NR_getrandom 338
+# elif defined(__s390__) || defined(__s390x__)
+# define __NR_getrandom 349
+# elif defined(__bfin__)
+# define __NR_getrandom 389
+# elif defined(__powerpc__)
+# define __NR_getrandom 359
+# elif defined(__mips__) || defined(__mips64)
+# if _MIPS_SIM == _MIPS_SIM_ABI32
+# define __NR_getrandom (__NR_Linux + 353)
+# elif _MIPS_SIM == _MIPS_SIM_ABI64
+# define __NR_getrandom (__NR_Linux + 313)
+# elif _MIPS_SIM == _MIPS_SIM_NABI32
+# define __NR_getrandom (__NR_Linux + 317)
+# endif
+# elif defined(__hppa__)
+# define __NR_getrandom (__NR_Linux + 339)
+# elif defined(__sparc__)
+# define __NR_getrandom 347
+# elif defined(__ia64__)
+# define __NR_getrandom 1339
+# elif defined(__alpha__)
+# define __NR_getrandom 511
+# elif defined(__sh__)
+# if defined(__SH5__)
+# define __NR_getrandom 373
+# else
+# define __NR_getrandom 384
+# endif
+# elif defined(__avr32__)
+# define __NR_getrandom 317
+# elif defined(__microblaze__)
+# define __NR_getrandom 385
+# elif defined(__m68k__)
+# define __NR_getrandom 352
+# elif defined(__cris__)
+# define __NR_getrandom 356
+# elif defined(__aarch64__)
+# define __NR_getrandom 278
+# else /* generic */
+# define __NR_getrandom 278
# endif
# endif
if (getentropy != NULL)
return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
-# elif !defined(FIPS_MODE)
+# elif !defined(FIPS_MODULE)
union {
void *p;
int (*f)(void *buffer, size_t length);
# if defined(__linux) && defined(DEVRANDOM_WAIT)
static void *shm_addr;
-# if !defined(FIPS_MODE)
+# if !defined(FIPS_MODULE)
static void cleanup_shm(void)
{
shmdt(shm_addr);
* If this call fails, it isn't a big problem.
*/
shm_addr = shmat(shm_id, NULL, SHM_RDONLY);
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
/* TODO 3.0: The FIPS provider doesn't have OPENSSL_atexit */
if (shm_addr != (void *)-1)
OPENSSL_atexit(&cleanup_shm);
int rand_pool_add_additional_data(RAND_POOL *pool)
{
struct {
+ int fork_id;
CRYPTO_THREAD_ID tid;
uint64_t time;
} data;
/*
* Add some noise from the thread id and a high resolution timer.
+ * The fork_id adds some extra fork-safety.
* The thread id adds a little randomness if the drbg is accessed
* concurrently (which is the case for the <master> drbg).
*/
+ data.fork_id = openssl_get_fork_id();
data.tid = CRYPTO_THREAD_get_current_id();
data.time = get_timer_bits();
# endif
return time(NULL);
}
-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS))
+ || defined(__DJGPP__) */