+ * As a precaution, we assume only 2 bits of entropy per byte.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+ short int code;
+ int i, k;
+ size_t bytes_needed;
+ struct timespec ts;
+ unsigned char v;
+# ifdef OPENSSL_SYS_VOS_HPPA
+ long duration;
+ extern void s$sleep(long *_duration, short int *_code);
+# else
+ long long duration;
+ extern void s$sleep2(long long *_duration, short int *_code);
+# endif
+
+ bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
+
+ for (i = 0; i < bytes_needed; i++) {
+ /*
+ * burn some cpu; hope for interrupts, cache collisions, bus
+ * interference, etc.
+ */
+ for (k = 0; k < 99; k++)
+ ts.tv_nsec = random();
+
+# ifdef OPENSSL_SYS_VOS_HPPA
+ /* sleep for 1/1024 of a second (976 us). */
+ duration = 1;
+ s$sleep(&duration, &code);
+# else
+ /* sleep for 1/65536 of a second (15 us). */
+ duration = 1;
+ s$sleep2(&duration, &code);
+# endif
+
+ /* Get wall clock time, take 8 bits. */
+ clock_gettime(CLOCK_REALTIME, &ts);
+ v = (unsigned char)(ts.tv_nsec & 0xFF);
+ rand_pool_add(pool, arg, &v, sizeof(v) , 2);
+ }
+ return rand_pool_entropy_available(pool);
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+# else
+
+# if defined(OPENSSL_RAND_SEED_EGD) && \
+ (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
+# error "Seeding uses EGD but EGD is turned off or no device given"
+# endif
+
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
+# error "Seeding uses urandom but DEVRANDOM is not configured"
+# endif
+
+# if defined(OPENSSL_RAND_SEED_OS)
+# if !defined(DEVRANDOM)
+# error "OS seeding requires DEVRANDOM to be configured"
+# endif
+# define OPENSSL_RAND_SEED_GETRANDOM
+# define OPENSSL_RAND_SEED_DEVRANDOM
+# endif
+
+# if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+# error "librandom not (yet) supported"
+# endif
+
+# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+/*
+ * sysctl_random(): Use sysctl() to read a random number from the kernel
+ * Returns the number of bytes returned in buf on success, -1 on failure.
+ */
+static ssize_t sysctl_random(char *buf, size_t buflen)
+{
+ int mib[2];
+ size_t done = 0;
+ size_t len;
+
+ /*
+ * Note: sign conversion between size_t and ssize_t is safe even
+ * without a range check, see comment in syscall_random()
+ */
+
+ /*
+ * On FreeBSD old implementations returned longs, newer versions support
+ * variable sizes up to 256 byte. The code below would not work properly
+ * when the sysctl returns long and we want to request something not a
+ * multiple of longs, which should never be the case.
+ */
+ if (!ossl_assert(buflen % sizeof(long) == 0)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /*
+ * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
+ * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
+ * it returns a variable number of bytes with the current version supporting
+ * up to 256 bytes.
+ * Just return an error on older NetBSD versions.
+ */
+#if defined(__NetBSD__) && __NetBSD_Version__ < 400000000
+ errno = ENOSYS;
+ return -1;
+#endif
+
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_ARND;
+
+ do {
+ len = buflen;
+ if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
+ return done > 0 ? done : -1;
+ done += len;
+ buf += len;
+ buflen -= len;
+ } while (buflen > 0);
+
+ return done;
+}
+# endif
+
+# if defined(OPENSSL_RAND_SEED_GETRANDOM)
+/*
+ * syscall_random(): Try to get random data using a system call
+ * returns the number of bytes returned in buf, or < 0 on error.
+ */
+static ssize_t syscall_random(void *buf, size_t buflen)
+{
+ /*
+ * Note: 'buflen' equals the size of the buffer which is used by the
+ * get_entropy() callback of the RAND_DRBG. It is roughly bounded by
+ *
+ * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
+ *
+ * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
+ * between size_t and ssize_t is safe even without a range check.
+ */
+
+ /*
+ * Do runtime detection to find getentropy().
+ *
+ * Known OSs that should support this:
+ * - Darwin since 16 (OSX 10.12, IOS 10.0).
+ * - Solaris since 11.3
+ * - OpenBSD since 5.6
+ * - Linux since 3.17 with glibc 2.25
+ * - FreeBSD since 12.0 (1200061)
+ */
+# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+ extern int getentropy(void *buffer, size_t length) __attribute__((weak));
+
+ if (getentropy != NULL)
+ return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+# else
+ union {
+ void *p;
+ int (*f)(void *buffer, size_t length);
+ } p_getentropy;
+
+ /*
+ * We could cache the result of the lookup, but we normally don't
+ * call this function often.
+ */
+ ERR_set_mark();
+ p_getentropy.p = DSO_global_lookup("getentropy");
+ ERR_pop_to_mark();
+ if (p_getentropy.p != NULL)
+ return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+# endif
+
+ /* Linux supports this since version 3.17 */
+# if defined(__linux) && defined(__NR_getrandom)
+ return syscall(__NR_getrandom, buf, buflen, 0);
+# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+ return sysctl_random(buf, buflen);
+# else
+ errno = ENOSYS;
+ return -1;
+# endif
+}
+# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
+
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
+static const char *random_device_paths[] = { DEVRANDOM };
+static struct random_device {
+ int fd;
+ dev_t dev;
+ ino_t ino;
+ mode_t mode;
+ dev_t rdev;
+} random_devices[OSSL_NELEM(random_device_paths)];
+static int keep_random_devices_open = 1;
+
+/*
+ * Verify that the file descriptor associated with the random source is
+ * still valid. The rationale for doing this is the fact that it is not
+ * uncommon for daemons to close all open file handles when daemonizing.
+ * So the handle might have been closed or even reused for opening
+ * another file.
+ */
+static int check_random_device(struct random_device * rd)
+{
+ struct stat st;
+
+ return rd->fd != -1
+ && fstat(rd->fd, &st) != -1
+ && rd->dev == st.st_dev
+ && rd->ino == st.st_ino
+ && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
+ && rd->rdev == st.st_rdev;
+}
+
+/*
+ * Open a random device if required and return its file descriptor or -1 on error
+ */
+static int get_random_device(size_t n)
+{
+ struct stat st;
+ struct random_device * rd = &random_devices[n];
+
+ /* reuse existing file descriptor if it is (still) valid */
+ if (check_random_device(rd))
+ return rd->fd;
+
+ /* open the random device ... */
+ if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+ return rd->fd;
+
+ /* ... and cache its relevant stat(2) data */
+ if (fstat(rd->fd, &st) != -1) {
+ rd->dev = st.st_dev;
+ rd->ino = st.st_ino;
+ rd->mode = st.st_mode;
+ rd->rdev = st.st_rdev;
+ } else {
+ close(rd->fd);
+ rd->fd = -1;
+ }
+
+ return rd->fd;
+}
+
+/*
+ * Close a random device making sure it is a random device
+ */
+static void close_random_device(size_t n)
+{
+ struct random_device * rd = &random_devices[n];
+
+ if (check_random_device(rd))
+ close(rd->fd);
+ rd->fd = -1;
+}
+
+int rand_pool_init(void)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(random_devices); i++)
+ random_devices[i].fd = -1;
+
+ return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(random_devices); i++)
+ close_random_device(i);
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+ if (!keep)
+ rand_pool_cleanup();
+
+ keep_random_devices_open = keep;
+}
+
+# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+int rand_pool_init(void)
+{
+ return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+/*
+ * Try the various seeding methods in turn, exit when successful.