QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-13 09:59:40 +00:00
Code Issues Projects Releases Wiki Activity
openssl/crypto/rand/rand_vms.c
Richard Levitte fc1d73bb0c VMS: stricter acquisition of entropy for the pool 
Fail harshly (in debug builds) when rand_pool_acquire_entropy isn't
delivering the required amount of entropy.  In release builds, this
produces an error with details.

We also take the opportunity to modernise the types used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5857)
2018-04-03 18:24:41 +02:00

156 lines
4.7 KiB
C
Raw Blame History

/*
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "e_os.h"
#if defined(OPENSSL_SYS_VMS)
# include "internal/cryptlib.h"
# include <openssl/rand.h>
# include "internal/rand_int.h"
# include "rand_lcl.h"
# include <descrip.h>
# include <jpidef.h>
# include <ssdef.h>
# include <starlet.h>
# include <efndef>
# ifdef __DECC
# pragma message disable DOLLARID
# endif
# ifndef OPENSSL_RAND_SEED_OS
# error "Unsupported seeding method configured; must be os"
# endif
/*
* Use 32-bit pointers almost everywhere. Define the type to which to cast a
* pointer passed to an external function.
*/
# if __INITIAL_POINTER_SIZE == 64
# define PTR_T __void_ptr64
# pragma pointer_size save
# pragma pointer_size 32
# else
# define PTR_T void *
# endif
static struct items_data_st {
short length, code; /* length is number of bytes */
} items_data[] = {
{4, JPI$_BUFIO},
{4, JPI$_CPUTIM},
{4, JPI$_DIRIO},
{4, JPI$_IMAGECOUNT},
{8, JPI$_LAST_LOGIN_I},
{8, JPI$_LOGINTIM},
{4, JPI$_PAGEFLTS},
{4, JPI$_PID},
{4, JPI$_PPGCNT},
{4, JPI$_WSPEAK},
{4, JPI$_FINALEXC},
{0, 0}
};
/*
* We assume there we get about 4 bits of entropy per byte from the items
* above, with a bit of scrambling added rand_pool_acquire_entropy()
*/
#define ENTROPY_BITS_PER_BYTE 4
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
/* determine the number of items in the JPI array */
struct items_data_st item_entry;
size_t item_entry_count = OSSL_NELEM(items_data);
/* Create the 32-bit JPI itemlist array to hold item_data content */
struct {
uint16_t length, code;
uint32_t *buffer;
uint32_t *retlen;
} item[item_entry_count], *pitem;
struct items_data_st *pitems_data;
/* 8 bytes (two longs) per entry max */
uint32_t data_buffer[(item_entry_count * 2) + 4];
uint32_t iosb[2];
uint32_t sys_time[2];
uint32_t *ptr;
size_t i, j ;
size_t tmp_length = 0;
size_t total_length = 0;
size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_BITS_PER_BYTE);
size_t bytes_remaining = rand_pool_bytes_remaining(pool);
/* Setup itemlist for GETJPI */
pitems_data = items_data;
for (pitem = item; pitems_data->length != 0; pitem++) {
pitem->length = pitems_data->length;
pitem->code = pitems_data->code;
pitem->buffer = &data_buffer[total_length];
pitem->retlen = 0;
/* total_length is in longwords */
total_length += pitems_data->length / 4;
pitems_data++;
}
pitem->length = pitem->code = 0;
/* Fill data_buffer with various info bits from this process */
if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) != SS$_NORMAL)
return 0;
/* Now twist that data to seed the SSL random number init */
for (i = 0; i < total_length; i++) {
sys$gettim((struct _generic_64 *)&sys_time[0]);
srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i);
if (i == (total_length - 1)) { /* for JPI$_FINALEXC */
ptr = &data_buffer[i];
for (j = 0; j < 4; j++) {
data_buffer[i + j] = ptr[j];
/* OK to use rand() just to scramble the seed */
data_buffer[i + j] ^= (sys_time[0] ^ rand());
tmp_length++;
}
} else {
/* OK to use rand() just to scramble the seed */
data_buffer[i] ^= (sys_time[0] ^ rand());
}
}
total_length += (tmp_length - 1);
/* Change the total length to number of bytes */
total_length *= 4;
/*
* If we can't feed the requirements from the caller, we're in deep trouble.
*/
if (!ossl_assert(total_length >= bytes_needed)) {
char neededstr[20];
char availablestr[20];
BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed);
BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length);
RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY,
RAND_R_RANDOM_POOL_UNDERFLOW);
ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ",
availablestr);
return 0;
}
/*
* Try not to overfeed the pool
*/
if (total_length > bytes_remaining)
total_length = bytes_remaining;
return rand_pool_add(pool, (PTR_T)data_buffer, total_length,
total_length * ENTROPY_BITS_PER_BYTE);
}
#endif
Reference in New Issue View Git Blame Copy Permalink