-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create new provider for RNDRRS. Modify support for rand_cpu to default to RDRAND/RDSEED on x86 and RNDRRS on aarch64. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #15361) (cherry picked from commit eb28fda)
- Loading branch information
Showing
3 changed files
with
77 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,15 @@ | ||
$COMMON=rand_unix.c rand_win.c rand_tsc.c rand_cpu_x86.c | ||
$COMMON=rand_unix.c rand_win.c rand_tsc.c | ||
IF[{- $config{target} =~ /vxworks/i -}] | ||
$COMMON=$COMMON rand_vxworks.c | ||
ENDIF | ||
IF[{- $config{target} =~ /vms/i -}] | ||
$COMMON=$COMMON rand_vms.c | ||
ENDIF | ||
IF[{- !$disabled{asm} && $config{target} =~ '.*aarch64' -}] | ||
$COMMON=$COMMON rand_cpu_arm64.c | ||
ELSE | ||
$COMMON=$COMMON rand_cpu_x86.c | ||
ENDIF | ||
|
||
SOURCE[../../../libdefault.a]=$COMMON | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
/* | ||
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License 2.0 (the "License"). You may not use | ||
* this file except in compliance with the License. You can obtain a copy | ||
* in the file LICENSE in the source distribution or at | ||
* https://www.openssl.org/source/license.html | ||
*/ | ||
|
||
#include "internal/cryptlib.h" | ||
#include <openssl/opensslconf.h> | ||
#include "crypto/rand_pool.h" | ||
#include "prov/seeding.h" | ||
|
||
|
||
#ifdef OPENSSL_RAND_SEED_RDCPU | ||
#include "crypto/arm_arch.h" | ||
|
||
size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len); | ||
|
||
static size_t get_hardware_random_value(unsigned char *buf, size_t len); | ||
|
||
/* | ||
* Acquire entropy using Arm-specific cpu instructions | ||
* | ||
* Uses the RNDRRS instruction. RNDR is never needed since | ||
* RNDRRS will always be available if RNDR is an available | ||
* instruction. | ||
* | ||
* Returns the total entropy count, if it exceeds the requested | ||
* entropy count. Otherwise, returns an entropy count of 0. | ||
*/ | ||
size_t ossl_prov_acquire_entropy_from_cpu(RAND_POOL *pool) | ||
{ | ||
size_t bytes_needed; | ||
unsigned char *buffer; | ||
|
||
bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); | ||
if (bytes_needed > 0) { | ||
buffer = ossl_rand_pool_add_begin(pool, bytes_needed); | ||
|
||
if (buffer != NULL) { | ||
if (get_hardware_random_value(buffer, bytes_needed) == bytes_needed) | ||
ossl_rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); | ||
else | ||
ossl_rand_pool_add_end(pool, 0, 0); | ||
} | ||
} | ||
|
||
return ossl_rand_pool_entropy_available(pool); | ||
} | ||
|
||
static size_t get_hardware_random_value(unsigned char *buf, size_t len) | ||
{ | ||
/* Always use RNDRRS or nothing */ | ||
if (OPENSSL_armcap_P & ARMV8_RNG) { | ||
if (OPENSSL_rndrrs_bytes(buf, len) != len) | ||
return 0; | ||
} else { | ||
return 0; | ||
} | ||
return len; | ||
} | ||
|
||
#else | ||
NON_EMPTY_TRANSLATION_UNIT | ||
#endif /* OPENSSL_RAND_SEED_RDCPU */ |