sl@0: /* crypto/rand/md_rand.c */ sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: /* ==================================================================== sl@0: * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * openssl-core@openssl.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: /* sl@0: © Portions copyright (c) 2006 Nokia Corporation. All rights reserved. sl@0: */ sl@0: sl@0: sl@0: #ifdef MD_RAND_DEBUG sl@0: # ifndef NDEBUG sl@0: # define NDEBUG sl@0: # endif sl@0: #endif sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: #include "e_os.h" sl@0: sl@0: #include sl@0: #include "rand_lcl.h" sl@0: sl@0: #include sl@0: #include sl@0: #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) sl@0: #include "libcrypto_wsd_macros.h" sl@0: #include "libcrypto_wsd.h" sl@0: #endif sl@0: sl@0: sl@0: #ifdef BN_DEBUG sl@0: # define PREDICT sl@0: #endif sl@0: sl@0: /* #define PREDICT 1 */ sl@0: sl@0: #define STATE_SIZE 1023 sl@0: sl@0: #ifndef EMULATOR sl@0: static int state_num=0,state_index=0; sl@0: static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; sl@0: static unsigned char md[MD_DIGEST_LENGTH]; sl@0: static long md_count[2]={0,0}; sl@0: static double entropy=0; sl@0: static int initialized=0; sl@0: sl@0: static unsigned int crypto_lock_rand = 0; /* may be set only when a thread sl@0: * holds CRYPTO_LOCK_RAND sl@0: * (to prevent double locking) */ sl@0: /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ sl@0: static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ sl@0: #else sl@0: GET_STATIC_VAR_FROM_TLS(state_num,md_rand,int) sl@0: #define state_num (*GET_WSD_VAR_NAME(state_num,md_rand, s)()) sl@0: sl@0: GET_STATIC_VAR_FROM_TLS(state_index,md_rand,int) sl@0: #define state_index (*GET_WSD_VAR_NAME(state_index,md_rand, s)()) sl@0: sl@0: GET_STATIC_ARRAY_FROM_TLS(state,md_rand,unsigned char) sl@0: #define state (GET_WSD_VAR_NAME(state,md_rand, s)()) sl@0: sl@0: GET_STATIC_ARRAY_FROM_TLS(md,md_rand,unsigned char) sl@0: #define md (GET_WSD_VAR_NAME(md,md_rand, s)()) sl@0: sl@0: GET_STATIC_ARRAY_FROM_TLS(md_count,md_rand,unsigned char) sl@0: #define md_count (GET_WSD_VAR_NAME(md_count,md_rand, s)()) sl@0: sl@0: GET_STATIC_VAR_FROM_TLS(entropy,md_rand,double) sl@0: #define entropy (*GET_WSD_VAR_NAME(entropy,md_rand, s)()) sl@0: sl@0: GET_STATIC_VAR_FROM_TLS(initialized,md_rand,int) sl@0: #define initialized (*GET_WSD_VAR_NAME(initialized,md_rand, s)()) sl@0: sl@0: GET_STATIC_VAR_FROM_TLS(crypto_lock_rand,md_rand,unsigned int) sl@0: #define crypto_lock_rand (*GET_WSD_VAR_NAME(crypto_lock_rand,md_rand, s)()) sl@0: sl@0: GET_STATIC_VAR_FROM_TLS(locking_thread,md_rand,unsigned long) sl@0: #define locking_thread (*GET_WSD_VAR_NAME(locking_thread,md_rand, s)()) sl@0: sl@0: #endif sl@0: sl@0: #ifdef PREDICT sl@0: int rand_predictable=0; sl@0: #endif sl@0: sl@0: const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; sl@0: sl@0: static void ssleay_rand_cleanup(void); sl@0: static void ssleay_rand_seed(const void *buf, int num); sl@0: static void ssleay_rand_add(const void *buf, int num, double add_entropy); sl@0: static int ssleay_rand_bytes(unsigned char *buf, int num); sl@0: static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); sl@0: static int ssleay_rand_status(void); sl@0: sl@0: #ifndef EMULATOR sl@0: RAND_METHOD rand_ssleay_meth={ sl@0: ssleay_rand_seed, sl@0: ssleay_rand_bytes, sl@0: ssleay_rand_cleanup, sl@0: ssleay_rand_add, sl@0: ssleay_rand_pseudo_bytes, sl@0: ssleay_rand_status sl@0: }; sl@0: #else sl@0: sl@0: GET_GLOBAL_VAR_FROM_TLS(rand_ssleay_meth,md_rand, RAND_METHOD) sl@0: #define rand_ssleay_meth (*GET_WSD_VAR_NAME(rand_ssleay_meth,md_rand, g)()) sl@0: const RAND_METHOD temp_g_rand_ssleay_meth={ sl@0: ssleay_rand_seed, sl@0: ssleay_rand_bytes, sl@0: ssleay_rand_cleanup, sl@0: ssleay_rand_add, sl@0: ssleay_rand_pseudo_bytes, sl@0: ssleay_rand_status sl@0: }; sl@0: sl@0: #endif sl@0: EXPORT_C RAND_METHOD *RAND_SSLeay(void) sl@0: { sl@0: return(&rand_ssleay_meth); sl@0: } sl@0: sl@0: static void ssleay_rand_cleanup(void) sl@0: { sl@0: OPENSSL_cleanse(state,sizeof(state)); sl@0: state_num=0; sl@0: state_index=0; sl@0: OPENSSL_cleanse(md,MD_DIGEST_LENGTH); sl@0: md_count[0]=0; sl@0: md_count[1]=0; sl@0: entropy=0; sl@0: initialized=0; sl@0: } sl@0: sl@0: static void ssleay_rand_add(const void *buf, int num, double add) sl@0: { sl@0: int i,j,k,st_idx; sl@0: long md_c[2]; sl@0: unsigned char local_md[MD_DIGEST_LENGTH]; sl@0: EVP_MD_CTX m; sl@0: int do_not_lock; sl@0: sl@0: /* sl@0: * (Based on the rand(3) manpage) sl@0: * sl@0: * The input is chopped up into units of 20 bytes (or less for sl@0: * the last block). Each of these blocks is run through the hash sl@0: * function as follows: The data passed to the hash function sl@0: * is the current 'md', the same number of bytes from the 'state' sl@0: * (the location determined by in incremented looping index) as sl@0: * the current 'block', the new key data 'block', and 'count' sl@0: * (which is incremented after each use). sl@0: * The result of this is kept in 'md' and also xored into the sl@0: * 'state' at the same locations that were used as input into the sl@0: * hash function. sl@0: */ sl@0: sl@0: /* check if we already have the lock */ sl@0: if (crypto_lock_rand) sl@0: { sl@0: CRYPTO_r_lock(CRYPTO_LOCK_RAND2); sl@0: do_not_lock = (locking_thread == CRYPTO_thread_id()); sl@0: CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); sl@0: } sl@0: else sl@0: do_not_lock = 0; sl@0: sl@0: if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); sl@0: st_idx=state_index; sl@0: sl@0: /* use our own copies of the counters so that even sl@0: * if a concurrent thread seeds with exactly the sl@0: * same data and uses the same subarray there's _some_ sl@0: * difference */ sl@0: md_c[0] = md_count[0]; sl@0: md_c[1] = md_count[1]; sl@0: sl@0: memcpy(local_md, md, sizeof md); sl@0: sl@0: /* state_index <= state_num <= STATE_SIZE */ sl@0: state_index += num; sl@0: if (state_index >= STATE_SIZE) sl@0: { sl@0: state_index%=STATE_SIZE; sl@0: state_num=STATE_SIZE; sl@0: } sl@0: else if (state_num < STATE_SIZE) sl@0: { sl@0: if (state_index > state_num) sl@0: state_num=state_index; sl@0: } sl@0: /* state_index <= state_num <= STATE_SIZE */ sl@0: sl@0: /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] sl@0: * are what we will use now, but other threads may use them sl@0: * as well */ sl@0: sl@0: md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); sl@0: sl@0: if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); sl@0: sl@0: EVP_MD_CTX_init(&m); sl@0: for (i=0; i MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j; sl@0: sl@0: MD_Init(&m); sl@0: MD_Update(&m,local_md,MD_DIGEST_LENGTH); sl@0: k=(st_idx+j)-STATE_SIZE; sl@0: if (k > 0) sl@0: { sl@0: MD_Update(&m,&(state[st_idx]),j-k); sl@0: MD_Update(&m,&(state[0]),k); sl@0: } sl@0: else sl@0: MD_Update(&m,&(state[st_idx]),j); sl@0: sl@0: MD_Update(&m,buf,j); sl@0: MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); sl@0: MD_Final(&m,local_md); sl@0: md_c[1]++; sl@0: sl@0: buf=(const char *)buf + j; sl@0: sl@0: for (k=0; k= STATE_SIZE) sl@0: st_idx=0; sl@0: } sl@0: } sl@0: EVP_MD_CTX_cleanup(&m); sl@0: sl@0: if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); sl@0: /* Don't just copy back local_md into md -- this could mean that sl@0: * other thread's seeding remains without effect (except for sl@0: * the incremented counter). By XORing it we keep at least as sl@0: * much entropy as fits into md. */ sl@0: for (k = 0; k < (int)sizeof(md); k++) sl@0: { sl@0: md[k] ^= local_md[k]; sl@0: } sl@0: if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ sl@0: entropy += add; sl@0: if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); sl@0: sl@0: #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) sl@0: assert(md_c[1] == md_count[1]); sl@0: #endif sl@0: } sl@0: sl@0: static void ssleay_rand_seed(const void *buf, int num) sl@0: { sl@0: ssleay_rand_add(buf, num, (double)num); sl@0: } sl@0: #ifdef EMULATOR sl@0: GET_STATIC_VAR_FROM_TLS(stirred_pool,md_rand,volatile int) sl@0: #define stirred_pool (*GET_WSD_VAR_NAME(stirred_pool,md_rand, s)()) sl@0: #endif sl@0: static int ssleay_rand_bytes(unsigned char *buf, int num) sl@0: { sl@0: #ifndef EMULATOR sl@0: static volatile int stirred_pool = 0; sl@0: #endif sl@0: int i,j,k,st_num,st_idx; sl@0: int num_ceil; sl@0: int ok; sl@0: long md_c[2]; sl@0: unsigned char local_md[MD_DIGEST_LENGTH]; sl@0: EVP_MD_CTX m; sl@0: #ifndef GETPID_IS_MEANINGLESS sl@0: pid_t curr_pid = getpid(); sl@0: #endif sl@0: int do_stir_pool = 0; sl@0: sl@0: #ifdef PREDICT sl@0: if (rand_predictable) sl@0: { sl@0: static unsigned char val=0; sl@0: sl@0: for (i=0; i= ENTROPY_NEEDED); sl@0: if (!ok) sl@0: { sl@0: /* If the PRNG state is not yet unpredictable, then seeing sl@0: * the PRNG output may help attackers to determine the new sl@0: * state; thus we have to decrease the entropy estimate. sl@0: * Once we've had enough initial seeding we don't bother to sl@0: * adjust the entropy count, though, because we're not ambitious sl@0: * to provide *information-theoretic* randomness. sl@0: * sl@0: * NOTE: This approach fails if the program forks before sl@0: * we have enough entropy. Entropy should be collected sl@0: * in a separate input pool and be transferred to the sl@0: * output pool only when the entropy limit has been reached. sl@0: */ sl@0: entropy -= num; sl@0: if (entropy < 0) sl@0: entropy = 0; sl@0: } sl@0: sl@0: if (do_stir_pool) sl@0: { sl@0: /* In the output function only half of 'md' remains secret, sl@0: * so we better make sure that the required entropy gets sl@0: * 'evenly distributed' through 'state', our randomness pool. sl@0: * The input function (ssleay_rand_add) chains all of 'md', sl@0: * which makes it more suitable for this purpose. sl@0: */ sl@0: sl@0: int n = STATE_SIZE; /* so that the complete pool gets accessed */ sl@0: while (n > 0) sl@0: { sl@0: #if MD_DIGEST_LENGTH > 20 sl@0: # error "Please adjust DUMMY_SEED." sl@0: #endif sl@0: #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ sl@0: /* Note that the seed does not matter, it's just that sl@0: * ssleay_rand_add expects to have something to hash. */ sl@0: ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); sl@0: n -= MD_DIGEST_LENGTH; sl@0: } sl@0: if (ok) sl@0: stirred_pool = 1; sl@0: } sl@0: sl@0: st_idx=state_index; sl@0: st_num=state_num; sl@0: md_c[0] = md_count[0]; sl@0: md_c[1] = md_count[1]; sl@0: memcpy(local_md, md, sizeof md); sl@0: sl@0: state_index+=num_ceil; sl@0: if (state_index > state_num) sl@0: state_index %= state_num; sl@0: sl@0: /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] sl@0: * are now ours (but other threads may use them too) */ sl@0: sl@0: md_count[0] += 1; sl@0: sl@0: /* before unlocking, we must clear 'crypto_lock_rand' */ sl@0: crypto_lock_rand = 0; sl@0: CRYPTO_w_unlock(CRYPTO_LOCK_RAND); sl@0: sl@0: while (num > 0) sl@0: { sl@0: /* num_ceil -= MD_DIGEST_LENGTH/2 */ sl@0: j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; sl@0: num-=j; sl@0: MD_Init(&m); sl@0: #ifndef GETPID_IS_MEANINGLESS sl@0: if (curr_pid) /* just in the first iteration to save time */ sl@0: { sl@0: MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid); sl@0: curr_pid = 0; sl@0: } sl@0: #endif sl@0: MD_Update(&m,local_md,MD_DIGEST_LENGTH); sl@0: MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); sl@0: #ifndef PURIFY sl@0: MD_Update(&m,buf,j); /* purify complains */ sl@0: #endif sl@0: k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; sl@0: if (k > 0) sl@0: { sl@0: MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); sl@0: MD_Update(&m,&(state[0]),k); sl@0: } sl@0: else sl@0: MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2); sl@0: MD_Final(&m,local_md); sl@0: sl@0: for (i=0; i= st_num) sl@0: st_idx=0; sl@0: if (i < j) sl@0: *(buf++)=local_md[i+MD_DIGEST_LENGTH/2]; sl@0: } sl@0: } sl@0: sl@0: MD_Init(&m); sl@0: MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); sl@0: MD_Update(&m,local_md,MD_DIGEST_LENGTH); sl@0: CRYPTO_w_lock(CRYPTO_LOCK_RAND); sl@0: MD_Update(&m,md,MD_DIGEST_LENGTH); sl@0: MD_Final(&m,md); sl@0: CRYPTO_w_unlock(CRYPTO_LOCK_RAND); sl@0: sl@0: EVP_MD_CTX_cleanup(&m); sl@0: if (ok) sl@0: return(1); sl@0: else sl@0: { sl@0: RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); sl@0: ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " sl@0: "http://www.openssl.org/support/faq.html"); sl@0: return(0); sl@0: } sl@0: } sl@0: sl@0: /* pseudo-random bytes that are guaranteed to be unique but not sl@0: unpredictable */ sl@0: static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) sl@0: { sl@0: int ret; sl@0: unsigned long err; sl@0: sl@0: ret = RAND_bytes(buf, num); sl@0: if (ret == 0) sl@0: { sl@0: err = ERR_peek_error(); sl@0: if (ERR_GET_LIB(err) == ERR_LIB_RAND && sl@0: ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) sl@0: ERR_clear_error(); sl@0: } sl@0: return (ret); sl@0: } sl@0: sl@0: static int ssleay_rand_status(void) sl@0: { sl@0: int ret; sl@0: int do_not_lock; sl@0: sl@0: /* check if we already have the lock sl@0: * (could happen if a RAND_poll() implementation calls RAND_status()) */ sl@0: if (crypto_lock_rand) sl@0: { sl@0: CRYPTO_r_lock(CRYPTO_LOCK_RAND2); sl@0: do_not_lock = (locking_thread == CRYPTO_thread_id()); sl@0: CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); sl@0: } sl@0: else sl@0: do_not_lock = 0; sl@0: sl@0: if (!do_not_lock) sl@0: { sl@0: CRYPTO_w_lock(CRYPTO_LOCK_RAND); sl@0: sl@0: /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ sl@0: CRYPTO_w_lock(CRYPTO_LOCK_RAND2); sl@0: locking_thread = CRYPTO_thread_id(); sl@0: CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); sl@0: crypto_lock_rand = 1; sl@0: } sl@0: sl@0: if (!initialized) sl@0: { sl@0: RAND_poll(); sl@0: initialized = 1; sl@0: } sl@0: sl@0: ret = entropy >= ENTROPY_NEEDED; sl@0: sl@0: if (!do_not_lock) sl@0: { sl@0: /* before unlocking, we must clear 'crypto_lock_rand' */ sl@0: crypto_lock_rand = 0; sl@0: sl@0: CRYPTO_w_unlock(CRYPTO_LOCK_RAND); sl@0: } sl@0: sl@0: return ret; sl@0: }