diff --git a/apps/rsautl.c b/apps/rsautl.c index df90c01ea90b2..6939e42a4d749 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -31,7 +31,7 @@ NON_EMPTY_TRANSLATION_UNIT typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, - OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931, + OPT_RSA_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931, OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, OPT_R_ENUM @@ -46,7 +46,7 @@ const OPTIONS rsautl_options[] = { {"pubin", OPT_PUBIN, '-', "Input is an RSA public"}, {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, {"ssl", OPT_SSL, '-', "Use SSL v2 padding"}, - {"raw", OPT_RAW, '-', "Use no padding"}, + {"raw", OPT_RSA_RAW, '-', "Use no padding"}, {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"}, {"sign", OPT_SIGN, '-', "Sign with private key"}, @@ -112,7 +112,7 @@ int rsautl_main(int argc, char **argv) case OPT_HEXDUMP: hexdump = 1; break; - case OPT_RAW: + case OPT_RSA_RAW: pad = RSA_NO_PADDING; break; case OPT_OAEP: diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index cd332c4543f62..65d32f3c41e60 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -33,8 +33,8 @@ # include # include # endif +# include # endif -# include # include # include #endif diff --git a/crypto/rand/build.info b/crypto/rand/build.info index d9c1fb7e33805..70d258032b0fe 100644 --- a/crypto/rand/build.info +++ b/crypto/rand/build.info @@ -1,6 +1,5 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ - rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c \ + rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c rand_vxworks.c \ drbg_hash.c drbg_hmac.c - diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 5d1e0d8b17187..2b3e32dc9629c 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -30,7 +30,8 @@ # include #endif -#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) +#if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ + || defined(__DJGPP__) # include # include # include @@ -88,30 +89,8 @@ static uint64_t get_timer_bits(void); # undef OPENSSL_RAND_SEED_EGD #endif -#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \ - !defined(OPENSSL_RAND_SEED_NONE) -# error "UEFI and VXWorks only support seeding NONE" -#endif - -#if defined(OPENSSL_SYS_VXWORKS) -/* empty implementation */ -int rand_pool_init(void) -{ - return 1; -} - -void rand_pool_cleanup(void) -{ -} - -void rand_pool_keep_random_devices_open(int keep) -{ -} - -size_t rand_pool_acquire_entropy(RAND_POOL *pool) -{ - return rand_pool_entropy_available(pool); -} +#if defined(OPENSSL_SYS_UEFI) && !defined(OPENSSL_RAND_SEED_NONE) +# error "UEFI only supports seeding NONE" #endif #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \ @@ -608,7 +587,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif #endif -#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) +#if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ + || defined(__DJGPP__) int rand_pool_add_nonce_data(RAND_POOL *pool) { struct { diff --git a/crypto/rand/rand_vxworks.c b/crypto/rand/rand_vxworks.c new file mode 100644 index 0000000000000..81774e097d993 --- /dev/null +++ b/crypto/rand/rand_vxworks.c @@ -0,0 +1,171 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef OPENSSL_SYS_VXWORKS +NON_EMPTY_TRANSLATION_UNIT +#else +# include +# include "rand_lcl.h" +# include "internal/rand_int.h" +# include "internal/cryptlib.h" +# include +# include + +# if defined(OPENSSL_RAND_SEED_NONE) +/* none means none */ +# undef OPENSSL_RAND_SEED_OS +# endif + +# if defined(OPENSSL_RAND_SEED_OS) +# if _WRS_VXWORKS_MAJOR >= 7 +# define RAND_SEED_VXRANDLIB +# else +# error "VxWorks <7 only support RAND_SEED_NONE" +# endif +# endif + +# if defined(RAND_SEED_VXRANDLIB) +# include +# endif + +/* Macro to convert two thirty two bit values into a sixty four bit one */ +# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b)) + +static uint64_t get_time_stamp(void) +{ + struct timespec ts; + + if (clock_gettime(CLOCK_REALTIME, &ts) == 0) + return TWO32TO64(ts.tv_sec, ts.tv_nsec); + return time(NULL); +} + +static uint64_t get_timer_bits(void) +{ + uint64_t res = OPENSSL_rdtsc(); + struct timespec ts; + + if (res != 0) + return res; + + if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) + return TWO32TO64(ts.tv_sec, ts.tv_nsec); + return time(NULL); +} + +/* + * empty implementation + * vxworks does not need to init/cleanup or keep open the random lib + */ +int rand_pool_init(void) +{ + return 1; +} + +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + +int rand_pool_add_additional_data(RAND_POOL *pool) +{ + struct { + CRYPTO_THREAD_ID tid; + uint64_t time; + } data; + + memset(&data, 0, sizeof(data)); + + /* + * Add some noise from the thread id and a high resolution timer. + * The thread id adds a little randomness if the drbg is accessed + * concurrently (which is the case for the drbg). + */ + data.tid = CRYPTO_THREAD_get_current_id(); + data.time = get_timer_bits(); + + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); +} + +int rand_pool_add_nonce_data(RAND_POOL *pool) +{ + struct { + pid_t pid; + CRYPTO_THREAD_ID tid; + uint64_t time; + } data; + + memset(&data, 0, sizeof(data)); + + /* + * Add process id, thread id, and a high resolution timestamp to + * ensure that the nonce is unique with high probability for + * different process instances. + */ + data.pid = getpid(); + data.tid = CRYPTO_THREAD_get_current_id(); + data.time = get_time_stamp(); + + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); +} + +size_t rand_pool_acquire_entropy(RAND_POOL *pool) +{ +# if defined(RAND_SEED_VXRANDLIB) + /* vxRandLib based entropy method */ + size_t bytes_needed; + + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + if (bytes_needed > 0) + { + int retryCount = 0; + STATUS result = ERROR; + unsigned char *buffer; + + buffer = rand_pool_add_begin(pool, bytes_needed); + while ((result != OK) && (retryCount < 10)) { + RANDOM_NUM_GEN_STATUS status = randStatus(); + + if ((status == RANDOM_NUM_GEN_ENOUGH_ENTROPY) + || (status == RANDOM_NUM_GEN_MAX_ENTROPY) ) { + result = randBytes(buffer, bytes_needed); + if (result == OK) + rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); + /* + * no else here: randStatus said ok, if randBytes failed + * it will result in another loop or no entropy + */ + } else { + /* + * give a minimum delay here to allow OS to collect more + * entropy. taskDelay duration will depend on the system tick, + * this is by design as the sw-random lib uses interrupts + * which will at least happen during ticks + */ + taskDelay(5); + } + retryCount++; + } + } + return rand_pool_entropy_available(pool); +# else + /* + * SEED_NONE means none, without randlib we dont have entropy and + * rely on it being added externally + */ + return rand_pool_entropy_available(pool); +# endif /* defined(RAND_SEED_VXRANDLIB) */ +} + +#endif /* OPENSSL_SYS_VXWORKS */ diff --git a/e_os.h b/e_os.h index 26de710ce4b2a..1c55272438120 100644 --- a/e_os.h +++ b/e_os.h @@ -210,7 +210,7 @@ extern FILE *_imp___iob; # else /* The non-microsoft world */ # if defined(OPENSSL_SYS_VXWORKS) -# include +# include # else # include # endif