2
0

md_rand.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581
  1. /* crypto/rand/md_rand.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. #ifdef MD_RAND_DEBUG
  112. # ifndef NDEBUG
  113. # define NDEBUG
  114. # endif
  115. #endif
  116. #include <assert.h>
  117. #include <stdio.h>
  118. #include <string.h>
  119. #include "e_os.h"
  120. #include <openssl/rand.h>
  121. #include "rand_lcl.h"
  122. #include <openssl/crypto.h>
  123. #include <openssl/err.h>
  124. #include <openssl/fips.h>
  125. #ifdef BN_DEBUG
  126. # define PREDICT
  127. #endif
  128. /* #define PREDICT 1 */
  129. #define STATE_SIZE 1023
  130. static int state_num=0,state_index=0;
  131. static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
  132. static unsigned char md[MD_DIGEST_LENGTH];
  133. static long md_count[2]={0,0};
  134. static double entropy=0;
  135. static int initialized=0;
  136. static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
  137. * holds CRYPTO_LOCK_RAND
  138. * (to prevent double locking) */
  139. /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
  140. static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
  141. #ifdef PREDICT
  142. int rand_predictable=0;
  143. #endif
  144. const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
  145. static void ssleay_rand_cleanup(void);
  146. static void ssleay_rand_seed(const void *buf, int num);
  147. static void ssleay_rand_add(const void *buf, int num, double add_entropy);
  148. static int ssleay_rand_bytes(unsigned char *buf, int num);
  149. static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
  150. static int ssleay_rand_status(void);
  151. RAND_METHOD rand_ssleay_meth={
  152. ssleay_rand_seed,
  153. ssleay_rand_bytes,
  154. ssleay_rand_cleanup,
  155. ssleay_rand_add,
  156. ssleay_rand_pseudo_bytes,
  157. ssleay_rand_status
  158. };
  159. RAND_METHOD *RAND_SSLeay(void)
  160. {
  161. return(&rand_ssleay_meth);
  162. }
  163. static void ssleay_rand_cleanup(void)
  164. {
  165. OPENSSL_cleanse(state,sizeof(state));
  166. state_num=0;
  167. state_index=0;
  168. OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
  169. md_count[0]=0;
  170. md_count[1]=0;
  171. entropy=0;
  172. initialized=0;
  173. }
  174. static void ssleay_rand_add(const void *buf, int num, double add)
  175. {
  176. int i,j,k,st_idx;
  177. long md_c[2];
  178. unsigned char local_md[MD_DIGEST_LENGTH];
  179. EVP_MD_CTX m;
  180. int do_not_lock;
  181. /*
  182. * (Based on the rand(3) manpage)
  183. *
  184. * The input is chopped up into units of 20 bytes (or less for
  185. * the last block). Each of these blocks is run through the hash
  186. * function as follows: The data passed to the hash function
  187. * is the current 'md', the same number of bytes from the 'state'
  188. * (the location determined by in incremented looping index) as
  189. * the current 'block', the new key data 'block', and 'count'
  190. * (which is incremented after each use).
  191. * The result of this is kept in 'md' and also xored into the
  192. * 'state' at the same locations that were used as input into the
  193. * hash function.
  194. */
  195. /* check if we already have the lock */
  196. if (crypto_lock_rand)
  197. {
  198. CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
  199. do_not_lock = (locking_thread == CRYPTO_thread_id());
  200. CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
  201. }
  202. else
  203. do_not_lock = 0;
  204. if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
  205. st_idx=state_index;
  206. /* use our own copies of the counters so that even
  207. * if a concurrent thread seeds with exactly the
  208. * same data and uses the same subarray there's _some_
  209. * difference */
  210. md_c[0] = md_count[0];
  211. md_c[1] = md_count[1];
  212. memcpy(local_md, md, sizeof md);
  213. /* state_index <= state_num <= STATE_SIZE */
  214. state_index += num;
  215. if (state_index >= STATE_SIZE)
  216. {
  217. state_index%=STATE_SIZE;
  218. state_num=STATE_SIZE;
  219. }
  220. else if (state_num < STATE_SIZE)
  221. {
  222. if (state_index > state_num)
  223. state_num=state_index;
  224. }
  225. /* state_index <= state_num <= STATE_SIZE */
  226. /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
  227. * are what we will use now, but other threads may use them
  228. * as well */
  229. md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
  230. if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  231. EVP_MD_CTX_init(&m);
  232. for (i=0; i<num; i+=MD_DIGEST_LENGTH)
  233. {
  234. j=(num-i);
  235. j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
  236. MD_Init(&m);
  237. MD_Update(&m,local_md,MD_DIGEST_LENGTH);
  238. k=(st_idx+j)-STATE_SIZE;
  239. if (k > 0)
  240. {
  241. MD_Update(&m,&(state[st_idx]),j-k);
  242. MD_Update(&m,&(state[0]),k);
  243. }
  244. else
  245. MD_Update(&m,&(state[st_idx]),j);
  246. MD_Update(&m,buf,j);
  247. MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
  248. MD_Final(&m,local_md);
  249. md_c[1]++;
  250. buf=(const char *)buf + j;
  251. for (k=0; k<j; k++)
  252. {
  253. /* Parallel threads may interfere with this,
  254. * but always each byte of the new state is
  255. * the XOR of some previous value of its
  256. * and local_md (itermediate values may be lost).
  257. * Alway using locking could hurt performance more
  258. * than necessary given that conflicts occur only
  259. * when the total seeding is longer than the random
  260. * state. */
  261. state[st_idx++]^=local_md[k];
  262. if (st_idx >= STATE_SIZE)
  263. st_idx=0;
  264. }
  265. }
  266. EVP_MD_CTX_cleanup(&m);
  267. if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
  268. /* Don't just copy back local_md into md -- this could mean that
  269. * other thread's seeding remains without effect (except for
  270. * the incremented counter). By XORing it we keep at least as
  271. * much entropy as fits into md. */
  272. for (k = 0; k < (int)sizeof(md); k++)
  273. {
  274. md[k] ^= local_md[k];
  275. }
  276. if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
  277. entropy += add;
  278. if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  279. #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
  280. assert(md_c[1] == md_count[1]);
  281. #endif
  282. }
  283. static void ssleay_rand_seed(const void *buf, int num)
  284. {
  285. ssleay_rand_add(buf, num, (double)num);
  286. }
  287. static int ssleay_rand_bytes(unsigned char *buf, int num)
  288. {
  289. static volatile int stirred_pool = 0;
  290. int i,j,k,st_num,st_idx;
  291. int num_ceil;
  292. int ok;
  293. long md_c[2];
  294. unsigned char local_md[MD_DIGEST_LENGTH];
  295. EVP_MD_CTX m;
  296. #ifndef GETPID_IS_MEANINGLESS
  297. pid_t curr_pid = getpid();
  298. #endif
  299. int do_stir_pool = 0;
  300. #ifdef OPENSSL_FIPS
  301. if(FIPS_mode())
  302. {
  303. FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
  304. return 0;
  305. }
  306. #endif
  307. #ifdef PREDICT
  308. if (rand_predictable)
  309. {
  310. static unsigned char val=0;
  311. for (i=0; i<num; i++)
  312. buf[i]=val++;
  313. return(1);
  314. }
  315. #endif
  316. if (num <= 0)
  317. return 1;
  318. EVP_MD_CTX_init(&m);
  319. /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
  320. num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
  321. /*
  322. * (Based on the rand(3) manpage:)
  323. *
  324. * For each group of 10 bytes (or less), we do the following:
  325. *
  326. * Input into the hash function the local 'md' (which is initialized from
  327. * the global 'md' before any bytes are generated), the bytes that are to
  328. * be overwritten by the random bytes, and bytes from the 'state'
  329. * (incrementing looping index). From this digest output (which is kept
  330. * in 'md'), the top (up to) 10 bytes are returned to the caller and the
  331. * bottom 10 bytes are xored into the 'state'.
  332. *
  333. * Finally, after we have finished 'num' random bytes for the
  334. * caller, 'count' (which is incremented) and the local and global 'md'
  335. * are fed into the hash function and the results are kept in the
  336. * global 'md'.
  337. */
  338. CRYPTO_w_lock(CRYPTO_LOCK_RAND);
  339. /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
  340. CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
  341. locking_thread = CRYPTO_thread_id();
  342. CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
  343. crypto_lock_rand = 1;
  344. if (!initialized)
  345. {
  346. RAND_poll();
  347. initialized = 1;
  348. }
  349. if (!stirred_pool)
  350. do_stir_pool = 1;
  351. ok = (entropy >= ENTROPY_NEEDED);
  352. if (!ok)
  353. {
  354. /* If the PRNG state is not yet unpredictable, then seeing
  355. * the PRNG output may help attackers to determine the new
  356. * state; thus we have to decrease the entropy estimate.
  357. * Once we've had enough initial seeding we don't bother to
  358. * adjust the entropy count, though, because we're not ambitious
  359. * to provide *information-theoretic* randomness.
  360. *
  361. * NOTE: This approach fails if the program forks before
  362. * we have enough entropy. Entropy should be collected
  363. * in a separate input pool and be transferred to the
  364. * output pool only when the entropy limit has been reached.
  365. */
  366. entropy -= num;
  367. if (entropy < 0)
  368. entropy = 0;
  369. }
  370. if (do_stir_pool)
  371. {
  372. /* In the output function only half of 'md' remains secret,
  373. * so we better make sure that the required entropy gets
  374. * 'evenly distributed' through 'state', our randomness pool.
  375. * The input function (ssleay_rand_add) chains all of 'md',
  376. * which makes it more suitable for this purpose.
  377. */
  378. int n = STATE_SIZE; /* so that the complete pool gets accessed */
  379. while (n > 0)
  380. {
  381. #if MD_DIGEST_LENGTH > 20
  382. # error "Please adjust DUMMY_SEED."
  383. #endif
  384. #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
  385. /* Note that the seed does not matter, it's just that
  386. * ssleay_rand_add expects to have something to hash. */
  387. ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
  388. n -= MD_DIGEST_LENGTH;
  389. }
  390. if (ok)
  391. stirred_pool = 1;
  392. }
  393. st_idx=state_index;
  394. st_num=state_num;
  395. md_c[0] = md_count[0];
  396. md_c[1] = md_count[1];
  397. memcpy(local_md, md, sizeof md);
  398. state_index+=num_ceil;
  399. if (state_index > state_num)
  400. state_index %= state_num;
  401. /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
  402. * are now ours (but other threads may use them too) */
  403. md_count[0] += 1;
  404. /* before unlocking, we must clear 'crypto_lock_rand' */
  405. crypto_lock_rand = 0;
  406. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  407. while (num > 0)
  408. {
  409. /* num_ceil -= MD_DIGEST_LENGTH/2 */
  410. j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
  411. num-=j;
  412. MD_Init(&m);
  413. #ifndef GETPID_IS_MEANINGLESS
  414. if (curr_pid) /* just in the first iteration to save time */
  415. {
  416. MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
  417. curr_pid = 0;
  418. }
  419. #endif
  420. MD_Update(&m,local_md,MD_DIGEST_LENGTH);
  421. MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
  422. #ifndef PURIFY
  423. MD_Update(&m,buf,j); /* purify complains */
  424. #endif
  425. k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
  426. if (k > 0)
  427. {
  428. MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
  429. MD_Update(&m,&(state[0]),k);
  430. }
  431. else
  432. MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
  433. MD_Final(&m,local_md);
  434. for (i=0; i<MD_DIGEST_LENGTH/2; i++)
  435. {
  436. state[st_idx++]^=local_md[i]; /* may compete with other threads */
  437. if (st_idx >= st_num)
  438. st_idx=0;
  439. if (i < j)
  440. *(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
  441. }
  442. }
  443. MD_Init(&m);
  444. MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
  445. MD_Update(&m,local_md,MD_DIGEST_LENGTH);
  446. CRYPTO_w_lock(CRYPTO_LOCK_RAND);
  447. MD_Update(&m,md,MD_DIGEST_LENGTH);
  448. MD_Final(&m,md);
  449. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  450. EVP_MD_CTX_cleanup(&m);
  451. if (ok)
  452. return(1);
  453. else
  454. {
  455. RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
  456. ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
  457. "http://www.openssl.org/support/faq.html");
  458. return(0);
  459. }
  460. }
  461. /* pseudo-random bytes that are guaranteed to be unique but not
  462. unpredictable */
  463. static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
  464. {
  465. int ret;
  466. unsigned long err;
  467. ret = RAND_bytes(buf, num);
  468. if (ret == 0)
  469. {
  470. err = ERR_peek_error();
  471. if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
  472. ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
  473. ERR_clear_error();
  474. }
  475. return (ret);
  476. }
  477. static int ssleay_rand_status(void)
  478. {
  479. int ret;
  480. int do_not_lock;
  481. /* check if we already have the lock
  482. * (could happen if a RAND_poll() implementation calls RAND_status()) */
  483. if (crypto_lock_rand)
  484. {
  485. CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
  486. do_not_lock = (locking_thread == CRYPTO_thread_id());
  487. CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
  488. }
  489. else
  490. do_not_lock = 0;
  491. if (!do_not_lock)
  492. {
  493. CRYPTO_w_lock(CRYPTO_LOCK_RAND);
  494. /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
  495. CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
  496. locking_thread = CRYPTO_thread_id();
  497. CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
  498. crypto_lock_rand = 1;
  499. }
  500. if (!initialized)
  501. {
  502. RAND_poll();
  503. initialized = 1;
  504. }
  505. ret = entropy >= ENTROPY_NEEDED;
  506. if (!do_not_lock)
  507. {
  508. /* before unlocking, we must clear 'crypto_lock_rand' */
  509. crypto_lock_rand = 0;
  510. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  511. }
  512. return ret;
  513. }