rand_unix.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifndef _GNU_SOURCE
  10. # define _GNU_SOURCE
  11. #endif
  12. #include "e_os.h"
  13. #include <stdio.h>
  14. #include "internal/cryptlib.h"
  15. #include <openssl/rand.h>
  16. #include "rand_lcl.h"
  17. #include "internal/rand_int.h"
  18. #include <stdio.h>
  19. #include "internal/dso.h"
  20. #if defined(__linux)
  21. # include <sys/syscall.h>
  22. #endif
  23. #if defined(__FreeBSD__)
  24. # include <sys/types.h>
  25. # include <sys/sysctl.h>
  26. # include <sys/param.h>
  27. #endif
  28. #if defined(__OpenBSD__) || defined(__NetBSD__)
  29. # include <sys/param.h>
  30. #endif
  31. #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
  32. # include <sys/types.h>
  33. # include <sys/stat.h>
  34. # include <fcntl.h>
  35. # include <unistd.h>
  36. # include <sys/time.h>
  37. static uint64_t get_time_stamp(void);
  38. static uint64_t get_timer_bits(void);
  39. /* Macro to convert two thirty two bit values into a sixty four bit one */
  40. # define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
  41. /*
  42. * Check for the existence and support of POSIX timers. The standard
  43. * says that the _POSIX_TIMERS macro will have a positive value if they
  44. * are available.
  45. *
  46. * However, we want an additional constraint: that the timer support does
  47. * not require an extra library dependency. Early versions of glibc
  48. * require -lrt to be specified on the link line to access the timers,
  49. * so this needs to be checked for.
  50. *
  51. * It is worse because some libraries define __GLIBC__ but don't
  52. * support the version testing macro (e.g. uClibc). This means
  53. * an extra check is needed.
  54. *
  55. * The final condition is:
  56. * "have posix timers and either not glibc or glibc without -lrt"
  57. *
  58. * The nested #if sequences are required to avoid using a parameterised
  59. * macro that might be undefined.
  60. */
  61. # undef OSSL_POSIX_TIMER_OKAY
  62. # if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
  63. # if defined(__GLIBC__)
  64. # if defined(__GLIBC_PREREQ)
  65. # if __GLIBC_PREREQ(2, 17)
  66. # define OSSL_POSIX_TIMER_OKAY
  67. # endif
  68. # endif
  69. # else
  70. # define OSSL_POSIX_TIMER_OKAY
  71. # endif
  72. # endif
  73. #endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
  74. #if defined(OPENSSL_RAND_SEED_NONE)
  75. /* none means none. this simplifies the following logic */
  76. # undef OPENSSL_RAND_SEED_OS
  77. # undef OPENSSL_RAND_SEED_GETRANDOM
  78. # undef OPENSSL_RAND_SEED_LIBRANDOM
  79. # undef OPENSSL_RAND_SEED_DEVRANDOM
  80. # undef OPENSSL_RAND_SEED_RDTSC
  81. # undef OPENSSL_RAND_SEED_RDCPU
  82. # undef OPENSSL_RAND_SEED_EGD
  83. #endif
  84. #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
  85. !defined(OPENSSL_RAND_SEED_NONE)
  86. # error "UEFI and VXWorks only support seeding NONE"
  87. #endif
  88. #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
  89. || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
  90. || defined(OPENSSL_SYS_UEFI))
  91. # if defined(OPENSSL_SYS_VOS)
  92. # ifndef OPENSSL_RAND_SEED_OS
  93. # error "Unsupported seeding method configured; must be os"
  94. # endif
  95. # if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32)
  96. # error "Unsupported HP-PA and IA32 at the same time."
  97. # endif
  98. # if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32)
  99. # error "Must have one of HP-PA or IA32"
  100. # endif
  101. /*
  102. * The following algorithm repeatedly samples the real-time clock (RTC) to
  103. * generate a sequence of unpredictable data. The algorithm relies upon the
  104. * uneven execution speed of the code (due to factors such as cache misses,
  105. * interrupts, bus activity, and scheduling) and upon the rather large
  106. * relative difference between the speed of the clock and the rate at which
  107. * it can be read. If it is ported to an environment where execution speed
  108. * is more constant or where the RTC ticks at a much slower rate, or the
  109. * clock can be read with fewer instructions, it is likely that the results
  110. * would be far more predictable. This should only be used for legacy
  111. * platforms.
  112. *
  113. * As a precaution, we assume only 2 bits of entropy per byte.
  114. */
  115. size_t rand_pool_acquire_entropy(RAND_POOL *pool)
  116. {
  117. short int code;
  118. int i, k;
  119. size_t bytes_needed;
  120. struct timespec ts;
  121. unsigned char v;
  122. # ifdef OPENSSL_SYS_VOS_HPPA
  123. long duration;
  124. extern void s$sleep(long *_duration, short int *_code);
  125. # else
  126. long long duration;
  127. extern void s$sleep2(long long *_duration, short int *_code);
  128. # endif
  129. bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
  130. for (i = 0; i < bytes_needed; i++) {
  131. /*
  132. * burn some cpu; hope for interrupts, cache collisions, bus
  133. * interference, etc.
  134. */
  135. for (k = 0; k < 99; k++)
  136. ts.tv_nsec = random();
  137. # ifdef OPENSSL_SYS_VOS_HPPA
  138. /* sleep for 1/1024 of a second (976 us). */
  139. duration = 1;
  140. s$sleep(&duration, &code);
  141. # else
  142. /* sleep for 1/65536 of a second (15 us). */
  143. duration = 1;
  144. s$sleep2(&duration, &code);
  145. # endif
  146. /* Get wall clock time, take 8 bits. */
  147. clock_gettime(CLOCK_REALTIME, &ts);
  148. v = (unsigned char)(ts.tv_nsec & 0xFF);
  149. rand_pool_add(pool, arg, &v, sizeof(v) , 2);
  150. }
  151. return rand_pool_entropy_available(pool);
  152. }
  153. void rand_pool_cleanup(void)
  154. {
  155. }
  156. void rand_pool_keep_random_devices_open(int keep)
  157. {
  158. }
  159. # else
  160. # if defined(OPENSSL_RAND_SEED_EGD) && \
  161. (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
  162. # error "Seeding uses EGD but EGD is turned off or no device given"
  163. # endif
  164. # if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
  165. # error "Seeding uses urandom but DEVRANDOM is not configured"
  166. # endif
  167. # if defined(OPENSSL_RAND_SEED_OS)
  168. # if !defined(DEVRANDOM)
  169. # error "OS seeding requires DEVRANDOM to be configured"
  170. # endif
  171. # define OPENSSL_RAND_SEED_GETRANDOM
  172. # define OPENSSL_RAND_SEED_DEVRANDOM
  173. # endif
  174. # if defined(OPENSSL_RAND_SEED_LIBRANDOM)
  175. # error "librandom not (yet) supported"
  176. # endif
  177. # if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
  178. /*
  179. * sysctl_random(): Use sysctl() to read a random number from the kernel
  180. * Returns the number of bytes returned in buf on success, -1 on failure.
  181. */
  182. static ssize_t sysctl_random(char *buf, size_t buflen)
  183. {
  184. int mib[2];
  185. size_t done = 0;
  186. size_t len;
  187. /*
  188. * Note: sign conversion between size_t and ssize_t is safe even
  189. * without a range check, see comment in syscall_random()
  190. */
  191. /*
  192. * On FreeBSD old implementations returned longs, newer versions support
  193. * variable sizes up to 256 byte. The code below would not work properly
  194. * when the sysctl returns long and we want to request something not a
  195. * multiple of longs, which should never be the case.
  196. */
  197. if (!ossl_assert(buflen % sizeof(long) == 0)) {
  198. errno = EINVAL;
  199. return -1;
  200. }
  201. /*
  202. * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
  203. * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
  204. * it returns a variable number of bytes with the current version supporting
  205. * up to 256 bytes.
  206. * Just return an error on older NetBSD versions.
  207. */
  208. #if defined(__NetBSD__) && __NetBSD_Version__ < 400000000
  209. errno = ENOSYS;
  210. return -1;
  211. #endif
  212. mib[0] = CTL_KERN;
  213. mib[1] = KERN_ARND;
  214. do {
  215. len = buflen;
  216. if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
  217. return done > 0 ? done : -1;
  218. done += len;
  219. buf += len;
  220. buflen -= len;
  221. } while (buflen > 0);
  222. return done;
  223. }
  224. # endif
  225. # if defined(OPENSSL_RAND_SEED_GETRANDOM)
  226. /*
  227. * syscall_random(): Try to get random data using a system call
  228. * returns the number of bytes returned in buf, or < 0 on error.
  229. */
  230. static ssize_t syscall_random(void *buf, size_t buflen)
  231. {
  232. /*
  233. * Note: 'buflen' equals the size of the buffer which is used by the
  234. * get_entropy() callback of the RAND_DRBG. It is roughly bounded by
  235. *
  236. * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
  237. *
  238. * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
  239. * between size_t and ssize_t is safe even without a range check.
  240. */
  241. /*
  242. * Do runtime detection to find getentropy().
  243. *
  244. * Known OSs that should support this:
  245. * - Darwin since 16 (OSX 10.12, IOS 10.0).
  246. * - Solaris since 11.3
  247. * - OpenBSD since 5.6
  248. * - Linux since 3.17 with glibc 2.25
  249. * - FreeBSD since 12.0 (1200061)
  250. */
  251. # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
  252. extern int getentropy(void *buffer, size_t length) __attribute__((weak));
  253. if (getentropy != NULL)
  254. return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
  255. # else
  256. union {
  257. void *p;
  258. int (*f)(void *buffer, size_t length);
  259. } p_getentropy;
  260. /*
  261. * We could cache the result of the lookup, but we normally don't
  262. * call this function often.
  263. */
  264. ERR_set_mark();
  265. p_getentropy.p = DSO_global_lookup("getentropy");
  266. ERR_pop_to_mark();
  267. if (p_getentropy.p != NULL)
  268. return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
  269. # endif
  270. /* Linux supports this since version 3.17 */
  271. # if defined(__linux) && defined(SYS_getrandom)
  272. return syscall(SYS_getrandom, buf, buflen, 0);
  273. # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
  274. return sysctl_random(buf, buflen);
  275. # else
  276. errno = ENOSYS;
  277. return -1;
  278. # endif
  279. }
  280. # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
  281. # if defined(OPENSSL_RAND_SEED_DEVRANDOM)
  282. static const char *random_device_paths[] = { DEVRANDOM };
  283. static struct random_device {
  284. int fd;
  285. dev_t dev;
  286. ino_t ino;
  287. mode_t mode;
  288. dev_t rdev;
  289. } random_devices[OSSL_NELEM(random_device_paths)];
  290. static int keep_random_devices_open = 1;
  291. /*
  292. * Verify that the file descriptor associated with the random source is
  293. * still valid. The rationale for doing this is the fact that it is not
  294. * uncommon for daemons to close all open file handles when daemonizing.
  295. * So the handle might have been closed or even reused for opening
  296. * another file.
  297. */
  298. static int check_random_device(struct random_device * rd)
  299. {
  300. struct stat st;
  301. return rd->fd != -1
  302. && fstat(rd->fd, &st) != -1
  303. && rd->dev == st.st_dev
  304. && rd->ino == st.st_ino
  305. && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
  306. && rd->rdev == st.st_rdev;
  307. }
  308. /*
  309. * Open a random device if required and return its file descriptor or -1 on error
  310. */
  311. static int get_random_device(size_t n)
  312. {
  313. struct stat st;
  314. struct random_device * rd = &random_devices[n];
  315. /* reuse existing file descriptor if it is (still) valid */
  316. if (check_random_device(rd))
  317. return rd->fd;
  318. /* open the random device ... */
  319. if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
  320. return rd->fd;
  321. /* ... and cache its relevant stat(2) data */
  322. if (fstat(rd->fd, &st) != -1) {
  323. rd->dev = st.st_dev;
  324. rd->ino = st.st_ino;
  325. rd->mode = st.st_mode;
  326. rd->rdev = st.st_rdev;
  327. } else {
  328. close(rd->fd);
  329. rd->fd = -1;
  330. }
  331. return rd->fd;
  332. }
  333. /*
  334. * Close a random device making sure it is a random device
  335. */
  336. static void close_random_device(size_t n)
  337. {
  338. struct random_device * rd = &random_devices[n];
  339. if (check_random_device(rd))
  340. close(rd->fd);
  341. rd->fd = -1;
  342. }
  343. static void open_random_devices(void)
  344. {
  345. size_t i;
  346. for (i = 0; i < OSSL_NELEM(random_devices); i++)
  347. (void)get_random_device(i);
  348. }
  349. int rand_pool_init(void)
  350. {
  351. size_t i;
  352. for (i = 0; i < OSSL_NELEM(random_devices); i++)
  353. random_devices[i].fd = -1;
  354. open_random_devices();
  355. return 1;
  356. }
  357. void rand_pool_cleanup(void)
  358. {
  359. size_t i;
  360. for (i = 0; i < OSSL_NELEM(random_devices); i++)
  361. close_random_device(i);
  362. }
  363. void rand_pool_keep_random_devices_open(int keep)
  364. {
  365. if (keep)
  366. open_random_devices();
  367. else
  368. rand_pool_cleanup();
  369. keep_random_devices_open = keep;
  370. }
  371. # else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
  372. int rand_pool_init(void)
  373. {
  374. return 1;
  375. }
  376. void rand_pool_cleanup(void)
  377. {
  378. }
  379. void rand_pool_keep_random_devices_open(int keep)
  380. {
  381. }
  382. # endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
  383. /*
  384. * Try the various seeding methods in turn, exit when successful.
  385. *
  386. * TODO(DRBG): If more than one entropy source is available, is it
  387. * preferable to stop as soon as enough entropy has been collected
  388. * (as favored by @rsalz) or should one rather be defensive and add
  389. * more entropy than requested and/or from different sources?
  390. *
  391. * Currently, the user can select multiple entropy sources in the
  392. * configure step, yet in practice only the first available source
  393. * will be used. A more flexible solution has been requested, but
  394. * currently it is not clear how this can be achieved without
  395. * overengineering the problem. There are many parameters which
  396. * could be taken into account when selecting the order and amount
  397. * of input from the different entropy sources (trust, quality,
  398. * possibility of blocking).
  399. */
  400. size_t rand_pool_acquire_entropy(RAND_POOL *pool)
  401. {
  402. # if defined(OPENSSL_RAND_SEED_NONE)
  403. return rand_pool_entropy_available(pool);
  404. # else
  405. size_t bytes_needed;
  406. size_t entropy_available = 0;
  407. unsigned char *buffer;
  408. # if defined(OPENSSL_RAND_SEED_GETRANDOM)
  409. {
  410. ssize_t bytes;
  411. /* Maximum allowed number of consecutive unsuccessful attempts */
  412. int attempts = 3;
  413. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  414. while (bytes_needed != 0 && attempts-- > 0) {
  415. buffer = rand_pool_add_begin(pool, bytes_needed);
  416. bytes = syscall_random(buffer, bytes_needed);
  417. if (bytes > 0) {
  418. rand_pool_add_end(pool, bytes, 8 * bytes);
  419. bytes_needed -= bytes;
  420. attempts = 3; /* reset counter after successful attempt */
  421. } else if (bytes < 0 && errno != EINTR) {
  422. break;
  423. }
  424. }
  425. }
  426. entropy_available = rand_pool_entropy_available(pool);
  427. if (entropy_available > 0)
  428. return entropy_available;
  429. # endif
  430. # if defined(OPENSSL_RAND_SEED_LIBRANDOM)
  431. {
  432. /* Not yet implemented. */
  433. }
  434. # endif
  435. # if defined(OPENSSL_RAND_SEED_DEVRANDOM)
  436. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  437. {
  438. size_t i;
  439. for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
  440. ssize_t bytes = 0;
  441. /* Maximum allowed number of consecutive unsuccessful attempts */
  442. int attempts = 3;
  443. const int fd = get_random_device(i);
  444. if (fd == -1)
  445. continue;
  446. while (bytes_needed != 0 && attempts-- > 0) {
  447. buffer = rand_pool_add_begin(pool, bytes_needed);
  448. bytes = read(fd, buffer, bytes_needed);
  449. if (bytes > 0) {
  450. rand_pool_add_end(pool, bytes, 8 * bytes);
  451. bytes_needed -= bytes;
  452. attempts = 3; /* reset counter after successful attempt */
  453. } else if (bytes < 0 && errno != EINTR) {
  454. break;
  455. }
  456. }
  457. if (bytes < 0 || !keep_random_devices_open)
  458. close_random_device(i);
  459. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  460. }
  461. entropy_available = rand_pool_entropy_available(pool);
  462. if (entropy_available > 0)
  463. return entropy_available;
  464. }
  465. # endif
  466. # if defined(OPENSSL_RAND_SEED_RDTSC)
  467. entropy_available = rand_acquire_entropy_from_tsc(pool);
  468. if (entropy_available > 0)
  469. return entropy_available;
  470. # endif
  471. # if defined(OPENSSL_RAND_SEED_RDCPU)
  472. entropy_available = rand_acquire_entropy_from_cpu(pool);
  473. if (entropy_available > 0)
  474. return entropy_available;
  475. # endif
  476. # if defined(OPENSSL_RAND_SEED_EGD)
  477. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  478. if (bytes_needed > 0) {
  479. static const char *paths[] = { DEVRANDOM_EGD, NULL };
  480. int i;
  481. for (i = 0; paths[i] != NULL; i++) {
  482. buffer = rand_pool_add_begin(pool, bytes_needed);
  483. if (buffer != NULL) {
  484. size_t bytes = 0;
  485. int num = RAND_query_egd_bytes(paths[i],
  486. buffer, (int)bytes_needed);
  487. if (num == (int)bytes_needed)
  488. bytes = bytes_needed;
  489. rand_pool_add_end(pool, bytes, 8 * bytes);
  490. entropy_available = rand_pool_entropy_available(pool);
  491. }
  492. if (entropy_available > 0)
  493. return entropy_available;
  494. }
  495. }
  496. # endif
  497. return rand_pool_entropy_available(pool);
  498. # endif
  499. }
  500. # endif
  501. #endif
  502. #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
  503. int rand_pool_add_nonce_data(RAND_POOL *pool)
  504. {
  505. struct {
  506. pid_t pid;
  507. CRYPTO_THREAD_ID tid;
  508. uint64_t time;
  509. } data = { 0 };
  510. /*
  511. * Add process id, thread id, and a high resolution timestamp to
  512. * ensure that the nonce is unique with high probability for
  513. * different process instances.
  514. */
  515. data.pid = getpid();
  516. data.tid = CRYPTO_THREAD_get_current_id();
  517. data.time = get_time_stamp();
  518. return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
  519. }
  520. int rand_pool_add_additional_data(RAND_POOL *pool)
  521. {
  522. struct {
  523. CRYPTO_THREAD_ID tid;
  524. uint64_t time;
  525. } data = { 0 };
  526. /*
  527. * Add some noise from the thread id and a high resolution timer.
  528. * The thread id adds a little randomness if the drbg is accessed
  529. * concurrently (which is the case for the <master> drbg).
  530. */
  531. data.tid = CRYPTO_THREAD_get_current_id();
  532. data.time = get_timer_bits();
  533. return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
  534. }
  535. /*
  536. * Get the current time with the highest possible resolution
  537. *
  538. * The time stamp is added to the nonce, so it is optimized for not repeating.
  539. * The current time is ideal for this purpose, provided the computer's clock
  540. * is synchronized.
  541. */
  542. static uint64_t get_time_stamp(void)
  543. {
  544. # if defined(OSSL_POSIX_TIMER_OKAY)
  545. {
  546. struct timespec ts;
  547. if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
  548. return TWO32TO64(ts.tv_sec, ts.tv_nsec);
  549. }
  550. # endif
  551. # if defined(__unix__) \
  552. || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
  553. {
  554. struct timeval tv;
  555. if (gettimeofday(&tv, NULL) == 0)
  556. return TWO32TO64(tv.tv_sec, tv.tv_usec);
  557. }
  558. # endif
  559. return time(NULL);
  560. }
  561. /*
  562. * Get an arbitrary timer value of the highest possible resolution
  563. *
  564. * The timer value is added as random noise to the additional data,
  565. * which is not considered a trusted entropy sourec, so any result
  566. * is acceptable.
  567. */
  568. static uint64_t get_timer_bits(void)
  569. {
  570. uint64_t res = OPENSSL_rdtsc();
  571. if (res != 0)
  572. return res;
  573. # if defined(__sun) || defined(__hpux)
  574. return gethrtime();
  575. # elif defined(_AIX)
  576. {
  577. timebasestruct_t t;
  578. read_wall_time(&t, TIMEBASE_SZ);
  579. return TWO32TO64(t.tb_high, t.tb_low);
  580. }
  581. # elif defined(OSSL_POSIX_TIMER_OKAY)
  582. {
  583. struct timespec ts;
  584. # ifdef CLOCK_BOOTTIME
  585. # define CLOCK_TYPE CLOCK_BOOTTIME
  586. # elif defined(_POSIX_MONOTONIC_CLOCK)
  587. # define CLOCK_TYPE CLOCK_MONOTONIC
  588. # else
  589. # define CLOCK_TYPE CLOCK_REALTIME
  590. # endif
  591. if (clock_gettime(CLOCK_TYPE, &ts) == 0)
  592. return TWO32TO64(ts.tv_sec, ts.tv_nsec);
  593. }
  594. # endif
  595. # if defined(__unix__) \
  596. || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
  597. {
  598. struct timeval tv;
  599. if (gettimeofday(&tv, NULL) == 0)
  600. return TWO32TO64(tv.tv_sec, tv.tv_usec);
  601. }
  602. # endif
  603. return time(NULL);
  604. }
  605. #endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */