rand_unix.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifndef _GNU_SOURCE
  10. # define _GNU_SOURCE
  11. #endif
  12. #include "e_os.h"
  13. #include <stdio.h>
  14. #include "internal/cryptlib.h"
  15. #include <openssl/rand.h>
  16. #include "rand_lcl.h"
  17. #include "internal/rand_int.h"
  18. #include <stdio.h>
  19. #include "internal/dso.h"
  20. #if defined(__linux)
  21. # include <asm/unistd.h>
  22. #endif
  23. #if defined(__FreeBSD__)
  24. # include <sys/types.h>
  25. # include <sys/sysctl.h>
  26. # include <sys/param.h>
  27. #endif
  28. #if defined(__OpenBSD__) || defined(__NetBSD__)
  29. # include <sys/param.h>
  30. #endif
  31. #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \
  32. || defined(__DJGPP__)
  33. # include <sys/types.h>
  34. # include <sys/stat.h>
  35. # include <fcntl.h>
  36. # include <unistd.h>
  37. # include <sys/time.h>
  38. static uint64_t get_time_stamp(void);
  39. static uint64_t get_timer_bits(void);
  40. /* Macro to convert two thirty two bit values into a sixty four bit one */
  41. # define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
  42. /*
  43. * Check for the existence and support of POSIX timers. The standard
  44. * says that the _POSIX_TIMERS macro will have a positive value if they
  45. * are available.
  46. *
  47. * However, we want an additional constraint: that the timer support does
  48. * not require an extra library dependency. Early versions of glibc
  49. * require -lrt to be specified on the link line to access the timers,
  50. * so this needs to be checked for.
  51. *
  52. * It is worse because some libraries define __GLIBC__ but don't
  53. * support the version testing macro (e.g. uClibc). This means
  54. * an extra check is needed.
  55. *
  56. * The final condition is:
  57. * "have posix timers and either not glibc or glibc without -lrt"
  58. *
  59. * The nested #if sequences are required to avoid using a parameterised
  60. * macro that might be undefined.
  61. */
  62. # undef OSSL_POSIX_TIMER_OKAY
  63. # if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
  64. # if defined(__GLIBC__)
  65. # if defined(__GLIBC_PREREQ)
  66. # if __GLIBC_PREREQ(2, 17)
  67. # define OSSL_POSIX_TIMER_OKAY
  68. # endif
  69. # endif
  70. # else
  71. # define OSSL_POSIX_TIMER_OKAY
  72. # endif
  73. # endif
  74. #endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
  75. #if defined(OPENSSL_RAND_SEED_NONE)
  76. /* none means none. this simplifies the following logic */
  77. # undef OPENSSL_RAND_SEED_OS
  78. # undef OPENSSL_RAND_SEED_GETRANDOM
  79. # undef OPENSSL_RAND_SEED_LIBRANDOM
  80. # undef OPENSSL_RAND_SEED_DEVRANDOM
  81. # undef OPENSSL_RAND_SEED_RDTSC
  82. # undef OPENSSL_RAND_SEED_RDCPU
  83. # undef OPENSSL_RAND_SEED_EGD
  84. #endif
  85. #if defined(OPENSSL_SYS_UEFI) && !defined(OPENSSL_RAND_SEED_NONE)
  86. # error "UEFI only supports seeding NONE"
  87. #endif
  88. #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
  89. || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
  90. || defined(OPENSSL_SYS_UEFI))
  91. # if defined(OPENSSL_SYS_VOS)
  92. # ifndef OPENSSL_RAND_SEED_OS
  93. # error "Unsupported seeding method configured; must be os"
  94. # endif
  95. # if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32)
  96. # error "Unsupported HP-PA and IA32 at the same time."
  97. # endif
  98. # if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32)
  99. # error "Must have one of HP-PA or IA32"
  100. # endif
  101. /*
  102. * The following algorithm repeatedly samples the real-time clock (RTC) to
  103. * generate a sequence of unpredictable data. The algorithm relies upon the
  104. * uneven execution speed of the code (due to factors such as cache misses,
  105. * interrupts, bus activity, and scheduling) and upon the rather large
  106. * relative difference between the speed of the clock and the rate at which
  107. * it can be read. If it is ported to an environment where execution speed
  108. * is more constant or where the RTC ticks at a much slower rate, or the
  109. * clock can be read with fewer instructions, it is likely that the results
  110. * would be far more predictable. This should only be used for legacy
  111. * platforms.
  112. *
  113. * As a precaution, we assume only 2 bits of entropy per byte.
  114. */
  115. size_t rand_pool_acquire_entropy(RAND_POOL *pool)
  116. {
  117. short int code;
  118. int i, k;
  119. size_t bytes_needed;
  120. struct timespec ts;
  121. unsigned char v;
  122. # ifdef OPENSSL_SYS_VOS_HPPA
  123. long duration;
  124. extern void s$sleep(long *_duration, short int *_code);
  125. # else
  126. long long duration;
  127. extern void s$sleep2(long long *_duration, short int *_code);
  128. # endif
  129. bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
  130. for (i = 0; i < bytes_needed; i++) {
  131. /*
  132. * burn some cpu; hope for interrupts, cache collisions, bus
  133. * interference, etc.
  134. */
  135. for (k = 0; k < 99; k++)
  136. ts.tv_nsec = random();
  137. # ifdef OPENSSL_SYS_VOS_HPPA
  138. /* sleep for 1/1024 of a second (976 us). */
  139. duration = 1;
  140. s$sleep(&duration, &code);
  141. # else
  142. /* sleep for 1/65536 of a second (15 us). */
  143. duration = 1;
  144. s$sleep2(&duration, &code);
  145. # endif
  146. /* Get wall clock time, take 8 bits. */
  147. clock_gettime(CLOCK_REALTIME, &ts);
  148. v = (unsigned char)(ts.tv_nsec & 0xFF);
  149. rand_pool_add(pool, arg, &v, sizeof(v) , 2);
  150. }
  151. return rand_pool_entropy_available(pool);
  152. }
  153. void rand_pool_cleanup(void)
  154. {
  155. }
  156. void rand_pool_keep_random_devices_open(int keep)
  157. {
  158. }
  159. # else
  160. # if defined(OPENSSL_RAND_SEED_EGD) && \
  161. (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
  162. # error "Seeding uses EGD but EGD is turned off or no device given"
  163. # endif
  164. # if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
  165. # error "Seeding uses urandom but DEVRANDOM is not configured"
  166. # endif
  167. # if defined(OPENSSL_RAND_SEED_OS)
  168. # if !defined(DEVRANDOM)
  169. # error "OS seeding requires DEVRANDOM to be configured"
  170. # endif
  171. # define OPENSSL_RAND_SEED_GETRANDOM
  172. # define OPENSSL_RAND_SEED_DEVRANDOM
  173. # endif
  174. # if defined(OPENSSL_RAND_SEED_LIBRANDOM)
  175. # error "librandom not (yet) supported"
  176. # endif
  177. # if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
  178. /*
  179. * sysctl_random(): Use sysctl() to read a random number from the kernel
  180. * Returns the number of bytes returned in buf on success, -1 on failure.
  181. */
  182. static ssize_t sysctl_random(char *buf, size_t buflen)
  183. {
  184. int mib[2];
  185. size_t done = 0;
  186. size_t len;
  187. /*
  188. * Note: sign conversion between size_t and ssize_t is safe even
  189. * without a range check, see comment in syscall_random()
  190. */
  191. /*
  192. * On FreeBSD old implementations returned longs, newer versions support
  193. * variable sizes up to 256 byte. The code below would not work properly
  194. * when the sysctl returns long and we want to request something not a
  195. * multiple of longs, which should never be the case.
  196. */
  197. if (!ossl_assert(buflen % sizeof(long) == 0)) {
  198. errno = EINVAL;
  199. return -1;
  200. }
  201. /*
  202. * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
  203. * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
  204. * it returns a variable number of bytes with the current version supporting
  205. * up to 256 bytes.
  206. * Just return an error on older NetBSD versions.
  207. */
  208. #if defined(__NetBSD__) && __NetBSD_Version__ < 400000000
  209. errno = ENOSYS;
  210. return -1;
  211. #endif
  212. mib[0] = CTL_KERN;
  213. mib[1] = KERN_ARND;
  214. do {
  215. len = buflen;
  216. if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
  217. return done > 0 ? done : -1;
  218. done += len;
  219. buf += len;
  220. buflen -= len;
  221. } while (buflen > 0);
  222. return done;
  223. }
  224. # endif
  225. # if defined(OPENSSL_RAND_SEED_GETRANDOM)
  226. /*
  227. * syscall_random(): Try to get random data using a system call
  228. * returns the number of bytes returned in buf, or < 0 on error.
  229. */
  230. static ssize_t syscall_random(void *buf, size_t buflen)
  231. {
  232. /*
  233. * Note: 'buflen' equals the size of the buffer which is used by the
  234. * get_entropy() callback of the RAND_DRBG. It is roughly bounded by
  235. *
  236. * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
  237. *
  238. * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
  239. * between size_t and ssize_t is safe even without a range check.
  240. */
  241. /*
  242. * Do runtime detection to find getentropy().
  243. *
  244. * Known OSs that should support this:
  245. * - Darwin since 16 (OSX 10.12, IOS 10.0).
  246. * - Solaris since 11.3
  247. * - OpenBSD since 5.6
  248. * - Linux since 3.17 with glibc 2.25
  249. * - FreeBSD since 12.0 (1200061)
  250. */
  251. # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
  252. extern int getentropy(void *buffer, size_t length) __attribute__((weak));
  253. if (getentropy != NULL)
  254. return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
  255. # else
  256. union {
  257. void *p;
  258. int (*f)(void *buffer, size_t length);
  259. } p_getentropy;
  260. /*
  261. * We could cache the result of the lookup, but we normally don't
  262. * call this function often.
  263. */
  264. ERR_set_mark();
  265. p_getentropy.p = DSO_global_lookup("getentropy");
  266. ERR_pop_to_mark();
  267. if (p_getentropy.p != NULL)
  268. return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
  269. # endif
  270. /* Linux supports this since version 3.17 */
  271. # if defined(__linux) && defined(__NR_getrandom)
  272. return syscall(__NR_getrandom, buf, buflen, 0);
  273. # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
  274. return sysctl_random(buf, buflen);
  275. # else
  276. errno = ENOSYS;
  277. return -1;
  278. # endif
  279. }
  280. # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
  281. # if defined(OPENSSL_RAND_SEED_DEVRANDOM)
  282. static const char *random_device_paths[] = { DEVRANDOM };
  283. static struct random_device {
  284. int fd;
  285. dev_t dev;
  286. ino_t ino;
  287. mode_t mode;
  288. dev_t rdev;
  289. } random_devices[OSSL_NELEM(random_device_paths)];
  290. static int keep_random_devices_open = 1;
  291. /*
  292. * Verify that the file descriptor associated with the random source is
  293. * still valid. The rationale for doing this is the fact that it is not
  294. * uncommon for daemons to close all open file handles when daemonizing.
  295. * So the handle might have been closed or even reused for opening
  296. * another file.
  297. */
  298. static int check_random_device(struct random_device * rd)
  299. {
  300. struct stat st;
  301. return rd->fd != -1
  302. && fstat(rd->fd, &st) != -1
  303. && rd->dev == st.st_dev
  304. && rd->ino == st.st_ino
  305. && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
  306. && rd->rdev == st.st_rdev;
  307. }
  308. /*
  309. * Open a random device if required and return its file descriptor or -1 on error
  310. */
  311. static int get_random_device(size_t n)
  312. {
  313. struct stat st;
  314. struct random_device * rd = &random_devices[n];
  315. /* reuse existing file descriptor if it is (still) valid */
  316. if (check_random_device(rd))
  317. return rd->fd;
  318. /* open the random device ... */
  319. if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
  320. return rd->fd;
  321. /* ... and cache its relevant stat(2) data */
  322. if (fstat(rd->fd, &st) != -1) {
  323. rd->dev = st.st_dev;
  324. rd->ino = st.st_ino;
  325. rd->mode = st.st_mode;
  326. rd->rdev = st.st_rdev;
  327. } else {
  328. close(rd->fd);
  329. rd->fd = -1;
  330. }
  331. return rd->fd;
  332. }
  333. /*
  334. * Close a random device making sure it is a random device
  335. */
  336. static void close_random_device(size_t n)
  337. {
  338. struct random_device * rd = &random_devices[n];
  339. if (check_random_device(rd))
  340. close(rd->fd);
  341. rd->fd = -1;
  342. }
  343. int rand_pool_init(void)
  344. {
  345. size_t i;
  346. for (i = 0; i < OSSL_NELEM(random_devices); i++)
  347. random_devices[i].fd = -1;
  348. return 1;
  349. }
  350. void rand_pool_cleanup(void)
  351. {
  352. size_t i;
  353. for (i = 0; i < OSSL_NELEM(random_devices); i++)
  354. close_random_device(i);
  355. }
  356. void rand_pool_keep_random_devices_open(int keep)
  357. {
  358. if (!keep)
  359. rand_pool_cleanup();
  360. keep_random_devices_open = keep;
  361. }
  362. # else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
  363. int rand_pool_init(void)
  364. {
  365. return 1;
  366. }
  367. void rand_pool_cleanup(void)
  368. {
  369. }
  370. void rand_pool_keep_random_devices_open(int keep)
  371. {
  372. }
  373. # endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
  374. /*
  375. * Try the various seeding methods in turn, exit when successful.
  376. *
  377. * TODO(DRBG): If more than one entropy source is available, is it
  378. * preferable to stop as soon as enough entropy has been collected
  379. * (as favored by @rsalz) or should one rather be defensive and add
  380. * more entropy than requested and/or from different sources?
  381. *
  382. * Currently, the user can select multiple entropy sources in the
  383. * configure step, yet in practice only the first available source
  384. * will be used. A more flexible solution has been requested, but
  385. * currently it is not clear how this can be achieved without
  386. * overengineering the problem. There are many parameters which
  387. * could be taken into account when selecting the order and amount
  388. * of input from the different entropy sources (trust, quality,
  389. * possibility of blocking).
  390. */
  391. size_t rand_pool_acquire_entropy(RAND_POOL *pool)
  392. {
  393. # if defined(OPENSSL_RAND_SEED_NONE)
  394. return rand_pool_entropy_available(pool);
  395. # else
  396. size_t bytes_needed;
  397. size_t entropy_available = 0;
  398. unsigned char *buffer;
  399. # if defined(OPENSSL_RAND_SEED_GETRANDOM)
  400. {
  401. ssize_t bytes;
  402. /* Maximum allowed number of consecutive unsuccessful attempts */
  403. int attempts = 3;
  404. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  405. while (bytes_needed != 0 && attempts-- > 0) {
  406. buffer = rand_pool_add_begin(pool, bytes_needed);
  407. bytes = syscall_random(buffer, bytes_needed);
  408. if (bytes > 0) {
  409. rand_pool_add_end(pool, bytes, 8 * bytes);
  410. bytes_needed -= bytes;
  411. attempts = 3; /* reset counter after successful attempt */
  412. } else if (bytes < 0 && errno != EINTR) {
  413. break;
  414. }
  415. }
  416. }
  417. entropy_available = rand_pool_entropy_available(pool);
  418. if (entropy_available > 0)
  419. return entropy_available;
  420. # endif
  421. # if defined(OPENSSL_RAND_SEED_LIBRANDOM)
  422. {
  423. /* Not yet implemented. */
  424. }
  425. # endif
  426. # if defined(OPENSSL_RAND_SEED_DEVRANDOM)
  427. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  428. {
  429. size_t i;
  430. for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
  431. ssize_t bytes = 0;
  432. /* Maximum allowed number of consecutive unsuccessful attempts */
  433. int attempts = 3;
  434. const int fd = get_random_device(i);
  435. if (fd == -1)
  436. continue;
  437. while (bytes_needed != 0 && attempts-- > 0) {
  438. buffer = rand_pool_add_begin(pool, bytes_needed);
  439. bytes = read(fd, buffer, bytes_needed);
  440. if (bytes > 0) {
  441. rand_pool_add_end(pool, bytes, 8 * bytes);
  442. bytes_needed -= bytes;
  443. attempts = 3; /* reset counter after successful attempt */
  444. } else if (bytes < 0 && errno != EINTR) {
  445. break;
  446. }
  447. }
  448. if (bytes < 0 || !keep_random_devices_open)
  449. close_random_device(i);
  450. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  451. }
  452. entropy_available = rand_pool_entropy_available(pool);
  453. if (entropy_available > 0)
  454. return entropy_available;
  455. }
  456. # endif
  457. # if defined(OPENSSL_RAND_SEED_RDTSC)
  458. entropy_available = rand_acquire_entropy_from_tsc(pool);
  459. if (entropy_available > 0)
  460. return entropy_available;
  461. # endif
  462. # if defined(OPENSSL_RAND_SEED_RDCPU)
  463. entropy_available = rand_acquire_entropy_from_cpu(pool);
  464. if (entropy_available > 0)
  465. return entropy_available;
  466. # endif
  467. # if defined(OPENSSL_RAND_SEED_EGD)
  468. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  469. if (bytes_needed > 0) {
  470. static const char *paths[] = { DEVRANDOM_EGD, NULL };
  471. int i;
  472. for (i = 0; paths[i] != NULL; i++) {
  473. buffer = rand_pool_add_begin(pool, bytes_needed);
  474. if (buffer != NULL) {
  475. size_t bytes = 0;
  476. int num = RAND_query_egd_bytes(paths[i],
  477. buffer, (int)bytes_needed);
  478. if (num == (int)bytes_needed)
  479. bytes = bytes_needed;
  480. rand_pool_add_end(pool, bytes, 8 * bytes);
  481. entropy_available = rand_pool_entropy_available(pool);
  482. }
  483. if (entropy_available > 0)
  484. return entropy_available;
  485. }
  486. }
  487. # endif
  488. return rand_pool_entropy_available(pool);
  489. # endif
  490. }
  491. # endif
  492. #endif
  493. #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \
  494. || defined(__DJGPP__)
  495. int rand_pool_add_nonce_data(RAND_POOL *pool)
  496. {
  497. struct {
  498. pid_t pid;
  499. CRYPTO_THREAD_ID tid;
  500. uint64_t time;
  501. } data;
  502. /* Erase the entire structure including any padding */
  503. memset(&data, 0, sizeof(data));
  504. /*
  505. * Add process id, thread id, and a high resolution timestamp to
  506. * ensure that the nonce is unique with high probability for
  507. * different process instances.
  508. */
  509. data.pid = getpid();
  510. data.tid = CRYPTO_THREAD_get_current_id();
  511. data.time = get_time_stamp();
  512. return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
  513. }
  514. int rand_pool_add_additional_data(RAND_POOL *pool)
  515. {
  516. struct {
  517. CRYPTO_THREAD_ID tid;
  518. uint64_t time;
  519. } data;
  520. /* Erase the entire structure including any padding */
  521. memset(&data, 0, sizeof(data));
  522. /*
  523. * Add some noise from the thread id and a high resolution timer.
  524. * The thread id adds a little randomness if the drbg is accessed
  525. * concurrently (which is the case for the <master> drbg).
  526. */
  527. data.tid = CRYPTO_THREAD_get_current_id();
  528. data.time = get_timer_bits();
  529. return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
  530. }
  531. /*
  532. * Get the current time with the highest possible resolution
  533. *
  534. * The time stamp is added to the nonce, so it is optimized for not repeating.
  535. * The current time is ideal for this purpose, provided the computer's clock
  536. * is synchronized.
  537. */
  538. static uint64_t get_time_stamp(void)
  539. {
  540. # if defined(OSSL_POSIX_TIMER_OKAY)
  541. {
  542. struct timespec ts;
  543. if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
  544. return TWO32TO64(ts.tv_sec, ts.tv_nsec);
  545. }
  546. # endif
  547. # if defined(__unix__) \
  548. || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
  549. {
  550. struct timeval tv;
  551. if (gettimeofday(&tv, NULL) == 0)
  552. return TWO32TO64(tv.tv_sec, tv.tv_usec);
  553. }
  554. # endif
  555. return time(NULL);
  556. }
  557. /*
  558. * Get an arbitrary timer value of the highest possible resolution
  559. *
  560. * The timer value is added as random noise to the additional data,
  561. * which is not considered a trusted entropy sourec, so any result
  562. * is acceptable.
  563. */
  564. static uint64_t get_timer_bits(void)
  565. {
  566. uint64_t res = OPENSSL_rdtsc();
  567. if (res != 0)
  568. return res;
  569. # if defined(__sun) || defined(__hpux)
  570. return gethrtime();
  571. # elif defined(_AIX)
  572. {
  573. timebasestruct_t t;
  574. read_wall_time(&t, TIMEBASE_SZ);
  575. return TWO32TO64(t.tb_high, t.tb_low);
  576. }
  577. # elif defined(OSSL_POSIX_TIMER_OKAY)
  578. {
  579. struct timespec ts;
  580. # ifdef CLOCK_BOOTTIME
  581. # define CLOCK_TYPE CLOCK_BOOTTIME
  582. # elif defined(_POSIX_MONOTONIC_CLOCK)
  583. # define CLOCK_TYPE CLOCK_MONOTONIC
  584. # else
  585. # define CLOCK_TYPE CLOCK_REALTIME
  586. # endif
  587. if (clock_gettime(CLOCK_TYPE, &ts) == 0)
  588. return TWO32TO64(ts.tv_sec, ts.tv_nsec);
  589. }
  590. # endif
  591. # if defined(__unix__) \
  592. || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
  593. {
  594. struct timeval tv;
  595. if (gettimeofday(&tv, NULL) == 0)
  596. return TWO32TO64(tv.tv_sec, tv.tv_usec);
  597. }
  598. # endif
  599. return time(NULL);
  600. }
  601. #endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */