diff options
author | Rich Salz <rsalz@openssl.org> | 2017-08-07 19:21:36 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-07 19:34:33 -0400 |
commit | 9ed79d8ee1ef845fce94739787d45ad03f675eaa (patch) | |
tree | 3fa03425d21306ebc98803c696515d80775cc369 /crypto/rand/rand_lcl.h | |
parent | db854bb14a7010712cfc02861731399b1b587474 (diff) |
Various RAND improvements
Try to put DRBG and rand_bytes buffers in secure heap
Read the TSC fewer times (but it's still not enabled).
Short-circuit return in win RAND_poll_ex; other minor tweaks and
format-fixes.
Use the _bytes version of rdrand/rdseed
Fix ia32cap checks.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4100)
Diffstat (limited to 'crypto/rand/rand_lcl.h')
-rw-r--r-- | crypto/rand/rand_lcl.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index c96625456d..e60f619d61 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -25,6 +25,9 @@ */ # define RANDOMNESS_NEEDED 16 +/* How many times to read the TSC as a randomness source. */ +# define TSC_READ_COUNT 4 + /* Maximum amount of randomness to hold in RAND_BYTES_BUFFER. */ # define MAX_RANDOMNESS_HELD (4 * RANDOMNESS_NEEDED) @@ -57,9 +60,10 @@ typedef enum drbg_status_e { */ typedef struct rand_bytes_buffer_st { CRYPTO_RWLOCK *lock; + unsigned char *buff; size_t size; size_t curr; - unsigned char *buff; + int secure; } RAND_BYTES_BUFFER; /* @@ -90,7 +94,8 @@ struct rand_drbg_st { int nid; /* the underlying algorithm */ int fork_count; unsigned short flags; /* various external flags */ - unsigned short filled; + char filled; + char secure; /* * This is a fixed-size buffer, but we malloc to make it a little * harder to find; a classic security/performance trade-off. |