OpenSSLRandom.java revision 49336618a762eff280621cf7474021e06e8521fa
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package org.conscrypt; 18 19import java.io.Serializable; 20import java.security.SecureRandomSpi; 21 22public class OpenSSLRandom extends SecureRandomSpi implements Serializable { 23 private static final long serialVersionUID = 8506210602917522860L; 24 25 private boolean mSeeded; 26 27 @Override 28 protected void engineSetSeed(byte[] seed) { 29 // NOTE: The contract of the SecureRandomSpi does not appear to prohibit self-seeding here 30 // (in addition to using the provided seed). 31 selfSeedIfNotSeeded(); 32 NativeCrypto.RAND_seed(seed); 33 } 34 35 @Override 36 protected void engineNextBytes(byte[] bytes) { 37 selfSeedIfNotSeeded(); 38 NativeCrypto.RAND_bytes(bytes); 39 } 40 41 @Override 42 protected byte[] engineGenerateSeed(int numBytes) { 43 selfSeedIfNotSeeded(); 44 byte[] output = new byte[numBytes]; 45 NativeCrypto.RAND_bytes(output); 46 return output; 47 } 48 49 /** 50 * Self-seeds this instance from the Linux RNG. Does nothing if this instance has already been 51 * seeded. 52 */ 53 private void selfSeedIfNotSeeded() { 54 // NOTE: No need to worry about concurrent access to this field because the worst case is 55 // that the code below is executed multiple times (by different threads), which may only 56 // increase the entropy of the OpenSSL PRNG. 57 if (mSeeded) { 58 return; 59 } 60 61 seedOpenSSLPRNGFromLinuxRNG(); 62 mSeeded = true; 63 } 64 65 /** 66 * Obtains a seed from the Linux RNG and mixes it into the OpenSSL PRNG (default RAND engine). 67 * 68 * <p>NOTE: This modifies the OpenSSL PRNG shared by all instances of OpenSSLRandom and other 69 * crypto primitives offered by or built on top of OpenSSL. 70 */ 71 public static void seedOpenSSLPRNGFromLinuxRNG() { 72 int seedLengthInBytes = NativeCrypto.RAND_SEED_LENGTH_IN_BYTES; 73 int bytesRead = NativeCrypto.RAND_load_file("/dev/urandom", seedLengthInBytes); 74 if (bytesRead != seedLengthInBytes) { 75 throw new SecurityException("Failed to read sufficient bytes from /dev/urandom." 76 + " Expected: " + seedLengthInBytes + ", actual: " + bytesRead); 77 } 78 } 79} 80