| Tom Rini | 0344c60 | 2024-10-08 13:56:50 -0600 | [diff] [blame^] | 1 | /* |
| 2 | * Platform-specific and custom entropy polling functions |
| 3 | * |
| 4 | * Copyright The Mbed TLS Contributors |
| 5 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| 6 | */ |
| 7 | |
| 8 | #if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE) |
| 9 | /* Ensure that syscall() is available even when compiling with -std=c99 */ |
| 10 | #define _GNU_SOURCE |
| 11 | #endif |
| 12 | |
| 13 | #include "common.h" |
| 14 | |
| 15 | #include <string.h> |
| 16 | |
| 17 | #if defined(MBEDTLS_ENTROPY_C) |
| 18 | |
| 19 | #include "mbedtls/entropy.h" |
| 20 | #include "entropy_poll.h" |
| 21 | #include "mbedtls/error.h" |
| 22 | |
| 23 | #if defined(MBEDTLS_TIMING_C) |
| 24 | #include "mbedtls/timing.h" |
| 25 | #endif |
| 26 | #include "mbedtls/platform.h" |
| 27 | |
| 28 | #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) |
| 29 | |
| 30 | #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ |
| 31 | !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ |
| 32 | !defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__) |
| 33 | #error \ |
| 34 | "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h" |
| 35 | #endif |
| 36 | |
| 37 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) |
| 38 | |
| 39 | #include <windows.h> |
| 40 | #include <bcrypt.h> |
| 41 | #include <intsafe.h> |
| 42 | |
| 43 | int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, |
| 44 | size_t *olen) |
| 45 | { |
| 46 | ((void) data); |
| 47 | *olen = 0; |
| 48 | |
| 49 | /* |
| 50 | * BCryptGenRandom takes ULONG for size, which is smaller than size_t on |
| 51 | * 64-bit Windows platforms. Extract entropy in chunks of len (dependent |
| 52 | * on ULONG_MAX) size. |
| 53 | */ |
| 54 | while (len != 0) { |
| 55 | unsigned long ulong_bytes = |
| 56 | (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len; |
| 57 | |
| 58 | if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes, |
| 59 | BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { |
| 60 | return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; |
| 61 | } |
| 62 | |
| 63 | *olen += ulong_bytes; |
| 64 | len -= ulong_bytes; |
| 65 | } |
| 66 | |
| 67 | return 0; |
| 68 | } |
| 69 | #else /* _WIN32 && !EFIX64 && !EFI32 */ |
| 70 | |
| 71 | /* |
| 72 | * Test for Linux getrandom() support. |
| 73 | * Since there is no wrapper in the libc yet, use the generic syscall wrapper |
| 74 | * available in GNU libc and compatible libc's (eg uClibc). |
| 75 | */ |
| 76 | #if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__)) |
| 77 | #include <unistd.h> |
| 78 | #include <sys/syscall.h> |
| 79 | #if defined(SYS_getrandom) |
| 80 | #define HAVE_GETRANDOM |
| 81 | #include <errno.h> |
| 82 | |
| 83 | static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) |
| 84 | { |
| 85 | /* MemSan cannot understand that the syscall writes to the buffer */ |
| 86 | #if defined(__has_feature) |
| 87 | #if __has_feature(memory_sanitizer) |
| 88 | memset(buf, 0, buflen); |
| 89 | #endif |
| 90 | #endif |
| 91 | return (int) syscall(SYS_getrandom, buf, buflen, flags); |
| 92 | } |
| 93 | #endif /* SYS_getrandom */ |
| 94 | #endif /* __linux__ || __midipix__ */ |
| 95 | |
| 96 | #if defined(__FreeBSD__) || defined(__DragonFly__) |
| 97 | #include <sys/param.h> |
| 98 | #if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \ |
| 99 | (defined(__DragonFly__) && __DragonFly_version >= 500700) |
| 100 | #include <errno.h> |
| 101 | #include <sys/random.h> |
| 102 | #define HAVE_GETRANDOM |
| 103 | static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) |
| 104 | { |
| 105 | return (int) getrandom(buf, buflen, flags); |
| 106 | } |
| 107 | #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) || |
| 108 | (__DragonFly__ && __DragonFly_version >= 500700) */ |
| 109 | #endif /* __FreeBSD__ || __DragonFly__ */ |
| 110 | |
| 111 | /* |
| 112 | * Some BSD systems provide KERN_ARND. |
| 113 | * This is equivalent to reading from /dev/urandom, only it doesn't require an |
| 114 | * open file descriptor, and provides up to 256 bytes per call (basically the |
| 115 | * same as getentropy(), but with a longer history). |
| 116 | * |
| 117 | * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7 |
| 118 | */ |
| 119 | #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM) |
| 120 | #include <sys/param.h> |
| 121 | #include <sys/sysctl.h> |
| 122 | #if defined(KERN_ARND) |
| 123 | #define HAVE_SYSCTL_ARND |
| 124 | |
| 125 | static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen) |
| 126 | { |
| 127 | int name[2]; |
| 128 | size_t len; |
| 129 | |
| 130 | name[0] = CTL_KERN; |
| 131 | name[1] = KERN_ARND; |
| 132 | |
| 133 | while (buflen > 0) { |
| 134 | len = buflen > 256 ? 256 : buflen; |
| 135 | if (sysctl(name, 2, buf, &len, NULL, 0) == -1) { |
| 136 | return -1; |
| 137 | } |
| 138 | buflen -= len; |
| 139 | buf += len; |
| 140 | } |
| 141 | return 0; |
| 142 | } |
| 143 | #endif /* KERN_ARND */ |
| 144 | #endif /* __FreeBSD__ || __NetBSD__ */ |
| 145 | |
| 146 | #include <stdio.h> |
| 147 | |
| 148 | int mbedtls_platform_entropy_poll(void *data, |
| 149 | unsigned char *output, size_t len, size_t *olen) |
| 150 | { |
| 151 | FILE *file; |
| 152 | size_t read_len; |
| 153 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
| 154 | ((void) data); |
| 155 | |
| 156 | #if defined(HAVE_GETRANDOM) |
| 157 | ret = getrandom_wrapper(output, len, 0); |
| 158 | if (ret >= 0) { |
| 159 | *olen = (size_t) ret; |
| 160 | return 0; |
| 161 | } else if (errno != ENOSYS) { |
| 162 | return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; |
| 163 | } |
| 164 | /* Fall through if the system call isn't known. */ |
| 165 | #else |
| 166 | ((void) ret); |
| 167 | #endif /* HAVE_GETRANDOM */ |
| 168 | |
| 169 | #if defined(HAVE_SYSCTL_ARND) |
| 170 | ((void) file); |
| 171 | ((void) read_len); |
| 172 | if (sysctl_arnd_wrapper(output, len) == -1) { |
| 173 | return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; |
| 174 | } |
| 175 | *olen = len; |
| 176 | return 0; |
| 177 | #else |
| 178 | |
| 179 | *olen = 0; |
| 180 | |
| 181 | file = fopen("/dev/urandom", "rb"); |
| 182 | if (file == NULL) { |
| 183 | return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; |
| 184 | } |
| 185 | |
| 186 | /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ |
| 187 | mbedtls_setbuf(file, NULL); |
| 188 | |
| 189 | read_len = fread(output, 1, len, file); |
| 190 | if (read_len != len) { |
| 191 | fclose(file); |
| 192 | return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; |
| 193 | } |
| 194 | |
| 195 | fclose(file); |
| 196 | *olen = len; |
| 197 | |
| 198 | return 0; |
| 199 | #endif /* HAVE_SYSCTL_ARND */ |
| 200 | } |
| 201 | #endif /* _WIN32 && !EFIX64 && !EFI32 */ |
| 202 | #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ |
| 203 | |
| 204 | #if defined(MBEDTLS_ENTROPY_NV_SEED) |
| 205 | int mbedtls_nv_seed_poll(void *data, |
| 206 | unsigned char *output, size_t len, size_t *olen) |
| 207 | { |
| 208 | unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; |
| 209 | size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; |
| 210 | ((void) data); |
| 211 | |
| 212 | memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); |
| 213 | |
| 214 | if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) { |
| 215 | return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; |
| 216 | } |
| 217 | |
| 218 | if (len < use_len) { |
| 219 | use_len = len; |
| 220 | } |
| 221 | |
| 222 | memcpy(output, buf, use_len); |
| 223 | *olen = use_len; |
| 224 | |
| 225 | return 0; |
| 226 | } |
| 227 | #endif /* MBEDTLS_ENTROPY_NV_SEED */ |
| 228 | |
| 229 | #endif /* MBEDTLS_ENTROPY_C */ |