1 /* 2 * Platform-specific and custom entropy polling functions 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 */ 7 8 #if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE) 9 /* Ensure that syscall() is available even when compiling with -std=c99 */ 10 #define _GNU_SOURCE 11 #endif 12 13 #include "common.h" 14 15 #include <string.h> 16 17 #if defined(MBEDTLS_ENTROPY_C) 18 19 #include "mbedtls/entropy.h" 20 #include "entropy_poll.h" 21 #include "mbedtls/error.h" 22 23 #if defined(MBEDTLS_TIMING_C) 24 #include "mbedtls/timing.h" 25 #endif 26 #include "mbedtls/platform.h" 27 28 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) 29 30 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ 31 !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ 32 !defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__) 33 #error \ 34 "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h" 35 #endif 36 37 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 38 39 #include <windows.h> 40 #include <bcrypt.h> 41 #include <intsafe.h> 42 43 int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, 44 size_t *olen) 45 { 46 ((void) data); 47 *olen = 0; 48 49 /* 50 * BCryptGenRandom takes ULONG for size, which is smaller than size_t on 51 * 64-bit Windows platforms. Extract entropy in chunks of len (dependent 52 * on ULONG_MAX) size. 53 */ 54 while (len != 0) { 55 unsigned long ulong_bytes = 56 (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len; 57 58 if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes, 59 BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { 60 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 61 } 62 63 *olen += ulong_bytes; 64 len -= ulong_bytes; 65 } 66 67 return 0; 68 } 69 #else /* _WIN32 && !EFIX64 && !EFI32 */ 70 71 /* 72 * Test for Linux getrandom() support. 73 * Since there is no wrapper in the libc yet, use the generic syscall wrapper 74 * available in GNU libc and compatible libc's (eg uClibc). 75 */ 76 #if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__)) 77 #include <unistd.h> 78 #include <sys/syscall.h> 79 #if defined(SYS_getrandom) 80 #define HAVE_GETRANDOM 81 #include <errno.h> 82 83 static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) 84 { 85 /* MemSan cannot understand that the syscall writes to the buffer */ 86 #if defined(__has_feature) 87 #if __has_feature(memory_sanitizer) 88 memset(buf, 0, buflen); 89 #endif 90 #endif 91 return (int) syscall(SYS_getrandom, buf, buflen, flags); 92 } 93 #endif /* SYS_getrandom */ 94 #endif /* __linux__ || __midipix__ */ 95 96 #if defined(__FreeBSD__) || defined(__DragonFly__) 97 #include <sys/param.h> 98 #if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \ 99 (defined(__DragonFly__) && __DragonFly_version >= 500700) 100 #include <errno.h> 101 #include <sys/random.h> 102 #define HAVE_GETRANDOM 103 static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) 104 { 105 return (int) getrandom(buf, buflen, flags); 106 } 107 #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) || 108 (__DragonFly__ && __DragonFly_version >= 500700) */ 109 #endif /* __FreeBSD__ || __DragonFly__ */ 110 111 /* 112 * Some BSD systems provide KERN_ARND. 113 * This is equivalent to reading from /dev/urandom, only it doesn't require an 114 * open file descriptor, and provides up to 256 bytes per call (basically the 115 * same as getentropy(), but with a longer history). 116 * 117 * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7 118 */ 119 #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM) 120 #include <sys/param.h> 121 #include <sys/sysctl.h> 122 #if defined(KERN_ARND) 123 #define HAVE_SYSCTL_ARND 124 125 static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen) 126 { 127 int name[2]; 128 size_t len; 129 130 name[0] = CTL_KERN; 131 name[1] = KERN_ARND; 132 133 while (buflen > 0) { 134 len = buflen > 256 ? 256 : buflen; 135 if (sysctl(name, 2, buf, &len, NULL, 0) == -1) { 136 return -1; 137 } 138 buflen -= len; 139 buf += len; 140 } 141 return 0; 142 } 143 #endif /* KERN_ARND */ 144 #endif /* __FreeBSD__ || __NetBSD__ */ 145 146 #include <stdio.h> 147 148 int mbedtls_platform_entropy_poll(void *data, 149 unsigned char *output, size_t len, size_t *olen) 150 { 151 FILE *file; 152 size_t read_len; 153 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 154 ((void) data); 155 156 #if defined(HAVE_GETRANDOM) 157 ret = getrandom_wrapper(output, len, 0); 158 if (ret >= 0) { 159 *olen = (size_t) ret; 160 return 0; 161 } else if (errno != ENOSYS) { 162 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 163 } 164 /* Fall through if the system call isn't known. */ 165 #else 166 ((void) ret); 167 #endif /* HAVE_GETRANDOM */ 168 169 #if defined(HAVE_SYSCTL_ARND) 170 ((void) file); 171 ((void) read_len); 172 if (sysctl_arnd_wrapper(output, len) == -1) { 173 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 174 } 175 *olen = len; 176 return 0; 177 #else 178 179 *olen = 0; 180 181 file = fopen("/dev/urandom", "rb"); 182 if (file == NULL) { 183 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 184 } 185 186 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ 187 mbedtls_setbuf(file, NULL); 188 189 read_len = fread(output, 1, len, file); 190 if (read_len != len) { 191 fclose(file); 192 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 193 } 194 195 fclose(file); 196 *olen = len; 197 198 return 0; 199 #endif /* HAVE_SYSCTL_ARND */ 200 } 201 #endif /* _WIN32 && !EFIX64 && !EFI32 */ 202 #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ 203 204 #if defined(MBEDTLS_ENTROPY_NV_SEED) 205 int mbedtls_nv_seed_poll(void *data, 206 unsigned char *output, size_t len, size_t *olen) 207 { 208 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; 209 size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; 210 ((void) data); 211 212 memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); 213 214 if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) { 215 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 216 } 217 218 if (len < use_len) { 219 use_len = len; 220 } 221 222 memcpy(output, buf, use_len); 223 *olen = use_len; 224 225 return 0; 226 } 227 #endif /* MBEDTLS_ENTROPY_NV_SEED */ 228 229 #endif /* MBEDTLS_ENTROPY_C */ 230