1 /*
2  *  Platform-specific and custom entropy polling functions
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 
8 #if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
9 /* Ensure that syscall() is available even when compiling with -std=c99 */
10 #define _GNU_SOURCE
11 #endif
12 
13 #include "common.h"
14 
15 #include <string.h>
16 
17 #if defined(MBEDTLS_ENTROPY_C)
18 
19 #include "mbedtls/entropy.h"
20 #include "entropy_poll.h"
21 #include "mbedtls/error.h"
22 
23 #if defined(MBEDTLS_TIMING_C)
24 #include "mbedtls/timing.h"
25 #endif
26 #include "mbedtls/platform.h"
27 
28 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
29 
30 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
31     !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
32     !defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__)
33 #error \
34     "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
35 #endif
36 
37 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
38 
39 #include <windows.h>
40 #include <bcrypt.h>
41 #include <intsafe.h>
42 
mbedtls_platform_entropy_poll(void * data,unsigned char * output,size_t len,size_t * olen)43 int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
44                                   size_t *olen)
45 {
46     ((void) data);
47     *olen = 0;
48 
49     /*
50      * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
51      * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
52      * on ULONG_MAX) size.
53      */
54     while (len != 0) {
55         unsigned long ulong_bytes =
56             (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
57 
58         if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
59                                             BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
60             return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
61         }
62 
63         *olen += ulong_bytes;
64         len -= ulong_bytes;
65     }
66 
67     return 0;
68 }
69 #else /* _WIN32 && !EFIX64 && !EFI32 */
70 
71 /*
72  * Test for Linux getrandom() support.
73  * Since there is no wrapper in the libc yet, use the generic syscall wrapper
74  * available in GNU libc and compatible libc's (eg uClibc).
75  */
76 #if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
77 #include <unistd.h>
78 #include <sys/syscall.h>
79 #if defined(SYS_getrandom)
80 #define HAVE_GETRANDOM
81 #include <errno.h>
82 
getrandom_wrapper(void * buf,size_t buflen,unsigned int flags)83 static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
84 {
85     /* MemSan cannot understand that the syscall writes to the buffer */
86 #if defined(__has_feature)
87 #if __has_feature(memory_sanitizer)
88     memset(buf, 0, buflen);
89 #endif
90 #endif
91     return (int) syscall(SYS_getrandom, buf, buflen, flags);
92 }
93 #endif /* SYS_getrandom */
94 #endif /* __linux__ || __midipix__ */
95 
96 #if defined(__FreeBSD__) || defined(__DragonFly__)
97 #include <sys/param.h>
98 #if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
99     (defined(__DragonFly__) && __DragonFly_version >= 500700)
100 #include <errno.h>
101 #include <sys/random.h>
102 #define HAVE_GETRANDOM
getrandom_wrapper(void * buf,size_t buflen,unsigned int flags)103 static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
104 {
105     return (int) getrandom(buf, buflen, flags);
106 }
107 #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
108           (__DragonFly__ && __DragonFly_version >= 500700) */
109 #endif /* __FreeBSD__ || __DragonFly__ */
110 
111 /*
112  * Some BSD systems provide KERN_ARND.
113  * This is equivalent to reading from /dev/urandom, only it doesn't require an
114  * open file descriptor, and provides up to 256 bytes per call (basically the
115  * same as getentropy(), but with a longer history).
116  *
117  * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
118  */
119 #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
120 #include <sys/param.h>
121 #include <sys/sysctl.h>
122 #if defined(KERN_ARND)
123 #define HAVE_SYSCTL_ARND
124 
sysctl_arnd_wrapper(unsigned char * buf,size_t buflen)125 static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
126 {
127     int name[2];
128     size_t len;
129 
130     name[0] = CTL_KERN;
131     name[1] = KERN_ARND;
132 
133     while (buflen > 0) {
134         len = buflen > 256 ? 256 : buflen;
135         if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
136             return -1;
137         }
138         buflen -= len;
139         buf += len;
140     }
141     return 0;
142 }
143 #endif /* KERN_ARND */
144 #endif /* __FreeBSD__ || __NetBSD__ */
145 
146 #include <stdio.h>
147 
mbedtls_platform_entropy_poll(void * data,unsigned char * output,size_t len,size_t * olen)148 int mbedtls_platform_entropy_poll(void *data,
149                                   unsigned char *output, size_t len, size_t *olen)
150 {
151     FILE *file;
152     size_t read_len;
153     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
154     ((void) data);
155 
156 #if defined(HAVE_GETRANDOM)
157     ret = getrandom_wrapper(output, len, 0);
158     if (ret >= 0) {
159         *olen = (size_t) ret;
160         return 0;
161     } else if (errno != ENOSYS) {
162         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
163     }
164     /* Fall through if the system call isn't known. */
165 #else
166     ((void) ret);
167 #endif /* HAVE_GETRANDOM */
168 
169 #if defined(HAVE_SYSCTL_ARND)
170     ((void) file);
171     ((void) read_len);
172     if (sysctl_arnd_wrapper(output, len) == -1) {
173         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
174     }
175     *olen = len;
176     return 0;
177 #else
178 
179     *olen = 0;
180 
181     file = fopen("/dev/urandom", "rb");
182     if (file == NULL) {
183         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
184     }
185 
186     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
187     mbedtls_setbuf(file, NULL);
188 
189     read_len = fread(output, 1, len, file);
190     if (read_len != len) {
191         fclose(file);
192         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
193     }
194 
195     fclose(file);
196     *olen = len;
197 
198     return 0;
199 #endif /* HAVE_SYSCTL_ARND */
200 }
201 #endif /* _WIN32 && !EFIX64 && !EFI32 */
202 #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
203 
204 #if defined(MBEDTLS_ENTROPY_NV_SEED)
mbedtls_nv_seed_poll(void * data,unsigned char * output,size_t len,size_t * olen)205 int mbedtls_nv_seed_poll(void *data,
206                          unsigned char *output, size_t len, size_t *olen)
207 {
208     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
209     size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
210     ((void) data);
211 
212     memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
213 
214     if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
215         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
216     }
217 
218     if (len < use_len) {
219         use_len = len;
220     }
221 
222     memcpy(output, buf, use_len);
223     *olen = use_len;
224 
225     return 0;
226 }
227 #endif /* MBEDTLS_ENTROPY_NV_SEED */
228 
229 #endif /* MBEDTLS_ENTROPY_C */
230