1 /*
2 * Platform-specific and custom entropy polling functions
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #if defined(__linux__) && !defined(_GNU_SOURCE)
21 /* Ensure that syscall() is available even when compiling with -std=c99 */
22 #define _GNU_SOURCE
23 #endif
24
25 #include "common.h"
26
27 #include <string.h>
28
29 #if defined(MBEDTLS_ENTROPY_C)
30
31 #include "mbedtls/entropy.h"
32 #include "entropy_poll.h"
33 #include "mbedtls/error.h"
34
35 #if defined(MBEDTLS_TIMING_C)
36 #include "mbedtls/timing.h"
37 #endif
38 #include "mbedtls/platform.h"
39
40 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
41
42 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
43 !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
44 !defined(__HAIKU__) && !defined(__midipix__)
45 #error \
46 "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
47 #endif
48
49 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
50
51 #if !defined(_WIN32_WINNT)
52 #define _WIN32_WINNT 0x0400
53 #endif
54 #include <windows.h>
55 #include <wincrypt.h>
56
mbedtls_platform_entropy_poll(void * data,unsigned char * output,size_t len,size_t * olen)57 int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
58 size_t *olen)
59 {
60 HCRYPTPROV provider;
61 ((void) data);
62 *olen = 0;
63
64 if (CryptAcquireContext(&provider, NULL, NULL,
65 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
66 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
67 }
68
69 if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
70 CryptReleaseContext(provider, 0);
71 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
72 }
73
74 CryptReleaseContext(provider, 0);
75 *olen = len;
76
77 return 0;
78 }
79 #else /* _WIN32 && !EFIX64 && !EFI32 */
80
81 /*
82 * Test for Linux getrandom() support.
83 * Since there is no wrapper in the libc yet, use the generic syscall wrapper
84 * available in GNU libc and compatible libc's (eg uClibc).
85 */
86 #if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
87 #include <unistd.h>
88 #include <sys/syscall.h>
89 #if defined(SYS_getrandom)
90 #define HAVE_GETRANDOM
91 #include <errno.h>
92
getrandom_wrapper(void * buf,size_t buflen,unsigned int flags)93 static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
94 {
95 /* MemSan cannot understand that the syscall writes to the buffer */
96 #if defined(__has_feature)
97 #if __has_feature(memory_sanitizer)
98 memset(buf, 0, buflen);
99 #endif
100 #endif
101 return syscall(SYS_getrandom, buf, buflen, flags);
102 }
103 #endif /* SYS_getrandom */
104 #endif /* __linux__ || __midipix__ */
105
106 #if defined(__FreeBSD__) || defined(__DragonFly__)
107 #include <sys/param.h>
108 #if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
109 (defined(__DragonFly__) && __DragonFly_version >= 500700)
110 #include <errno.h>
111 #include <sys/random.h>
112 #define HAVE_GETRANDOM
getrandom_wrapper(void * buf,size_t buflen,unsigned int flags)113 static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
114 {
115 return getrandom(buf, buflen, flags);
116 }
117 #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
118 (__DragonFly__ && __DragonFly_version >= 500700) */
119 #endif /* __FreeBSD__ || __DragonFly__ */
120
121 /*
122 * Some BSD systems provide KERN_ARND.
123 * This is equivalent to reading from /dev/urandom, only it doesn't require an
124 * open file descriptor, and provides up to 256 bytes per call (basically the
125 * same as getentropy(), but with a longer history).
126 *
127 * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
128 */
129 #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
130 #include <sys/param.h>
131 #include <sys/sysctl.h>
132 #if defined(KERN_ARND)
133 #define HAVE_SYSCTL_ARND
134
sysctl_arnd_wrapper(unsigned char * buf,size_t buflen)135 static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
136 {
137 int name[2];
138 size_t len;
139
140 name[0] = CTL_KERN;
141 name[1] = KERN_ARND;
142
143 while (buflen > 0) {
144 len = buflen > 256 ? 256 : buflen;
145 if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
146 return -1;
147 }
148 buflen -= len;
149 buf += len;
150 }
151 return 0;
152 }
153 #endif /* KERN_ARND */
154 #endif /* __FreeBSD__ || __NetBSD__ */
155
156 #include <stdio.h>
157
mbedtls_platform_entropy_poll(void * data,unsigned char * output,size_t len,size_t * olen)158 int mbedtls_platform_entropy_poll(void *data,
159 unsigned char *output, size_t len, size_t *olen)
160 {
161 FILE *file;
162 size_t read_len;
163 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
164 ((void) data);
165
166 #if defined(HAVE_GETRANDOM)
167 ret = getrandom_wrapper(output, len, 0);
168 if (ret >= 0) {
169 *olen = ret;
170 return 0;
171 } else if (errno != ENOSYS) {
172 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
173 }
174 /* Fall through if the system call isn't known. */
175 #else
176 ((void) ret);
177 #endif /* HAVE_GETRANDOM */
178
179 #if defined(HAVE_SYSCTL_ARND)
180 ((void) file);
181 ((void) read_len);
182 if (sysctl_arnd_wrapper(output, len) == -1) {
183 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
184 }
185 *olen = len;
186 return 0;
187 #else
188
189 *olen = 0;
190
191 file = fopen("/dev/urandom", "rb");
192 if (file == NULL) {
193 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
194 }
195
196 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
197 mbedtls_setbuf(file, NULL);
198
199 read_len = fread(output, 1, len, file);
200 if (read_len != len) {
201 fclose(file);
202 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
203 }
204
205 fclose(file);
206 *olen = len;
207
208 return 0;
209 #endif /* HAVE_SYSCTL_ARND */
210 }
211 #endif /* _WIN32 && !EFIX64 && !EFI32 */
212 #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
213
214 #if defined(MBEDTLS_ENTROPY_NV_SEED)
mbedtls_nv_seed_poll(void * data,unsigned char * output,size_t len,size_t * olen)215 int mbedtls_nv_seed_poll(void *data,
216 unsigned char *output, size_t len, size_t *olen)
217 {
218 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
219 size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
220 ((void) data);
221
222 memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
223
224 if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
225 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
226 }
227
228 if (len < use_len) {
229 use_len = len;
230 }
231
232 memcpy(output, buf, use_len);
233 *olen = use_len;
234
235 return 0;
236 }
237 #endif /* MBEDTLS_ENTROPY_NV_SEED */
238
239 #endif /* MBEDTLS_ENTROPY_C */
240
