2018-02-08 19:04:43 +01:00
|
|
|
/*
|
|
|
|
* Platform-specific and custom entropy polling functions
|
|
|
|
*
|
2020-09-05 12:53:20 +02:00
|
|
|
* Copyright The Mbed TLS Contributors
|
2024-01-30 14:09:13 +01:00
|
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
2018-02-08 19:04:43 +01:00
|
|
|
*/
|
|
|
|
|
2024-04-04 18:05:30 +02:00
|
|
|
#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
|
2018-07-28 11:16:41 +02:00
|
|
|
/* Ensure that syscall() is available even when compiling with -std=c99 */
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#endif
|
|
|
|
|
2021-12-21 12:54:05 +01:00
|
|
|
#include "common.h"
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2018-07-28 11:16:41 +02:00
|
|
|
#include <string.h>
|
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
#if defined(MBEDTLS_ENTROPY_C)
|
|
|
|
|
|
|
|
#include "mbedtls/entropy.h"
|
2023-09-25 05:04:06 +02:00
|
|
|
#include "entropy_poll.h"
|
2021-12-21 12:54:05 +01:00
|
|
|
#include "mbedtls/error.h"
|
2018-02-08 19:04:43 +01:00
|
|
|
|
|
|
|
#if defined(MBEDTLS_TIMING_C)
|
|
|
|
#include "mbedtls/timing.h"
|
|
|
|
#endif
|
|
|
|
#include "mbedtls/platform.h"
|
|
|
|
|
|
|
|
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
|
|
|
|
|
|
|
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
|
2018-07-28 11:16:41 +02:00
|
|
|
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
|
2023-09-25 05:04:06 +02:00
|
|
|
!defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__)
|
2023-04-18 10:38:24 +02:00
|
|
|
#error \
|
2023-09-25 05:04:06 +02:00
|
|
|
"Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
|
|
|
|
|
|
|
#include <windows.h>
|
2023-10-27 10:25:50 +02:00
|
|
|
#include <bcrypt.h>
|
|
|
|
#include <intsafe.h>
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
|
|
|
|
size_t *olen)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
|
|
|
((void) data);
|
|
|
|
*olen = 0;
|
|
|
|
|
2023-10-27 10:25:50 +02:00
|
|
|
/*
|
|
|
|
* BCryptGenRandom takes ULONG for size, which is smaller than size_t on
|
|
|
|
* 64-bit Windows platforms. Extract entropy in chunks of len (dependent
|
|
|
|
* on ULONG_MAX) size.
|
|
|
|
*/
|
|
|
|
while (len != 0) {
|
|
|
|
unsigned long ulong_bytes =
|
|
|
|
(len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
|
|
|
|
|
|
|
|
if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
|
|
|
|
BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
|
|
|
|
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
|
|
|
}
|
|
|
|
|
|
|
|
*olen += ulong_bytes;
|
|
|
|
len -= ulong_bytes;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
#else /* _WIN32 && !EFIX64 && !EFI32 */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Test for Linux getrandom() support.
|
|
|
|
* Since there is no wrapper in the libc yet, use the generic syscall wrapper
|
|
|
|
* available in GNU libc and compatible libc's (eg uClibc).
|
|
|
|
*/
|
2021-12-21 12:54:05 +01:00
|
|
|
#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
|
2018-02-08 19:04:43 +01:00
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/syscall.h>
|
|
|
|
#if defined(SYS_getrandom)
|
|
|
|
#define HAVE_GETRANDOM
|
2019-02-16 17:19:46 +01:00
|
|
|
#include <errno.h>
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
|
|
|
/* MemSan cannot understand that the syscall writes to the buffer */
|
|
|
|
#if defined(__has_feature)
|
|
|
|
#if __has_feature(memory_sanitizer)
|
2023-04-18 10:38:24 +02:00
|
|
|
memset(buf, 0, buflen);
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif
|
|
|
|
#endif
|
2023-09-25 05:04:06 +02:00
|
|
|
return (int) syscall(SYS_getrandom, buf, buflen, flags);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
#endif /* SYS_getrandom */
|
2021-12-21 12:54:05 +01:00
|
|
|
#endif /* __linux__ || __midipix__ */
|
|
|
|
|
|
|
|
#if defined(__FreeBSD__) || defined(__DragonFly__)
|
|
|
|
#include <sys/param.h>
|
|
|
|
#if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
|
|
|
|
(defined(__DragonFly__) && __DragonFly_version >= 500700)
|
|
|
|
#include <errno.h>
|
|
|
|
#include <sys/random.h>
|
|
|
|
#define HAVE_GETRANDOM
|
2023-04-18 10:38:24 +02:00
|
|
|
static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
|
2021-12-21 12:54:05 +01:00
|
|
|
{
|
2023-09-25 05:04:06 +02:00
|
|
|
return (int) getrandom(buf, buflen, flags);
|
2021-12-21 12:54:05 +01:00
|
|
|
}
|
|
|
|
#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
|
|
|
|
(__DragonFly__ && __DragonFly_version >= 500700) */
|
|
|
|
#endif /* __FreeBSD__ || __DragonFly__ */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Some BSD systems provide KERN_ARND.
|
|
|
|
* This is equivalent to reading from /dev/urandom, only it doesn't require an
|
|
|
|
* open file descriptor, and provides up to 256 bytes per call (basically the
|
|
|
|
* same as getentropy(), but with a longer history).
|
|
|
|
*
|
|
|
|
* Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
|
|
|
|
*/
|
|
|
|
#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#if defined(KERN_ARND)
|
|
|
|
#define HAVE_SYSCTL_ARND
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
|
2021-12-21 12:54:05 +01:00
|
|
|
{
|
|
|
|
int name[2];
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
name[0] = CTL_KERN;
|
|
|
|
name[1] = KERN_ARND;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
while (buflen > 0) {
|
2021-12-21 12:54:05 +01:00
|
|
|
len = buflen > 256 ? 256 : buflen;
|
2023-04-18 10:38:24 +02:00
|
|
|
if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
buflen -= len;
|
|
|
|
buf += len;
|
|
|
|
}
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2021-12-21 12:54:05 +01:00
|
|
|
}
|
|
|
|
#endif /* KERN_ARND */
|
|
|
|
#endif /* __FreeBSD__ || __NetBSD__ */
|
2018-02-08 19:04:43 +01:00
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_platform_entropy_poll(void *data,
|
|
|
|
unsigned char *output, size_t len, size_t *olen)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
|
|
|
FILE *file;
|
|
|
|
size_t read_len;
|
2021-12-21 12:54:05 +01:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2018-02-08 19:04:43 +01:00
|
|
|
((void) data);
|
|
|
|
|
|
|
|
#if defined(HAVE_GETRANDOM)
|
2023-04-18 10:38:24 +02:00
|
|
|
ret = getrandom_wrapper(output, len, 0);
|
|
|
|
if (ret >= 0) {
|
2023-09-25 05:04:06 +02:00
|
|
|
*olen = (size_t) ret;
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
|
|
|
} else if (errno != ENOSYS) {
|
|
|
|
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
/* Fall through if the system call isn't known. */
|
|
|
|
#else
|
|
|
|
((void) ret);
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif /* HAVE_GETRANDOM */
|
|
|
|
|
2021-12-21 12:54:05 +01:00
|
|
|
#if defined(HAVE_SYSCTL_ARND)
|
|
|
|
((void) file);
|
|
|
|
((void) read_len);
|
2023-04-18 10:38:24 +02:00
|
|
|
if (sysctl_arnd_wrapper(output, len) == -1) {
|
|
|
|
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
*olen = len;
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2021-12-21 12:54:05 +01:00
|
|
|
#else
|
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
*olen = 0;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
file = fopen("/dev/urandom", "rb");
|
|
|
|
if (file == NULL) {
|
|
|
|
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-09-25 05:04:06 +02:00
|
|
|
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
|
|
|
|
mbedtls_setbuf(file, NULL);
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
read_len = fread(output, 1, len, file);
|
|
|
|
if (read_len != len) {
|
|
|
|
fclose(file);
|
|
|
|
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
fclose(file);
|
2018-02-08 19:04:43 +01:00
|
|
|
*olen = len;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2021-12-21 12:54:05 +01:00
|
|
|
#endif /* HAVE_SYSCTL_ARND */
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
#endif /* _WIN32 && !EFIX64 && !EFI32 */
|
|
|
|
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_nv_seed_poll(void *data,
|
|
|
|
unsigned char *output, size_t len, size_t *olen)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
|
|
|
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
|
|
|
size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
|
|
|
|
((void) data);
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
|
|
|
|
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (len < use_len) {
|
|
|
|
use_len = len;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
memcpy(output, buf, use_len);
|
2018-02-08 19:04:43 +01:00
|
|
|
*olen = use_len;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
|
|
|
|
|
|
|
#endif /* MBEDTLS_ENTROPY_C */
|