1/*
2 *  Platform-specific and custom entropy polling functions
3 *
4 *  Copyright The Mbed TLS Contributors
5 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8#if (defined(__linux__) || defined(__midipix__)) && !defined(_GNU_SOURCE)
9/* Ensure that syscall() is available even when compiling with -std=c99 */
10#define _GNU_SOURCE
11#endif
12
13#include "common.h"
14
15#include <string.h>
16
17#if defined(MBEDTLS_ENTROPY_C)
18
19#include "mbedtls/entropy.h"
20#include "entropy_poll.h"
21#include "mbedtls/error.h"
22
23#if defined(MBEDTLS_TIMING_C)
24#include "mbedtls/timing.h"
25#endif
26#include "mbedtls/platform.h"
27
28#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
29
30#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
31    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
32    !defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__)
33#error \
34    "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
35#endif
36
37#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
38
39#include <windows.h>
40#include <bcrypt.h>
41#include <intsafe.h>
42
43int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
44                                  size_t *olen)
45{
46    ((void) data);
47    *olen = 0;
48
49    /*
50     * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
51     * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
52     * on ULONG_MAX) size.
53     */
54    while (len != 0) {
55        unsigned long ulong_bytes =
56            (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
57
58        if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
59                                            BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
60            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
61        }
62
63        *olen += ulong_bytes;
64        len -= ulong_bytes;
65    }
66
67    return 0;
68}
69#else /* _WIN32 && !EFIX64 && !EFI32 */
70
71/*
72 * Test for Linux getrandom() support.
73 * Since there is no wrapper in the libc yet, use the generic syscall wrapper
74 * available in GNU libc and compatible libc's (eg uClibc).
75 */
76#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
77#include <unistd.h>
78#include <sys/syscall.h>
79#if defined(SYS_getrandom)
80#define HAVE_GETRANDOM
81#include <errno.h>
82
83static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
84{
85    /* MemSan cannot understand that the syscall writes to the buffer */
86#if defined(__has_feature)
87#if __has_feature(memory_sanitizer)
88    memset(buf, 0, buflen);
89#endif
90#endif
91    return (int) syscall(SYS_getrandom, buf, buflen, flags);
92}
93#endif /* SYS_getrandom */
94#endif /* __linux__ || __midipix__ */
95
96#if defined(__FreeBSD__) || defined(__DragonFly__)
97#include <sys/param.h>
98#if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
99    (defined(__DragonFly__) && __DragonFly_version >= 500700)
100#include <errno.h>
101#include <sys/random.h>
102#define HAVE_GETRANDOM
103static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
104{
105    return (int) getrandom(buf, buflen, flags);
106}
107#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
108          (__DragonFly__ && __DragonFly_version >= 500700) */
109#endif /* __FreeBSD__ || __DragonFly__ */
110
111/*
112 * Some BSD systems provide KERN_ARND.
113 * This is equivalent to reading from /dev/urandom, only it doesn't require an
114 * open file descriptor, and provides up to 256 bytes per call (basically the
115 * same as getentropy(), but with a longer history).
116 *
117 * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
118 */
119#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
120#include <sys/param.h>
121#include <sys/sysctl.h>
122#if defined(KERN_ARND)
123#define HAVE_SYSCTL_ARND
124
125static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
126{
127    int name[2];
128    size_t len;
129
130    name[0] = CTL_KERN;
131    name[1] = KERN_ARND;
132
133    while (buflen > 0) {
134        len = buflen > 256 ? 256 : buflen;
135        if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
136            return -1;
137        }
138        buflen -= len;
139        buf += len;
140    }
141    return 0;
142}
143#endif /* KERN_ARND */
144#endif /* __FreeBSD__ || __NetBSD__ */
145
146#include <stdio.h>
147
148int mbedtls_platform_entropy_poll(void *data,
149                                  unsigned char *output, size_t len, size_t *olen)
150{
151    FILE *file;
152    size_t read_len;
153    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
154    ((void) data);
155
156#if defined(HAVE_GETRANDOM)
157    ret = getrandom_wrapper(output, len, 0);
158    if (ret >= 0) {
159        *olen = (size_t) ret;
160        return 0;
161    } else if (errno != ENOSYS) {
162        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
163    }
164    /* Fall through if the system call isn't known. */
165#else
166    ((void) ret);
167#endif /* HAVE_GETRANDOM */
168
169#if defined(HAVE_SYSCTL_ARND)
170    ((void) file);
171    ((void) read_len);
172    if (sysctl_arnd_wrapper(output, len) == -1) {
173        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
174    }
175    *olen = len;
176    return 0;
177#else
178
179    *olen = 0;
180
181    file = fopen("/dev/urandom", "rb");
182    if (file == NULL) {
183        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
184    }
185
186    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
187    mbedtls_setbuf(file, NULL);
188
189    read_len = fread(output, 1, len, file);
190    if (read_len != len) {
191        fclose(file);
192        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
193    }
194
195    fclose(file);
196    *olen = len;
197
198    return 0;
199#endif /* HAVE_SYSCTL_ARND */
200}
201#endif /* _WIN32 && !EFIX64 && !EFI32 */
202#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
203
204#if defined(MBEDTLS_ENTROPY_NV_SEED)
205int mbedtls_nv_seed_poll(void *data,
206                         unsigned char *output, size_t len, size_t *olen)
207{
208    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
209    size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
210    ((void) data);
211
212    memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
213
214    if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
215        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
216    }
217
218    if (len < use_len) {
219        use_len = len;
220    }
221
222    memcpy(output, buf, use_len);
223    *olen = use_len;
224
225    return 0;
226}
227#endif /* MBEDTLS_ENTROPY_NV_SEED */
228
229#endif /* MBEDTLS_ENTROPY_C */
230