|
- /* Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
- #define _GNU_SOURCE /* needed for syscall() on Linux. */
-
- #include <openssl/rand.h>
-
- #if !defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
-
- #include <assert.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <string.h>
- #include <unistd.h>
-
- #if defined(OPENSSL_LINUX)
- #include <sys/syscall.h>
- #endif
-
- #include <openssl/thread.h>
- #include <openssl/mem.h>
-
- #include "internal.h"
- #include "../internal.h"
-
-
- #if defined(OPENSSL_LINUX)
-
- #if defined(OPENSSL_X86_64)
- #define EXPECTED_SYS_getrandom 318
- #elif defined(OPENSSL_X86)
- #define EXPECTED_SYS_getrandom 355
- #elif defined(OPENSSL_AARCH64)
- #define EXPECTED_SYS_getrandom 278
- #elif defined(OPENSSL_ARM)
- #define EXPECTED_SYS_getrandom 384
- #elif defined(OPENSSL_PPC64LE)
- #define EXPECTED_SYS_getrandom 359
- #endif
-
- #if defined(EXPECTED_SYS_getrandom)
- #define USE_SYS_getrandom
-
- #if defined(SYS_getrandom)
-
- #if SYS_getrandom != EXPECTED_SYS_getrandom
- #error "system call number for getrandom is not the expected value"
- #endif
-
- #else /* SYS_getrandom */
-
- #define SYS_getrandom EXPECTED_SYS_getrandom
-
- #endif /* SYS_getrandom */
-
- #endif /* EXPECTED_SYS_getrandom */
-
- #if !defined(GRND_NONBLOCK)
- #define GRND_NONBLOCK 1
- #endif
-
- #endif /* OPENSSL_LINUX */
-
- /* This file implements a PRNG by reading from /dev/urandom, optionally with a
- * buffer, which is unsafe across |fork|. */
-
- #define BUF_SIZE 4096
-
- /* rand_buffer contains unused, random bytes, some of which may have been
- * consumed already. */
- struct rand_buffer {
- size_t used;
- uint8_t rand[BUF_SIZE];
- };
-
- /* requested_lock is used to protect the |*_requested| variables. */
- static struct CRYPTO_STATIC_MUTEX requested_lock = CRYPTO_STATIC_MUTEX_INIT;
-
- /* urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by
- * |requested_lock|. */
- static int urandom_fd_requested = -2;
-
- /* urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. */
- static int urandom_fd = -2;
-
- /* urandom_buffering_requested is set by |RAND_enable_fork_unsafe_buffering|.
- * It's protected by |requested_lock|. */
- static int urandom_buffering_requested = 0;
-
- /* urandom_buffering controls whether buffering is enabled (1) or not (0). This
- * is protected by |once|. */
- static int urandom_buffering = 0;
-
- static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
-
- /* init_once initializes the state of this module to values previously
- * requested. This is the only function that modifies |urandom_fd| and
- * |urandom_buffering|, whose values may be read safely after calling the
- * once. */
- static void init_once(void) {
- CRYPTO_STATIC_MUTEX_lock_read(&requested_lock);
- urandom_buffering = urandom_buffering_requested;
- int fd = urandom_fd_requested;
- CRYPTO_STATIC_MUTEX_unlock_read(&requested_lock);
-
- #if defined(USE_SYS_getrandom)
- /* Initial test of getrandom to find any unexpected behavior. */
- uint8_t dummy;
- syscall(SYS_getrandom, &dummy, sizeof(dummy), GRND_NONBLOCK);
- #endif
-
- if (fd == -2) {
- do {
- fd = open("/dev/urandom", O_RDONLY);
- } while (fd == -1 && errno == EINTR);
- }
-
- if (fd < 0) {
- abort();
- }
-
- int flags = fcntl(fd, F_GETFD);
- if (flags == -1) {
- /* Native Client doesn't implement |fcntl|. */
- if (errno != ENOSYS) {
- abort();
- }
- } else {
- flags |= FD_CLOEXEC;
- if (fcntl(fd, F_SETFD, flags) == -1) {
- abort();
- }
- }
- urandom_fd = fd;
- }
-
- void RAND_set_urandom_fd(int fd) {
- fd = dup(fd);
- if (fd < 0) {
- abort();
- }
-
- CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);
- urandom_fd_requested = fd;
- CRYPTO_STATIC_MUTEX_unlock_write(&requested_lock);
-
- CRYPTO_once(&once, init_once);
- if (urandom_fd != fd) {
- abort(); // Already initialized.
- }
- }
-
- void RAND_enable_fork_unsafe_buffering(int fd) {
- if (fd >= 0) {
- fd = dup(fd);
- if (fd < 0) {
- abort();
- }
- } else {
- fd = -2;
- }
-
- CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);
- urandom_buffering_requested = 1;
- urandom_fd_requested = fd;
- CRYPTO_STATIC_MUTEX_unlock_write(&requested_lock);
-
- CRYPTO_once(&once, init_once);
- if (urandom_buffering != 1 || (fd >= 0 && urandom_fd != fd)) {
- abort(); // Already initialized.
- }
- }
-
- static struct rand_buffer *get_thread_local_buffer(void) {
- struct rand_buffer *buf =
- CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF);
- if (buf != NULL) {
- return buf;
- }
-
- buf = OPENSSL_malloc(sizeof(struct rand_buffer));
- if (buf == NULL) {
- return NULL;
- }
- buf->used = BUF_SIZE; /* To trigger a |fill_with_entropy| on first use. */
- if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF, buf,
- OPENSSL_free)) {
- OPENSSL_free(buf);
- return NULL;
- }
-
- return buf;
- }
-
- /* fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
- * on success and zero on error. */
- static char fill_with_entropy(uint8_t *out, size_t len) {
- ssize_t r;
-
- while (len > 0) {
- do {
- r = read(urandom_fd, out, len);
- } while (r == -1 && errno == EINTR);
-
- if (r <= 0) {
- return 0;
- }
- out += r;
- len -= r;
- }
-
- return 1;
- }
-
- /* read_from_buffer reads |requested| random bytes from the buffer into |out|,
- * refilling it if necessary to satisfy the request. */
- static void read_from_buffer(struct rand_buffer *buf,
- uint8_t *out, size_t requested) {
- size_t remaining = BUF_SIZE - buf->used;
-
- while (requested > remaining) {
- memcpy(out, &buf->rand[buf->used], remaining);
- buf->used += remaining;
- out += remaining;
- requested -= remaining;
-
- if (!fill_with_entropy(buf->rand, BUF_SIZE)) {
- abort();
- return;
- }
- buf->used = 0;
- remaining = BUF_SIZE;
- }
-
- memcpy(out, &buf->rand[buf->used], requested);
- buf->used += requested;
- }
-
- /* CRYPTO_sysrand puts |requested| random bytes into |out|. */
- void CRYPTO_sysrand(uint8_t *out, size_t requested) {
- if (requested == 0) {
- return;
- }
-
- CRYPTO_once(&once, init_once);
- if (urandom_buffering && requested < BUF_SIZE) {
- struct rand_buffer *buf = get_thread_local_buffer();
- if (buf != NULL) {
- read_from_buffer(buf, out, requested);
- return;
- }
- }
-
- if (!fill_with_entropy(out, requested)) {
- abort();
- }
- }
-
- #endif /* !OPENSSL_WINDOWS && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE */
|