kris
/
boringssl
1
0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
3519 コミット
12 ブランチ
38 MiB
 
 
 
 
 
 
ツリー: 5fa2538162
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'5fa2538162' から
${ noResults }
boringssl/crypto/rand/urandom.c

271 行
6.9 KiB
Raw Blame 履歴 

  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #define _GNU_SOURCE  /* needed for syscall() on Linux. */

  16. 

  17. #include <openssl/rand.h>

  18. 

  19. #if !defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)

  20. 

  21. #include <assert.h>

  22. #include <errno.h>

  23. #include <fcntl.h>

  24. #include <string.h>

  25. #include <unistd.h>

  26. 

  27. #if defined(OPENSSL_LINUX)

  28. #include <sys/syscall.h>

  29. #endif

  30. 

  31. #include <openssl/thread.h>

  32. #include <openssl/mem.h>

  33. 

  34. #include "internal.h"

  35. #include "../internal.h"

  36. 

  37. 

  38. #if defined(OPENSSL_LINUX)

  39. 

  40. #if defined(OPENSSL_X86_64)

  41. #define EXPECTED_SYS_getrandom 318

  42. #elif defined(OPENSSL_X86)

  43. #define EXPECTED_SYS_getrandom 355

  44. #elif defined(OPENSSL_AARCH64)

  45. #define EXPECTED_SYS_getrandom 278

  46. #elif defined(OPENSSL_ARM)

  47. #define EXPECTED_SYS_getrandom 384

  48. #elif defined(OPENSSL_PPC64LE)

  49. #define EXPECTED_SYS_getrandom 359

  50. #endif

  51. 

  52. #if defined(EXPECTED_SYS_getrandom)

  53. #define USE_SYS_getrandom

  54. 

  55. #if defined(SYS_getrandom)

  56. 

  57. #if SYS_getrandom != EXPECTED_SYS_getrandom

  58. #error "system call number for getrandom is not the expected value"

  59. #endif

  60. 

  61. #else  /* SYS_getrandom */

  62. 

  63. #define SYS_getrandom EXPECTED_SYS_getrandom

  64. 

  65. #endif  /* SYS_getrandom */

  66. 

  67. #endif /* EXPECTED_SYS_getrandom */

  68. 

  69. #if !defined(GRND_NONBLOCK)

  70. #define GRND_NONBLOCK 1

  71. #endif

  72. 

  73. #endif  /* OPENSSL_LINUX */

  74. 

  75. /* This file implements a PRNG by reading from /dev/urandom, optionally with a

  76.  * buffer, which is unsafe across |fork|. */

  77. 

  78. #define BUF_SIZE 4096

  79. 

  80. /* rand_buffer contains unused, random bytes, some of which may have been

  81.  * consumed already. */

  82. struct rand_buffer {

  83.   size_t used;

  84.   uint8_t rand[BUF_SIZE];

  85. };

  86. 

  87. /* requested_lock is used to protect the |*_requested| variables. */

  88. static struct CRYPTO_STATIC_MUTEX requested_lock = CRYPTO_STATIC_MUTEX_INIT;

  89. 

  90. /* urandom_fd_requested is set by |RAND_set_urandom_fd|.  It's protected by

  91.  * |requested_lock|. */

  92. static int urandom_fd_requested = -2;

  93. 

  94. /* urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. */

  95. static int urandom_fd = -2;

  96. 

  97. /* urandom_buffering_requested is set by |RAND_enable_fork_unsafe_buffering|.

  98.  * It's protected by |requested_lock|. */

  99. static int urandom_buffering_requested = 0;

  100. 

  101. /* urandom_buffering controls whether buffering is enabled (1) or not (0). This

  102.  * is protected by |once|. */

  103. static int urandom_buffering = 0;

  104. 

  105. static CRYPTO_once_t once = CRYPTO_ONCE_INIT;

  106. 

  107. /* init_once initializes the state of this module to values previously

  108.  * requested. This is the only function that modifies |urandom_fd| and

  109.  * |urandom_buffering|, whose values may be read safely after calling the

  110.  * once. */

  111. static void init_once(void) {

  112.   CRYPTO_STATIC_MUTEX_lock_read(&requested_lock);

  113.   urandom_buffering = urandom_buffering_requested;

  114.   int fd = urandom_fd_requested;

  115.   CRYPTO_STATIC_MUTEX_unlock_read(&requested_lock);

  116. 

  117. #if defined(USE_SYS_getrandom)

  118.   /* Initial test of getrandom to find any unexpected behavior. */

  119.   uint8_t dummy;

  120.   syscall(SYS_getrandom, &dummy, sizeof(dummy), GRND_NONBLOCK);

  121. #endif

  122. 

  123.   if (fd == -2) {

  124.     do {

  125.       fd = open("/dev/urandom", O_RDONLY);

  126.     } while (fd == -1 && errno == EINTR);

  127.   }

  128. 

  129.   if (fd < 0) {

  130.     abort();

  131.   }

  132. 

  133.   int flags = fcntl(fd, F_GETFD);

  134.   if (flags == -1) {

  135.     /* Native Client doesn't implement |fcntl|. */

  136.     if (errno != ENOSYS) {

  137.       abort();

  138.     }

  139.   } else {

  140.     flags |= FD_CLOEXEC;

  141.     if (fcntl(fd, F_SETFD, flags) == -1) {

  142.       abort();

  143.     }

  144.   }

  145.   urandom_fd = fd;

  146. }

  147. 

  148. void RAND_set_urandom_fd(int fd) {

  149.   fd = dup(fd);

  150.   if (fd < 0) {

  151.     abort();

  152.   }

  153. 

  154.   CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);

  155.   urandom_fd_requested = fd;

  156.   CRYPTO_STATIC_MUTEX_unlock_write(&requested_lock);

  157. 

  158.   CRYPTO_once(&once, init_once);

  159.   if (urandom_fd != fd) {

  160.     abort();  // Already initialized.

  161.   }

  162. }

  163. 

  164. void RAND_enable_fork_unsafe_buffering(int fd) {

  165.   if (fd >= 0) {

  166.     fd = dup(fd);

  167.     if (fd < 0) {

  168.       abort();

  169.     }

  170.   } else {

  171.     fd = -2;

  172.   }

  173. 

  174.   CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);

  175.   urandom_buffering_requested = 1;

  176.   urandom_fd_requested = fd;

  177.   CRYPTO_STATIC_MUTEX_unlock_write(&requested_lock);

  178. 

  179.   CRYPTO_once(&once, init_once);

  180.   if (urandom_buffering != 1 || (fd >= 0 && urandom_fd != fd)) {

  181.     abort();  // Already initialized.

  182.   }

  183. }

  184. 

  185. static struct rand_buffer *get_thread_local_buffer(void) {

  186.   struct rand_buffer *buf =

  187.       CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF);

  188.   if (buf != NULL) {

  189.     return buf;

  190.   }

  191. 

  192.   buf = OPENSSL_malloc(sizeof(struct rand_buffer));

  193.   if (buf == NULL) {

  194.     return NULL;

  195.   }

  196.   buf->used = BUF_SIZE;  /* To trigger a |fill_with_entropy| on first use. */

  197.   if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF, buf,

  198.                                OPENSSL_free)) {

  199.     OPENSSL_free(buf);

  200.     return NULL;

  201.   }

  202. 

  203.   return buf;

  204. }

  205. 

  206. /* fill_with_entropy writes |len| bytes of entropy into |out|. It returns one

  207.  * on success and zero on error. */

  208. static char fill_with_entropy(uint8_t *out, size_t len) {

  209.   ssize_t r;

  210. 

  211.   while (len > 0) {

  212.     do {

  213.       r = read(urandom_fd, out, len);

  214.     } while (r == -1 && errno == EINTR);

  215. 

  216.     if (r <= 0) {

  217.       return 0;

  218.     }

  219.     out += r;

  220.     len -= r;

  221.   }

  222. 

  223.   return 1;

  224. }

  225. 

  226. /* read_from_buffer reads |requested| random bytes from the buffer into |out|,

  227.  * refilling it if necessary to satisfy the request. */

  228. static void read_from_buffer(struct rand_buffer *buf,

  229.                              uint8_t *out, size_t requested) {

  230.   size_t remaining = BUF_SIZE - buf->used;

  231. 

  232.   while (requested > remaining) {

  233.     memcpy(out, &buf->rand[buf->used], remaining);

  234.     buf->used += remaining;

  235.     out += remaining;

  236.     requested -= remaining;

  237. 

  238.     if (!fill_with_entropy(buf->rand, BUF_SIZE)) {

  239.       abort();

  240.       return;

  241.     }

  242.     buf->used = 0;

  243.     remaining = BUF_SIZE;

  244.   }

  245. 

  246.   memcpy(out, &buf->rand[buf->used], requested);

  247.   buf->used += requested;

  248. }

  249. 

  250. /* CRYPTO_sysrand puts |requested| random bytes into |out|. */

  251. void CRYPTO_sysrand(uint8_t *out, size_t requested) {

  252.   if (requested == 0) {

  253.     return;

  254.   }

  255. 

  256.   CRYPTO_once(&once, init_once);

  257.   if (urandom_buffering && requested < BUF_SIZE) {

  258.     struct rand_buffer *buf = get_thread_local_buffer();

  259.     if (buf != NULL) {

  260.       read_from_buffer(buf, out, requested);

  261.       return;

  262.     }

  263.   }

  264. 

  265.   if (!fill_with_entropy(out, requested)) {

  266.     abort();

  267.   }

  268. }

  269. 

  270. #endif  /* !OPENSSL_WINDOWS && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE */