summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/arc4random
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/arc4random')
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_aix.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_freebsd.h87
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_hpux.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_linux.h88
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_netbsd.h87
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_osx.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_solaris.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_win.h78
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_aix.c425
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_freebsd.c62
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_hpux.c419
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_linux.c547
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_netbsd.c64
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_osx.c429
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_solaris.c445
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_win.c59
16 files changed, 0 insertions, 3114 deletions
diff --git a/src/lib/libcrypto/arc4random/arc4random_aix.h b/src/lib/libcrypto/arc4random/arc4random_aix.h
deleted file mode 100644
index 3142a1f278..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_aix.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_freebsd.h b/src/lib/libcrypto/arc4random/arc4random_freebsd.h
deleted file mode 100644
index 3faa5e4d31..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_freebsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
1/* $OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35/*
36 * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
37 * a program does not link to -lthr. Callbacks registered with pthread_atfork()
38 * appear to fail silently. So, it is not always possible to detect a PID
39 * wraparound.
40 */
41#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
42
43static inline void
44_getentropy_fail(void)
45{
46 raise(SIGKILL);
47}
48
49static volatile sig_atomic_t _rs_forked;
50
51static inline void
52_rs_forkhandler(void)
53{
54 _rs_forked = 1;
55}
56
57static inline void
58_rs_forkdetect(void)
59{
60 static pid_t _rs_pid = 0;
61 pid_t pid = getpid();
62
63 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
64 _rs_pid = pid;
65 _rs_forked = 0;
66 if (rs)
67 memset(rs, 0, sizeof(*rs));
68 }
69}
70
71static inline int
72_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
73{
74 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
75 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
76 return (-1);
77
78 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
79 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
80 munmap(*rsp, sizeof(**rsp));
81 *rsp = NULL;
82 return (-1);
83 }
84
85 _ARC4_ATFORK(_rs_forkhandler);
86 return (0);
87}
diff --git a/src/lib/libcrypto/arc4random/arc4random_hpux.h b/src/lib/libcrypto/arc4random/arc4random_hpux.h
deleted file mode 100644
index 2a3fe8c611..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_hpux.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_linux.h b/src/lib/libcrypto/arc4random/arc4random_linux.h
deleted file mode 100644
index 879f966391..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_linux.h
+++ /dev/null
@@ -1,88 +0,0 @@
1/* $OpenBSD: arc4random_linux.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#ifdef __GLIBC__
36extern void *__dso_handle;
37extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
38#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle)
39#else
40#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
41#endif
42
43static inline void
44_getentropy_fail(void)
45{
46 raise(SIGKILL);
47}
48
49static volatile sig_atomic_t _rs_forked;
50
51static inline void
52_rs_forkhandler(void)
53{
54 _rs_forked = 1;
55}
56
57static inline void
58_rs_forkdetect(void)
59{
60 static pid_t _rs_pid = 0;
61 pid_t pid = getpid();
62
63 /* XXX unusual calls to clone() can bypass checks */
64 if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) {
65 _rs_pid = pid;
66 _rs_forked = 0;
67 if (rs)
68 memset(rs, 0, sizeof(*rs));
69 }
70}
71
72static inline int
73_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
74{
75 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
76 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
77 return (-1);
78
79 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
80 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
81 munmap(*rsp, sizeof(**rsp));
82 *rsp = NULL;
83 return (-1);
84 }
85
86 _ARC4_ATFORK(_rs_forkhandler);
87 return (0);
88}
diff --git a/src/lib/libcrypto/arc4random/arc4random_netbsd.h b/src/lib/libcrypto/arc4random/arc4random_netbsd.h
deleted file mode 100644
index 611997d54d..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_netbsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
1/* $OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35/*
36 * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
37 * a program does not link to -lthr. Callbacks registered with pthread_atfork()
38 * appear to fail silently. So, it is not always possible to detect a PID
39 * wraparound.
40 */
41#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
42
43static inline void
44_getentropy_fail(void)
45{
46 raise(SIGKILL);
47}
48
49static volatile sig_atomic_t _rs_forked;
50
51static inline void
52_rs_forkhandler(void)
53{
54 _rs_forked = 1;
55}
56
57static inline void
58_rs_forkdetect(void)
59{
60 static pid_t _rs_pid = 0;
61 pid_t pid = getpid();
62
63 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
64 _rs_pid = pid;
65 _rs_forked = 0;
66 if (rs)
67 memset(rs, 0, sizeof(*rs));
68 }
69}
70
71static inline int
72_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
73{
74 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
75 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
76 return (-1);
77
78 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
79 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
80 munmap(*rsp, sizeof(**rsp));
81 *rsp = NULL;
82 return (-1);
83 }
84
85 _ARC4_ATFORK(_rs_forkhandler);
86 return (0);
87}
diff --git a/src/lib/libcrypto/arc4random/arc4random_osx.h b/src/lib/libcrypto/arc4random/arc4random_osx.h
deleted file mode 100644
index 818ae6bbf4..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_osx.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_solaris.h b/src/lib/libcrypto/arc4random/arc4random_solaris.h
deleted file mode 100644
index b1084cda08..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_solaris.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_win.h b/src/lib/libcrypto/arc4random/arc4random_win.h
deleted file mode 100644
index deec8a1efe..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_win.h
+++ /dev/null
@@ -1,78 +0,0 @@
1/* $OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <windows.h>
27
28static volatile HANDLE arc4random_mtx = NULL;
29
30/*
31 * Initialize the mutex on the first lock attempt. On collision, each thread
32 * will attempt to allocate a mutex and compare-and-swap it into place as the
33 * global mutex. On failure to swap in the global mutex, the mutex is closed.
34 */
35#define _ARC4_LOCK() { \
36 if (!arc4random_mtx) { \
37 HANDLE p = CreateMutex(NULL, FALSE, NULL); \
38 if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \
39 CloseHandle(p); \
40 } \
41 WaitForSingleObject(arc4random_mtx, INFINITE); \
42} \
43
44#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx)
45
46static inline void
47_getentropy_fail(void)
48{
49 TerminateProcess(GetCurrentProcess(), 0);
50}
51
52static inline int
53_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
54{
55 *rsp = VirtualAlloc(NULL, sizeof(**rsp),
56 MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
57 if (*rsp == NULL)
58 return (-1);
59
60 *rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
61 MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
62 if (*rsxp == NULL) {
63 VirtualFree(*rsp, 0, MEM_RELEASE);
64 *rsp = NULL;
65 return (-1);
66 }
67 return (0);
68}
69
70static inline void
71_rs_forkhandler(void)
72{
73}
74
75static inline void
76_rs_forkdetect(void)
77{
78}
diff --git a/src/lib/libcrypto/arc4random/getentropy_aix.c b/src/lib/libcrypto/arc4random/getentropy_aix.c
deleted file mode 100644
index 0616bfde56..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_aix.c
+++ /dev/null
@@ -1,425 +0,0 @@
1/* $OpenBSD: getentropy_aix.c,v 1.4 2015/09/11 11:52:55 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
5 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
6 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 *
20 * Emulation of getentropy(2) as documented at:
21 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
22 */
23/*
24 * -lperfstat is needed for the psuedo entropy data
25 */
26
27#include <sys/mman.h>
28#include <sys/procfs.h>
29#include <sys/protosw.h>
30#include <sys/resource.h>
31#include <sys/socket.h>
32#include <sys/stat.h>
33#include <sys/statvfs.h>
34#include <sys/timers.h>
35#include <errno.h>
36#include <fcntl.h>
37#include <signal.h>
38#include <stdio.h>
39#include <string.h>
40#include <termios.h>
41
42#include <openssl/sha.h>
43
44#include <libperfstat.h>
45
46#define REPEAT 5
47#define min(a, b) (((a) < (b)) ? (a) : (b))
48
49#define HX(a, b) \
50 do { \
51 if ((a)) \
52 HD(errno); \
53 else \
54 HD(b); \
55 } while (0)
56
57#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
58#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
59#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
60
61int getentropy(void *buf, size_t len);
62
63static int gotdata(char *buf, size_t len);
64static int getentropy_urandom(void *buf, size_t len, const char *path,
65 int devfscheck);
66static int getentropy_fallback(void *buf, size_t len);
67
68int
69getentropy(void *buf, size_t len)
70{
71 int ret = -1;
72
73 if (len > 256) {
74 errno = EIO;
75 return (-1);
76 }
77
78 /*
79 * Try to get entropy with /dev/urandom
80 */
81 ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
82 if (ret != -1)
83 return (ret);
84
85 /*
86 * Entropy collection via /dev/urandom has failed.
87 *
88 * No other API exists for collecting entropy, and we have
89 * no failsafe way to get it on AIX that is not sensitive
90 * to resource exhaustion.
91 *
92 * We have very few options:
93 * - Even syslog_r is unsafe to call at this low level, so
94 * there is no way to alert the user or program.
95 * - Cannot call abort() because some systems have unsafe
96 * corefiles.
97 * - Could raise(SIGKILL) resulting in silent program termination.
98 * - Return EIO, to hint that arc4random's stir function
99 * should raise(SIGKILL)
100 * - Do the best under the circumstances....
101 *
102 * This code path exists to bring light to the issue that AIX
103 * does not provide a failsafe API for entropy collection.
104 *
105 * We hope this demonstrates that AIX should consider
106 * providing a new failsafe API which works in a chroot or
107 * when file descriptors are exhausted.
108 */
109#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
110#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
111 raise(SIGKILL);
112#endif
113 ret = getentropy_fallback(buf, len);
114 if (ret != -1)
115 return (ret);
116
117 errno = EIO;
118 return (ret);
119}
120
121/*
122 * Basic sanity checking; wish we could do better.
123 */
124static int
125gotdata(char *buf, size_t len)
126{
127 char any_set = 0;
128 size_t i;
129
130 for (i = 0; i < len; ++i)
131 any_set |= buf[i];
132 if (any_set == 0)
133 return (-1);
134 return (0);
135}
136
137static int
138getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
139{
140 struct stat st;
141 size_t i;
142 int fd, flags;
143 int save_errno = errno;
144
145start:
146
147 flags = O_RDONLY;
148#ifdef O_NOFOLLOW
149 flags |= O_NOFOLLOW;
150#endif
151#ifdef O_CLOEXEC
152 flags |= O_CLOEXEC;
153#endif
154 fd = open(path, flags, 0);
155 if (fd == -1) {
156 if (errno == EINTR)
157 goto start;
158 goto nodevrandom;
159 }
160#ifndef O_CLOEXEC
161 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
162#endif
163
164 /* Lightly verify that the device node looks sane */
165 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
166 close(fd);
167 goto nodevrandom;
168 }
169 for (i = 0; i < len; ) {
170 size_t wanted = len - i;
171 ssize_t ret = read(fd, (char *)buf + i, wanted);
172
173 if (ret == -1) {
174 if (errno == EAGAIN || errno == EINTR)
175 continue;
176 close(fd);
177 goto nodevrandom;
178 }
179 i += ret;
180 }
181 close(fd);
182 if (gotdata(buf, len) == 0) {
183 errno = save_errno;
184 return (0); /* satisfied */
185 }
186nodevrandom:
187 errno = EIO;
188 return (-1);
189}
190
191static const int cl[] = {
192 CLOCK_REALTIME,
193#ifdef CLOCK_MONOTONIC
194 CLOCK_MONOTONIC,
195#endif
196#ifdef CLOCK_MONOTONIC_RAW
197 CLOCK_MONOTONIC_RAW,
198#endif
199#ifdef CLOCK_TAI
200 CLOCK_TAI,
201#endif
202#ifdef CLOCK_VIRTUAL
203 CLOCK_VIRTUAL,
204#endif
205#ifdef CLOCK_UPTIME
206 CLOCK_UPTIME,
207#endif
208#ifdef CLOCK_PROCESS_CPUTIME_ID
209 CLOCK_PROCESS_CPUTIME_ID,
210#endif
211#ifdef CLOCK_THREAD_CPUTIME_ID
212 CLOCK_THREAD_CPUTIME_ID,
213#endif
214};
215
216static int
217getentropy_fallback(void *buf, size_t len)
218{
219 uint8_t results[SHA512_DIGEST_LENGTH];
220 int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
221 static int cnt;
222 struct timespec ts;
223 struct timeval tv;
224 perfstat_cpu_total_t cpustats;
225#ifdef _AIX61
226 perfstat_cpu_total_wpar_t cpustats_wpar;
227#endif
228 perfstat_partition_total_t lparstats;
229 perfstat_disk_total_t diskinfo;
230 perfstat_netinterface_total_t netinfo;
231 struct rusage ru;
232 sigset_t sigset;
233 struct stat st;
234 SHA512_CTX ctx;
235 static pid_t lastpid;
236 pid_t pid;
237 size_t i, ii, m;
238 char *p;
239
240 pid = getpid();
241 if (lastpid == pid) {
242 faster = 1;
243 repeat = 2;
244 } else {
245 faster = 0;
246 lastpid = pid;
247 repeat = REPEAT;
248 }
249 for (i = 0; i < len; ) {
250 int j;
251 SHA512_Init(&ctx);
252 for (j = 0; j < repeat; j++) {
253 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
254 if (e != -1) {
255 cnt += (int)tv.tv_sec;
256 cnt += (int)tv.tv_usec;
257 }
258
259 HX(perfstat_cpu_total(NULL, &cpustats,
260 sizeof(cpustats), 1) == -1, cpustats);
261
262#ifdef _AIX61
263 HX(perfstat_cpu_total_wpar(NULL, &cpustats_wpar,
264 sizeof(cpustats_wpar), 1) == -1, cpustats_wpar);
265#endif
266
267 HX(perfstat_partition_total(NULL, &lparstats,
268 sizeof(lparstats), 1) == -1, lparstats);
269
270 HX(perfstat_disk_total(NULL, &diskinfo,
271 sizeof(diskinfo), 1) == -1, diskinfo);
272
273 HX(perfstat_netinterface_total(NULL, &netinfo,
274 sizeof(netinfo), 1) == -1, netinfo);
275
276 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
277 HX(clock_gettime(cl[ii], &ts) == -1, ts);
278
279 HX((pid = getpid()) == -1, pid);
280 HX((pid = getsid(pid)) == -1, pid);
281 HX((pid = getppid()) == -1, pid);
282 HX((pid = getpgid(0)) == -1, pid);
283 HX((e = getpriority(0, 0)) == -1, e);
284
285 if (!faster) {
286 ts.tv_sec = 0;
287 ts.tv_nsec = 1;
288 (void) nanosleep(&ts, NULL);
289 }
290
291 HX(sigpending(&sigset) == -1, sigset);
292 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
293 sigset);
294
295 HF(getentropy); /* an addr in this library */
296 HF(printf); /* an addr in libc */
297 p = (char *)&p;
298 HD(p); /* an addr on stack */
299 p = (char *)&errno;
300 HD(p); /* the addr of errno */
301
302 if (i == 0) {
303 struct sockaddr_storage ss;
304 struct statvfs stvfs;
305 struct termios tios;
306 socklen_t ssl;
307 off_t off;
308
309 /*
310 * Prime-sized mappings encourage fragmentation;
311 * thus exposing some address entropy.
312 */
313 struct mm {
314 size_t npg;
315 void *p;
316 } mm[] = {
317 { 17, MAP_FAILED }, { 3, MAP_FAILED },
318 { 11, MAP_FAILED }, { 2, MAP_FAILED },
319 { 5, MAP_FAILED }, { 3, MAP_FAILED },
320 { 7, MAP_FAILED }, { 1, MAP_FAILED },
321 { 57, MAP_FAILED }, { 3, MAP_FAILED },
322 { 131, MAP_FAILED }, { 1, MAP_FAILED },
323 };
324
325 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
326 HX(mm[m].p = mmap(NULL,
327 mm[m].npg * pgs,
328 PROT_READ|PROT_WRITE,
329 MAP_PRIVATE|MAP_ANON, -1,
330 (off_t)0), mm[m].p);
331 if (mm[m].p != MAP_FAILED) {
332 size_t mo;
333
334 /* Touch some memory... */
335 p = mm[m].p;
336 mo = cnt %
337 (mm[m].npg * pgs - 1);
338 p[mo] = 1;
339 cnt += (int)((long)(mm[m].p)
340 / pgs);
341 }
342
343 /* Check cnts and times... */
344 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
345 ii++) {
346 HX((e = clock_gettime(cl[ii],
347 &ts)) == -1, ts);
348 if (e != -1)
349 cnt += (int)ts.tv_nsec;
350 }
351
352 HX((e = getrusage(RUSAGE_SELF,
353 &ru)) == -1, ru);
354 if (e != -1) {
355 cnt += (int)ru.ru_utime.tv_sec;
356 cnt += (int)ru.ru_utime.tv_usec;
357 }
358 }
359
360 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
361 if (mm[m].p != MAP_FAILED)
362 munmap(mm[m].p, mm[m].npg * pgs);
363 mm[m].p = MAP_FAILED;
364 }
365
366 HX(stat(".", &st) == -1, st);
367 HX(statvfs(".", &stvfs) == -1, stvfs);
368
369 HX(stat("/", &st) == -1, st);
370 HX(statvfs("/", &stvfs) == -1, stvfs);
371
372 HX((e = fstat(0, &st)) == -1, st);
373 if (e == -1) {
374 if (S_ISREG(st.st_mode) ||
375 S_ISFIFO(st.st_mode) ||
376 S_ISSOCK(st.st_mode)) {
377 HX(fstatvfs(0, &stvfs) == -1,
378 stvfs);
379 HX((off = lseek(0, (off_t)0,
380 SEEK_CUR)) < 0, off);
381 }
382 if (S_ISCHR(st.st_mode)) {
383 HX(tcgetattr(0, &tios) == -1,
384 tios);
385 } else if (S_ISSOCK(st.st_mode)) {
386 memset(&ss, 0, sizeof ss);
387 ssl = sizeof(ss);
388 HX(getpeername(0,
389 (void *)&ss, &ssl) == -1,
390 ss);
391 }
392 }
393
394 HX((e = getrusage(RUSAGE_CHILDREN,
395 &ru)) == -1, ru);
396 if (e != -1) {
397 cnt += (int)ru.ru_utime.tv_sec;
398 cnt += (int)ru.ru_utime.tv_usec;
399 }
400 } else {
401 /* Subsequent hashes absorb previous result */
402 HD(results);
403 }
404
405 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
406 if (e != -1) {
407 cnt += (int)tv.tv_sec;
408 cnt += (int)tv.tv_usec;
409 }
410
411 HD(cnt);
412 }
413 SHA512_Final(results, &ctx);
414 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
415 i += min(sizeof(results), len - i);
416 }
417 explicit_bzero(&ctx, sizeof ctx);
418 explicit_bzero(results, sizeof results);
419 if (gotdata(buf, len) == 0) {
420 errno = save_errno;
421 return (0); /* satisfied */
422 }
423 errno = EIO;
424 return (-1);
425}
diff --git a/src/lib/libcrypto/arc4random/getentropy_freebsd.c b/src/lib/libcrypto/arc4random/getentropy_freebsd.c
deleted file mode 100644
index d5371b5578..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_freebsd.c
+++ /dev/null
@@ -1,62 +0,0 @@
1/* $OpenBSD: getentropy_freebsd.c,v 1.2 2015/08/25 17:22:56 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
5 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/sysctl.h>
25
26#include <errno.h>
27#include <stddef.h>
28
29/*
30 * Derived from lib/libc/gen/arc4random.c from FreeBSD.
31 */
32static size_t
33getentropy_sysctl(u_char *buf, size_t size)
34{
35 int mib[2];
36 size_t len, done;
37
38 mib[0] = CTL_KERN;
39 mib[1] = KERN_ARND;
40 done = 0;
41
42 do {
43 len = size;
44 if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
45 return (done);
46 done += len;
47 buf += len;
48 size -= len;
49 } while (size > 0);
50
51 return (done);
52}
53
54int
55getentropy(void *buf, size_t len)
56{
57 if (len <= 256 && getentropy_sysctl(buf, len) == len)
58 return (0);
59
60 errno = EIO;
61 return (-1);
62}
diff --git a/src/lib/libcrypto/arc4random/getentropy_hpux.c b/src/lib/libcrypto/arc4random/getentropy_hpux.c
deleted file mode 100644
index bdac6e16de..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_hpux.c
+++ /dev/null
@@ -1,419 +0,0 @@
1/* $OpenBSD: getentropy_hpux.c,v 1.4 2015/09/11 11:52:55 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/param.h>
25#include <sys/ioctl.h>
26#include <sys/resource.h>
27#include <sys/syscall.h>
28#include <sys/statvfs.h>
29#include <sys/socket.h>
30#include <sys/mount.h>
31#include <sys/mman.h>
32#include <sys/stat.h>
33#include <sys/time.h>
34#include <stdlib.h>
35#include <stdint.h>
36#include <stdio.h>
37#include <termios.h>
38#include <fcntl.h>
39#include <signal.h>
40#include <string.h>
41#include <errno.h>
42#include <unistd.h>
43#include <time.h>
44#include <openssl/sha.h>
45
46#include <sys/vfs.h>
47
48#include <sys/pstat.h>
49
50#define REPEAT 5
51#define min(a, b) (((a) < (b)) ? (a) : (b))
52
53#define HX(a, b) \
54 do { \
55 if ((a)) \
56 HD(errno); \
57 else \
58 HD(b); \
59 } while (0)
60
61#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
62#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
63#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
64
65int getentropy(void *buf, size_t len);
66
67static int gotdata(char *buf, size_t len);
68static int getentropy_urandom(void *buf, size_t len, const char *path,
69 int devfscheck);
70static int getentropy_fallback(void *buf, size_t len);
71
72int
73getentropy(void *buf, size_t len)
74{
75 int ret = -1;
76
77 if (len > 256) {
78 errno = EIO;
79 return (-1);
80 }
81
82 /*
83 * Try to get entropy with /dev/urandom
84 */
85 ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
86 if (ret != -1)
87 return (ret);
88
89 /*
90 * Entropy collection via /dev/urandom has failed.
91 *
92 * No other API exists for collecting entropy, and we have
93 * no failsafe way to get it on hpux that is not sensitive
94 * to resource exhaustion.
95 *
96 * We have very few options:
97 * - Even syslog_r is unsafe to call at this low level, so
98 * there is no way to alert the user or program.
99 * - Cannot call abort() because some systems have unsafe
100 * corefiles.
101 * - Could raise(SIGKILL) resulting in silent program termination.
102 * - Return EIO, to hint that arc4random's stir function
103 * should raise(SIGKILL)
104 * - Do the best under the circumstances....
105 *
106 * This code path exists to bring light to the issue that hpux
107 * does not provide a failsafe API for entropy collection.
108 *
109 * We hope this demonstrates that hpux should consider
110 * providing a new failsafe API which works in a chroot or
111 * when file descriptors are exhausted.
112 */
113#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
114#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
115 raise(SIGKILL);
116#endif
117 ret = getentropy_fallback(buf, len);
118 if (ret != -1)
119 return (ret);
120
121 errno = EIO;
122 return (ret);
123}
124
125/*
126 * Basic sanity checking; wish we could do better.
127 */
128static int
129gotdata(char *buf, size_t len)
130{
131 char any_set = 0;
132 size_t i;
133
134 for (i = 0; i < len; ++i)
135 any_set |= buf[i];
136 if (any_set == 0)
137 return (-1);
138 return (0);
139}
140
141static int
142getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
143{
144 struct stat st;
145 size_t i;
146 int fd, flags;
147 int save_errno = errno;
148
149start:
150
151 flags = O_RDONLY;
152#ifdef O_NOFOLLOW
153 flags |= O_NOFOLLOW;
154#endif
155#ifdef O_CLOEXEC
156 flags |= O_CLOEXEC;
157#endif
158 fd = open(path, flags, 0);
159 if (fd == -1) {
160 if (errno == EINTR)
161 goto start;
162 goto nodevrandom;
163 }
164#ifndef O_CLOEXEC
165 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
166#endif
167
168 /* Lightly verify that the device node looks sane */
169 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
170 close(fd);
171 goto nodevrandom;
172 }
173 for (i = 0; i < len; ) {
174 size_t wanted = len - i;
175 ssize_t ret = read(fd, (char *)buf + i, wanted);
176
177 if (ret == -1) {
178 if (errno == EAGAIN || errno == EINTR)
179 continue;
180 close(fd);
181 goto nodevrandom;
182 }
183 i += ret;
184 }
185 close(fd);
186 if (gotdata(buf, len) == 0) {
187 errno = save_errno;
188 return (0); /* satisfied */
189 }
190nodevrandom:
191 errno = EIO;
192 return (-1);
193}
194
195static const int cl[] = {
196 CLOCK_REALTIME,
197#ifdef CLOCK_MONOTONIC
198 CLOCK_MONOTONIC,
199#endif
200#ifdef CLOCK_MONOTONIC_RAW
201 CLOCK_MONOTONIC_RAW,
202#endif
203#ifdef CLOCK_TAI
204 CLOCK_TAI,
205#endif
206#ifdef CLOCK_VIRTUAL
207 CLOCK_VIRTUAL,
208#endif
209#ifdef CLOCK_UPTIME
210 CLOCK_UPTIME,
211#endif
212#ifdef CLOCK_PROCESS_CPUTIME_ID
213 CLOCK_PROCESS_CPUTIME_ID,
214#endif
215#ifdef CLOCK_THREAD_CPUTIME_ID
216 CLOCK_THREAD_CPUTIME_ID,
217#endif
218};
219
220static int
221getentropy_fallback(void *buf, size_t len)
222{
223 uint8_t results[SHA512_DIGEST_LENGTH];
224 int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
225 static int cnt;
226 struct timespec ts;
227 struct timeval tv;
228 struct pst_vminfo pvi;
229 struct pst_vm_status pvs;
230 struct pst_dynamic pdy;
231 struct rusage ru;
232 sigset_t sigset;
233 struct stat st;
234 SHA512_CTX ctx;
235 static pid_t lastpid;
236 pid_t pid;
237 size_t i, ii, m;
238 char *p;
239
240 pid = getpid();
241 if (lastpid == pid) {
242 faster = 1;
243 repeat = 2;
244 } else {
245 faster = 0;
246 lastpid = pid;
247 repeat = REPEAT;
248 }
249 for (i = 0; i < len; ) {
250 int j;
251 SHA512_Init(&ctx);
252 for (j = 0; j < repeat; j++) {
253 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
254 if (e != -1) {
255 cnt += (int)tv.tv_sec;
256 cnt += (int)tv.tv_usec;
257 }
258
259 HX(pstat_getvminfo(&pvi, sizeof(pvi), 1, 0) != 1, pvi);
260 HX(pstat_getprocvm(&pvs, sizeof(pvs), 0, 0) != 1, pvs);
261
262 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
263 HX(clock_gettime(cl[ii], &ts) == -1, ts);
264
265 HX((pid = getpid()) == -1, pid);
266 HX((pid = getsid(pid)) == -1, pid);
267 HX((pid = getppid()) == -1, pid);
268 HX((pid = getpgid(0)) == -1, pid);
269 HX((e = getpriority(0, 0)) == -1, e);
270
271 if(pstat_getdynamic(&pdy, sizeof(pdy), 1, 0) != 1) {
272 HD(errno);
273 } else {
274 HD(pdy.psd_avg_1_min);
275 HD(pdy.psd_avg_5_min);
276 HD(pdy.psd_avg_15_min);
277 }
278
279 if (!faster) {
280 ts.tv_sec = 0;
281 ts.tv_nsec = 1;
282 (void) nanosleep(&ts, NULL);
283 }
284
285 HX(sigpending(&sigset) == -1, sigset);
286 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
287 sigset);
288
289 HF(getentropy); /* an addr in this library */
290 HF(printf); /* an addr in libc */
291 p = (char *)&p;
292 HD(p); /* an addr on stack */
293 p = (char *)&errno;
294 HD(p); /* the addr of errno */
295
296 if (i == 0) {
297 struct sockaddr_storage ss;
298 struct statvfs stvfs;
299 struct termios tios;
300 socklen_t ssl;
301 off_t off;
302
303 /*
304 * Prime-sized mappings encourage fragmentation;
305 * thus exposing some address entropy.
306 */
307 struct mm {
308 size_t npg;
309 void *p;
310 } mm[] = {
311 { 17, MAP_FAILED }, { 3, MAP_FAILED },
312 { 11, MAP_FAILED }, { 2, MAP_FAILED },
313 { 5, MAP_FAILED }, { 3, MAP_FAILED },
314 { 7, MAP_FAILED }, { 1, MAP_FAILED },
315 { 57, MAP_FAILED }, { 3, MAP_FAILED },
316 { 131, MAP_FAILED }, { 1, MAP_FAILED },
317 };
318
319 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
320 HX(mm[m].p = mmap(NULL,
321 mm[m].npg * pgs,
322 PROT_READ|PROT_WRITE,
323 MAP_PRIVATE|MAP_ANON, -1,
324 (off_t)0), mm[m].p);
325 if (mm[m].p != MAP_FAILED) {
326 size_t mo;
327
328 /* Touch some memory... */
329 p = mm[m].p;
330 mo = cnt %
331 (mm[m].npg * pgs - 1);
332 p[mo] = 1;
333 cnt += (int)((long)(mm[m].p)
334 / pgs);
335 }
336
337 /* Check cnts and times... */
338 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
339 ii++) {
340 HX((e = clock_gettime(cl[ii],
341 &ts)) == -1, ts);
342 if (e != -1)
343 cnt += (int)ts.tv_nsec;
344 }
345
346 HX((e = getrusage(RUSAGE_SELF,
347 &ru)) == -1, ru);
348 if (e != -1) {
349 cnt += (int)ru.ru_utime.tv_sec;
350 cnt += (int)ru.ru_utime.tv_usec;
351 }
352 }
353
354 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
355 if (mm[m].p != MAP_FAILED)
356 munmap(mm[m].p, mm[m].npg * pgs);
357 mm[m].p = MAP_FAILED;
358 }
359
360 HX(stat(".", &st) == -1, st);
361 HX(statvfs(".", &stvfs) == -1, stvfs);
362
363 HX(stat("/", &st) == -1, st);
364 HX(statvfs("/", &stvfs) == -1, stvfs);
365
366 HX((e = fstat(0, &st)) == -1, st);
367 if (e == -1) {
368 if (S_ISREG(st.st_mode) ||
369 S_ISFIFO(st.st_mode) ||
370 S_ISSOCK(st.st_mode)) {
371 HX(fstatvfs(0, &stvfs) == -1,
372 stvfs);
373 HX((off = lseek(0, (off_t)0,
374 SEEK_CUR)) < 0, off);
375 }
376 if (S_ISCHR(st.st_mode)) {
377 HX(tcgetattr(0, &tios) == -1,
378 tios);
379 } else if (S_ISSOCK(st.st_mode)) {
380 memset(&ss, 0, sizeof ss);
381 ssl = sizeof(ss);
382 HX(getpeername(0,
383 (void *)&ss, &ssl) == -1,
384 ss);
385 }
386 }
387
388 HX((e = getrusage(RUSAGE_CHILDREN,
389 &ru)) == -1, ru);
390 if (e != -1) {
391 cnt += (int)ru.ru_utime.tv_sec;
392 cnt += (int)ru.ru_utime.tv_usec;
393 }
394 } else {
395 /* Subsequent hashes absorb previous result */
396 HD(results);
397 }
398
399 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
400 if (e != -1) {
401 cnt += (int)tv.tv_sec;
402 cnt += (int)tv.tv_usec;
403 }
404
405 HD(cnt);
406 }
407 SHA512_Final(results, &ctx);
408 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
409 i += min(sizeof(results), len - i);
410 }
411 explicit_bzero(&ctx, sizeof ctx);
412 explicit_bzero(results, sizeof results);
413 if (gotdata(buf, len) == 0) {
414 errno = save_errno;
415 return (0); /* satisfied */
416 }
417 errno = EIO;
418 return (-1);
419}
diff --git a/src/lib/libcrypto/arc4random/getentropy_linux.c b/src/lib/libcrypto/arc4random/getentropy_linux.c
deleted file mode 100644
index c4cb476cd8..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_linux.c
+++ /dev/null
@@ -1,547 +0,0 @@
1/* $OpenBSD: getentropy_linux.c,v 1.42 2016/04/19 20:20:24 tj Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
21 */
22
23#define _POSIX_C_SOURCE 199309L
24#define _GNU_SOURCE 1
25#include <sys/types.h>
26#include <sys/param.h>
27#include <sys/ioctl.h>
28#include <sys/resource.h>
29#include <sys/syscall.h>
30#ifdef SYS__sysctl
31#include <linux/sysctl.h>
32#endif
33#include <sys/statvfs.h>
34#include <sys/socket.h>
35#include <sys/mount.h>
36#include <sys/mman.h>
37#include <sys/stat.h>
38#include <sys/time.h>
39#include <stdlib.h>
40#include <stdint.h>
41#include <stdio.h>
42#include <link.h>
43#include <termios.h>
44#include <fcntl.h>
45#include <signal.h>
46#include <string.h>
47#include <errno.h>
48#include <unistd.h>
49#include <time.h>
50#include <openssl/sha.h>
51
52#include <linux/types.h>
53#include <linux/random.h>
54#ifdef HAVE_GETAUXVAL
55#include <sys/auxv.h>
56#endif
57#include <sys/vfs.h>
58
59#define REPEAT 5
60#define min(a, b) (((a) < (b)) ? (a) : (b))
61
62#define HX(a, b) \
63 do { \
64 if ((a)) \
65 HD(errno); \
66 else \
67 HD(b); \
68 } while (0)
69
70#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
71#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
72#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
73
74int getentropy(void *buf, size_t len);
75
76static int gotdata(char *buf, size_t len);
77#ifdef SYS_getrandom
78static int getentropy_getrandom(void *buf, size_t len);
79#endif
80static int getentropy_urandom(void *buf, size_t len);
81#ifdef SYS__sysctl
82static int getentropy_sysctl(void *buf, size_t len);
83#endif
84static int getentropy_fallback(void *buf, size_t len);
85static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
86
87int
88getentropy(void *buf, size_t len)
89{
90 int ret = -1;
91
92 if (len > 256) {
93 errno = EIO;
94 return (-1);
95 }
96
97#ifdef SYS_getrandom
98 /*
99 * Try descriptor-less getrandom()
100 */
101 ret = getentropy_getrandom(buf, len);
102 if (ret != -1)
103 return (ret);
104 if (errno != ENOSYS)
105 return (-1);
106#endif
107
108 /*
109 * Try to get entropy with /dev/urandom
110 *
111 * This can fail if the process is inside a chroot or if file
112 * descriptors are exhausted.
113 */
114 ret = getentropy_urandom(buf, len);
115 if (ret != -1)
116 return (ret);
117
118#ifdef SYS__sysctl
119 /*
120 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
121 * sysctl is a failsafe API, so it guarantees a result. This
122 * should work inside a chroot, or when file descriptors are
123 * exhausted.
124 *
125 * However this can fail if the Linux kernel removes support
126 * for sysctl. Starting in 2007, there have been efforts to
127 * deprecate the sysctl API/ABI, and push callers towards use
128 * of the chroot-unavailable fd-using /proc mechanism --
129 * essentially the same problems as /dev/urandom.
130 *
131 * Numerous setbacks have been encountered in their deprecation
132 * schedule, so as of June 2014 the kernel ABI still exists on
133 * most Linux architectures. The sysctl() stub in libc is missing
134 * on some systems. There are also reports that some kernels
135 * spew messages to the console.
136 */
137 ret = getentropy_sysctl(buf, len);
138 if (ret != -1)
139 return (ret);
140#endif /* SYS__sysctl */
141
142 /*
143 * Entropy collection via /dev/urandom and sysctl have failed.
144 *
145 * No other API exists for collecting entropy. See the large
146 * comment block above.
147 *
148 * We have very few options:
149 * - Even syslog_r is unsafe to call at this low level, so
150 * there is no way to alert the user or program.
151 * - Cannot call abort() because some systems have unsafe
152 * corefiles.
153 * - Could raise(SIGKILL) resulting in silent program termination.
154 * - Return EIO, to hint that arc4random's stir function
155 * should raise(SIGKILL)
156 * - Do the best under the circumstances....
157 *
158 * This code path exists to bring light to the issue that Linux
159 * does not provide a failsafe API for entropy collection.
160 *
161 * We hope this demonstrates that Linux should either retain their
162 * sysctl ABI, or consider providing a new failsafe API which
163 * works in a chroot or when file descriptors are exhausted.
164 */
165#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
166#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
167 raise(SIGKILL);
168#endif
169 ret = getentropy_fallback(buf, len);
170 if (ret != -1)
171 return (ret);
172
173 errno = EIO;
174 return (ret);
175}
176
177/*
178 * Basic sanity checking; wish we could do better.
179 */
180static int
181gotdata(char *buf, size_t len)
182{
183 char any_set = 0;
184 size_t i;
185
186 for (i = 0; i < len; ++i)
187 any_set |= buf[i];
188 if (any_set == 0)
189 return (-1);
190 return (0);
191}
192
193#ifdef SYS_getrandom
194static int
195getentropy_getrandom(void *buf, size_t len)
196{
197 int pre_errno = errno;
198 int ret;
199 if (len > 256)
200 return (-1);
201 do {
202 ret = syscall(SYS_getrandom, buf, len, 0);
203 } while (ret == -1 && errno == EINTR);
204
205 if (ret != len)
206 return (-1);
207 errno = pre_errno;
208 return (0);
209}
210#endif
211
212static int
213getentropy_urandom(void *buf, size_t len)
214{
215 struct stat st;
216 size_t i;
217 int fd, cnt, flags;
218 int save_errno = errno;
219
220start:
221
222 flags = O_RDONLY;
223#ifdef O_NOFOLLOW
224 flags |= O_NOFOLLOW;
225#endif
226#ifdef O_CLOEXEC
227 flags |= O_CLOEXEC;
228#endif
229 fd = open("/dev/urandom", flags, 0);
230 if (fd == -1) {
231 if (errno == EINTR)
232 goto start;
233 goto nodevrandom;
234 }
235#ifndef O_CLOEXEC
236 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
237#endif
238
239 /* Lightly verify that the device node looks sane */
240 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
241 close(fd);
242 goto nodevrandom;
243 }
244 if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
245 close(fd);
246 goto nodevrandom;
247 }
248 for (i = 0; i < len; ) {
249 size_t wanted = len - i;
250 ssize_t ret = read(fd, (char *)buf + i, wanted);
251
252 if (ret == -1) {
253 if (errno == EAGAIN || errno == EINTR)
254 continue;
255 close(fd);
256 goto nodevrandom;
257 }
258 i += ret;
259 }
260 close(fd);
261 if (gotdata(buf, len) == 0) {
262 errno = save_errno;
263 return (0); /* satisfied */
264 }
265nodevrandom:
266 errno = EIO;
267 return (-1);
268}
269
270#ifdef SYS__sysctl
271static int
272getentropy_sysctl(void *buf, size_t len)
273{
274 static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
275 size_t i;
276 int save_errno = errno;
277
278 for (i = 0; i < len; ) {
279 size_t chunk = min(len - i, 16);
280
281 /* SYS__sysctl because some systems already removed sysctl() */
282 struct __sysctl_args args = {
283 .name = mib,
284 .nlen = 3,
285 .oldval = (char *)buf + i,
286 .oldlenp = &chunk,
287 };
288 if (syscall(SYS__sysctl, &args) != 0)
289 goto sysctlfailed;
290 i += chunk;
291 }
292 if (gotdata(buf, len) == 0) {
293 errno = save_errno;
294 return (0); /* satisfied */
295 }
296sysctlfailed:
297 errno = EIO;
298 return (-1);
299}
300#endif /* SYS__sysctl */
301
302static const int cl[] = {
303 CLOCK_REALTIME,
304#ifdef CLOCK_MONOTONIC
305 CLOCK_MONOTONIC,
306#endif
307#ifdef CLOCK_MONOTONIC_RAW
308 CLOCK_MONOTONIC_RAW,
309#endif
310#ifdef CLOCK_TAI
311 CLOCK_TAI,
312#endif
313#ifdef CLOCK_VIRTUAL
314 CLOCK_VIRTUAL,
315#endif
316#ifdef CLOCK_UPTIME
317 CLOCK_UPTIME,
318#endif
319#ifdef CLOCK_PROCESS_CPUTIME_ID
320 CLOCK_PROCESS_CPUTIME_ID,
321#endif
322#ifdef CLOCK_THREAD_CPUTIME_ID
323 CLOCK_THREAD_CPUTIME_ID,
324#endif
325};
326
327static int
328getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
329{
330 SHA512_CTX *ctx = data;
331
332 SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
333 return (0);
334}
335
336static int
337getentropy_fallback(void *buf, size_t len)
338{
339 uint8_t results[SHA512_DIGEST_LENGTH];
340 int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
341 static int cnt;
342 struct timespec ts;
343 struct timeval tv;
344 struct rusage ru;
345 sigset_t sigset;
346 struct stat st;
347 SHA512_CTX ctx;
348 static pid_t lastpid;
349 pid_t pid;
350 size_t i, ii, m;
351 char *p;
352
353 pid = getpid();
354 if (lastpid == pid) {
355 faster = 1;
356 repeat = 2;
357 } else {
358 faster = 0;
359 lastpid = pid;
360 repeat = REPEAT;
361 }
362 for (i = 0; i < len; ) {
363 int j;
364 SHA512_Init(&ctx);
365 for (j = 0; j < repeat; j++) {
366 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
367 if (e != -1) {
368 cnt += (int)tv.tv_sec;
369 cnt += (int)tv.tv_usec;
370 }
371
372 dl_iterate_phdr(getentropy_phdr, &ctx);
373
374 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
375 HX(clock_gettime(cl[ii], &ts) == -1, ts);
376
377 HX((pid = getpid()) == -1, pid);
378 HX((pid = getsid(pid)) == -1, pid);
379 HX((pid = getppid()) == -1, pid);
380 HX((pid = getpgid(0)) == -1, pid);
381 HX((e = getpriority(0, 0)) == -1, e);
382
383 if (!faster) {
384 ts.tv_sec = 0;
385 ts.tv_nsec = 1;
386 (void) nanosleep(&ts, NULL);
387 }
388
389 HX(sigpending(&sigset) == -1, sigset);
390 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
391 sigset);
392
393 HF(getentropy); /* an addr in this library */
394 HF(printf); /* an addr in libc */
395 p = (char *)&p;
396 HD(p); /* an addr on stack */
397 p = (char *)&errno;
398 HD(p); /* the addr of errno */
399
400 if (i == 0) {
401 struct sockaddr_storage ss;
402 struct statvfs stvfs;
403 struct termios tios;
404 struct statfs stfs;
405 socklen_t ssl;
406 off_t off;
407
408 /*
409 * Prime-sized mappings encourage fragmentation;
410 * thus exposing some address entropy.
411 */
412 struct mm {
413 size_t npg;
414 void *p;
415 } mm[] = {
416 { 17, MAP_FAILED }, { 3, MAP_FAILED },
417 { 11, MAP_FAILED }, { 2, MAP_FAILED },
418 { 5, MAP_FAILED }, { 3, MAP_FAILED },
419 { 7, MAP_FAILED }, { 1, MAP_FAILED },
420 { 57, MAP_FAILED }, { 3, MAP_FAILED },
421 { 131, MAP_FAILED }, { 1, MAP_FAILED },
422 };
423
424 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
425 HX(mm[m].p = mmap(NULL,
426 mm[m].npg * pgs,
427 PROT_READ|PROT_WRITE,
428 MAP_PRIVATE|MAP_ANON, -1,
429 (off_t)0), mm[m].p);
430 if (mm[m].p != MAP_FAILED) {
431 size_t mo;
432
433 /* Touch some memory... */
434 p = mm[m].p;
435 mo = cnt %
436 (mm[m].npg * pgs - 1);
437 p[mo] = 1;
438 cnt += (int)((long)(mm[m].p)
439 / pgs);
440 }
441
442 /* Check cnts and times... */
443 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
444 ii++) {
445 HX((e = clock_gettime(cl[ii],
446 &ts)) == -1, ts);
447 if (e != -1)
448 cnt += (int)ts.tv_nsec;
449 }
450
451 HX((e = getrusage(RUSAGE_SELF,
452 &ru)) == -1, ru);
453 if (e != -1) {
454 cnt += (int)ru.ru_utime.tv_sec;
455 cnt += (int)ru.ru_utime.tv_usec;
456 }
457 }
458
459 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
460 if (mm[m].p != MAP_FAILED)
461 munmap(mm[m].p, mm[m].npg * pgs);
462 mm[m].p = MAP_FAILED;
463 }
464
465 HX(stat(".", &st) == -1, st);
466 HX(statvfs(".", &stvfs) == -1, stvfs);
467 HX(statfs(".", &stfs) == -1, stfs);
468
469 HX(stat("/", &st) == -1, st);
470 HX(statvfs("/", &stvfs) == -1, stvfs);
471 HX(statfs("/", &stfs) == -1, stfs);
472
473 HX((e = fstat(0, &st)) == -1, st);
474 if (e == -1) {
475 if (S_ISREG(st.st_mode) ||
476 S_ISFIFO(st.st_mode) ||
477 S_ISSOCK(st.st_mode)) {
478 HX(fstatvfs(0, &stvfs) == -1,
479 stvfs);
480 HX(fstatfs(0, &stfs) == -1,
481 stfs);
482 HX((off = lseek(0, (off_t)0,
483 SEEK_CUR)) < 0, off);
484 }
485 if (S_ISCHR(st.st_mode)) {
486 HX(tcgetattr(0, &tios) == -1,
487 tios);
488 } else if (S_ISSOCK(st.st_mode)) {
489 memset(&ss, 0, sizeof ss);
490 ssl = sizeof(ss);
491 HX(getpeername(0,
492 (void *)&ss, &ssl) == -1,
493 ss);
494 }
495 }
496
497 HX((e = getrusage(RUSAGE_CHILDREN,
498 &ru)) == -1, ru);
499 if (e != -1) {
500 cnt += (int)ru.ru_utime.tv_sec;
501 cnt += (int)ru.ru_utime.tv_usec;
502 }
503 } else {
504 /* Subsequent hashes absorb previous result */
505 HD(results);
506 }
507
508 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
509 if (e != -1) {
510 cnt += (int)tv.tv_sec;
511 cnt += (int)tv.tv_usec;
512 }
513
514 HD(cnt);
515 }
516#ifdef HAVE_GETAUXVAL
517#ifdef AT_RANDOM
518 /* Not as random as you think but we take what we are given */
519 p = (char *) getauxval(AT_RANDOM);
520 if (p)
521 HR(p, 16);
522#endif
523#ifdef AT_SYSINFO_EHDR
524 p = (char *) getauxval(AT_SYSINFO_EHDR);
525 if (p)
526 HR(p, pgs);
527#endif
528#ifdef AT_BASE
529 p = (char *) getauxval(AT_BASE);
530 if (p)
531 HD(p);
532#endif
533#endif
534
535 SHA512_Final(results, &ctx);
536 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
537 i += min(sizeof(results), len - i);
538 }
539 explicit_bzero(&ctx, sizeof ctx);
540 explicit_bzero(results, sizeof results);
541 if (gotdata(buf, len) == 0) {
542 errno = save_errno;
543 return (0); /* satisfied */
544 }
545 errno = EIO;
546 return (-1);
547}
diff --git a/src/lib/libcrypto/arc4random/getentropy_netbsd.c b/src/lib/libcrypto/arc4random/getentropy_netbsd.c
deleted file mode 100644
index 2a73591f6e..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_netbsd.c
+++ /dev/null
@@ -1,64 +0,0 @@
1/* $OpenBSD: getentropy_netbsd.c,v 1.2 2015/09/11 11:52:55 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
5 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/sysctl.h>
25
26#include <errno.h>
27#include <stddef.h>
28
29/*
30 * Derived from lib/libc/gen/arc4random.c from FreeBSD.
31 */
32static size_t
33getentropy_sysctl(u_char *buf, size_t size)
34{
35 int mib[2];
36 size_t len, done;
37
38 mib[0] = CTL_KERN;
39 mib[1] = KERN_ARND;
40 done = 0;
41
42 do {
43 len = size;
44 if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
45 return (done);
46 done += len;
47 buf += len;
48 size -= len;
49 } while (size > 0);
50
51 return (done);
52}
53
54int
55getentropy(void *buf, size_t len)
56{
57 if (len <= 256 &&
58 getentropy_sysctl(buf, len) == len) {
59 return (0);
60 }
61
62 errno = EIO;
63 return (-1);
64}
diff --git a/src/lib/libcrypto/arc4random/getentropy_osx.c b/src/lib/libcrypto/arc4random/getentropy_osx.c
deleted file mode 100644
index e2dc916474..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_osx.c
+++ /dev/null
@@ -1,429 +0,0 @@
1/* $OpenBSD: getentropy_osx.c,v 1.9 2015/09/11 11:52:55 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/param.h>
25#include <sys/ioctl.h>
26#include <sys/resource.h>
27#include <sys/syscall.h>
28#include <sys/sysctl.h>
29#include <sys/statvfs.h>
30#include <sys/socket.h>
31#include <sys/mount.h>
32#include <sys/mman.h>
33#include <sys/stat.h>
34#include <sys/time.h>
35#include <stdlib.h>
36#include <stdint.h>
37#include <stdio.h>
38#include <termios.h>
39#include <fcntl.h>
40#include <signal.h>
41#include <string.h>
42#include <errno.h>
43#include <unistd.h>
44#include <time.h>
45#include <mach/mach_time.h>
46#include <mach/mach_host.h>
47#include <mach/host_info.h>
48#include <sys/socketvar.h>
49#include <sys/vmmeter.h>
50#include <netinet/in.h>
51#include <netinet/tcp.h>
52#include <netinet/udp.h>
53#include <netinet/ip_var.h>
54#include <netinet/tcp_var.h>
55#include <netinet/udp_var.h>
56#include <CommonCrypto/CommonDigest.h>
57#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c)))
58#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
59#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
60#define SHA512_CTX CC_SHA512_CTX
61#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH
62
63#define REPEAT 5
64#define min(a, b) (((a) < (b)) ? (a) : (b))
65
66#define HX(a, b) \
67 do { \
68 if ((a)) \
69 HD(errno); \
70 else \
71 HD(b); \
72 } while (0)
73
74#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
75#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
76#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
77
78int getentropy(void *buf, size_t len);
79
80static int gotdata(char *buf, size_t len);
81static int getentropy_urandom(void *buf, size_t len);
82static int getentropy_fallback(void *buf, size_t len);
83
84int
85getentropy(void *buf, size_t len)
86{
87 int ret = -1;
88
89 if (len > 256) {
90 errno = EIO;
91 return (-1);
92 }
93
94 /*
95 * Try to get entropy with /dev/urandom
96 *
97 * This can fail if the process is inside a chroot or if file
98 * descriptors are exhausted.
99 */
100 ret = getentropy_urandom(buf, len);
101 if (ret != -1)
102 return (ret);
103
104 /*
105 * Entropy collection via /dev/urandom and sysctl have failed.
106 *
107 * No other API exists for collecting entropy, and we have
108 * no failsafe way to get it on OSX that is not sensitive
109 * to resource exhaustion.
110 *
111 * We have very few options:
112 * - Even syslog_r is unsafe to call at this low level, so
113 * there is no way to alert the user or program.
114 * - Cannot call abort() because some systems have unsafe
115 * corefiles.
116 * - Could raise(SIGKILL) resulting in silent program termination.
117 * - Return EIO, to hint that arc4random's stir function
118 * should raise(SIGKILL)
119 * - Do the best under the circumstances....
120 *
121 * This code path exists to bring light to the issue that OSX
122 * does not provide a failsafe API for entropy collection.
123 *
124 * We hope this demonstrates that OSX should consider
125 * providing a new failsafe API which works in a chroot or
126 * when file descriptors are exhausted.
127 */
128#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
129#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
130 raise(SIGKILL);
131#endif
132 ret = getentropy_fallback(buf, len);
133 if (ret != -1)
134 return (ret);
135
136 errno = EIO;
137 return (ret);
138}
139
140/*
141 * Basic sanity checking; wish we could do better.
142 */
143static int
144gotdata(char *buf, size_t len)
145{
146 char any_set = 0;
147 size_t i;
148
149 for (i = 0; i < len; ++i)
150 any_set |= buf[i];
151 if (any_set == 0)
152 return (-1);
153 return (0);
154}
155
156static int
157getentropy_urandom(void *buf, size_t len)
158{
159 struct stat st;
160 size_t i;
161 int fd, flags;
162 int save_errno = errno;
163
164start:
165
166 flags = O_RDONLY;
167#ifdef O_NOFOLLOW
168 flags |= O_NOFOLLOW;
169#endif
170#ifdef O_CLOEXEC
171 flags |= O_CLOEXEC;
172#endif
173 fd = open("/dev/urandom", flags, 0);
174 if (fd == -1) {
175 if (errno == EINTR)
176 goto start;
177 goto nodevrandom;
178 }
179#ifndef O_CLOEXEC
180 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
181#endif
182
183 /* Lightly verify that the device node looks sane */
184 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
185 close(fd);
186 goto nodevrandom;
187 }
188 for (i = 0; i < len; ) {
189 size_t wanted = len - i;
190 ssize_t ret = read(fd, (char *)buf + i, wanted);
191
192 if (ret == -1) {
193 if (errno == EAGAIN || errno == EINTR)
194 continue;
195 close(fd);
196 goto nodevrandom;
197 }
198 i += ret;
199 }
200 close(fd);
201 if (gotdata(buf, len) == 0) {
202 errno = save_errno;
203 return (0); /* satisfied */
204 }
205nodevrandom:
206 errno = EIO;
207 return (-1);
208}
209
210static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
211static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
212static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
213static int kmib[] = { CTL_KERN, KERN_USRSTACK };
214static int hwmib[] = { CTL_HW, HW_USERMEM };
215
216static int
217getentropy_fallback(void *buf, size_t len)
218{
219 uint8_t results[SHA512_DIGEST_LENGTH];
220 int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
221 static int cnt;
222 struct timespec ts;
223 struct timeval tv;
224 struct rusage ru;
225 sigset_t sigset;
226 struct stat st;
227 SHA512_CTX ctx;
228 static pid_t lastpid;
229 pid_t pid;
230 size_t i, ii, m;
231 char *p;
232 struct tcpstat tcpstat;
233 struct udpstat udpstat;
234 struct ipstat ipstat;
235 u_int64_t mach_time;
236 unsigned int idata;
237 void *addr;
238
239 pid = getpid();
240 if (lastpid == pid) {
241 faster = 1;
242 repeat = 2;
243 } else {
244 faster = 0;
245 lastpid = pid;
246 repeat = REPEAT;
247 }
248 for (i = 0; i < len; ) {
249 int j;
250 SHA512_Init(&ctx);
251 for (j = 0; j < repeat; j++) {
252 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
253 if (e != -1) {
254 cnt += (int)tv.tv_sec;
255 cnt += (int)tv.tv_usec;
256 }
257
258 mach_time = mach_absolute_time();
259 HD(mach_time);
260
261 ii = sizeof(addr);
262 HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
263 &addr, &ii, NULL, 0) == -1, addr);
264
265 ii = sizeof(idata);
266 HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
267 &idata, &ii, NULL, 0) == -1, idata);
268
269 ii = sizeof(tcpstat);
270 HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
271 &tcpstat, &ii, NULL, 0) == -1, tcpstat);
272
273 ii = sizeof(udpstat);
274 HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
275 &udpstat, &ii, NULL, 0) == -1, udpstat);
276
277 ii = sizeof(ipstat);
278 HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
279 &ipstat, &ii, NULL, 0) == -1, ipstat);
280
281 HX((pid = getpid()) == -1, pid);
282 HX((pid = getsid(pid)) == -1, pid);
283 HX((pid = getppid()) == -1, pid);
284 HX((pid = getpgid(0)) == -1, pid);
285 HX((e = getpriority(0, 0)) == -1, e);
286
287 if (!faster) {
288 ts.tv_sec = 0;
289 ts.tv_nsec = 1;
290 (void) nanosleep(&ts, NULL);
291 }
292
293 HX(sigpending(&sigset) == -1, sigset);
294 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
295 sigset);
296
297 HF(getentropy); /* an addr in this library */
298 HF(printf); /* an addr in libc */
299 p = (char *)&p;
300 HD(p); /* an addr on stack */
301 p = (char *)&errno;
302 HD(p); /* the addr of errno */
303
304 if (i == 0) {
305 struct sockaddr_storage ss;
306 struct statvfs stvfs;
307 struct termios tios;
308 struct statfs stfs;
309 socklen_t ssl;
310 off_t off;
311
312 /*
313 * Prime-sized mappings encourage fragmentation;
314 * thus exposing some address entropy.
315 */
316 struct mm {
317 size_t npg;
318 void *p;
319 } mm[] = {
320 { 17, MAP_FAILED }, { 3, MAP_FAILED },
321 { 11, MAP_FAILED }, { 2, MAP_FAILED },
322 { 5, MAP_FAILED }, { 3, MAP_FAILED },
323 { 7, MAP_FAILED }, { 1, MAP_FAILED },
324 { 57, MAP_FAILED }, { 3, MAP_FAILED },
325 { 131, MAP_FAILED }, { 1, MAP_FAILED },
326 };
327
328 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
329 HX(mm[m].p = mmap(NULL,
330 mm[m].npg * pgs,
331 PROT_READ|PROT_WRITE,
332 MAP_PRIVATE|MAP_ANON, -1,
333 (off_t)0), mm[m].p);
334 if (mm[m].p != MAP_FAILED) {
335 size_t mo;
336
337 /* Touch some memory... */
338 p = mm[m].p;
339 mo = cnt %
340 (mm[m].npg * pgs - 1);
341 p[mo] = 1;
342 cnt += (int)((long)(mm[m].p)
343 / pgs);
344 }
345
346 /* Check cnts and times... */
347 mach_time = mach_absolute_time();
348 HD(mach_time);
349 cnt += (int)mach_time;
350
351 HX((e = getrusage(RUSAGE_SELF,
352 &ru)) == -1, ru);
353 if (e != -1) {
354 cnt += (int)ru.ru_utime.tv_sec;
355 cnt += (int)ru.ru_utime.tv_usec;
356 }
357 }
358
359 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
360 if (mm[m].p != MAP_FAILED)
361 munmap(mm[m].p, mm[m].npg * pgs);
362 mm[m].p = MAP_FAILED;
363 }
364
365 HX(stat(".", &st) == -1, st);
366 HX(statvfs(".", &stvfs) == -1, stvfs);
367 HX(statfs(".", &stfs) == -1, stfs);
368
369 HX(stat("/", &st) == -1, st);
370 HX(statvfs("/", &stvfs) == -1, stvfs);
371 HX(statfs("/", &stfs) == -1, stfs);
372
373 HX((e = fstat(0, &st)) == -1, st);
374 if (e == -1) {
375 if (S_ISREG(st.st_mode) ||
376 S_ISFIFO(st.st_mode) ||
377 S_ISSOCK(st.st_mode)) {
378 HX(fstatvfs(0, &stvfs) == -1,
379 stvfs);
380 HX(fstatfs(0, &stfs) == -1,
381 stfs);
382 HX((off = lseek(0, (off_t)0,
383 SEEK_CUR)) < 0, off);
384 }
385 if (S_ISCHR(st.st_mode)) {
386 HX(tcgetattr(0, &tios) == -1,
387 tios);
388 } else if (S_ISSOCK(st.st_mode)) {
389 memset(&ss, 0, sizeof ss);
390 ssl = sizeof(ss);
391 HX(getpeername(0,
392 (void *)&ss, &ssl) == -1,
393 ss);
394 }
395 }
396
397 HX((e = getrusage(RUSAGE_CHILDREN,
398 &ru)) == -1, ru);
399 if (e != -1) {
400 cnt += (int)ru.ru_utime.tv_sec;
401 cnt += (int)ru.ru_utime.tv_usec;
402 }
403 } else {
404 /* Subsequent hashes absorb previous result */
405 HD(results);
406 }
407
408 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
409 if (e != -1) {
410 cnt += (int)tv.tv_sec;
411 cnt += (int)tv.tv_usec;
412 }
413
414 HD(cnt);
415 }
416
417 SHA512_Final(results, &ctx);
418 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
419 i += min(sizeof(results), len - i);
420 }
421 explicit_bzero(&ctx, sizeof ctx);
422 explicit_bzero(results, sizeof results);
423 if (gotdata(buf, len) == 0) {
424 errno = save_errno;
425 return (0); /* satisfied */
426 }
427 errno = EIO;
428 return (-1);
429}
diff --git a/src/lib/libcrypto/arc4random/getentropy_solaris.c b/src/lib/libcrypto/arc4random/getentropy_solaris.c
deleted file mode 100644
index 53ce742fac..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_solaris.c
+++ /dev/null
@@ -1,445 +0,0 @@
1/* $OpenBSD: getentropy_solaris.c,v 1.11 2015/09/11 11:52:55 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/param.h>
25#include <sys/ioctl.h>
26#include <sys/resource.h>
27#include <sys/syscall.h>
28#include <sys/statvfs.h>
29#include <sys/socket.h>
30#include <sys/mount.h>
31#include <sys/mman.h>
32#include <sys/stat.h>
33#include <sys/time.h>
34#include <stdlib.h>
35#include <stdint.h>
36#include <stdio.h>
37#include <link.h>
38#include <termios.h>
39#include <fcntl.h>
40#include <signal.h>
41#include <string.h>
42#include <errno.h>
43#include <unistd.h>
44#include <time.h>
45#include <sys/sha2.h>
46#define SHA512_Init SHA512Init
47#define SHA512_Update SHA512Update
48#define SHA512_Final SHA512Final
49
50#include <sys/vfs.h>
51#include <sys/statfs.h>
52#include <sys/loadavg.h>
53
54#define REPEAT 5
55#define min(a, b) (((a) < (b)) ? (a) : (b))
56
57#define HX(a, b) \
58 do { \
59 if ((a)) \
60 HD(errno); \
61 else \
62 HD(b); \
63 } while (0)
64
65#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
66#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
67#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
68
69int getentropy(void *buf, size_t len);
70
71static int gotdata(char *buf, size_t len);
72static int getentropy_urandom(void *buf, size_t len, const char *path,
73 int devfscheck);
74static int getentropy_fallback(void *buf, size_t len);
75static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
76
77int
78getentropy(void *buf, size_t len)
79{
80 int ret = -1;
81
82 if (len > 256) {
83 errno = EIO;
84 return (-1);
85 }
86
87 /*
88 * Try to get entropy with /dev/urandom
89 *
90 * Solaris provides /dev/urandom as a symbolic link to
91 * /devices/pseudo/random@0:urandom which is provided by
92 * a devfs filesystem. Best practice is to use O_NOFOLLOW,
93 * so we must try the unpublished name directly.
94 *
95 * This can fail if the process is inside a chroot which lacks
96 * the devfs mount, or if file descriptors are exhausted.
97 */
98 ret = getentropy_urandom(buf, len,
99 "/devices/pseudo/random@0:urandom", 1);
100 if (ret != -1)
101 return (ret);
102
103 /*
104 * Unfortunately, chroot spaces on Solaris are sometimes setup
105 * with direct device node of the well-known /dev/urandom name
106 * (perhaps to avoid dragging all of devfs into the space).
107 *
108 * This can fail if the process is inside a chroot or if file
109 * descriptors are exhausted.
110 */
111 ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
112 if (ret != -1)
113 return (ret);
114
115 /*
116 * Entropy collection via /dev/urandom has failed.
117 *
118 * No other API exists for collecting entropy, and we have
119 * no failsafe way to get it on Solaris that is not sensitive
120 * to resource exhaustion.
121 *
122 * We have very few options:
123 * - Even syslog_r is unsafe to call at this low level, so
124 * there is no way to alert the user or program.
125 * - Cannot call abort() because some systems have unsafe
126 * corefiles.
127 * - Could raise(SIGKILL) resulting in silent program termination.
128 * - Return EIO, to hint that arc4random's stir function
129 * should raise(SIGKILL)
130 * - Do the best under the circumstances....
131 *
132 * This code path exists to bring light to the issue that Solaris
133 * does not provide a failsafe API for entropy collection.
134 *
135 * We hope this demonstrates that Solaris should consider
136 * providing a new failsafe API which works in a chroot or
137 * when file descriptors are exhausted.
138 */
139#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
140#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
141 raise(SIGKILL);
142#endif
143 ret = getentropy_fallback(buf, len);
144 if (ret != -1)
145 return (ret);
146
147 errno = EIO;
148 return (ret);
149}
150
151/*
152 * Basic sanity checking; wish we could do better.
153 */
154static int
155gotdata(char *buf, size_t len)
156{
157 char any_set = 0;
158 size_t i;
159
160 for (i = 0; i < len; ++i)
161 any_set |= buf[i];
162 if (any_set == 0)
163 return (-1);
164 return (0);
165}
166
167static int
168getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
169{
170 struct stat st;
171 size_t i;
172 int fd, flags;
173 int save_errno = errno;
174
175start:
176
177 flags = O_RDONLY;
178#ifdef O_NOFOLLOW
179 flags |= O_NOFOLLOW;
180#endif
181#ifdef O_CLOEXEC
182 flags |= O_CLOEXEC;
183#endif
184 fd = open(path, flags, 0);
185 if (fd == -1) {
186 if (errno == EINTR)
187 goto start;
188 goto nodevrandom;
189 }
190#ifndef O_CLOEXEC
191 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
192#endif
193
194 /* Lightly verify that the device node looks sane */
195 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) ||
196 (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) {
197 close(fd);
198 goto nodevrandom;
199 }
200 for (i = 0; i < len; ) {
201 size_t wanted = len - i;
202 ssize_t ret = read(fd, (char *)buf + i, wanted);
203
204 if (ret == -1) {
205 if (errno == EAGAIN || errno == EINTR)
206 continue;
207 close(fd);
208 goto nodevrandom;
209 }
210 i += ret;
211 }
212 close(fd);
213 if (gotdata(buf, len) == 0) {
214 errno = save_errno;
215 return (0); /* satisfied */
216 }
217nodevrandom:
218 errno = EIO;
219 return (-1);
220}
221
222static const int cl[] = {
223 CLOCK_REALTIME,
224#ifdef CLOCK_MONOTONIC
225 CLOCK_MONOTONIC,
226#endif
227#ifdef CLOCK_MONOTONIC_RAW
228 CLOCK_MONOTONIC_RAW,
229#endif
230#ifdef CLOCK_TAI
231 CLOCK_TAI,
232#endif
233#ifdef CLOCK_VIRTUAL
234 CLOCK_VIRTUAL,
235#endif
236#ifdef CLOCK_UPTIME
237 CLOCK_UPTIME,
238#endif
239#ifdef CLOCK_PROCESS_CPUTIME_ID
240 CLOCK_PROCESS_CPUTIME_ID,
241#endif
242#ifdef CLOCK_THREAD_CPUTIME_ID
243 CLOCK_THREAD_CPUTIME_ID,
244#endif
245};
246
247static int
248getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
249{
250 SHA512_CTX *ctx = data;
251
252 SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
253 return (0);
254}
255
256static int
257getentropy_fallback(void *buf, size_t len)
258{
259 uint8_t results[SHA512_DIGEST_LENGTH];
260 int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
261 static int cnt;
262 struct timespec ts;
263 struct timeval tv;
264 double loadavg[3];
265 struct rusage ru;
266 sigset_t sigset;
267 struct stat st;
268 SHA512_CTX ctx;
269 static pid_t lastpid;
270 pid_t pid;
271 size_t i, ii, m;
272 char *p;
273
274 pid = getpid();
275 if (lastpid == pid) {
276 faster = 1;
277 repeat = 2;
278 } else {
279 faster = 0;
280 lastpid = pid;
281 repeat = REPEAT;
282 }
283 for (i = 0; i < len; ) {
284 int j;
285 SHA512_Init(&ctx);
286 for (j = 0; j < repeat; j++) {
287 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
288 if (e != -1) {
289 cnt += (int)tv.tv_sec;
290 cnt += (int)tv.tv_usec;
291 }
292
293 dl_iterate_phdr(getentropy_phdr, &ctx);
294
295 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
296 HX(clock_gettime(cl[ii], &ts) == -1, ts);
297
298 HX((pid = getpid()) == -1, pid);
299 HX((pid = getsid(pid)) == -1, pid);
300 HX((pid = getppid()) == -1, pid);
301 HX((pid = getpgid(0)) == -1, pid);
302 HX((e = getpriority(0, 0)) == -1, e);
303 HX((getloadavg(loadavg, 3) == -1), loadavg);
304
305 if (!faster) {
306 ts.tv_sec = 0;
307 ts.tv_nsec = 1;
308 (void) nanosleep(&ts, NULL);
309 }
310
311 HX(sigpending(&sigset) == -1, sigset);
312 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
313 sigset);
314
315 HF(getentropy); /* an addr in this library */
316 HF(printf); /* an addr in libc */
317 p = (char *)&p;
318 HD(p); /* an addr on stack */
319 p = (char *)&errno;
320 HD(p); /* the addr of errno */
321
322 if (i == 0) {
323 struct sockaddr_storage ss;
324 struct statvfs stvfs;
325 struct termios tios;
326 socklen_t ssl;
327 off_t off;
328
329 /*
330 * Prime-sized mappings encourage fragmentation;
331 * thus exposing some address entropy.
332 */
333 struct mm {
334 size_t npg;
335 void *p;
336 } mm[] = {
337 { 17, MAP_FAILED }, { 3, MAP_FAILED },
338 { 11, MAP_FAILED }, { 2, MAP_FAILED },
339 { 5, MAP_FAILED }, { 3, MAP_FAILED },
340 { 7, MAP_FAILED }, { 1, MAP_FAILED },
341 { 57, MAP_FAILED }, { 3, MAP_FAILED },
342 { 131, MAP_FAILED }, { 1, MAP_FAILED },
343 };
344
345 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
346 HX(mm[m].p = mmap(NULL,
347 mm[m].npg * pgs,
348 PROT_READ|PROT_WRITE,
349 MAP_PRIVATE|MAP_ANON, -1,
350 (off_t)0), mm[m].p);
351 if (mm[m].p != MAP_FAILED) {
352 size_t mo;
353
354 /* Touch some memory... */
355 p = mm[m].p;
356 mo = cnt %
357 (mm[m].npg * pgs - 1);
358 p[mo] = 1;
359 cnt += (int)((long)(mm[m].p)
360 / pgs);
361 }
362
363 /* Check cnts and times... */
364 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
365 ii++) {
366 HX((e = clock_gettime(cl[ii],
367 &ts)) == -1, ts);
368 if (e != -1)
369 cnt += (int)ts.tv_nsec;
370 }
371
372 HX((e = getrusage(RUSAGE_SELF,
373 &ru)) == -1, ru);
374 if (e != -1) {
375 cnt += (int)ru.ru_utime.tv_sec;
376 cnt += (int)ru.ru_utime.tv_usec;
377 }
378 }
379
380 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
381 if (mm[m].p != MAP_FAILED)
382 munmap(mm[m].p, mm[m].npg * pgs);
383 mm[m].p = MAP_FAILED;
384 }
385
386 HX(stat(".", &st) == -1, st);
387 HX(statvfs(".", &stvfs) == -1, stvfs);
388
389 HX(stat("/", &st) == -1, st);
390 HX(statvfs("/", &stvfs) == -1, stvfs);
391
392 HX((e = fstat(0, &st)) == -1, st);
393 if (e == -1) {
394 if (S_ISREG(st.st_mode) ||
395 S_ISFIFO(st.st_mode) ||
396 S_ISSOCK(st.st_mode)) {
397 HX(fstatvfs(0, &stvfs) == -1,
398 stvfs);
399 HX((off = lseek(0, (off_t)0,
400 SEEK_CUR)) < 0, off);
401 }
402 if (S_ISCHR(st.st_mode)) {
403 HX(tcgetattr(0, &tios) == -1,
404 tios);
405 } else if (S_ISSOCK(st.st_mode)) {
406 memset(&ss, 0, sizeof ss);
407 ssl = sizeof(ss);
408 HX(getpeername(0,
409 (void *)&ss, &ssl) == -1,
410 ss);
411 }
412 }
413
414 HX((e = getrusage(RUSAGE_CHILDREN,
415 &ru)) == -1, ru);
416 if (e != -1) {
417 cnt += (int)ru.ru_utime.tv_sec;
418 cnt += (int)ru.ru_utime.tv_usec;
419 }
420 } else {
421 /* Subsequent hashes absorb previous result */
422 HD(results);
423 }
424
425 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
426 if (e != -1) {
427 cnt += (int)tv.tv_sec;
428 cnt += (int)tv.tv_usec;
429 }
430
431 HD(cnt);
432 }
433 SHA512_Final(results, &ctx);
434 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
435 i += min(sizeof(results), len - i);
436 }
437 explicit_bzero(&ctx, sizeof ctx);
438 explicit_bzero(results, sizeof results);
439 if (gotdata(buf, len) == 0) {
440 errno = save_errno;
441 return (0); /* satisfied */
442 }
443 errno = EIO;
444 return (-1);
445}
diff --git a/src/lib/libcrypto/arc4random/getentropy_win.c b/src/lib/libcrypto/arc4random/getentropy_win.c
deleted file mode 100644
index 2e89b12205..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_win.c
+++ /dev/null
@@ -1,59 +0,0 @@
1/* $OpenBSD: getentropy_win.c,v 1.4 2015/09/11 11:52:55 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014, Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
21 */
22
23#include <windows.h>
24#include <errno.h>
25#include <stdint.h>
26#include <sys/types.h>
27#include <wincrypt.h>
28#include <process.h>
29
30int getentropy(void *buf, size_t len);
31
32/*
33 * On Windows, CryptGenRandom is supposed to be a well-seeded
34 * cryptographically strong random number generator.
35 */
36int
37getentropy(void *buf, size_t len)
38{
39 HCRYPTPROV provider;
40
41 if (len > 256) {
42 errno = EIO;
43 return (-1);
44 }
45
46 if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
47 CRYPT_VERIFYCONTEXT) == 0)
48 goto fail;
49 if (CryptGenRandom(provider, len, buf) == 0) {
50 CryptReleaseContext(provider, 0);
51 goto fail;
52 }
53 CryptReleaseContext(provider, 0);
54 return (0);
55
56fail:
57 errno = EIO;
58 return (-1);
59}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-10 06:59:24 +0000