summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/arc4random
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/arc4random')
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_aix.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_freebsd.h87
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_hpux.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_linux.h88
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_netbsd.h87
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_osx.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_solaris.h81
-rw-r--r--src/lib/libcrypto/arc4random/arc4random_win.h78
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_aix.c402
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_freebsd.c60
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_hpux.c396
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_linux.c525
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_netbsd.c62
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_osx.c417
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_solaris.c422
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_win.c50
16 files changed, 0 insertions, 2998 deletions
diff --git a/src/lib/libcrypto/arc4random/arc4random_aix.h b/src/lib/libcrypto/arc4random/arc4random_aix.h
deleted file mode 100644
index 3142a1f278..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_aix.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_freebsd.h b/src/lib/libcrypto/arc4random/arc4random_freebsd.h
deleted file mode 100644
index 3faa5e4d31..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_freebsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
1/* $OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35/*
36 * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
37 * a program does not link to -lthr. Callbacks registered with pthread_atfork()
38 * appear to fail silently. So, it is not always possible to detect a PID
39 * wraparound.
40 */
41#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
42
43static inline void
44_getentropy_fail(void)
45{
46 raise(SIGKILL);
47}
48
49static volatile sig_atomic_t _rs_forked;
50
51static inline void
52_rs_forkhandler(void)
53{
54 _rs_forked = 1;
55}
56
57static inline void
58_rs_forkdetect(void)
59{
60 static pid_t _rs_pid = 0;
61 pid_t pid = getpid();
62
63 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
64 _rs_pid = pid;
65 _rs_forked = 0;
66 if (rs)
67 memset(rs, 0, sizeof(*rs));
68 }
69}
70
71static inline int
72_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
73{
74 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
75 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
76 return (-1);
77
78 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
79 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
80 munmap(*rsp, sizeof(**rsp));
81 *rsp = NULL;
82 return (-1);
83 }
84
85 _ARC4_ATFORK(_rs_forkhandler);
86 return (0);
87}
diff --git a/src/lib/libcrypto/arc4random/arc4random_hpux.h b/src/lib/libcrypto/arc4random/arc4random_hpux.h
deleted file mode 100644
index 2a3fe8c611..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_hpux.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_linux.h b/src/lib/libcrypto/arc4random/arc4random_linux.h
deleted file mode 100644
index 5e1cf34e6e..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_linux.h
+++ /dev/null
@@ -1,88 +0,0 @@
1/* $OpenBSD: arc4random_linux.h,v 1.12 2019/07/11 10:37:28 inoguchi Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#if defined(__GLIBC__) && !(defined(__UCLIBC__) && !defined(__ARCH_USE_MMU__))
36extern void *__dso_handle;
37extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
38#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle)
39#else
40#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
41#endif
42
43static inline void
44_getentropy_fail(void)
45{
46 raise(SIGKILL);
47}
48
49static volatile sig_atomic_t _rs_forked;
50
51static inline void
52_rs_forkhandler(void)
53{
54 _rs_forked = 1;
55}
56
57static inline void
58_rs_forkdetect(void)
59{
60 static pid_t _rs_pid = 0;
61 pid_t pid = getpid();
62
63 /* XXX unusual calls to clone() can bypass checks */
64 if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) {
65 _rs_pid = pid;
66 _rs_forked = 0;
67 if (rs)
68 memset(rs, 0, sizeof(*rs));
69 }
70}
71
72static inline int
73_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
74{
75 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
76 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
77 return (-1);
78
79 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
80 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
81 munmap(*rsp, sizeof(**rsp));
82 *rsp = NULL;
83 return (-1);
84 }
85
86 _ARC4_ATFORK(_rs_forkhandler);
87 return (0);
88}
diff --git a/src/lib/libcrypto/arc4random/arc4random_netbsd.h b/src/lib/libcrypto/arc4random/arc4random_netbsd.h
deleted file mode 100644
index 611997d54d..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_netbsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
1/* $OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35/*
36 * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
37 * a program does not link to -lthr. Callbacks registered with pthread_atfork()
38 * appear to fail silently. So, it is not always possible to detect a PID
39 * wraparound.
40 */
41#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
42
43static inline void
44_getentropy_fail(void)
45{
46 raise(SIGKILL);
47}
48
49static volatile sig_atomic_t _rs_forked;
50
51static inline void
52_rs_forkhandler(void)
53{
54 _rs_forked = 1;
55}
56
57static inline void
58_rs_forkdetect(void)
59{
60 static pid_t _rs_pid = 0;
61 pid_t pid = getpid();
62
63 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
64 _rs_pid = pid;
65 _rs_forked = 0;
66 if (rs)
67 memset(rs, 0, sizeof(*rs));
68 }
69}
70
71static inline int
72_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
73{
74 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
75 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
76 return (-1);
77
78 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
79 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
80 munmap(*rsp, sizeof(**rsp));
81 *rsp = NULL;
82 return (-1);
83 }
84
85 _ARC4_ATFORK(_rs_forkhandler);
86 return (0);
87}
diff --git a/src/lib/libcrypto/arc4random/arc4random_osx.h b/src/lib/libcrypto/arc4random/arc4random_osx.h
deleted file mode 100644
index 818ae6bbf4..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_osx.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_solaris.h b/src/lib/libcrypto/arc4random/arc4random_solaris.h
deleted file mode 100644
index b1084cda08..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_solaris.h
+++ /dev/null
@@ -1,81 +0,0 @@
1/* $OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <sys/mman.h>
27
28#include <pthread.h>
29#include <signal.h>
30
31static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
32#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx)
33#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
34
35#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
36
37static inline void
38_getentropy_fail(void)
39{
40 raise(SIGKILL);
41}
42
43static volatile sig_atomic_t _rs_forked;
44
45static inline void
46_rs_forkhandler(void)
47{
48 _rs_forked = 1;
49}
50
51static inline void
52_rs_forkdetect(void)
53{
54 static pid_t _rs_pid = 0;
55 pid_t pid = getpid();
56
57 if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
58 _rs_pid = pid;
59 _rs_forked = 0;
60 if (rs)
61 memset(rs, 0, sizeof(*rs));
62 }
63}
64
65static inline int
66_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
67{
68 if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
69 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
70 return (-1);
71
72 if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
73 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
74 munmap(*rsp, sizeof(**rsp));
75 *rsp = NULL;
76 return (-1);
77 }
78
79 _ARC4_ATFORK(_rs_forkhandler);
80 return (0);
81}
diff --git a/src/lib/libcrypto/arc4random/arc4random_win.h b/src/lib/libcrypto/arc4random/arc4random_win.h
deleted file mode 100644
index deec8a1efe..0000000000
--- a/src/lib/libcrypto/arc4random/arc4random_win.h
+++ /dev/null
@@ -1,78 +0,0 @@
1/* $OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25
26#include <windows.h>
27
28static volatile HANDLE arc4random_mtx = NULL;
29
30/*
31 * Initialize the mutex on the first lock attempt. On collision, each thread
32 * will attempt to allocate a mutex and compare-and-swap it into place as the
33 * global mutex. On failure to swap in the global mutex, the mutex is closed.
34 */
35#define _ARC4_LOCK() { \
36 if (!arc4random_mtx) { \
37 HANDLE p = CreateMutex(NULL, FALSE, NULL); \
38 if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \
39 CloseHandle(p); \
40 } \
41 WaitForSingleObject(arc4random_mtx, INFINITE); \
42} \
43
44#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx)
45
46static inline void
47_getentropy_fail(void)
48{
49 TerminateProcess(GetCurrentProcess(), 0);
50}
51
52static inline int
53_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
54{
55 *rsp = VirtualAlloc(NULL, sizeof(**rsp),
56 MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
57 if (*rsp == NULL)
58 return (-1);
59
60 *rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
61 MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
62 if (*rsxp == NULL) {
63 VirtualFree(*rsp, 0, MEM_RELEASE);
64 *rsp = NULL;
65 return (-1);
66 }
67 return (0);
68}
69
70static inline void
71_rs_forkhandler(void)
72{
73}
74
75static inline void
76_rs_forkdetect(void)
77{
78}
diff --git a/src/lib/libcrypto/arc4random/getentropy_aix.c b/src/lib/libcrypto/arc4random/getentropy_aix.c
deleted file mode 100644
index 9d085cf503..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_aix.c
+++ /dev/null
@@ -1,402 +0,0 @@
1/* $OpenBSD: getentropy_aix.c,v 1.9 2022/12/26 07:18:50 jmc Exp $ */
2
3/*
4 * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
5 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
6 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 *
20 * Emulation of getentropy(2) as documented at:
21 * http://man.openbsd.org/getentropy.2
22 */
23/*
24 * -lperfstat is needed for the pseudo entropy data
25 */
26
27#include <sys/mman.h>
28#include <sys/procfs.h>
29#include <sys/protosw.h>
30#include <sys/resource.h>
31#include <sys/socket.h>
32#include <sys/stat.h>
33#include <sys/statvfs.h>
34#include <sys/timers.h>
35#include <errno.h>
36#include <fcntl.h>
37#include <signal.h>
38#include <stdio.h>
39#include <string.h>
40#include <termios.h>
41
42#include <openssl/sha.h>
43
44#include <libperfstat.h>
45
46#define REPEAT 5
47#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
48
49#define HX(a, b) \
50 do { \
51 if ((a)) \
52 HD(errno); \
53 else \
54 HD(b); \
55 } while (0)
56
57#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
58#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
59#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
60
61int getentropy(void *buf, size_t len);
62
63static int getentropy_urandom(void *buf, size_t len, const char *path,
64 int devfscheck);
65static int getentropy_fallback(void *buf, size_t len);
66
67int
68getentropy(void *buf, size_t len)
69{
70 int ret = -1;
71
72 if (len > 256) {
73 errno = EIO;
74 return (-1);
75 }
76
77 /*
78 * Try to get entropy with /dev/urandom
79 */
80 ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
81 if (ret != -1)
82 return (ret);
83
84 /*
85 * Entropy collection via /dev/urandom has failed.
86 *
87 * No other API exists for collecting entropy, and we have
88 * no failsafe way to get it on AIX that is not sensitive
89 * to resource exhaustion.
90 *
91 * We have very few options:
92 * - Even syslog_r is unsafe to call at this low level, so
93 * there is no way to alert the user or program.
94 * - Cannot call abort() because some systems have unsafe
95 * corefiles.
96 * - Could raise(SIGKILL) resulting in silent program termination.
97 * - Return EIO, to hint that arc4random's stir function
98 * should raise(SIGKILL)
99 * - Do the best under the circumstances....
100 *
101 * This code path exists to bring light to the issue that AIX
102 * does not provide a failsafe API for entropy collection.
103 *
104 * We hope this demonstrates that AIX should consider
105 * providing a new failsafe API which works in a chroot or
106 * when file descriptors are exhausted.
107 */
108#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
109#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
110 raise(SIGKILL);
111#endif
112 ret = getentropy_fallback(buf, len);
113 if (ret != -1)
114 return (ret);
115
116 errno = EIO;
117 return (ret);
118}
119
120static int
121getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
122{
123 struct stat st;
124 size_t i;
125 int fd, flags;
126 int save_errno = errno;
127
128start:
129
130 flags = O_RDONLY;
131#ifdef O_NOFOLLOW
132 flags |= O_NOFOLLOW;
133#endif
134#ifdef O_CLOEXEC
135 flags |= O_CLOEXEC;
136#endif
137 fd = open(path, flags);
138 if (fd == -1) {
139 if (errno == EINTR)
140 goto start;
141 goto nodevrandom;
142 }
143#ifndef O_CLOEXEC
144 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
145#endif
146
147 /* Lightly verify that the device node looks sane */
148 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
149 close(fd);
150 goto nodevrandom;
151 }
152 for (i = 0; i < len; ) {
153 size_t wanted = len - i;
154 ssize_t ret = read(fd, (char *)buf + i, wanted);
155
156 if (ret == -1) {
157 if (errno == EAGAIN || errno == EINTR)
158 continue;
159 close(fd);
160 goto nodevrandom;
161 }
162 i += ret;
163 }
164 close(fd);
165 errno = save_errno;
166 return (0); /* satisfied */
167nodevrandom:
168 errno = EIO;
169 return (-1);
170}
171
172static const int cl[] = {
173 CLOCK_REALTIME,
174#ifdef CLOCK_MONOTONIC
175 CLOCK_MONOTONIC,
176#endif
177#ifdef CLOCK_MONOTONIC_RAW
178 CLOCK_MONOTONIC_RAW,
179#endif
180#ifdef CLOCK_TAI
181 CLOCK_TAI,
182#endif
183#ifdef CLOCK_VIRTUAL
184 CLOCK_VIRTUAL,
185#endif
186#ifdef CLOCK_UPTIME
187 CLOCK_UPTIME,
188#endif
189#ifdef CLOCK_PROCESS_CPUTIME_ID
190 CLOCK_PROCESS_CPUTIME_ID,
191#endif
192#ifdef CLOCK_THREAD_CPUTIME_ID
193 CLOCK_THREAD_CPUTIME_ID,
194#endif
195};
196
197static int
198getentropy_fallback(void *buf, size_t len)
199{
200 uint8_t results[SHA512_DIGEST_LENGTH];
201 int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
202 static int cnt;
203 struct timespec ts;
204 struct timeval tv;
205 perfstat_cpu_total_t cpustats;
206#ifdef _AIX61
207 perfstat_cpu_total_wpar_t cpustats_wpar;
208#endif
209 perfstat_partition_total_t lparstats;
210 perfstat_disk_total_t diskinfo;
211 perfstat_netinterface_total_t netinfo;
212 struct rusage ru;
213 sigset_t sigset;
214 struct stat st;
215 SHA512_CTX ctx;
216 static pid_t lastpid;
217 pid_t pid;
218 size_t i, ii, m;
219 char *p;
220
221 pid = getpid();
222 if (lastpid == pid) {
223 faster = 1;
224 repeat = 2;
225 } else {
226 faster = 0;
227 lastpid = pid;
228 repeat = REPEAT;
229 }
230 for (i = 0; i < len; ) {
231 int j;
232 SHA512_Init(&ctx);
233 for (j = 0; j < repeat; j++) {
234 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
235 if (e != -1) {
236 cnt += (int)tv.tv_sec;
237 cnt += (int)tv.tv_usec;
238 }
239
240 HX(perfstat_cpu_total(NULL, &cpustats,
241 sizeof(cpustats), 1) == -1, cpustats);
242
243#ifdef _AIX61
244 HX(perfstat_cpu_total_wpar(NULL, &cpustats_wpar,
245 sizeof(cpustats_wpar), 1) == -1, cpustats_wpar);
246#endif
247
248 HX(perfstat_partition_total(NULL, &lparstats,
249 sizeof(lparstats), 1) == -1, lparstats);
250
251 HX(perfstat_disk_total(NULL, &diskinfo,
252 sizeof(diskinfo), 1) == -1, diskinfo);
253
254 HX(perfstat_netinterface_total(NULL, &netinfo,
255 sizeof(netinfo), 1) == -1, netinfo);
256
257 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
258 HX(clock_gettime(cl[ii], &ts) == -1, ts);
259
260 HX((pid = getpid()) == -1, pid);
261 HX((pid = getsid(pid)) == -1, pid);
262 HX((pid = getppid()) == -1, pid);
263 HX((pid = getpgid(0)) == -1, pid);
264 HX((e = getpriority(0, 0)) == -1, e);
265
266 if (!faster) {
267 ts.tv_sec = 0;
268 ts.tv_nsec = 1;
269 (void) nanosleep(&ts, NULL);
270 }
271
272 HX(sigpending(&sigset) == -1, sigset);
273 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
274 sigset);
275
276 HF(getentropy); /* an addr in this library */
277 HF(printf); /* an addr in libc */
278 p = (char *)&p;
279 HD(p); /* an addr on stack */
280 p = (char *)&errno;
281 HD(p); /* the addr of errno */
282
283 if (i == 0) {
284 struct sockaddr_storage ss;
285 struct statvfs stvfs;
286 struct termios tios;
287 socklen_t ssl;
288 off_t off;
289
290 /*
291 * Prime-sized mappings encourage fragmentation;
292 * thus exposing some address entropy.
293 */
294 struct mm {
295 size_t npg;
296 void *p;
297 } mm[] = {
298 { 17, MAP_FAILED }, { 3, MAP_FAILED },
299 { 11, MAP_FAILED }, { 2, MAP_FAILED },
300 { 5, MAP_FAILED }, { 3, MAP_FAILED },
301 { 7, MAP_FAILED }, { 1, MAP_FAILED },
302 { 57, MAP_FAILED }, { 3, MAP_FAILED },
303 { 131, MAP_FAILED }, { 1, MAP_FAILED },
304 };
305
306 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
307 HX(mm[m].p = mmap(NULL,
308 mm[m].npg * pgs,
309 PROT_READ|PROT_WRITE,
310 MAP_PRIVATE|MAP_ANON, -1,
311 (off_t)0), mm[m].p);
312 if (mm[m].p != MAP_FAILED) {
313 size_t mo;
314
315 /* Touch some memory... */
316 p = mm[m].p;
317 mo = cnt %
318 (mm[m].npg * pgs - 1);
319 p[mo] = 1;
320 cnt += (int)((long)(mm[m].p)
321 / pgs);
322 }
323
324 /* Check cnts and times... */
325 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
326 ii++) {
327 HX((e = clock_gettime(cl[ii],
328 &ts)) == -1, ts);
329 if (e != -1)
330 cnt += (int)ts.tv_nsec;
331 }
332
333 HX((e = getrusage(RUSAGE_SELF,
334 &ru)) == -1, ru);
335 if (e != -1) {
336 cnt += (int)ru.ru_utime.tv_sec;
337 cnt += (int)ru.ru_utime.tv_usec;
338 }
339 }
340
341 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
342 if (mm[m].p != MAP_FAILED)
343 munmap(mm[m].p, mm[m].npg * pgs);
344 mm[m].p = MAP_FAILED;
345 }
346
347 HX(stat(".", &st) == -1, st);
348 HX(statvfs(".", &stvfs) == -1, stvfs);
349
350 HX(stat("/", &st) == -1, st);
351 HX(statvfs("/", &stvfs) == -1, stvfs);
352
353 HX((e = fstat(0, &st)) == -1, st);
354 if (e == -1) {
355 if (S_ISREG(st.st_mode) ||
356 S_ISFIFO(st.st_mode) ||
357 S_ISSOCK(st.st_mode)) {
358 HX(fstatvfs(0, &stvfs) == -1,
359 stvfs);
360 HX((off = lseek(0, (off_t)0,
361 SEEK_CUR)) < 0, off);
362 }
363 if (S_ISCHR(st.st_mode)) {
364 HX(tcgetattr(0, &tios) == -1,
365 tios);
366 } else if (S_ISSOCK(st.st_mode)) {
367 memset(&ss, 0, sizeof ss);
368 ssl = sizeof(ss);
369 HX(getpeername(0,
370 (void *)&ss, &ssl) == -1,
371 ss);
372 }
373 }
374
375 HX((e = getrusage(RUSAGE_CHILDREN,
376 &ru)) == -1, ru);
377 if (e != -1) {
378 cnt += (int)ru.ru_utime.tv_sec;
379 cnt += (int)ru.ru_utime.tv_usec;
380 }
381 } else {
382 /* Subsequent hashes absorb previous result */
383 HD(results);
384 }
385
386 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
387 if (e != -1) {
388 cnt += (int)tv.tv_sec;
389 cnt += (int)tv.tv_usec;
390 }
391
392 HD(cnt);
393 }
394 SHA512_Final(results, &ctx);
395 memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
396 i += MINIMUM(sizeof(results), len - i);
397 }
398 explicit_bzero(&ctx, sizeof ctx);
399 explicit_bzero(results, sizeof results);
400 errno = save_errno;
401 return (0); /* satisfied */
402}
diff --git a/src/lib/libcrypto/arc4random/getentropy_freebsd.c b/src/lib/libcrypto/arc4random/getentropy_freebsd.c
deleted file mode 100644
index ea90ffe202..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_freebsd.c
+++ /dev/null
@@ -1,60 +0,0 @@
1/* $OpenBSD: getentropy_freebsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
5 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://man.openbsd.org/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/sysctl.h>
25
26#include <errno.h>
27#include <stddef.h>
28
29/*
30 * Derived from lib/libc/gen/arc4random.c from FreeBSD.
31 */
32static size_t
33getentropy_sysctl(u_char *buf, size_t size)
34{
35 const int mib[2] = { CTL_KERN, KERN_ARND };
36 size_t len, done;
37
38 done = 0;
39
40 do {
41 len = size;
42 if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
43 return (done);
44 done += len;
45 buf += len;
46 size -= len;
47 } while (size > 0);
48
49 return (done);
50}
51
52int
53getentropy(void *buf, size_t len)
54{
55 if (len <= 256 && getentropy_sysctl(buf, len) == len)
56 return (0);
57
58 errno = EIO;
59 return (-1);
60}
diff --git a/src/lib/libcrypto/arc4random/getentropy_hpux.c b/src/lib/libcrypto/arc4random/getentropy_hpux.c
deleted file mode 100644
index 7188ae5e19..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_hpux.c
+++ /dev/null
@@ -1,396 +0,0 @@
1/* $OpenBSD: getentropy_hpux.c,v 1.8 2021/10/24 21:24:20 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://man.openbsd.org/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/param.h>
25#include <sys/ioctl.h>
26#include <sys/resource.h>
27#include <sys/syscall.h>
28#include <sys/statvfs.h>
29#include <sys/socket.h>
30#include <sys/mount.h>
31#include <sys/mman.h>
32#include <sys/stat.h>
33#include <sys/time.h>
34#include <stdlib.h>
35#include <stdint.h>
36#include <stdio.h>
37#include <termios.h>
38#include <fcntl.h>
39#include <signal.h>
40#include <string.h>
41#include <errno.h>
42#include <unistd.h>
43#include <time.h>
44#include <openssl/sha.h>
45
46#include <sys/vfs.h>
47
48#include <sys/pstat.h>
49
50#define REPEAT 5
51#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
52
53#define HX(a, b) \
54 do { \
55 if ((a)) \
56 HD(errno); \
57 else \
58 HD(b); \
59 } while (0)
60
61#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
62#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
63#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
64
65int getentropy(void *buf, size_t len);
66
67static int getentropy_urandom(void *buf, size_t len, const char *path,
68 int devfscheck);
69static int getentropy_fallback(void *buf, size_t len);
70
71int
72getentropy(void *buf, size_t len)
73{
74 int ret = -1;
75
76 if (len > 256) {
77 errno = EIO;
78 return (-1);
79 }
80
81 /*
82 * Try to get entropy with /dev/urandom
83 */
84 ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
85 if (ret != -1)
86 return (ret);
87
88 /*
89 * Entropy collection via /dev/urandom has failed.
90 *
91 * No other API exists for collecting entropy, and we have
92 * no failsafe way to get it on hpux that is not sensitive
93 * to resource exhaustion.
94 *
95 * We have very few options:
96 * - Even syslog_r is unsafe to call at this low level, so
97 * there is no way to alert the user or program.
98 * - Cannot call abort() because some systems have unsafe
99 * corefiles.
100 * - Could raise(SIGKILL) resulting in silent program termination.
101 * - Return EIO, to hint that arc4random's stir function
102 * should raise(SIGKILL)
103 * - Do the best under the circumstances....
104 *
105 * This code path exists to bring light to the issue that hpux
106 * does not provide a failsafe API for entropy collection.
107 *
108 * We hope this demonstrates that hpux should consider
109 * providing a new failsafe API which works in a chroot or
110 * when file descriptors are exhausted.
111 */
112#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
113#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
114 raise(SIGKILL);
115#endif
116 ret = getentropy_fallback(buf, len);
117 if (ret != -1)
118 return (ret);
119
120 errno = EIO;
121 return (ret);
122}
123
124static int
125getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
126{
127 struct stat st;
128 size_t i;
129 int fd, flags;
130 int save_errno = errno;
131
132start:
133
134 flags = O_RDONLY;
135#ifdef O_NOFOLLOW
136 flags |= O_NOFOLLOW;
137#endif
138#ifdef O_CLOEXEC
139 flags |= O_CLOEXEC;
140#endif
141 fd = open(path, flags);
142 if (fd == -1) {
143 if (errno == EINTR)
144 goto start;
145 goto nodevrandom;
146 }
147#ifndef O_CLOEXEC
148 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
149#endif
150
151 /* Lightly verify that the device node looks sane */
152 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
153 close(fd);
154 goto nodevrandom;
155 }
156 for (i = 0; i < len; ) {
157 size_t wanted = len - i;
158 ssize_t ret = read(fd, (char *)buf + i, wanted);
159
160 if (ret == -1) {
161 if (errno == EAGAIN || errno == EINTR)
162 continue;
163 close(fd);
164 goto nodevrandom;
165 }
166 i += ret;
167 }
168 close(fd);
169 errno = save_errno;
170 return (0); /* satisfied */
171nodevrandom:
172 errno = EIO;
173 return (-1);
174}
175
176static const int cl[] = {
177 CLOCK_REALTIME,
178#ifdef CLOCK_MONOTONIC
179 CLOCK_MONOTONIC,
180#endif
181#ifdef CLOCK_MONOTONIC_RAW
182 CLOCK_MONOTONIC_RAW,
183#endif
184#ifdef CLOCK_TAI
185 CLOCK_TAI,
186#endif
187#ifdef CLOCK_VIRTUAL
188 CLOCK_VIRTUAL,
189#endif
190#ifdef CLOCK_UPTIME
191 CLOCK_UPTIME,
192#endif
193#ifdef CLOCK_PROCESS_CPUTIME_ID
194 CLOCK_PROCESS_CPUTIME_ID,
195#endif
196#ifdef CLOCK_THREAD_CPUTIME_ID
197 CLOCK_THREAD_CPUTIME_ID,
198#endif
199};
200
201static int
202getentropy_fallback(void *buf, size_t len)
203{
204 uint8_t results[SHA512_DIGEST_LENGTH];
205 int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
206 static int cnt;
207 struct timespec ts;
208 struct timeval tv;
209 struct pst_vminfo pvi;
210 struct pst_vm_status pvs;
211 struct pst_dynamic pdy;
212 struct rusage ru;
213 sigset_t sigset;
214 struct stat st;
215 SHA512_CTX ctx;
216 static pid_t lastpid;
217 pid_t pid;
218 size_t i, ii, m;
219 char *p;
220
221 pid = getpid();
222 if (lastpid == pid) {
223 faster = 1;
224 repeat = 2;
225 } else {
226 faster = 0;
227 lastpid = pid;
228 repeat = REPEAT;
229 }
230 for (i = 0; i < len; ) {
231 int j;
232 SHA512_Init(&ctx);
233 for (j = 0; j < repeat; j++) {
234 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
235 if (e != -1) {
236 cnt += (int)tv.tv_sec;
237 cnt += (int)tv.tv_usec;
238 }
239
240 HX(pstat_getvminfo(&pvi, sizeof(pvi), 1, 0) != 1, pvi);
241 HX(pstat_getprocvm(&pvs, sizeof(pvs), 0, 0) != 1, pvs);
242
243 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
244 HX(clock_gettime(cl[ii], &ts) == -1, ts);
245
246 HX((pid = getpid()) == -1, pid);
247 HX((pid = getsid(pid)) == -1, pid);
248 HX((pid = getppid()) == -1, pid);
249 HX((pid = getpgid(0)) == -1, pid);
250 HX((e = getpriority(0, 0)) == -1, e);
251
252 if(pstat_getdynamic(&pdy, sizeof(pdy), 1, 0) != 1) {
253 HD(errno);
254 } else {
255 HD(pdy.psd_avg_1_min);
256 HD(pdy.psd_avg_5_min);
257 HD(pdy.psd_avg_15_min);
258 }
259
260 if (!faster) {
261 ts.tv_sec = 0;
262 ts.tv_nsec = 1;
263 (void) nanosleep(&ts, NULL);
264 }
265
266 HX(sigpending(&sigset) == -1, sigset);
267 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
268 sigset);
269
270 HF(getentropy); /* an addr in this library */
271 HF(printf); /* an addr in libc */
272 p = (char *)&p;
273 HD(p); /* an addr on stack */
274 p = (char *)&errno;
275 HD(p); /* the addr of errno */
276
277 if (i == 0) {
278 struct sockaddr_storage ss;
279 struct statvfs stvfs;
280 struct termios tios;
281 socklen_t ssl;
282 off_t off;
283
284 /*
285 * Prime-sized mappings encourage fragmentation;
286 * thus exposing some address entropy.
287 */
288 struct mm {
289 size_t npg;
290 void *p;
291 } mm[] = {
292 { 17, MAP_FAILED }, { 3, MAP_FAILED },
293 { 11, MAP_FAILED }, { 2, MAP_FAILED },
294 { 5, MAP_FAILED }, { 3, MAP_FAILED },
295 { 7, MAP_FAILED }, { 1, MAP_FAILED },
296 { 57, MAP_FAILED }, { 3, MAP_FAILED },
297 { 131, MAP_FAILED }, { 1, MAP_FAILED },
298 };
299
300 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
301 HX(mm[m].p = mmap(NULL,
302 mm[m].npg * pgs,
303 PROT_READ|PROT_WRITE,
304 MAP_PRIVATE|MAP_ANON, -1,
305 (off_t)0), mm[m].p);
306 if (mm[m].p != MAP_FAILED) {
307 size_t mo;
308
309 /* Touch some memory... */
310 p = mm[m].p;
311 mo = cnt %
312 (mm[m].npg * pgs - 1);
313 p[mo] = 1;
314 cnt += (int)((long)(mm[m].p)
315 / pgs);
316 }
317
318 /* Check cnts and times... */
319 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
320 ii++) {
321 HX((e = clock_gettime(cl[ii],
322 &ts)) == -1, ts);
323 if (e != -1)
324 cnt += (int)ts.tv_nsec;
325 }
326
327 HX((e = getrusage(RUSAGE_SELF,
328 &ru)) == -1, ru);
329 if (e != -1) {
330 cnt += (int)ru.ru_utime.tv_sec;
331 cnt += (int)ru.ru_utime.tv_usec;
332 }
333 }
334
335 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
336 if (mm[m].p != MAP_FAILED)
337 munmap(mm[m].p, mm[m].npg * pgs);
338 mm[m].p = MAP_FAILED;
339 }
340
341 HX(stat(".", &st) == -1, st);
342 HX(statvfs(".", &stvfs) == -1, stvfs);
343
344 HX(stat("/", &st) == -1, st);
345 HX(statvfs("/", &stvfs) == -1, stvfs);
346
347 HX((e = fstat(0, &st)) == -1, st);
348 if (e == -1) {
349 if (S_ISREG(st.st_mode) ||
350 S_ISFIFO(st.st_mode) ||
351 S_ISSOCK(st.st_mode)) {
352 HX(fstatvfs(0, &stvfs) == -1,
353 stvfs);
354 HX((off = lseek(0, (off_t)0,
355 SEEK_CUR)) < 0, off);
356 }
357 if (S_ISCHR(st.st_mode)) {
358 HX(tcgetattr(0, &tios) == -1,
359 tios);
360 } else if (S_ISSOCK(st.st_mode)) {
361 memset(&ss, 0, sizeof ss);
362 ssl = sizeof(ss);
363 HX(getpeername(0,
364 (void *)&ss, &ssl) == -1,
365 ss);
366 }
367 }
368
369 HX((e = getrusage(RUSAGE_CHILDREN,
370 &ru)) == -1, ru);
371 if (e != -1) {
372 cnt += (int)ru.ru_utime.tv_sec;
373 cnt += (int)ru.ru_utime.tv_usec;
374 }
375 } else {
376 /* Subsequent hashes absorb previous result */
377 HD(results);
378 }
379
380 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
381 if (e != -1) {
382 cnt += (int)tv.tv_sec;
383 cnt += (int)tv.tv_usec;
384 }
385
386 HD(cnt);
387 }
388 SHA512_Final(results, &ctx);
389 memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
390 i += MINIMUM(sizeof(results), len - i);
391 }
392 explicit_bzero(&ctx, sizeof ctx);
393 explicit_bzero(results, sizeof results);
394 errno = save_errno;
395 return (0); /* satisfied */
396}
diff --git a/src/lib/libcrypto/arc4random/getentropy_linux.c b/src/lib/libcrypto/arc4random/getentropy_linux.c
deleted file mode 100644
index c7c39c234f..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_linux.c
+++ /dev/null
@@ -1,525 +0,0 @@
1/* $OpenBSD: getentropy_linux.c,v 1.48 2021/10/24 21:24:20 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://man.openbsd.org/getentropy.2
21 */
22
23#define _POSIX_C_SOURCE 199309L
24#define _GNU_SOURCE 1
25#include <sys/types.h>
26#include <sys/param.h>
27#include <sys/ioctl.h>
28#include <sys/resource.h>
29#include <sys/syscall.h>
30#ifdef SYS__sysctl
31#include <linux/sysctl.h>
32#endif
33#include <sys/statvfs.h>
34#include <sys/socket.h>
35#include <sys/mount.h>
36#include <sys/mman.h>
37#include <sys/stat.h>
38#include <sys/time.h>
39#include <stdlib.h>
40#include <stdint.h>
41#include <stdio.h>
42#include <link.h>
43#include <termios.h>
44#include <fcntl.h>
45#include <signal.h>
46#include <string.h>
47#include <errno.h>
48#include <unistd.h>
49#include <time.h>
50#include <openssl/sha.h>
51
52#include <linux/types.h>
53#include <linux/random.h>
54#ifdef HAVE_GETAUXVAL
55#include <sys/auxv.h>
56#endif
57#include <sys/vfs.h>
58
59#define REPEAT 5
60#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
61
62#define HX(a, b) \
63 do { \
64 if ((a)) \
65 HD(errno); \
66 else \
67 HD(b); \
68 } while (0)
69
70#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
71#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
72#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
73
74int getentropy(void *buf, size_t len);
75
76#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
77static int getentropy_getrandom(void *buf, size_t len);
78#endif
79static int getentropy_urandom(void *buf, size_t len);
80#ifdef SYS__sysctl
81static int getentropy_sysctl(void *buf, size_t len);
82#endif
83static int getentropy_fallback(void *buf, size_t len);
84static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
85
86int
87getentropy(void *buf, size_t len)
88{
89 int ret = -1;
90
91 if (len > 256) {
92 errno = EIO;
93 return (-1);
94 }
95
96#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
97 /*
98 * Try descriptor-less getrandom(), in non-blocking mode.
99 *
100 * The design of Linux getrandom is broken. It has an
101 * uninitialized phase coupled with blocking behaviour, which
102 * is unacceptable from within a library at boot time without
103 * possible recovery. See http://bugs.python.org/issue26839#msg267745
104 */
105 ret = getentropy_getrandom(buf, len);
106 if (ret != -1)
107 return (ret);
108#endif
109
110 /*
111 * Try to get entropy with /dev/urandom
112 *
113 * This can fail if the process is inside a chroot or if file
114 * descriptors are exhausted.
115 */
116 ret = getentropy_urandom(buf, len);
117 if (ret != -1)
118 return (ret);
119
120#ifdef SYS__sysctl
121 /*
122 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
123 * sysctl is a failsafe API, so it guarantees a result. This
124 * should work inside a chroot, or when file descriptors are
125 * exhausted.
126 *
127 * However this can fail if the Linux kernel removes support
128 * for sysctl. Starting in 2007, there have been efforts to
129 * deprecate the sysctl API/ABI, and push callers towards use
130 * of the chroot-unavailable fd-using /proc mechanism --
131 * essentially the same problems as /dev/urandom.
132 *
133 * Numerous setbacks have been encountered in their deprecation
134 * schedule, so as of June 2014 the kernel ABI still exists on
135 * most Linux architectures. The sysctl() stub in libc is missing
136 * on some systems. There are also reports that some kernels
137 * spew messages to the console.
138 */
139 ret = getentropy_sysctl(buf, len);
140 if (ret != -1)
141 return (ret);
142#endif /* SYS__sysctl */
143
144 /*
145 * Entropy collection via /dev/urandom and sysctl have failed.
146 *
147 * No other API exists for collecting entropy. See the large
148 * comment block above.
149 *
150 * We have very few options:
151 * - Even syslog_r is unsafe to call at this low level, so
152 * there is no way to alert the user or program.
153 * - Cannot call abort() because some systems have unsafe
154 * corefiles.
155 * - Could raise(SIGKILL) resulting in silent program termination.
156 * - Return EIO, to hint that arc4random's stir function
157 * should raise(SIGKILL)
158 * - Do the best under the circumstances....
159 *
160 * This code path exists to bring light to the issue that Linux
161 * still does not provide a failsafe API for entropy collection.
162 *
163 * We hope this demonstrates that Linux should either retain their
164 * sysctl ABI, or consider providing a new failsafe API which
165 * works in a chroot or when file descriptors are exhausted.
166 */
167#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
168#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
169 raise(SIGKILL);
170#endif
171 ret = getentropy_fallback(buf, len);
172 if (ret != -1)
173 return (ret);
174
175 errno = EIO;
176 return (ret);
177}
178
179#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
180static int
181getentropy_getrandom(void *buf, size_t len)
182{
183 int pre_errno = errno;
184 int ret;
185 if (len > 256)
186 return (-1);
187 do {
188 ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
189 } while (ret == -1 && errno == EINTR);
190
191 if (ret != len)
192 return (-1);
193 errno = pre_errno;
194 return (0);
195}
196#endif
197
198static int
199getentropy_urandom(void *buf, size_t len)
200{
201 struct stat st;
202 size_t i;
203 int fd, cnt, flags;
204 int save_errno = errno;
205
206start:
207
208 flags = O_RDONLY;
209#ifdef O_NOFOLLOW
210 flags |= O_NOFOLLOW;
211#endif
212#ifdef O_CLOEXEC
213 flags |= O_CLOEXEC;
214#endif
215 fd = open("/dev/urandom", flags);
216 if (fd == -1) {
217 if (errno == EINTR)
218 goto start;
219 goto nodevrandom;
220 }
221#ifndef O_CLOEXEC
222 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
223#endif
224
225 /* Lightly verify that the device node looks sane */
226 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
227 close(fd);
228 goto nodevrandom;
229 }
230 if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
231 close(fd);
232 goto nodevrandom;
233 }
234 for (i = 0; i < len; ) {
235 size_t wanted = len - i;
236 ssize_t ret = read(fd, (char *)buf + i, wanted);
237
238 if (ret == -1) {
239 if (errno == EAGAIN || errno == EINTR)
240 continue;
241 close(fd);
242 goto nodevrandom;
243 }
244 i += ret;
245 }
246 close(fd);
247 errno = save_errno;
248 return (0); /* satisfied */
249nodevrandom:
250 errno = EIO;
251 return (-1);
252}
253
254#ifdef SYS__sysctl
255static int
256getentropy_sysctl(void *buf, size_t len)
257{
258 static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
259 size_t i;
260 int save_errno = errno;
261
262 for (i = 0; i < len; ) {
263 size_t chunk = MINIMUM(len - i, 16);
264
265 /* SYS__sysctl because some systems already removed sysctl() */
266 struct __sysctl_args args = {
267 .name = mib,
268 .nlen = 3,
269 .oldval = (char *)buf + i,
270 .oldlenp = &chunk,
271 };
272 if (syscall(SYS__sysctl, &args) != 0)
273 goto sysctlfailed;
274 i += chunk;
275 }
276 errno = save_errno;
277 return (0); /* satisfied */
278sysctlfailed:
279 errno = EIO;
280 return (-1);
281}
282#endif /* SYS__sysctl */
283
284static const int cl[] = {
285 CLOCK_REALTIME,
286#ifdef CLOCK_MONOTONIC
287 CLOCK_MONOTONIC,
288#endif
289#ifdef CLOCK_MONOTONIC_RAW
290 CLOCK_MONOTONIC_RAW,
291#endif
292#ifdef CLOCK_TAI
293 CLOCK_TAI,
294#endif
295#ifdef CLOCK_VIRTUAL
296 CLOCK_VIRTUAL,
297#endif
298#ifdef CLOCK_UPTIME
299 CLOCK_UPTIME,
300#endif
301#ifdef CLOCK_PROCESS_CPUTIME_ID
302 CLOCK_PROCESS_CPUTIME_ID,
303#endif
304#ifdef CLOCK_THREAD_CPUTIME_ID
305 CLOCK_THREAD_CPUTIME_ID,
306#endif
307};
308
309static int
310getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
311{
312 SHA512_CTX *ctx = data;
313
314 SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
315 return (0);
316}
317
318static int
319getentropy_fallback(void *buf, size_t len)
320{
321 uint8_t results[SHA512_DIGEST_LENGTH];
322 int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
323 static int cnt;
324 struct timespec ts;
325 struct timeval tv;
326 struct rusage ru;
327 sigset_t sigset;
328 struct stat st;
329 SHA512_CTX ctx;
330 static pid_t lastpid;
331 pid_t pid;
332 size_t i, ii, m;
333 char *p;
334
335 pid = getpid();
336 if (lastpid == pid) {
337 faster = 1;
338 repeat = 2;
339 } else {
340 faster = 0;
341 lastpid = pid;
342 repeat = REPEAT;
343 }
344 for (i = 0; i < len; ) {
345 int j;
346 SHA512_Init(&ctx);
347 for (j = 0; j < repeat; j++) {
348 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
349 if (e != -1) {
350 cnt += (int)tv.tv_sec;
351 cnt += (int)tv.tv_usec;
352 }
353
354 dl_iterate_phdr(getentropy_phdr, &ctx);
355
356 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
357 HX(clock_gettime(cl[ii], &ts) == -1, ts);
358
359 HX((pid = getpid()) == -1, pid);
360 HX((pid = getsid(pid)) == -1, pid);
361 HX((pid = getppid()) == -1, pid);
362 HX((pid = getpgid(0)) == -1, pid);
363 HX((e = getpriority(0, 0)) == -1, e);
364
365 if (!faster) {
366 ts.tv_sec = 0;
367 ts.tv_nsec = 1;
368 (void) nanosleep(&ts, NULL);
369 }
370
371 HX(sigpending(&sigset) == -1, sigset);
372 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
373 sigset);
374
375 HF(getentropy); /* an addr in this library */
376 HF(printf); /* an addr in libc */
377 p = (char *)&p;
378 HD(p); /* an addr on stack */
379 p = (char *)&errno;
380 HD(p); /* the addr of errno */
381
382 if (i == 0) {
383 struct sockaddr_storage ss;
384 struct statvfs stvfs;
385 struct termios tios;
386 struct statfs stfs;
387 socklen_t ssl;
388 off_t off;
389
390 /*
391 * Prime-sized mappings encourage fragmentation;
392 * thus exposing some address entropy.
393 */
394 struct mm {
395 size_t npg;
396 void *p;
397 } mm[] = {
398 { 17, MAP_FAILED }, { 3, MAP_FAILED },
399 { 11, MAP_FAILED }, { 2, MAP_FAILED },
400 { 5, MAP_FAILED }, { 3, MAP_FAILED },
401 { 7, MAP_FAILED }, { 1, MAP_FAILED },
402 { 57, MAP_FAILED }, { 3, MAP_FAILED },
403 { 131, MAP_FAILED }, { 1, MAP_FAILED },
404 };
405
406 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
407 HX(mm[m].p = mmap(NULL,
408 mm[m].npg * pgs,
409 PROT_READ|PROT_WRITE,
410 MAP_PRIVATE|MAP_ANON, -1,
411 (off_t)0), mm[m].p);
412 if (mm[m].p != MAP_FAILED) {
413 size_t mo;
414
415 /* Touch some memory... */
416 p = mm[m].p;
417 mo = cnt %
418 (mm[m].npg * pgs - 1);
419 p[mo] = 1;
420 cnt += (int)((long)(mm[m].p)
421 / pgs);
422 }
423
424 /* Check cnts and times... */
425 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
426 ii++) {
427 HX((e = clock_gettime(cl[ii],
428 &ts)) == -1, ts);
429 if (e != -1)
430 cnt += (int)ts.tv_nsec;
431 }
432
433 HX((e = getrusage(RUSAGE_SELF,
434 &ru)) == -1, ru);
435 if (e != -1) {
436 cnt += (int)ru.ru_utime.tv_sec;
437 cnt += (int)ru.ru_utime.tv_usec;
438 }
439 }
440
441 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
442 if (mm[m].p != MAP_FAILED)
443 munmap(mm[m].p, mm[m].npg * pgs);
444 mm[m].p = MAP_FAILED;
445 }
446
447 HX(stat(".", &st) == -1, st);
448 HX(statvfs(".", &stvfs) == -1, stvfs);
449 HX(statfs(".", &stfs) == -1, stfs);
450
451 HX(stat("/", &st) == -1, st);
452 HX(statvfs("/", &stvfs) == -1, stvfs);
453 HX(statfs("/", &stfs) == -1, stfs);
454
455 HX((e = fstat(0, &st)) == -1, st);
456 if (e == -1) {
457 if (S_ISREG(st.st_mode) ||
458 S_ISFIFO(st.st_mode) ||
459 S_ISSOCK(st.st_mode)) {
460 HX(fstatvfs(0, &stvfs) == -1,
461 stvfs);
462 HX(fstatfs(0, &stfs) == -1,
463 stfs);
464 HX((off = lseek(0, (off_t)0,
465 SEEK_CUR)) < 0, off);
466 }
467 if (S_ISCHR(st.st_mode)) {
468 HX(tcgetattr(0, &tios) == -1,
469 tios);
470 } else if (S_ISSOCK(st.st_mode)) {
471 memset(&ss, 0, sizeof ss);
472 ssl = sizeof(ss);
473 HX(getpeername(0,
474 (void *)&ss, &ssl) == -1,
475 ss);
476 }
477 }
478
479 HX((e = getrusage(RUSAGE_CHILDREN,
480 &ru)) == -1, ru);
481 if (e != -1) {
482 cnt += (int)ru.ru_utime.tv_sec;
483 cnt += (int)ru.ru_utime.tv_usec;
484 }
485 } else {
486 /* Subsequent hashes absorb previous result */
487 HD(results);
488 }
489
490 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
491 if (e != -1) {
492 cnt += (int)tv.tv_sec;
493 cnt += (int)tv.tv_usec;
494 }
495
496 HD(cnt);
497 }
498#ifdef HAVE_GETAUXVAL
499#ifdef AT_RANDOM
500 /* Not as random as you think but we take what we are given */
501 p = (char *) getauxval(AT_RANDOM);
502 if (p)
503 HR(p, 16);
504#endif
505#ifdef AT_SYSINFO_EHDR
506 p = (char *) getauxval(AT_SYSINFO_EHDR);
507 if (p)
508 HR(p, pgs);
509#endif
510#ifdef AT_BASE
511 p = (char *) getauxval(AT_BASE);
512 if (p)
513 HD(p);
514#endif
515#endif
516
517 SHA512_Final(results, &ctx);
518 memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
519 i += MINIMUM(sizeof(results), len - i);
520 }
521 explicit_bzero(&ctx, sizeof ctx);
522 explicit_bzero(results, sizeof results);
523 errno = save_errno;
524 return (0); /* satisfied */
525}
diff --git a/src/lib/libcrypto/arc4random/getentropy_netbsd.c b/src/lib/libcrypto/arc4random/getentropy_netbsd.c
deleted file mode 100644
index 5dc89594cd..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_netbsd.c
+++ /dev/null
@@ -1,62 +0,0 @@
1/* $OpenBSD: getentropy_netbsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
5 * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://man.openbsd.org/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/sysctl.h>
25
26#include <errno.h>
27#include <stddef.h>
28
29/*
30 * Derived from lib/libc/gen/arc4random.c from FreeBSD.
31 */
32static size_t
33getentropy_sysctl(u_char *buf, size_t size)
34{
35 const int mib[2] = { CTL_KERN, KERN_ARND };
36 size_t len, done;
37
38 done = 0;
39
40 do {
41 len = size;
42 if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
43 return (done);
44 done += len;
45 buf += len;
46 size -= len;
47 } while (size > 0);
48
49 return (done);
50}
51
52int
53getentropy(void *buf, size_t len)
54{
55 if (len <= 256 &&
56 getentropy_sysctl(buf, len) == len) {
57 return (0);
58 }
59
60 errno = EIO;
61 return (-1);
62}
diff --git a/src/lib/libcrypto/arc4random/getentropy_osx.c b/src/lib/libcrypto/arc4random/getentropy_osx.c
deleted file mode 100644
index db028d19b8..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_osx.c
+++ /dev/null
@@ -1,417 +0,0 @@
1/* $OpenBSD: getentropy_osx.c,v 1.14 2021/10/24 21:24:20 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://man.openbsd.org/getentropy.2
21 */
22
23#include <TargetConditionals.h>
24#include <sys/types.h>
25#include <sys/param.h>
26#include <sys/ioctl.h>
27#include <sys/resource.h>
28#include <sys/syscall.h>
29#include <sys/sysctl.h>
30#include <sys/statvfs.h>
31#include <sys/socket.h>
32#include <sys/mount.h>
33#include <sys/mman.h>
34#include <sys/stat.h>
35#include <sys/time.h>
36#include <stdlib.h>
37#include <stdint.h>
38#include <stdio.h>
39#include <termios.h>
40#include <fcntl.h>
41#include <signal.h>
42#include <string.h>
43#include <errno.h>
44#include <unistd.h>
45#include <time.h>
46#include <mach/mach_time.h>
47#include <mach/mach_host.h>
48#include <mach/host_info.h>
49#if TARGET_OS_OSX
50#include <sys/socketvar.h>
51#include <sys/vmmeter.h>
52#endif
53#include <netinet/in.h>
54#include <netinet/tcp.h>
55#if TARGET_OS_OSX
56#include <netinet/udp.h>
57#include <netinet/ip_var.h>
58#include <netinet/tcp_var.h>
59#include <netinet/udp_var.h>
60#endif
61#include <CommonCrypto/CommonDigest.h>
62#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c)))
63#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
64#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
65#define SHA512_CTX CC_SHA512_CTX
66#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH
67
68#define REPEAT 5
69#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
70
71#define HX(a, b) \
72 do { \
73 if ((a)) \
74 HD(errno); \
75 else \
76 HD(b); \
77 } while (0)
78
79#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
80#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
81#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
82
83int getentropy(void *buf, size_t len);
84
85static int getentropy_urandom(void *buf, size_t len);
86static int getentropy_fallback(void *buf, size_t len);
87
88int
89getentropy(void *buf, size_t len)
90{
91 int ret = -1;
92
93 if (len > 256) {
94 errno = EIO;
95 return (-1);
96 }
97
98 /*
99 * Try to get entropy with /dev/urandom
100 *
101 * This can fail if the process is inside a chroot or if file
102 * descriptors are exhausted.
103 */
104 ret = getentropy_urandom(buf, len);
105 if (ret != -1)
106 return (ret);
107
108 /*
109 * Entropy collection via /dev/urandom and sysctl have failed.
110 *
111 * No other API exists for collecting entropy, and we have
112 * no failsafe way to get it on OSX that is not sensitive
113 * to resource exhaustion.
114 *
115 * We have very few options:
116 * - Even syslog_r is unsafe to call at this low level, so
117 * there is no way to alert the user or program.
118 * - Cannot call abort() because some systems have unsafe
119 * corefiles.
120 * - Could raise(SIGKILL) resulting in silent program termination.
121 * - Return EIO, to hint that arc4random's stir function
122 * should raise(SIGKILL)
123 * - Do the best under the circumstances....
124 *
125 * This code path exists to bring light to the issue that OSX
126 * does not provide a failsafe API for entropy collection.
127 *
128 * We hope this demonstrates that OSX should consider
129 * providing a new failsafe API which works in a chroot or
130 * when file descriptors are exhausted.
131 */
132#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
133#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
134 raise(SIGKILL);
135#endif
136 ret = getentropy_fallback(buf, len);
137 if (ret != -1)
138 return (ret);
139
140 errno = EIO;
141 return (ret);
142}
143
144static int
145getentropy_urandom(void *buf, size_t len)
146{
147 struct stat st;
148 size_t i;
149 int fd, flags;
150 int save_errno = errno;
151
152start:
153
154 flags = O_RDONLY;
155#ifdef O_NOFOLLOW
156 flags |= O_NOFOLLOW;
157#endif
158#ifdef O_CLOEXEC
159 flags |= O_CLOEXEC;
160#endif
161 fd = open("/dev/urandom", flags);
162 if (fd == -1) {
163 if (errno == EINTR)
164 goto start;
165 goto nodevrandom;
166 }
167#ifndef O_CLOEXEC
168 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
169#endif
170
171 /* Lightly verify that the device node looks sane */
172 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
173 close(fd);
174 goto nodevrandom;
175 }
176 for (i = 0; i < len; ) {
177 size_t wanted = len - i;
178 ssize_t ret = read(fd, (char *)buf + i, wanted);
179
180 if (ret == -1) {
181 if (errno == EAGAIN || errno == EINTR)
182 continue;
183 close(fd);
184 goto nodevrandom;
185 }
186 i += ret;
187 }
188 close(fd);
189 errno = save_errno;
190 return (0); /* satisfied */
191nodevrandom:
192 errno = EIO;
193 return (-1);
194}
195
196#if TARGET_OS_OSX
197static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
198static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
199static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
200#endif
201static int kmib[] = { CTL_KERN, KERN_USRSTACK };
202static int hwmib[] = { CTL_HW, HW_USERMEM };
203
204static int
205getentropy_fallback(void *buf, size_t len)
206{
207 uint8_t results[SHA512_DIGEST_LENGTH];
208 int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
209 static int cnt;
210 struct timespec ts;
211 struct timeval tv;
212 struct rusage ru;
213 sigset_t sigset;
214 struct stat st;
215 SHA512_CTX ctx;
216 static pid_t lastpid;
217 pid_t pid;
218 size_t i, ii, m;
219 char *p;
220#if TARGET_OS_OSX
221 struct tcpstat tcpstat;
222 struct udpstat udpstat;
223 struct ipstat ipstat;
224#endif
225 u_int64_t mach_time;
226 unsigned int idata;
227 void *addr;
228
229 pid = getpid();
230 if (lastpid == pid) {
231 faster = 1;
232 repeat = 2;
233 } else {
234 faster = 0;
235 lastpid = pid;
236 repeat = REPEAT;
237 }
238 for (i = 0; i < len; ) {
239 int j;
240 SHA512_Init(&ctx);
241 for (j = 0; j < repeat; j++) {
242 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
243 if (e != -1) {
244 cnt += (int)tv.tv_sec;
245 cnt += (int)tv.tv_usec;
246 }
247
248 mach_time = mach_absolute_time();
249 HD(mach_time);
250
251 ii = sizeof(addr);
252 HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
253 &addr, &ii, NULL, 0) == -1, addr);
254
255 ii = sizeof(idata);
256 HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
257 &idata, &ii, NULL, 0) == -1, idata);
258
259#if TARGET_OS_OSX
260 ii = sizeof(tcpstat);
261 HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
262 &tcpstat, &ii, NULL, 0) == -1, tcpstat);
263
264 ii = sizeof(udpstat);
265 HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
266 &udpstat, &ii, NULL, 0) == -1, udpstat);
267
268 ii = sizeof(ipstat);
269 HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
270 &ipstat, &ii, NULL, 0) == -1, ipstat);
271#endif
272
273 HX((pid = getpid()) == -1, pid);
274 HX((pid = getsid(pid)) == -1, pid);
275 HX((pid = getppid()) == -1, pid);
276 HX((pid = getpgid(0)) == -1, pid);
277 HX((e = getpriority(0, 0)) == -1, e);
278
279 if (!faster) {
280 ts.tv_sec = 0;
281 ts.tv_nsec = 1;
282 (void) nanosleep(&ts, NULL);
283 }
284
285 HX(sigpending(&sigset) == -1, sigset);
286 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
287 sigset);
288
289 HF(getentropy); /* an addr in this library */
290 HF(printf); /* an addr in libc */
291 p = (char *)&p;
292 HD(p); /* an addr on stack */
293 p = (char *)&errno;
294 HD(p); /* the addr of errno */
295
296 if (i == 0) {
297 struct sockaddr_storage ss;
298 struct statvfs stvfs;
299 struct termios tios;
300 struct statfs stfs;
301 socklen_t ssl;
302 off_t off;
303
304 /*
305 * Prime-sized mappings encourage fragmentation;
306 * thus exposing some address entropy.
307 */
308 struct mm {
309 size_t npg;
310 void *p;
311 } mm[] = {
312 { 17, MAP_FAILED }, { 3, MAP_FAILED },
313 { 11, MAP_FAILED }, { 2, MAP_FAILED },
314 { 5, MAP_FAILED }, { 3, MAP_FAILED },
315 { 7, MAP_FAILED }, { 1, MAP_FAILED },
316 { 57, MAP_FAILED }, { 3, MAP_FAILED },
317 { 131, MAP_FAILED }, { 1, MAP_FAILED },
318 };
319
320 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
321 HX(mm[m].p = mmap(NULL,
322 mm[m].npg * pgs,
323 PROT_READ|PROT_WRITE,
324 MAP_PRIVATE|MAP_ANON, -1,
325 (off_t)0), mm[m].p);
326 if (mm[m].p != MAP_FAILED) {
327 size_t mo;
328
329 /* Touch some memory... */
330 p = mm[m].p;
331 mo = cnt %
332 (mm[m].npg * pgs - 1);
333 p[mo] = 1;
334 cnt += (int)((long)(mm[m].p)
335 / pgs);
336 }
337
338 /* Check cnts and times... */
339 mach_time = mach_absolute_time();
340 HD(mach_time);
341 cnt += (int)mach_time;
342
343 HX((e = getrusage(RUSAGE_SELF,
344 &ru)) == -1, ru);
345 if (e != -1) {
346 cnt += (int)ru.ru_utime.tv_sec;
347 cnt += (int)ru.ru_utime.tv_usec;
348 }
349 }
350
351 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
352 if (mm[m].p != MAP_FAILED)
353 munmap(mm[m].p, mm[m].npg * pgs);
354 mm[m].p = MAP_FAILED;
355 }
356
357 HX(stat(".", &st) == -1, st);
358 HX(statvfs(".", &stvfs) == -1, stvfs);
359 HX(statfs(".", &stfs) == -1, stfs);
360
361 HX(stat("/", &st) == -1, st);
362 HX(statvfs("/", &stvfs) == -1, stvfs);
363 HX(statfs("/", &stfs) == -1, stfs);
364
365 HX((e = fstat(0, &st)) == -1, st);
366 if (e == -1) {
367 if (S_ISREG(st.st_mode) ||
368 S_ISFIFO(st.st_mode) ||
369 S_ISSOCK(st.st_mode)) {
370 HX(fstatvfs(0, &stvfs) == -1,
371 stvfs);
372 HX(fstatfs(0, &stfs) == -1,
373 stfs);
374 HX((off = lseek(0, (off_t)0,
375 SEEK_CUR)) < 0, off);
376 }
377 if (S_ISCHR(st.st_mode)) {
378 HX(tcgetattr(0, &tios) == -1,
379 tios);
380 } else if (S_ISSOCK(st.st_mode)) {
381 memset(&ss, 0, sizeof ss);
382 ssl = sizeof(ss);
383 HX(getpeername(0,
384 (void *)&ss, &ssl) == -1,
385 ss);
386 }
387 }
388
389 HX((e = getrusage(RUSAGE_CHILDREN,
390 &ru)) == -1, ru);
391 if (e != -1) {
392 cnt += (int)ru.ru_utime.tv_sec;
393 cnt += (int)ru.ru_utime.tv_usec;
394 }
395 } else {
396 /* Subsequent hashes absorb previous result */
397 HD(results);
398 }
399
400 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
401 if (e != -1) {
402 cnt += (int)tv.tv_sec;
403 cnt += (int)tv.tv_usec;
404 }
405
406 HD(cnt);
407 }
408
409 SHA512_Final(results, &ctx);
410 memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
411 i += MINIMUM(sizeof(results), len - i);
412 }
413 explicit_bzero(&ctx, sizeof ctx);
414 explicit_bzero(results, sizeof results);
415 errno = save_errno;
416 return (0); /* satisfied */
417}
diff --git a/src/lib/libcrypto/arc4random/getentropy_solaris.c b/src/lib/libcrypto/arc4random/getentropy_solaris.c
deleted file mode 100644
index e36426caf1..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_solaris.c
+++ /dev/null
@@ -1,422 +0,0 @@
1/* $OpenBSD: getentropy_solaris.c,v 1.15 2021/10/24 21:24:20 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://man.openbsd.org/getentropy.2
21 */
22
23#include <sys/types.h>
24#include <sys/param.h>
25#include <sys/ioctl.h>
26#include <sys/resource.h>
27#include <sys/syscall.h>
28#include <sys/statvfs.h>
29#include <sys/socket.h>
30#include <sys/mount.h>
31#include <sys/mman.h>
32#include <sys/stat.h>
33#include <sys/time.h>
34#include <stdlib.h>
35#include <stdint.h>
36#include <stdio.h>
37#include <link.h>
38#include <termios.h>
39#include <fcntl.h>
40#include <signal.h>
41#include <string.h>
42#include <errno.h>
43#include <unistd.h>
44#include <time.h>
45#include <sys/sha2.h>
46#define SHA512_Init SHA512Init
47#define SHA512_Update SHA512Update
48#define SHA512_Final SHA512Final
49
50#include <sys/vfs.h>
51#include <sys/statfs.h>
52#include <sys/loadavg.h>
53
54#define REPEAT 5
55#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
56
57#define HX(a, b) \
58 do { \
59 if ((a)) \
60 HD(errno); \
61 else \
62 HD(b); \
63 } while (0)
64
65#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
66#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
67#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
68
69int getentropy(void *buf, size_t len);
70
71static int getentropy_urandom(void *buf, size_t len, const char *path,
72 int devfscheck);
73static int getentropy_fallback(void *buf, size_t len);
74static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
75
76int
77getentropy(void *buf, size_t len)
78{
79 int ret = -1;
80
81 if (len > 256) {
82 errno = EIO;
83 return (-1);
84 }
85
86 /*
87 * Try to get entropy with /dev/urandom
88 *
89 * Solaris provides /dev/urandom as a symbolic link to
90 * /devices/pseudo/random@0:urandom which is provided by
91 * a devfs filesystem. Best practice is to use O_NOFOLLOW,
92 * so we must try the unpublished name directly.
93 *
94 * This can fail if the process is inside a chroot which lacks
95 * the devfs mount, or if file descriptors are exhausted.
96 */
97 ret = getentropy_urandom(buf, len,
98 "/devices/pseudo/random@0:urandom", 1);
99 if (ret != -1)
100 return (ret);
101
102 /*
103 * Unfortunately, chroot spaces on Solaris are sometimes setup
104 * with direct device node of the well-known /dev/urandom name
105 * (perhaps to avoid dragging all of devfs into the space).
106 *
107 * This can fail if the process is inside a chroot or if file
108 * descriptors are exhausted.
109 */
110 ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
111 if (ret != -1)
112 return (ret);
113
114 /*
115 * Entropy collection via /dev/urandom has failed.
116 *
117 * No other API exists for collecting entropy, and we have
118 * no failsafe way to get it on Solaris that is not sensitive
119 * to resource exhaustion.
120 *
121 * We have very few options:
122 * - Even syslog_r is unsafe to call at this low level, so
123 * there is no way to alert the user or program.
124 * - Cannot call abort() because some systems have unsafe
125 * corefiles.
126 * - Could raise(SIGKILL) resulting in silent program termination.
127 * - Return EIO, to hint that arc4random's stir function
128 * should raise(SIGKILL)
129 * - Do the best under the circumstances....
130 *
131 * This code path exists to bring light to the issue that Solaris
132 * does not provide a failsafe API for entropy collection.
133 *
134 * We hope this demonstrates that Solaris should consider
135 * providing a new failsafe API which works in a chroot or
136 * when file descriptors are exhausted.
137 */
138#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
139#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
140 raise(SIGKILL);
141#endif
142 ret = getentropy_fallback(buf, len);
143 if (ret != -1)
144 return (ret);
145
146 errno = EIO;
147 return (ret);
148}
149
150static int
151getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
152{
153 struct stat st;
154 size_t i;
155 int fd, flags;
156 int save_errno = errno;
157
158start:
159
160 flags = O_RDONLY;
161#ifdef O_NOFOLLOW
162 flags |= O_NOFOLLOW;
163#endif
164#ifdef O_CLOEXEC
165 flags |= O_CLOEXEC;
166#endif
167 fd = open(path, flags);
168 if (fd == -1) {
169 if (errno == EINTR)
170 goto start;
171 goto nodevrandom;
172 }
173#ifndef O_CLOEXEC
174 fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
175#endif
176
177 /* Lightly verify that the device node looks sane */
178 if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) ||
179 (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) {
180 close(fd);
181 goto nodevrandom;
182 }
183 for (i = 0; i < len; ) {
184 size_t wanted = len - i;
185 ssize_t ret = read(fd, (char *)buf + i, wanted);
186
187 if (ret == -1) {
188 if (errno == EAGAIN || errno == EINTR)
189 continue;
190 close(fd);
191 goto nodevrandom;
192 }
193 i += ret;
194 }
195 close(fd);
196 errno = save_errno;
197 return (0); /* satisfied */
198nodevrandom:
199 errno = EIO;
200 return (-1);
201}
202
203static const int cl[] = {
204 CLOCK_REALTIME,
205#ifdef CLOCK_MONOTONIC
206 CLOCK_MONOTONIC,
207#endif
208#ifdef CLOCK_MONOTONIC_RAW
209 CLOCK_MONOTONIC_RAW,
210#endif
211#ifdef CLOCK_TAI
212 CLOCK_TAI,
213#endif
214#ifdef CLOCK_VIRTUAL
215 CLOCK_VIRTUAL,
216#endif
217#ifdef CLOCK_UPTIME
218 CLOCK_UPTIME,
219#endif
220#ifdef CLOCK_PROCESS_CPUTIME_ID
221 CLOCK_PROCESS_CPUTIME_ID,
222#endif
223#ifdef CLOCK_THREAD_CPUTIME_ID
224 CLOCK_THREAD_CPUTIME_ID,
225#endif
226};
227
228static int
229getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
230{
231 SHA512_CTX *ctx = data;
232
233 SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
234 return (0);
235}
236
237static int
238getentropy_fallback(void *buf, size_t len)
239{
240 uint8_t results[SHA512_DIGEST_LENGTH];
241 int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
242 static int cnt;
243 struct timespec ts;
244 struct timeval tv;
245 double loadavg[3];
246 struct rusage ru;
247 sigset_t sigset;
248 struct stat st;
249 SHA512_CTX ctx;
250 static pid_t lastpid;
251 pid_t pid;
252 size_t i, ii, m;
253 char *p;
254
255 pid = getpid();
256 if (lastpid == pid) {
257 faster = 1;
258 repeat = 2;
259 } else {
260 faster = 0;
261 lastpid = pid;
262 repeat = REPEAT;
263 }
264 for (i = 0; i < len; ) {
265 int j;
266 SHA512_Init(&ctx);
267 for (j = 0; j < repeat; j++) {
268 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
269 if (e != -1) {
270 cnt += (int)tv.tv_sec;
271 cnt += (int)tv.tv_usec;
272 }
273
274 dl_iterate_phdr(getentropy_phdr, &ctx);
275
276 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
277 HX(clock_gettime(cl[ii], &ts) == -1, ts);
278
279 HX((pid = getpid()) == -1, pid);
280 HX((pid = getsid(pid)) == -1, pid);
281 HX((pid = getppid()) == -1, pid);
282 HX((pid = getpgid(0)) == -1, pid);
283 HX((e = getpriority(0, 0)) == -1, e);
284 HX((getloadavg(loadavg, 3) == -1), loadavg);
285
286 if (!faster) {
287 ts.tv_sec = 0;
288 ts.tv_nsec = 1;
289 (void) nanosleep(&ts, NULL);
290 }
291
292 HX(sigpending(&sigset) == -1, sigset);
293 HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
294 sigset);
295
296 HF(getentropy); /* an addr in this library */
297 HF(printf); /* an addr in libc */
298 p = (char *)&p;
299 HD(p); /* an addr on stack */
300 p = (char *)&errno;
301 HD(p); /* the addr of errno */
302
303 if (i == 0) {
304 struct sockaddr_storage ss;
305 struct statvfs stvfs;
306 struct termios tios;
307 socklen_t ssl;
308 off_t off;
309
310 /*
311 * Prime-sized mappings encourage fragmentation;
312 * thus exposing some address entropy.
313 */
314 struct mm {
315 size_t npg;
316 void *p;
317 } mm[] = {
318 { 17, MAP_FAILED }, { 3, MAP_FAILED },
319 { 11, MAP_FAILED }, { 2, MAP_FAILED },
320 { 5, MAP_FAILED }, { 3, MAP_FAILED },
321 { 7, MAP_FAILED }, { 1, MAP_FAILED },
322 { 57, MAP_FAILED }, { 3, MAP_FAILED },
323 { 131, MAP_FAILED }, { 1, MAP_FAILED },
324 };
325
326 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
327 HX(mm[m].p = mmap(NULL,
328 mm[m].npg * pgs,
329 PROT_READ|PROT_WRITE,
330 MAP_PRIVATE|MAP_ANON, -1,
331 (off_t)0), mm[m].p);
332 if (mm[m].p != MAP_FAILED) {
333 size_t mo;
334
335 /* Touch some memory... */
336 p = mm[m].p;
337 mo = cnt %
338 (mm[m].npg * pgs - 1);
339 p[mo] = 1;
340 cnt += (int)((long)(mm[m].p)
341 / pgs);
342 }
343
344 /* Check cnts and times... */
345 for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
346 ii++) {
347 HX((e = clock_gettime(cl[ii],
348 &ts)) == -1, ts);
349 if (e != -1)
350 cnt += (int)ts.tv_nsec;
351 }
352
353 HX((e = getrusage(RUSAGE_SELF,
354 &ru)) == -1, ru);
355 if (e != -1) {
356 cnt += (int)ru.ru_utime.tv_sec;
357 cnt += (int)ru.ru_utime.tv_usec;
358 }
359 }
360
361 for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
362 if (mm[m].p != MAP_FAILED)
363 munmap(mm[m].p, mm[m].npg * pgs);
364 mm[m].p = MAP_FAILED;
365 }
366
367 HX(stat(".", &st) == -1, st);
368 HX(statvfs(".", &stvfs) == -1, stvfs);
369
370 HX(stat("/", &st) == -1, st);
371 HX(statvfs("/", &stvfs) == -1, stvfs);
372
373 HX((e = fstat(0, &st)) == -1, st);
374 if (e == -1) {
375 if (S_ISREG(st.st_mode) ||
376 S_ISFIFO(st.st_mode) ||
377 S_ISSOCK(st.st_mode)) {
378 HX(fstatvfs(0, &stvfs) == -1,
379 stvfs);
380 HX((off = lseek(0, (off_t)0,
381 SEEK_CUR)) < 0, off);
382 }
383 if (S_ISCHR(st.st_mode)) {
384 HX(tcgetattr(0, &tios) == -1,
385 tios);
386 } else if (S_ISSOCK(st.st_mode)) {
387 memset(&ss, 0, sizeof ss);
388 ssl = sizeof(ss);
389 HX(getpeername(0,
390 (void *)&ss, &ssl) == -1,
391 ss);
392 }
393 }
394
395 HX((e = getrusage(RUSAGE_CHILDREN,
396 &ru)) == -1, ru);
397 if (e != -1) {
398 cnt += (int)ru.ru_utime.tv_sec;
399 cnt += (int)ru.ru_utime.tv_usec;
400 }
401 } else {
402 /* Subsequent hashes absorb previous result */
403 HD(results);
404 }
405
406 HX((e = gettimeofday(&tv, NULL)) == -1, tv);
407 if (e != -1) {
408 cnt += (int)tv.tv_sec;
409 cnt += (int)tv.tv_usec;
410 }
411
412 HD(cnt);
413 }
414 SHA512_Final(results, &ctx);
415 memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
416 i += MINIMUM(sizeof(results), len - i);
417 }
418 explicit_bzero(&ctx, sizeof ctx);
419 explicit_bzero(results, sizeof results);
420 errno = save_errno;
421 return (0); /* satisfied */
422}
diff --git a/src/lib/libcrypto/arc4random/getentropy_win.c b/src/lib/libcrypto/arc4random/getentropy_win.c
deleted file mode 100644
index 64514b3a37..0000000000
--- a/src/lib/libcrypto/arc4random/getentropy_win.c
+++ /dev/null
@@ -1,50 +0,0 @@
1/* $OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $ */
2
3/*
4 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
5 * Copyright (c) 2014, Bob Beck <beck@obtuse.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 *
19 * Emulation of getentropy(2) as documented at:
20 * http://man.openbsd.org/getentropy.2
21 */
22
23#include <windows.h>
24#include <bcrypt.h>
25#include <errno.h>
26#include <stdint.h>
27#include <sys/types.h>
28
29int getentropy(void *buf, size_t len);
30
31/*
32 * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed
33 * to be a well-seeded, cryptographically strong random number generator.
34 * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
35 */
36int
37getentropy(void *buf, size_t len)
38{
39 if (len > 256) {
40 errno = EIO;
41 return (-1);
42 }
43
44 if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
45 errno = EIO;
46 return (-1);
47 }
48
49 return (0);
50}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 19:55:05 +0000