/* Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #if !defined(_GNU_SOURCE) #define _GNU_SOURCE … #endif #include <openssl/rand.h> #include "../bcm_support.h" #include "sysrand_internal.h" #if defined(OPENSSL_RAND_URANDOM) #include <assert.h> #include <errno.h> #include <fcntl.h> #include <stdio.h> #include <string.h> #include <unistd.h> #if defined(OPENSSL_LINUX) #if defined(BORINGSSL_FIPS) #include <linux/random.h> #include <sys/ioctl.h> #endif #include <sys/syscall.h> #if defined(OPENSSL_ANDROID) #include <sys/system_properties.h> #endif #if !defined(OPENSSL_ANDROID) #define OPENSSL_HAS_GETAUXVAL #endif // glibc prior to 2.16 does not have getauxval and sys/auxv.h. Android has some // host builds (i.e. not building for Android itself, so |OPENSSL_ANDROID| is // unset) which are still using a 2.15 sysroot. // // TODO(davidben): Remove this once Android updates their sysroot. #if defined(__GLIBC_PREREQ) #if !__GLIBC_PREREQ(2, 16) #undef OPENSSL_HAS_GETAUXVAL #endif #endif #if defined(OPENSSL_HAS_GETAUXVAL) #include <sys/auxv.h> #endif #endif // OPENSSL_LINUX #include <openssl/thread.h> #include <openssl/mem.h> #include "getrandom_fillin.h" #include "../internal.h" #if defined(USE_NR_getrandom) #if defined(OPENSSL_MSAN) void __msan_unpoison(void *, size_t); #endif static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) { … } #endif // USE_NR_getrandom // kHaveGetrandom in |urandom_fd| signals that |getrandom| or |getentropy| is // available and should be used instead. static const int kHaveGetrandom = …; // urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. static int urandom_fd; #if defined(USE_NR_getrandom) // getrandom_ready is one if |getrandom| had been initialized by the time // |init_once| was called and zero otherwise. static int getrandom_ready; // extra_getrandom_flags_for_seed contains a value that is ORed into the flags // for getrandom() when reading entropy for a seed. static int extra_getrandom_flags_for_seed; // On Android, check a system property to decide whether to set // |extra_getrandom_flags_for_seed| otherwise they will default to zero. If // ro.oem_boringcrypto_hwrand is true then |extra_getrandom_flags_for_seed| will // be set to GRND_RANDOM, causing all random data to be drawn from the same // source as /dev/random. static void maybe_set_extra_getrandom_flags(void) { … } #endif // USE_NR_getrandom static CRYPTO_once_t rand_once = …; // init_once initializes the state of this module to values previously // requested. This is the only function that modifies |urandom_fd|, which may be // read safely after calling the once. static void init_once(void) { … } static CRYPTO_once_t wait_for_entropy_once = …; static void wait_for_entropy(void) { … } // fill_with_entropy writes |len| bytes of entropy into |out|. It returns one // on success and zero on error. If |block| is one, this function will block // until the entropy pool is initialized. Otherwise, this function may fail, // setting |errno| to |EAGAIN| if the entropy pool has not yet been initialized. // If |seed| is one, this function will OR in the value of // |*extra_getrandom_flags_for_seed()| when using |getrandom|. static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) { … } void CRYPTO_init_sysrand(void) { … } // CRYPTO_sysrand puts |requested| random bytes into |out|. void CRYPTO_sysrand(uint8_t *out, size_t requested) { … } void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { … } int CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) { … } #endif // OPENSSL_RAND_URANDOM