andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include "secrng.h" andre@0: #include "secerr.h" andre@0: #include "prerror.h" andre@0: #include "prthread.h" andre@0: #include "prprf.h" andre@0: andre@0: size_t RNG_FileUpdate(const char *fileName, size_t limit); andre@0: andre@0: /* andre@0: * When copying data to the buffer we want the least signicant bytes andre@0: * from the input since those bits are changing the fastest. The address andre@0: * of least significant byte depends upon whether we are running on andre@0: * a big-endian or little-endian machine. andre@0: * andre@0: * Does this mean the least signicant bytes are the most significant andre@0: * to us? :-) andre@0: */ andre@0: andre@0: static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen) andre@0: { andre@0: union endianness { andre@0: PRInt32 i; andre@0: char c[4]; andre@0: } u; andre@0: andre@0: if (srclen <= dstlen) { andre@0: memcpy(dst, src, srclen); andre@0: return srclen; andre@0: } andre@0: u.i = 0x01020304; andre@0: if (u.c[0] == 0x01) { andre@0: /* big-endian case */ andre@0: memcpy(dst, (char*)src + (srclen - dstlen), dstlen); andre@0: } else { andre@0: /* little-endian case */ andre@0: memcpy(dst, src, dstlen); andre@0: } andre@0: return dstlen; andre@0: } andre@0: andre@0: #ifdef SOLARIS andre@0: andre@0: #include andre@0: andre@0: static const PRUint32 entropy_buf_len = 4096; /* buffer up to 4 KB */ andre@0: andre@0: /* Buffer entropy data, and feed it to the RNG, entropy_buf_len bytes at a time. andre@0: * Returns error if RNG_RandomUpdate fails. Also increments *total_fed andre@0: * by the number of bytes successfully buffered. andre@0: */ andre@0: static SECStatus BufferEntropy(char* inbuf, PRUint32 inlen, andre@0: char* entropy_buf, PRUint32* entropy_buffered, andre@0: PRUint32* total_fed) andre@0: { andre@0: PRUint32 tocopy = 0; andre@0: PRUint32 avail = 0; andre@0: SECStatus rv = SECSuccess; andre@0: andre@0: while (inlen) { andre@0: avail = entropy_buf_len - *entropy_buffered; andre@0: if (!avail) { andre@0: /* Buffer is full, time to feed it to the RNG. */ andre@0: rv = RNG_RandomUpdate(entropy_buf, entropy_buf_len); andre@0: if (SECSuccess != rv) { andre@0: break; andre@0: } andre@0: *entropy_buffered = 0; andre@0: avail = entropy_buf_len; andre@0: } andre@0: tocopy = PR_MIN(avail, inlen); andre@0: memcpy(entropy_buf + *entropy_buffered, inbuf, tocopy); andre@0: *entropy_buffered += tocopy; andre@0: inlen -= tocopy; andre@0: inbuf += tocopy; andre@0: *total_fed += tocopy; andre@0: } andre@0: return rv; andre@0: } andre@0: andre@0: /* Feed kernel statistics structures and ks_data field to the RNG. andre@0: * Returns status as well as the number of bytes successfully fed to the RNG. andre@0: */ andre@0: static SECStatus RNG_kstat(PRUint32* fed) andre@0: { andre@0: kstat_ctl_t* kc = NULL; andre@0: kstat_t* ksp = NULL; andre@0: PRUint32 entropy_buffered = 0; andre@0: char* entropy_buf = NULL; andre@0: SECStatus rv = SECSuccess; andre@0: andre@0: PORT_Assert(fed); andre@0: if (!fed) { andre@0: return SECFailure; andre@0: } andre@0: *fed = 0; andre@0: andre@0: kc = kstat_open(); andre@0: PORT_Assert(kc); andre@0: if (!kc) { andre@0: return SECFailure; andre@0: } andre@0: entropy_buf = (char*) PORT_Alloc(entropy_buf_len); andre@0: PORT_Assert(entropy_buf); andre@0: if (entropy_buf) { andre@0: for (ksp = kc->kc_chain; ksp != NULL; ksp = ksp->ks_next) { andre@0: if (-1 == kstat_read(kc, ksp, NULL)) { andre@0: /* missing data from a single kstat shouldn't be fatal */ andre@0: continue; andre@0: } andre@0: rv = BufferEntropy((char*)ksp, sizeof(kstat_t), andre@0: entropy_buf, &entropy_buffered, andre@0: fed); andre@0: if (SECSuccess != rv) { andre@0: break; andre@0: } andre@0: andre@0: if (ksp->ks_data && ksp->ks_data_size>0 && ksp->ks_ndata>0) { andre@0: rv = BufferEntropy((char*)ksp->ks_data, ksp->ks_data_size, andre@0: entropy_buf, &entropy_buffered, andre@0: fed); andre@0: if (SECSuccess != rv) { andre@0: break; andre@0: } andre@0: } andre@0: } andre@0: if (SECSuccess == rv && entropy_buffered) { andre@0: /* Buffer is not empty, time to feed it to the RNG */ andre@0: rv = RNG_RandomUpdate(entropy_buf, entropy_buffered); andre@0: } andre@0: PORT_Free(entropy_buf); andre@0: } else { andre@0: rv = SECFailure; andre@0: } andre@0: if (kstat_close(kc)) { andre@0: PORT_Assert(0); andre@0: rv = SECFailure; andre@0: } andre@0: return rv; andre@0: } andre@0: andre@0: #endif andre@0: andre@0: #if defined(SCO) || defined(UNIXWARE) || defined(BSDI) || defined(FREEBSD) \ andre@0: || defined(NETBSD) || defined(DARWIN) || defined(OPENBSD) \ andre@0: || defined(NTO) || defined(__riscos__) andre@0: #include andre@0: andre@0: #define getdtablesize() sysconf(_SC_OPEN_MAX) andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: int ticks; andre@0: struct tms buffer; andre@0: andre@0: ticks=times(&buffer); andre@0: return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks)); andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: long si; andre@0: andre@0: /* andre@0: * Is this really necessary? Why not use rand48 or something? andre@0: */ andre@0: si = sysconf(_SC_CHILD_MAX); andre@0: RNG_RandomUpdate(&si, sizeof(si)); andre@0: andre@0: si = sysconf(_SC_STREAM_MAX); andre@0: RNG_RandomUpdate(&si, sizeof(si)); andre@0: andre@0: si = sysconf(_SC_OPEN_MAX); andre@0: RNG_RandomUpdate(&si, sizeof(si)); andre@0: } andre@0: #endif andre@0: andre@0: #if defined(__sun) andre@0: #if defined(__svr4) || defined(SVR4) andre@0: #include andre@0: andre@0: #define getdtablesize() sysconf(_SC_OPEN_MAX) andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: int rv; andre@0: char buf[2000]; andre@0: andre@0: rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: } andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: hrtime_t t; andre@0: t = gethrtime(); andre@0: if (t) { andre@0: return CopyLowBits(buf, maxbytes, &t, sizeof(t)); andre@0: } andre@0: return 0; andre@0: } andre@0: #else /* SunOS (Sun, but not SVR4) */ andre@0: andre@0: extern long sysconf(int name); andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: return 0; andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: long si; andre@0: andre@0: /* This is not very good */ andre@0: si = sysconf(_SC_CHILD_MAX); andre@0: RNG_RandomUpdate(&si, sizeof(si)); andre@0: } andre@0: #endif andre@0: #endif /* Sun */ andre@0: andre@0: #if defined(__hpux) andre@0: #include andre@0: andre@0: #define getdtablesize() sysconf(_SC_OPEN_MAX) andre@0: andre@0: #if defined(__ia64) andre@0: #include andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: PRUint64 t; andre@0: andre@0: t = _Asm_mov_from_ar(_AREG44); andre@0: return CopyLowBits(buf, maxbytes, &t, sizeof(t)); andre@0: } andre@0: #else andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: extern int ret_cr16(); andre@0: int cr16val; andre@0: andre@0: cr16val = ret_cr16(); andre@0: return CopyLowBits(buf, maxbytes, &cr16val, sizeof(cr16val)); andre@0: } andre@0: #endif andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: long si; andre@0: andre@0: /* This is not very good */ andre@0: si = sysconf(_AES_OS_VERSION); andre@0: RNG_RandomUpdate(&si, sizeof(si)); andre@0: si = sysconf(_SC_CPU_VERSION); andre@0: RNG_RandomUpdate(&si, sizeof(si)); andre@0: } andre@0: #endif /* HPUX */ andre@0: andre@0: #if defined(OSF1) andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: char buf[BUFSIZ]; andre@0: int rv; andre@0: int off = 0; andre@0: andre@0: rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * Use the "get the cycle counter" instruction on the alpha. andre@0: * The low 32 bits completely turn over in less than a minute. andre@0: * The high 32 bits are some non-counter gunk that changes sometimes. andre@0: */ andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: unsigned long t; andre@0: andre@0: t = asm("rpcc %v0"); andre@0: return CopyLowBits(buf, maxbytes, &t, sizeof(t)); andre@0: } andre@0: andre@0: #endif /* Alpha */ andre@0: andre@0: #if defined(_IBMR2) andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: return 0; andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: /* XXX haven't found any yet! */ andre@0: } andre@0: #endif /* IBM R2 */ andre@0: andre@0: #if defined(LINUX) andre@0: #include andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: return 0; andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: #ifndef NO_SYSINFO andre@0: struct sysinfo si; andre@0: if (sysinfo(&si) == 0) { andre@0: RNG_RandomUpdate(&si, sizeof(si)); andre@0: } andre@0: #endif andre@0: } andre@0: #endif /* LINUX */ andre@0: andre@0: #if defined(NCR) andre@0: andre@0: #include andre@0: #include andre@0: andre@0: #define getdtablesize() sysconf(_SC_OPEN_MAX) andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: return 0; andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: int rv; andre@0: char buf[2000]; andre@0: andre@0: rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: } andre@0: andre@0: #endif /* NCR */ andre@0: andre@0: #if defined(sgi) andre@0: #include andre@0: #undef PRIVATE andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: #include andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: int rv; andre@0: char buf[4096]; andre@0: andre@0: rv = syssgi(SGI_SYSID, &buf[0]); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, MAXSYSIDSIZE); andre@0: } andre@0: #ifdef SGI_RDUBLK andre@0: rv = syssgi(SGI_RDUBLK, getpid(), &buf[0], sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, sizeof(buf)); andre@0: } andre@0: #endif /* SGI_RDUBLK */ andre@0: rv = syssgi(SGI_INVENT, SGI_INV_READ, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, sizeof(buf)); andre@0: } andre@0: rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: } andre@0: andre@0: static size_t GetHighResClock(void *buf, size_t maxbuf) andre@0: { andre@0: unsigned phys_addr, raddr, cycleval; andre@0: static volatile unsigned *iotimer_addr = NULL; andre@0: static int tries = 0; andre@0: static int cntr_size; andre@0: int mfd; andre@0: long s0[2]; andre@0: struct timeval tv; andre@0: andre@0: #ifndef SGI_CYCLECNTR_SIZE andre@0: #define SGI_CYCLECNTR_SIZE 165 /* Size user needs to use to read CC */ andre@0: #endif andre@0: andre@0: if (iotimer_addr == NULL) { andre@0: if (tries++ > 1) { andre@0: /* Don't keep trying if it didn't work */ andre@0: return 0; andre@0: } andre@0: andre@0: /* andre@0: ** For SGI machines we can use the cycle counter, if it has one, andre@0: ** to generate some truly random numbers andre@0: */ andre@0: phys_addr = syssgi(SGI_QUERY_CYCLECNTR, &cycleval); andre@0: if (phys_addr) { andre@0: int pgsz = getpagesize(); andre@0: int pgoffmask = pgsz - 1; andre@0: andre@0: raddr = phys_addr & ~pgoffmask; andre@0: mfd = open("/dev/mmem", O_RDONLY); andre@0: if (mfd < 0) { andre@0: return 0; andre@0: } andre@0: iotimer_addr = (unsigned *) andre@0: mmap(0, pgoffmask, PROT_READ, MAP_PRIVATE, mfd, (int)raddr); andre@0: if (iotimer_addr == (void*)-1) { andre@0: close(mfd); andre@0: iotimer_addr = NULL; andre@0: return 0; andre@0: } andre@0: iotimer_addr = (unsigned*) andre@0: ((__psint_t)iotimer_addr | (phys_addr & pgoffmask)); andre@0: /* andre@0: * The file 'mfd' is purposefully not closed. andre@0: */ andre@0: cntr_size = syssgi(SGI_CYCLECNTR_SIZE); andre@0: if (cntr_size < 0) { andre@0: struct utsname utsinfo; andre@0: andre@0: /* andre@0: * We must be executing on a 6.0 or earlier system, since the andre@0: * SGI_CYCLECNTR_SIZE call is not supported. andre@0: * andre@0: * The only pre-6.1 platforms with 64-bit counters are andre@0: * IP19 and IP21 (Challenge, PowerChallenge, Onyx). andre@0: */ andre@0: uname(&utsinfo); andre@0: if (!strncmp(utsinfo.machine, "IP19", 4) || andre@0: !strncmp(utsinfo.machine, "IP21", 4)) andre@0: cntr_size = 64; andre@0: else andre@0: cntr_size = 32; andre@0: } andre@0: cntr_size /= 8; /* Convert from bits to bytes */ andre@0: } andre@0: } andre@0: andre@0: s0[0] = *iotimer_addr; andre@0: if (cntr_size > 4) andre@0: s0[1] = *(iotimer_addr + 1); andre@0: memcpy(buf, (char *)&s0[0], cntr_size); andre@0: return CopyLowBits(buf, maxbuf, &s0, cntr_size); andre@0: } andre@0: #endif andre@0: andre@0: #if defined(sony) andre@0: #include andre@0: andre@0: #define getdtablesize() sysconf(_SC_OPEN_MAX) andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: return 0; andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: int rv; andre@0: char buf[2000]; andre@0: andre@0: rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: } andre@0: #endif /* sony */ andre@0: andre@0: #if defined(sinix) andre@0: #include andre@0: #include andre@0: andre@0: int gettimeofday(struct timeval *, struct timezone *); andre@0: int gethostname(char *, int); andre@0: andre@0: #define getdtablesize() sysconf(_SC_OPEN_MAX) andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: int ticks; andre@0: struct tms buffer; andre@0: andre@0: ticks=times(&buffer); andre@0: return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks)); andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: int rv; andre@0: char buf[2000]; andre@0: andre@0: rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: } andre@0: #endif /* sinix */ andre@0: andre@0: andre@0: #ifdef BEOS andre@0: #include andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: bigtime_t bigtime; /* Actually a int64 */ andre@0: andre@0: bigtime = real_time_clock_usecs(); andre@0: return CopyLowBits(buf, maxbytes, &bigtime, sizeof(bigtime)); andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: system_info *info = NULL; andre@0: PRInt32 val; andre@0: get_system_info(info); andre@0: if (info) { andre@0: val = info->boot_time; andre@0: RNG_RandomUpdate(&val, sizeof(val)); andre@0: val = info->used_pages; andre@0: RNG_RandomUpdate(&val, sizeof(val)); andre@0: val = info->used_ports; andre@0: RNG_RandomUpdate(&val, sizeof(val)); andre@0: val = info->used_threads; andre@0: RNG_RandomUpdate(&val, sizeof(val)); andre@0: val = info->used_teams; andre@0: RNG_RandomUpdate(&val, sizeof(val)); andre@0: } andre@0: } andre@0: #endif /* BEOS */ andre@0: andre@0: #if defined(nec_ews) andre@0: #include andre@0: andre@0: #define getdtablesize() sysconf(_SC_OPEN_MAX) andre@0: andre@0: static size_t andre@0: GetHighResClock(void *buf, size_t maxbytes) andre@0: { andre@0: return 0; andre@0: } andre@0: andre@0: static void andre@0: GiveSystemInfo(void) andre@0: { andre@0: int rv; andre@0: char buf[2000]; andre@0: andre@0: rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); andre@0: if (rv > 0) { andre@0: RNG_RandomUpdate(buf, rv); andre@0: } andre@0: } andre@0: #endif /* nec_ews */ andre@0: andre@0: size_t RNG_GetNoise(void *buf, size_t maxbytes) andre@0: { andre@0: struct timeval tv; andre@0: int n = 0; andre@0: int c; andre@0: andre@0: n = GetHighResClock(buf, maxbytes); andre@0: maxbytes -= n; andre@0: andre@0: (void)gettimeofday(&tv, 0); andre@0: c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec)); andre@0: n += c; andre@0: maxbytes -= c; andre@0: c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_sec, sizeof(tv.tv_sec)); andre@0: n += c; andre@0: return n; andre@0: } andre@0: andre@0: #define SAFE_POPEN_MAXARGS 10 /* must be at least 2 */ andre@0: andre@0: /* andre@0: * safe_popen is static to this module and we know what arguments it is andre@0: * called with. Note that this version only supports a single open child andre@0: * process at any time. andre@0: */ andre@0: static pid_t safe_popen_pid; andre@0: static struct sigaction oldact; andre@0: andre@0: static FILE * andre@0: safe_popen(char *cmd) andre@0: { andre@0: int p[2], fd, argc; andre@0: pid_t pid; andre@0: char *argv[SAFE_POPEN_MAXARGS + 1]; andre@0: FILE *fp; andre@0: static char blank[] = " \t"; andre@0: static struct sigaction newact; andre@0: andre@0: if (pipe(p) < 0) andre@0: return 0; andre@0: andre@0: fp = fdopen(p[0], "r"); andre@0: if (fp == 0) { andre@0: close(p[0]); andre@0: close(p[1]); andre@0: return 0; andre@0: } andre@0: andre@0: /* Setup signals so that SIGCHLD is ignored as we want to do waitpid */ andre@0: newact.sa_handler = SIG_DFL; andre@0: newact.sa_flags = 0; andre@0: sigfillset(&newact.sa_mask); andre@0: sigaction (SIGCHLD, &newact, &oldact); andre@0: andre@0: pid = fork(); andre@0: switch (pid) { andre@0: int ndesc; andre@0: andre@0: case -1: andre@0: fclose(fp); /* this closes p[0], the fd associated with fp */ andre@0: close(p[1]); andre@0: sigaction (SIGCHLD, &oldact, NULL); andre@0: return 0; andre@0: andre@0: case 0: andre@0: /* dup write-side of pipe to stderr and stdout */ andre@0: if (p[1] != 1) dup2(p[1], 1); andre@0: if (p[1] != 2) dup2(p[1], 2); andre@0: andre@0: /* andre@0: * close the other file descriptors, except stdin which we andre@0: * try reassociating with /dev/null, first (bug 174993) andre@0: */ andre@0: if (!freopen("/dev/null", "r", stdin)) andre@0: close(0); andre@0: ndesc = getdtablesize(); andre@0: for (fd = PR_MIN(65536, ndesc); --fd > 2; close(fd)); andre@0: andre@0: /* clean up environment in the child process */ andre@0: putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc"); andre@0: putenv("SHELL=/bin/sh"); andre@0: putenv("IFS= \t"); andre@0: andre@0: /* andre@0: * The caller may have passed us a string that is in text andre@0: * space. It may be illegal to modify the string andre@0: */ andre@0: cmd = strdup(cmd); andre@0: /* format argv */ andre@0: argv[0] = strtok(cmd, blank); andre@0: argc = 1; andre@0: while ((argv[argc] = strtok(0, blank)) != 0) { andre@0: if (++argc == SAFE_POPEN_MAXARGS) { andre@0: argv[argc] = 0; andre@0: break; andre@0: } andre@0: } andre@0: andre@0: /* and away we go */ andre@0: execvp(argv[0], argv); andre@0: exit(127); andre@0: break; andre@0: andre@0: default: andre@0: close(p[1]); andre@0: break; andre@0: } andre@0: andre@0: /* non-zero means there's a cmd running */ andre@0: safe_popen_pid = pid; andre@0: return fp; andre@0: } andre@0: andre@0: static int andre@0: safe_pclose(FILE *fp) andre@0: { andre@0: pid_t pid; andre@0: int status = -1, rv; andre@0: andre@0: if ((pid = safe_popen_pid) == 0) andre@0: return -1; andre@0: safe_popen_pid = 0; andre@0: andre@0: fclose(fp); andre@0: andre@0: /* yield the processor so the child gets some time to exit normally */ andre@0: PR_Sleep(PR_INTERVAL_NO_WAIT); andre@0: andre@0: /* if the child hasn't exited, kill it -- we're done with its output */ andre@0: while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR) andre@0: ; andre@0: if (rv == 0) { andre@0: kill(pid, SIGKILL); andre@0: while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR) andre@0: ; andre@0: } andre@0: andre@0: /* Reset SIGCHLD signal hander before returning */ andre@0: sigaction(SIGCHLD, &oldact, NULL); andre@0: andre@0: return status; andre@0: } andre@0: andre@0: #ifdef DARWIN andre@0: #include andre@0: #if !TARGET_OS_IPHONE andre@0: #include andre@0: #endif andre@0: #endif andre@0: andre@0: /* Fork netstat to collect its output by default. Do not unset this unless andre@0: * another source of entropy is available andre@0: */ andre@0: #define DO_NETSTAT 1 andre@0: andre@0: void RNG_SystemInfoForRNG(void) andre@0: { andre@0: FILE *fp; andre@0: char buf[BUFSIZ]; andre@0: size_t bytes; andre@0: const char * const *cp; andre@0: char *randfile; andre@0: #ifdef DARWIN andre@0: #if TARGET_OS_IPHONE andre@0: /* iOS does not expose a way to access environ. */ andre@0: char **environ = NULL; andre@0: #else andre@0: char **environ = *_NSGetEnviron(); andre@0: #endif andre@0: #else andre@0: extern char **environ; andre@0: #endif andre@0: #ifdef BEOS andre@0: static const char * const files[] = { andre@0: "/boot/var/swap", andre@0: "/boot/var/log/syslog", andre@0: "/boot/var/tmp", andre@0: "/boot/home/config/settings", andre@0: "/boot/home", andre@0: 0 andre@0: }; andre@0: #else andre@0: static const char * const files[] = { andre@0: "/etc/passwd", andre@0: "/etc/utmp", andre@0: "/tmp", andre@0: "/var/tmp", andre@0: "/usr/tmp", andre@0: 0 andre@0: }; andre@0: #endif andre@0: andre@0: #if defined(BSDI) andre@0: static char netstat_ni_cmd[] = "netstat -nis"; andre@0: #else andre@0: static char netstat_ni_cmd[] = "netstat -ni"; andre@0: #endif andre@0: andre@0: GiveSystemInfo(); andre@0: andre@0: bytes = RNG_GetNoise(buf, sizeof(buf)); andre@0: RNG_RandomUpdate(buf, bytes); andre@0: andre@0: /* andre@0: * Pass the C environment and the addresses of the pointers to the andre@0: * hash function. This makes the random number function depend on the andre@0: * execution environment of the user and on the platform the program andre@0: * is running on. andre@0: */ andre@0: if (environ != NULL) { andre@0: cp = (const char * const *) environ; andre@0: while (*cp) { andre@0: RNG_RandomUpdate(*cp, strlen(*cp)); andre@0: cp++; andre@0: } andre@0: RNG_RandomUpdate(environ, (char*)cp - (char*)environ); andre@0: } andre@0: andre@0: /* Give in system information */ andre@0: if (gethostname(buf, sizeof(buf)) == 0) { andre@0: RNG_RandomUpdate(buf, strlen(buf)); andre@0: } andre@0: GiveSystemInfo(); andre@0: andre@0: /* grab some data from system's PRNG before any other files. */ andre@0: bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT); andre@0: andre@0: /* If the user points us to a random file, pass it through the rng */ andre@0: randfile = getenv("NSRANDFILE"); andre@0: if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) { andre@0: char *randCountString = getenv("NSRANDCOUNT"); andre@0: int randCount = randCountString ? atoi(randCountString) : 0; andre@0: if (randCount != 0) { andre@0: RNG_FileUpdate(randfile, randCount); andre@0: } else { andre@0: RNG_FileForRNG(randfile); andre@0: } andre@0: } andre@0: andre@0: /* pass other files through */ andre@0: for (cp = files; *cp; cp++) andre@0: RNG_FileForRNG(*cp); andre@0: andre@0: /* andre@0: * Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen andre@0: * in a pthreads environment. Therefore, we call safe_popen last and on andre@0: * BSD/OS we do not call safe_popen when we succeeded in getting data andre@0: * from /dev/urandom. andre@0: * andre@0: * Bug 174993: On platforms providing /dev/urandom, don't fork netstat andre@0: * either, if data has been gathered successfully. andre@0: */ andre@0: andre@0: #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ andre@0: || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ andre@0: || defined(HPUX) andre@0: if (bytes == SYSTEM_RNG_SEED_COUNT) andre@0: return; andre@0: andre@0: /* andre@0: * Modified to abort the process if it failed to read from /dev/urandom. andre@0: * andre@0: * See crbug.com/244661 for details. andre@0: */ andre@0: fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) " andre@0: "from /dev/urandom. Abort process.\n", __FILE__, __LINE__, andre@0: bytes, SYSTEM_RNG_SEED_COUNT); andre@0: fflush(stderr); andre@0: abort(); andre@0: #endif andre@0: andre@0: #ifdef SOLARIS andre@0: andre@0: /* andre@0: * On Solaris, NSS may be initialized automatically from libldap in andre@0: * applications that are unaware of the use of NSS. safe_popen forks, and andre@0: * sometimes creates issues with some applications' pthread_atfork handlers. andre@0: * We always have /dev/urandom on Solaris 9 and above as an entropy source, andre@0: * and for Solaris 8 we have the libkstat interface, so we don't need to andre@0: * fork netstat. andre@0: */ andre@0: andre@0: #undef DO_NETSTAT andre@0: if (!bytes) { andre@0: /* On Solaris 8, /dev/urandom isn't available, so we use libkstat. */ andre@0: PRUint32 kstat_bytes = 0; andre@0: if (SECSuccess != RNG_kstat(&kstat_bytes)) { andre@0: PORT_Assert(0); andre@0: } andre@0: bytes += kstat_bytes; andre@0: PORT_Assert(bytes); andre@0: } andre@0: #endif andre@0: andre@0: #ifdef DO_NETSTAT andre@0: fp = safe_popen(netstat_ni_cmd); andre@0: if (fp != NULL) { andre@0: while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) andre@0: RNG_RandomUpdate(buf, bytes); andre@0: safe_pclose(fp); andre@0: } andre@0: #endif andre@0: andre@0: } andre@0: andre@0: #define TOTAL_FILE_LIMIT 1000000 /* one million */ andre@0: andre@0: size_t RNG_FileUpdate(const char *fileName, size_t limit) andre@0: { andre@0: FILE * file; andre@0: int fd; andre@0: int bytes; andre@0: size_t fileBytes = 0; andre@0: struct stat stat_buf; andre@0: unsigned char buffer[BUFSIZ]; andre@0: static size_t totalFileBytes = 0; andre@0: andre@0: /* suppress valgrind warnings due to holes in struct stat */ andre@0: memset(&stat_buf, 0, sizeof(stat_buf)); andre@0: andre@0: if (stat((char *)fileName, &stat_buf) < 0) andre@0: return fileBytes; andre@0: RNG_RandomUpdate(&stat_buf, sizeof(stat_buf)); andre@0: andre@0: file = fopen(fileName, "r"); andre@0: if (file != NULL) { andre@0: /* Read from the underlying file descriptor directly to bypass stdio andre@0: * buffering and avoid reading more bytes than we need from andre@0: * /dev/urandom. NOTE: we can't use fread with unbuffered I/O because andre@0: * fread may return EOF in unbuffered I/O mode on Android. andre@0: * andre@0: * Moreover, we read into a buffer of size BUFSIZ, so buffered I/O andre@0: * has no performance advantage. */ andre@0: fd = fileno(file); andre@0: /* 'file' was just opened, so this should not fail. */ andre@0: PORT_Assert(fd != -1); andre@0: while (limit > fileBytes) { andre@0: bytes = PR_MIN(sizeof buffer, limit - fileBytes); andre@0: bytes = read(fd, buffer, bytes); andre@0: if (bytes <= 0) andre@0: break; andre@0: RNG_RandomUpdate(buffer, bytes); andre@0: fileBytes += bytes; andre@0: totalFileBytes += bytes; andre@0: /* after TOTAL_FILE_LIMIT has been reached, only read in first andre@0: ** buffer of data from each subsequent file. andre@0: */ andre@0: if (totalFileBytes > TOTAL_FILE_LIMIT) andre@0: break; andre@0: } andre@0: fclose(file); andre@0: } andre@0: /* andre@0: * Pass yet another snapshot of our highest resolution clock into andre@0: * the hash function. andre@0: */ andre@0: bytes = RNG_GetNoise(buffer, sizeof(buffer)); andre@0: RNG_RandomUpdate(buffer, bytes); andre@0: return fileBytes; andre@0: } andre@0: andre@0: void RNG_FileForRNG(const char *fileName) andre@0: { andre@0: RNG_FileUpdate(fileName, TOTAL_FILE_LIMIT); andre@0: } andre@0: andre@0: void ReadSingleFile(const char *fileName) andre@0: { andre@0: FILE * file; andre@0: unsigned char buffer[BUFSIZ]; andre@0: andre@0: file = fopen(fileName, "rb"); andre@0: if (file != NULL) { andre@0: while (fread(buffer, 1, sizeof(buffer), file) > 0) andre@0: ; andre@0: fclose(file); andre@0: } andre@0: } andre@0: andre@0: #define _POSIX_PTHREAD_SEMANTICS andre@0: #include andre@0: andre@0: PRBool andre@0: ReadFileOK(char *dir, char *file) andre@0: { andre@0: struct stat stat_buf; andre@0: char filename[PATH_MAX]; andre@0: int count = snprintf(filename, sizeof filename, "%s/%s",dir, file); andre@0: andre@0: if (count <= 0) { andre@0: return PR_FALSE; /* name too long, can't read it anyway */ andre@0: } andre@0: andre@0: if (stat(filename, &stat_buf) < 0) andre@0: return PR_FALSE; /* can't stat, probably can't read it then as well */ andre@0: return S_ISREG(stat_buf.st_mode) ? PR_TRUE : PR_FALSE; andre@0: } andre@0: andre@0: /* andre@0: * read one file out of either /etc or the user's home directory. andre@0: * fileToRead tells which file to read. andre@0: * andre@0: * return 1 if it's time to reset the fileToRead (no more files to read). andre@0: */ andre@0: int ReadOneFile(int fileToRead) andre@0: { andre@0: char *dir = "/etc"; andre@0: DIR *fd = opendir(dir); andre@0: int resetCount = 0; andre@0: #ifdef SOLARIS andre@0: /* grumble, Solaris does not define struct dirent to be the full length */ andre@0: typedef union { andre@0: unsigned char space[sizeof(struct dirent) + MAXNAMELEN]; andre@0: struct dirent dir; andre@0: } dirent_hack; andre@0: dirent_hack entry, firstEntry; andre@0: andre@0: #define entry_dir entry.dir andre@0: #else andre@0: struct dirent entry, firstEntry; andre@0: #define entry_dir entry andre@0: #endif andre@0: andre@0: int i, error = -1; andre@0: andre@0: if (fd == NULL) { andre@0: dir = getenv("HOME"); andre@0: if (dir) { andre@0: fd = opendir(dir); andre@0: } andre@0: } andre@0: if (fd == NULL) { andre@0: return 1; andre@0: } andre@0: andre@0: for (i=0; i <= fileToRead; i++) { andre@0: struct dirent *result = NULL; andre@0: do { andre@0: error = readdir_r(fd, &entry_dir, &result); andre@0: } while (error == 0 && result != NULL && andre@0: !ReadFileOK(dir,&result->d_name[0])); andre@0: if (error != 0 || result == NULL) { andre@0: resetCount = 1; /* read to the end, start again at the beginning */ andre@0: if (i != 0) { andre@0: /* ran out of entries in the directory, use the first one */ andre@0: entry = firstEntry; andre@0: error = 0; andre@0: break; andre@0: } andre@0: /* if i== 0, there were no readable entries in the directory */ andre@0: break; andre@0: } andre@0: if (i==0) { andre@0: /* save the first entry in case we run out of entries */ andre@0: firstEntry = entry; andre@0: } andre@0: } andre@0: andre@0: if (error == 0) { andre@0: char filename[PATH_MAX]; andre@0: int count = snprintf(filename, sizeof filename, andre@0: "%s/%s",dir, &entry_dir.d_name[0]); andre@0: if (count >= 1) { andre@0: ReadSingleFile(filename); andre@0: } andre@0: } andre@0: andre@0: closedir(fd); andre@0: return resetCount; andre@0: } andre@0: andre@0: /* andre@0: * do something to try to introduce more noise into the 'GetNoise' call andre@0: */ andre@0: static void rng_systemJitter(void) andre@0: { andre@0: static int fileToRead = 1; andre@0: andre@0: if (ReadOneFile(fileToRead)) { andre@0: fileToRead = 1; andre@0: } else { andre@0: fileToRead++; andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * Modified to abort the process if it failed to read from /dev/urandom. andre@0: * andre@0: * See crbug.com/244661 for details. andre@0: */ andre@0: size_t RNG_SystemRNG(void *dest, size_t maxLen) andre@0: { andre@0: FILE *file; andre@0: int fd; andre@0: int bytes; andre@0: size_t fileBytes = 0; andre@0: unsigned char *buffer = dest; andre@0: andre@0: file = fopen("/dev/urandom", "r"); andre@0: if (file == NULL) { andre@0: fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " andre@0: "Abort process.\n", __FILE__, __LINE__); andre@0: fflush(stderr); andre@0: abort(); andre@0: } andre@0: /* Read from the underlying file descriptor directly to bypass stdio andre@0: * buffering and avoid reading more bytes than we need from /dev/urandom. andre@0: * NOTE: we can't use fread with unbuffered I/O because fread may return andre@0: * EOF in unbuffered I/O mode on Android. andre@0: */ andre@0: fd = fileno(file); andre@0: /* 'file' was just opened, so this should not fail. */ andre@0: PORT_Assert(fd != -1); andre@0: while (maxLen > fileBytes) { andre@0: bytes = maxLen - fileBytes; andre@0: bytes = read(fd, buffer, bytes); andre@0: if (bytes <= 0) andre@0: break; andre@0: fileBytes += bytes; andre@0: buffer += bytes; andre@0: } andre@0: fclose(file); andre@0: if (fileBytes != maxLen) { andre@0: fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " andre@0: "Abort process.\n", __FILE__, __LINE__); andre@0: fflush(stderr); andre@0: abort(); andre@0: } andre@0: return fileBytes; andre@0: }