1/**************************************************************************** 2 * * 3 * * 4 * Unix Randomness-Gathering Code * 5 * * 6 * Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999. * 7 * Heavily modified for GnuPG by Werner Koch * 8 * * 9 * * 10 ****************************************************************************/ 11 12/* This module is part of the cryptlib continuously seeded pseudorandom 13 number generator. For usage conditions, see lib_rand.c 14 15 [Here is the notice from lib_rand.c:] 16 17 This module and the misc/rnd*.c modules represent the cryptlib 18 continuously seeded pseudorandom number generator (CSPRNG) as described in 19 my 1998 Usenix Security Symposium paper "The generation of random numbers 20 for cryptographic purposes". 21 22 The CSPRNG code is copyright Peter Gutmann (and various others) 1996, 23 1997, 1998, 1999, all rights reserved. Redistribution of the CSPRNG 24 modules and use in source and binary forms, with or without modification, 25 are permitted provided that the following conditions are met: 26 27 1. Redistributions of source code must retain the above copyright notice 28 and this permission notice in its entirety. 29 30 2. Redistributions in binary form must reproduce the copyright notice in 31 the documentation and/or other materials provided with the distribution. 32 33 3. A copy of any bugfixes or enhancements made must be provided to the 34 author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the 35 baseline version of the code. 36 37 ALTERNATIVELY, the code may be distributed under the terms of the 38 GNU Lesser General Public License, version 2.1 or any later version 39 published by the Free Software Foundation, in which case the 40 provisions of the GNU LGPL are required INSTEAD OF the above 41 restrictions. 42 43 Although not required under the terms of the LGPL, it would still be 44 nice if you could make any changes available to the author to allow 45 a consistent code base to be maintained. */ 46/************************************************************************* 47 The above alternative was changed from GPL to LGPL on 2007-08-22 with 48 permission from Peter Gutmann: 49 ========== 50 From: pgut001 <pgut001@cs.auckland.ac.nz> 51 Subject: Re: LGPL for the windows entropy gatherer 52 To: wk@gnupg.org 53 Date: Wed, 22 Aug 2007 03:05:42 +1200 54 55 Hi, 56 57 >As of now libgcrypt is GPL under Windows due to that module and some people 58 >would really like to see it under LGPL too. Can you do such a license change 59 >to LGPL version 2? Note that LGPL give the user the option to relicense it 60 >under GPL, so the change would be pretty easy and backwar compatible. 61 62 Sure. I assumed that since GPG was GPLd, you'd prefer the GPL for the entropy 63 code as well, but Ian asked for LGPL as an option so as of the next release 64 I'll have LGPL in there. You can consider it to be retroactive, so your 65 current version will be LGPLd as well. 66 67 Peter. 68 ========== 69 From: pgut001 <pgut001@cs.auckland.ac.nz> 70 Subject: Re: LGPL for the windows entropy gatherer 71 To: wk@gnupg.org 72 Date: Wed, 22 Aug 2007 20:50:08 +1200 73 74 >Would you mind to extend this also to the Unix entropy gatherer which is 75 >still used on systems without /dev/random and when EGD is not installed? That 76 >would be the last GPLed piece in Libgcrypt. 77 78 Sure, it covers the entire entropy-gathering subsystem. 79 80 Peter. 81 ========= 82*/ 83 84/* General includes */ 85 86#include <config.h> 87#include <stdlib.h> 88#include <stdio.h> 89#include <string.h> 90 91/* OS-specific includes */ 92 93#ifdef __osf__ 94 /* Somewhere in the morass of system-specific cruft which OSF/1 pulls in 95 * via the following includes are various endianness defines, so we 96 * undefine the cryptlib ones, which aren't really needed for this module 97 * anyway */ 98#undef BIG_ENDIAN 99#undef LITTLE_ENDIAN 100#endif /* __osf__ */ 101 102#include <unistd.h> 103#include <fcntl.h> 104#include <pwd.h> 105#ifndef __QNX__ 106#include <sys/errno.h> 107#include <sys/ipc.h> 108#endif /* __QNX__ */ 109#include <sys/time.h> /* SCO and SunOS need this before resource.h */ 110#ifndef __QNX__ 111#include <sys/resource.h> 112#endif /* __QNX__ */ 113#if defined( _AIX ) || defined( __QNX__ ) 114#include <sys/select.h> 115#endif /* _AIX */ 116#ifndef __QNX__ 117#include <sys/shm.h> 118#include <signal.h> 119#include <sys/signal.h> 120#endif /* __QNX__ */ 121#include <sys/stat.h> 122#include <sys/types.h> /* Verschiedene komische Typen */ 123#if defined( __hpux ) && ( OS_VERSION == 9 ) 124#include <vfork.h> 125#endif /* __hpux 9.x, after that it's in unistd.h */ 126#include <sys/wait.h> 127/* #include <kitchensink.h> */ 128#ifdef __QNX__ 129#include <signal.h> 130#include <process.h> 131#endif /* __QNX__ */ 132#include <errno.h> 133 134#include "types.h" /* for byte and u32 typedefs */ 135#include "g10lib.h" 136#include "rand-internal.h" 137 138#ifndef EAGAIN 139#define EAGAIN EWOULDBLOCK 140#endif 141#ifndef STDIN_FILENO 142#define STDIN_FILENO 0 143#endif 144#ifndef STDOUT_FILENO 145#define STDOUT_FILENO 1 146#endif 147 148#define GATHER_BUFSIZE 49152 /* Usually about 25K are filled */ 149 150/* The structure containing information on random-data sources. Each 151 * record contains the source and a relative estimate of its usefulness 152 * (weighting) which is used to scale the number of kB of output from the 153 * source (total = data_bytes / usefulness). Usually the weighting is in the 154 * range 1-3 (or 0 for especially useless sources), resulting in a usefulness 155 * rating of 1...3 for each kB of source output (or 0 for the useless 156 * sources). 157 * 158 * If the source is constantly changing (certain types of network statistics 159 * have this characteristic) but the amount of output is small, the weighting 160 * is given as a negative value to indicate that the output should be treated 161 * as if a minimum of 1K of output had been obtained. If the source produces 162 * a lot of output then the scale factor is fractional, resulting in a 163 * usefulness rating of < 1 for each kB of source output. 164 * 165 * In order to provide enough randomness to satisfy the requirements for a 166 * slow poll, we need to accumulate at least 20 points of usefulness (a 167 * typical system should get about 30 points). 168 * 169 * Some potential options are missed out because of special considerations. 170 * pstat -i and pstat -f can produce amazing amounts of output (the record 171 * is 600K on an Oracle server) which floods the buffer and doesn't yield 172 * anything useful (apart from perhaps increasing the entropy of the vmstat 173 * output a bit), so we don't bother with this. pstat in general produces 174 * quite a bit of output, but it doesn't change much over time, so it gets 175 * very low weightings. netstat -s produces constantly-changing output but 176 * also produces quite a bit of it, so it only gets a weighting of 2 rather 177 * than 3. The same holds for netstat -in, which gets 1 rather than 2. 178 * 179 * Some binaries are stored in different locations on different systems so 180 * alternative paths are given for them. The code sorts out which one to 181 * run by itself, once it finds an exectable somewhere it moves on to the 182 * next source. The sources are arranged roughly in their order of 183 * usefulness, occasionally sources which provide a tiny amount of 184 * relatively useless data are placed ahead of ones which provide a large 185 * amount of possibly useful data because another 100 bytes can't hurt, and 186 * it means the buffer won't be swamped by one or two high-output sources. 187 * All the high-output sources are clustered towards the end of the list 188 * for this reason. Some binaries are checked for in a certain order, for 189 * example under Slowaris /usr/ucb/ps understands aux as an arg, but the 190 * others don't. Some systems have conditional defines enabling alternatives 191 * to commands which don't understand the usual options but will provide 192 * enough output (in the form of error messages) to look like they're the 193 * real thing, causing alternative options to be skipped (we can't check the 194 * return either because some commands return peculiar, non-zero status even 195 * when they're working correctly). 196 * 197 * In order to maximise use of the buffer, the code performs a form of run- 198 * length compression on its input where a repeated sequence of bytes is 199 * replaced by the occurrence count mod 256. Some commands output an awful 200 * lot of whitespace, this measure greatly increases the amount of data we 201 * can fit in the buffer. 202 * 203 * When we scale the weighting using the SC() macro, some preprocessors may 204 * give a division by zero warning for the most obvious expression 205 * 'weight ? 1024 / weight : 0' (and gcc 2.7.2.2 dies with a division by zero 206 * trap), so we define a value SC_0 which evaluates to zero when fed to 207 * '1024 / SC_0' */ 208 209#define SC( weight ) ( 1024 / weight ) /* Scale factor */ 210#define SC_0 16384 /* SC( SC_0 ) evaluates to 0 */ 211 212static struct RI { 213 const char *path; /* Path to check for existence of source */ 214 const char *arg; /* Args for source */ 215 const int usefulness; /* Usefulness of source */ 216 FILE *pipe; /* Pipe to source as FILE * */ 217 int pipeFD; /* Pipe to source as FD */ 218 pid_t pid; /* pid of child for waitpid() */ 219 int length; /* Quantity of output produced */ 220 const int hasAlternative; /* Whether source has alt.location */ 221} dataSources[] = { 222 223 { "/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 1 }, 224 { "/usr/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 0}, 225 { "/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 1 }, 226 { "/usr/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 0}, 227 { "/usr/bin/pfstat", NULL, SC(-2), NULL, 0, 0, 0, 0}, 228 { "/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 1 }, 229 { "/usr/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 0}, 230 { "/usr/ucb/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 }, 231 { "/usr/bin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 }, 232 { "/usr/sbin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1}, 233 { "/usr/etc/netstat", "-s", SC(2), NULL, 0, 0, 0, 0}, 234 { "/usr/bin/nfsstat", NULL, SC(2), NULL, 0, 0, 0, 0}, 235 { "/usr/ucb/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 }, 236 { "/usr/bin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 }, 237 { "/usr/sbin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 }, 238 { "/usr/etc/netstat", "-m", SC(-1), NULL, 0, 0, 0, 0 }, 239 { "/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 }, 240 { "/usr/ucb/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 }, 241 { "/usr/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 }, 242 { "/usr/sbin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1}, 243 { "/usr/etc/netstat", "-in", SC(-1), NULL, 0, 0, 0, 0}, 244 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.1.0", 245 SC(-1), NULL, 0, 0, 0, 0 }, /* UDP in */ 246 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.4.0", 247 SC(-1), NULL, 0, 0, 0, 0 }, /* UDP out */ 248 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.4.3.0", 249 SC(-1), NULL, 0, 0, 0, 0 }, /* IP ? */ 250 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.10.0", 251 SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */ 252 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.11.0", 253 SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */ 254 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.13.0", 255 SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */ 256 { "/usr/bin/mpstat", NULL, SC(1), NULL, 0, 0, 0, 0 }, 257 { "/usr/bin/w", NULL, SC(1), NULL, 0, 0, 0, 1 }, 258 { "/usr/bsd/w", NULL, SC(1), NULL, 0, 0, 0, 0 }, 259 { "/usr/bin/df", NULL, SC(1), NULL, 0, 0, 0, 1 }, 260 { "/bin/df", NULL, SC(1), NULL, 0, 0, 0, 0 }, 261 { "/usr/sbin/portstat", NULL, SC(1), NULL, 0, 0, 0, 0 }, 262 { "/usr/bin/iostat", NULL, SC(SC_0), NULL, 0, 0, 0, 0 }, 263 { "/usr/bin/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 1 }, 264 { "/usr/bsd/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 0 }, 265 { "/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 1 }, 266 { "/usr/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 0 }, 267 { "/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 1 }, 268 { "/usr/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 0 }, 269 { "/usr/ucb/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 }, 270 { "/usr/bin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 }, 271 { "/usr/sbin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 }, 272 { "/usr/etc/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 0 }, 273#if defined( __sgi ) || defined( __hpux ) 274 { "/bin/ps", "-el", SC(0.3), NULL, 0, 0, 0, 1 }, 275#endif /* __sgi || __hpux */ 276 { "/usr/ucb/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 }, 277 { "/usr/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 }, 278 { "/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 0 }, 279 { "/bin/ps", "-A", SC(0.3), NULL, 0, 0, 0, 0 }, /*QNX*/ 280 { "/usr/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 1 }, 281 { "/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 0 }, 282 /* Unreliable source, depends on system usage */ 283 { "/etc/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 1 }, 284 { "/bin/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 0 }, 285 { "/etc/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 1 }, 286 { "/bin/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 0 }, 287 { "/etc/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 1 }, 288 { "/bin/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 0 }, 289 { "/etc/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 1 }, 290 { "/bin/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 0 }, 291 { "/etc/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 }, 292 { "/bin/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 }, 293 /* pstat is your friend */ 294 { "/usr/bin/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 1 }, 295#ifdef __sgi 296 { "/usr/bsd/last", "-50", SC(0.3), NULL, 0, 0, 0, 0 }, 297#endif /* __sgi */ 298#ifdef __hpux 299 { "/etc/last", "-50", SC(0.3), NULL, 0, 0, 0, 0 }, 300#endif /* __hpux */ 301 { "/usr/bsd/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 0 }, 302 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.1.0", 303 SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */ 304 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.3.0", 305 SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */ 306 { "/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 }, 307 { "/usr/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 }, 308 { "/usr/bin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 }, 309 { "/usr/sbin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 0 }, 310 { "/usr/sbin/ripquery", "-nw 1 127.0.0.1", 311 SC(0.1), NULL, 0, 0, 0, 0 }, 312 { "/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 }, 313 { "/usr/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 }, 314 { "/usr/ucb/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 }, 315 { "/usr/bin/tcpdump", "-c 5 -efvvx", SC(1), NULL, 0, 0, 0, 0 }, 316 /* This is very environment-dependant. If network traffic is low, it'll 317 * probably time out before delivering 5 packets, which is OK because 318 * it'll probably be fixed stuff like ARP anyway */ 319 { "/usr/sbin/advfsstat", "-b usr_domain", 320 SC(SC_0), NULL, 0, 0, 0, 0}, 321 { "/usr/sbin/advfsstat", "-l 2 usr_domain", 322 SC(0.5), NULL, 0, 0, 0, 0}, 323 { "/usr/sbin/advfsstat", "-p usr_domain", 324 SC(SC_0), NULL, 0, 0, 0, 0}, 325 /* This is a complex and screwball program. Some systems have things 326 * like rX_dmn, x = integer, for RAID systems, but the statistics are 327 * pretty dodgy */ 328#ifdef __QNXNTO__ 329 { "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3), 330 NULL, 0, 0, 0, 0 }, 331#endif 332#if 0 333 /* The following aren't enabled since they're somewhat slow and not very 334 * unpredictable, however they give an indication of the sort of sources 335 * you can use (for example the finger might be more useful on a 336 * firewalled internal network) */ 337 { "/usr/bin/finger", "@ml.media.mit.edu", SC(0.9), NULL, 0, 0, 0, 0 }, 338 { "/usr/local/bin/wget", "-O - http://lavarand.sgi.com/block.html", 339 SC(0.9), NULL, 0, 0, 0, 0 }, 340 { "/bin/cat", "/usr/spool/mqueue/syslog", SC(0.9), NULL, 0, 0, 0, 0 }, 341#endif /* 0 */ 342 { NULL, NULL, 0, NULL, 0, 0, 0, 0 } 343}; 344 345static byte *gather_buffer; /* buffer for gathering random noise */ 346static int gather_buffer_size; /* size of the memory buffer */ 347static uid_t gatherer_uid; 348 349/* The message structure used to communicate with the parent */ 350typedef struct { 351 int usefulness; /* usefulness of data */ 352 int ndata; /* valid bytes in data */ 353 char data[500]; /* gathered data */ 354} GATHER_MSG; 355 356#ifndef HAVE_WAITPID 357static pid_t 358waitpid(pid_t pid, int *statptr, int options) 359{ 360#ifdef HAVE_WAIT4 361 return wait4(pid, statptr, options, NULL); 362#else 363 /* If wait4 is also not available, try wait3 for SVR3 variants */ 364 /* Less ideal because can't actually request a specific pid */ 365 /* For that reason, first check to see if pid is for an */ 366 /* existing process. */ 367 int tmp_pid, dummystat;; 368 if (kill(pid, 0) == -1) { 369 errno = ECHILD; 370 return -1; 371 } 372 if (statptr == NULL) 373 statptr = &dummystat; 374 while (((tmp_pid = wait3(statptr, options, 0)) != pid) && 375 (tmp_pid != -1) && (tmp_pid != 0) && (pid != -1)) 376 ; 377 return tmp_pid; 378#endif 379} 380#endif 381 382/* Under SunOS popen() doesn't record the pid of the child process. When 383 * pclose() is called, instead of calling waitpid() for the correct child, it 384 * calls wait() repeatedly until the right child is reaped. The problem is 385 * that this reaps any other children that happen to have died at that 386 * moment, and when their pclose() comes along, the process hangs forever. 387 * The fix is to use a wrapper for popen()/pclose() which saves the pid in 388 * the dataSources structure (code adapted from GNU-libc's popen() call). 389 * 390 * Aut viam inveniam aut faciam */ 391 392static FILE * 393my_popen(struct RI *entry) 394{ 395 int pipedes[2]; 396 FILE *stream; 397 398 /* Create the pipe */ 399 if (pipe(pipedes) < 0) 400 return (NULL); 401 402 /* Fork off the child ("vfork() is like an OS orgasm. All OS's want to 403 * do it, but most just end up faking it" - Chris Wedgwood). If your OS 404 * supports it, you should try to use vfork() here because it's somewhat 405 * more efficient */ 406#if defined( sun ) || defined( __ultrix__ ) || defined( __osf__ ) || \ 407 defined(__hpux) 408 entry->pid = vfork(); 409#else /* */ 410 entry->pid = fork(); 411#endif /* Unixen which have vfork() */ 412 if (entry->pid == (pid_t) - 1) { 413 /* The fork failed */ 414 close(pipedes[0]); 415 close(pipedes[1]); 416 return (NULL); 417 } 418 419 if (entry->pid == (pid_t) 0) { 420 struct passwd *passwd; 421 422 /* We are the child. Make the read side of the pipe be stdout */ 423 if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0) 424 exit(127); 425 426 /* Now that everything is set up, give up our permissions to make 427 * sure we don't read anything sensitive. If the getpwnam() fails, 428 * we default to -1, which is usually nobody */ 429 if (gatherer_uid == (uid_t)-1 && \ 430 (passwd = getpwnam("nobody")) != NULL) 431 gatherer_uid = passwd->pw_uid; 432 433 setuid(gatherer_uid); 434 435 /* Close the pipe descriptors */ 436 close(pipedes[STDIN_FILENO]); 437 close(pipedes[STDOUT_FILENO]); 438 439 /* Try and exec the program */ 440 execl(entry->path, entry->path, entry->arg, NULL); 441 442 /* Die if the exec failed */ 443 exit(127); 444 } 445 446 /* We are the parent. Close the irrelevant side of the pipe and open 447 * the relevant side as a new stream. Mark our side of the pipe to 448 * close on exec, so new children won't see it */ 449 close(pipedes[STDOUT_FILENO]); 450 451#ifdef FD_CLOEXEC 452 fcntl(pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC); 453#endif 454 455 stream = fdopen(pipedes[STDIN_FILENO], "r"); 456 457 if (stream == NULL) { 458 int savedErrno = errno; 459 460 /* The stream couldn't be opened or the child structure couldn't be 461 * allocated. Kill the child and close the other side of the pipe */ 462 kill(entry->pid, SIGKILL); 463 if (stream == NULL) 464 close(pipedes[STDOUT_FILENO]); 465 else 466 fclose(stream); 467 468 waitpid(entry->pid, NULL, 0); 469 470 entry->pid = 0; 471 errno = savedErrno; 472 return (NULL); 473 } 474 475 return (stream); 476} 477 478static int 479my_pclose(struct RI *entry) 480{ 481 int status = 0; 482 483 if (fclose(entry->pipe)) 484 return (-1); 485 486 /* We ignore the return value from the process because some 487 programs return funny values which would result in the input 488 being discarded even if they executed successfully. This isn't 489 a problem because the result data size threshold will filter 490 out any programs which exit with a usage message without 491 producing useful output. */ 492 if (waitpid(entry->pid, NULL, 0) != entry->pid) 493 status = -1; 494 495 entry->pipe = NULL; 496 entry->pid = 0; 497 return (status); 498} 499 500 501/* Unix slow poll (without special support for Linux) 502 * 503 * If a few of the randomness sources create a large amount of output then 504 * the slowPoll() stops once the buffer has been filled (but before all the 505 * randomness sources have been sucked dry) so that the 'usefulness' factor 506 * remains below the threshold. For this reason the gatherer buffer has to 507 * be fairly sizeable on moderately loaded systems. This is something of a 508 * bug since the usefulness should be influenced by the amount of output as 509 * well as the source type */ 510 511 512static int 513slow_poll(FILE *dbgfp, int dbgall, size_t *nbytes ) 514{ 515 int moreSources; 516 struct timeval tv; 517 fd_set fds; 518#if defined( __hpux ) 519 size_t maxFD = 0; 520#else 521 int maxFD = 0; 522#endif /* OS-specific brokenness */ 523 int bufPos, i, usefulness = 0; 524 int last_so_far = 0; 525 int any_need_entropy = 0; 526 int delay; 527 int rc; 528 529 /* Fire up each randomness source */ 530 FD_ZERO(&fds); 531 for (i = 0; dataSources[i].path != NULL; i++) { 532 /* Since popen() is a fairly heavy function, we check to see whether 533 * the executable exists before we try to run it */ 534 if (access(dataSources[i].path, X_OK)) { 535 if( dbgfp && dbgall ) 536 fprintf(dbgfp, "%s not present%s\n", dataSources[i].path, 537 dataSources[i].hasAlternative ? 538 ", has alternatives" : ""); 539 dataSources[i].pipe = NULL; 540 } 541 else 542 dataSources[i].pipe = my_popen(&dataSources[i]); 543 544 if (dataSources[i].pipe != NULL) { 545 dataSources[i].pipeFD = fileno(dataSources[i].pipe); 546 if (dataSources[i].pipeFD > maxFD) 547 maxFD = dataSources[i].pipeFD; 548 549#ifdef O_NONBLOCK /* Ohhh what a hack (used for Atari) */ 550 fcntl(dataSources[i].pipeFD, F_SETFL, O_NONBLOCK); 551#else 552#error O_NONBLOCK is missing 553#endif 554 555 FD_SET(dataSources[i].pipeFD, &fds); 556 dataSources[i].length = 0; 557 558 /* If there are alternatives for this command, don't try and 559 * execute them */ 560 while (dataSources[i].hasAlternative) { 561 if( dbgfp && dbgall ) 562 fprintf(dbgfp, "Skipping %s\n", dataSources[i + 1].path); 563 i++; 564 } 565 } 566 } 567 568 569 /* Suck all the data we can get from each of the sources */ 570 bufPos = 0; 571 moreSources = 1; 572 delay = 0; /* Return immediately (well, after 100ms) the first time. */ 573 while (moreSources && bufPos <= gather_buffer_size) { 574 /* Wait for data to become available from any of the sources, with a 575 * timeout of 10 seconds. This adds even more randomness since data 576 * becomes available in a nondeterministic fashion. Kudos to HP's QA 577 * department for managing to ship a select() which breaks its own 578 * prototype */ 579 tv.tv_sec = delay; 580 tv.tv_usec = delay? 0 : 100000; 581 582#if defined( __hpux ) && ( OS_VERSION == 9 ) 583 rc = select(maxFD + 1, (int *)&fds, NULL, NULL, &tv); 584#else /* */ 585 rc = select(maxFD + 1, &fds, NULL, NULL, &tv); 586#endif /* __hpux */ 587 if (rc == -1) 588 break; /* Ooops; select failed. */ 589 590 if (!rc) 591 { 592 /* FIXME: Because we run several tools at once it is 593 unlikely that we will see a block in select at all. */ 594 if (!any_need_entropy 595 || last_so_far != (gather_buffer_size - bufPos) ) 596 { 597 last_so_far = gather_buffer_size - bufPos; 598 _gcry_random_progress ("need_entropy", 'X', 599 last_so_far, 600 gather_buffer_size); 601 any_need_entropy = 1; 602 } 603 delay = 10; /* Use 10 seconds henceforth. */ 604 /* Note that the fd_set is setup again at the end of this loop. */ 605 } 606 607 /* One of the sources has data available, read it into the buffer */ 608 for (i = 0; dataSources[i].path != NULL; i++) { 609 if( dataSources[i].pipe && FD_ISSET(dataSources[i].pipeFD, &fds)) { 610 size_t noBytes; 611 612 if ((noBytes = fread(gather_buffer + bufPos, 1, 613 gather_buffer_size - bufPos, 614 dataSources[i].pipe)) == 0) { 615 if (my_pclose(&dataSources[i]) == 0) { 616 int total = 0; 617 618 /* Try and estimate how much entropy we're getting 619 * from a data source */ 620 if (dataSources[i].usefulness) { 621 if (dataSources[i].usefulness < 0) 622 total = (dataSources[i].length + 999) 623 / -dataSources[i].usefulness; 624 else 625 total = dataSources[i].length 626 / dataSources[i].usefulness; 627 } 628 if( dbgfp ) 629 fprintf(dbgfp, 630 "%s %s contributed %d bytes, " 631 "usefulness = %d\n", dataSources[i].path, 632 (dataSources[i].arg != NULL) ? 633 dataSources[i].arg : "", 634 dataSources[i].length, total); 635 if( dataSources[i].length ) 636 usefulness += total; 637 } 638 dataSources[i].pipe = NULL; 639 } 640 else { 641 int currPos = bufPos; 642 int endPos = bufPos + noBytes; 643 644 /* Run-length compress the input byte sequence */ 645 while (currPos < endPos) { 646 int ch = gather_buffer[currPos]; 647 648 /* If it's a single byte, just copy it over */ 649 if (ch != gather_buffer[currPos + 1]) { 650 gather_buffer[bufPos++] = ch; 651 currPos++; 652 } 653 else { 654 int count = 0; 655 656 /* It's a run of repeated bytes, replace them 657 * with the byte count mod 256 */ 658 while ((ch == gather_buffer[currPos]) 659 && currPos < endPos) { 660 count++; 661 currPos++; 662 } 663 gather_buffer[bufPos++] = count; 664 noBytes -= count - 1; 665 } 666 } 667 668 /* Remember the number of (compressed) bytes of input we 669 * obtained */ 670 dataSources[i].length += noBytes; 671 } 672 } 673 } 674 675 /* Check if there is more input available on any of the sources */ 676 moreSources = 0; 677 FD_ZERO(&fds); 678 for (i = 0; dataSources[i].path != NULL; i++) { 679 if (dataSources[i].pipe != NULL) { 680 FD_SET(dataSources[i].pipeFD, &fds); 681 moreSources = 1; 682 } 683 } 684 } 685 686 if (any_need_entropy) 687 _gcry_random_progress ("need_entropy", 'X', 688 gather_buffer_size, 689 gather_buffer_size); 690 691 if( dbgfp ) { 692 fprintf(dbgfp, "Got %d bytes, usefulness = %d\n", bufPos, usefulness); 693 fflush(dbgfp); 694 } 695 *nbytes = bufPos; 696 return usefulness; 697} 698 699/**************** 700 * Start the gatherer process which writes messages of 701 * type GATHERER_MSG to pipedes 702 */ 703static void 704start_gatherer( int pipefd ) 705{ 706 FILE *dbgfp = NULL; 707 int dbgall; 708 709 { 710 const char *s = getenv("GNUPG_RNDUNIX_DBG"); 711 if( s ) { 712 dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a"); 713 if( !dbgfp ) 714 log_info("can't open debug file `%s': %s\n", 715 s, strerror(errno) ); 716 else 717 fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid()); 718 } 719 dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL"); 720 } 721 /* close all files but the ones we need */ 722 { int nmax, n1, n2, i; 723#ifdef _SC_OPEN_MAX 724 if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) { 725#ifdef _POSIX_OPEN_MAX 726 nmax = _POSIX_OPEN_MAX; 727#else 728 nmax = 20; /* assume a reasonable value */ 729#endif 730 } 731#else /*!_SC_OPEN_MAX*/ 732 nmax = 20; /* assume a reasonable value */ 733#endif /*!_SC_OPEN_MAX*/ 734 n1 = fileno( stderr ); 735 n2 = dbgfp? fileno( dbgfp ) : -1; 736 for(i=0; i < nmax; i++ ) { 737 if( i != n1 && i != n2 && i != pipefd ) 738 close(i); 739 } 740 errno = 0; 741 } 742 743 744 /* Set up the buffer. Not ethat we use a plain standard malloc here. */ 745 gather_buffer_size = GATHER_BUFSIZE; 746 gather_buffer = malloc( gather_buffer_size ); 747 if( !gather_buffer ) { 748 log_error("out of core while allocating the gatherer buffer\n"); 749 exit(2); 750 } 751 752 /* Reset the SIGC(H)LD handler to the system default. This is necessary 753 * because if the program which cryptlib is a part of installs its own 754 * SIGC(H)LD handler, it will end up reaping the cryptlib children before 755 * cryptlib can. As a result, my_pclose() will call waitpid() on a 756 * process which has already been reaped by the installed handler and 757 * return an error, so the read data won't be added to the randomness 758 * pool. There are two types of SIGC(H)LD naming, the SysV SIGCLD and 759 * the BSD/Posix SIGCHLD, so we need to handle either possibility */ 760#ifdef SIGCLD 761 signal(SIGCLD, SIG_DFL); 762#else 763 signal(SIGCHLD, SIG_DFL); 764#endif 765 766 fclose(stderr); /* Arrghh!! It's Stuart code!! */ 767 768 for(;;) { 769 GATHER_MSG msg; 770 size_t nbytes; 771 const char *p; 772 773 msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes ); 774 p = gather_buffer; 775 while( nbytes ) { 776 msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes; 777 memcpy( msg.data, p, msg.ndata ); 778 nbytes -= msg.ndata; 779 p += msg.ndata; 780 781 while( write( pipefd, &msg, sizeof(msg) ) != sizeof(msg) ) { 782 if( errno == EINTR ) 783 continue; 784 if( errno == EAGAIN ) { 785 struct timeval tv; 786 tv.tv_sec = 0; 787 tv.tv_usec = 50000; 788 select(0, NULL, NULL, NULL, &tv); 789 continue; 790 } 791 if( errno == EPIPE ) /* parent has exited, so give up */ 792 exit(0); 793 794 /* we can't do very much here because stderr is closed */ 795 if( dbgfp ) 796 fprintf(dbgfp, "gatherer can't write to pipe: %s\n", 797 strerror(errno) ); 798 /* we start a new poll to give the system some time */ 799 nbytes = 0; 800 break; 801 } 802 } 803 } 804 /* we are killed when the parent dies */ 805} 806 807 808static int 809read_a_msg( int fd, GATHER_MSG *msg ) 810{ 811 char *buffer = (char*)msg; 812 size_t length = sizeof( *msg ); 813 int n; 814 815 do { 816 do { 817 n = read(fd, buffer, length ); 818 } while( n == -1 && errno == EINTR ); 819 if( n == -1 ) 820 return -1; 821 buffer += n; 822 length -= n; 823 } while( length ); 824 return 0; 825} 826 827 828/**************** 829 * Using a level of 0 should never block and better add nothing 830 * to the pool. So this is just a dummy for this gatherer. 831 */ 832int 833_gcry_rndunix_gather_random (void (*add)(const void*, size_t, 834 enum random_origins), 835 enum random_origins origin, 836 size_t length, int level ) 837{ 838 static pid_t gatherer_pid = 0; 839 static int pipedes[2]; 840 GATHER_MSG msg; 841 size_t n; 842 843 if( !level ) 844 return 0; 845 846 if( !gatherer_pid ) { 847 /* Make sure we are not setuid. */ 848 if ( getuid() != geteuid() ) 849 BUG(); 850 /* time to start the gatherer process */ 851 if( pipe( pipedes ) ) { 852 log_error("pipe() failed: %s\n", strerror(errno)); 853 return -1; 854 } 855 gatherer_pid = fork(); 856 if( gatherer_pid == -1 ) { 857 log_error("can't for gatherer process: %s\n", strerror(errno)); 858 return -1; 859 } 860 if( !gatherer_pid ) { 861 start_gatherer( pipedes[1] ); 862 /* oops, can't happen */ 863 return -1; 864 } 865 } 866 867 /* now read from the gatherer */ 868 while( length ) { 869 int goodness; 870 ulong subtract; 871 872 if( read_a_msg( pipedes[0], &msg ) ) { 873 log_error("reading from gatherer pipe failed: %s\n", 874 strerror(errno)); 875 return -1; 876 } 877 878 879 if( level > 1 ) { 880 if( msg.usefulness > 30 ) 881 goodness = 100; 882 else if ( msg.usefulness ) 883 goodness = msg.usefulness * 100 / 30; 884 else 885 goodness = 0; 886 } 887 else if( level ) { 888 if( msg.usefulness > 15 ) 889 goodness = 100; 890 else if ( msg.usefulness ) 891 goodness = msg.usefulness * 100 / 15; 892 else 893 goodness = 0; 894 } 895 else 896 goodness = 100; /* goodness of level 0 is always 100 % */ 897 898 n = msg.ndata; 899 if( n > length ) 900 n = length; 901 (*add)( msg.data, n, origin ); 902 903 /* this is the trick how we cope with the goodness */ 904 subtract = (ulong)n * goodness / 100; 905 /* subtract at least 1 byte to avoid infinite loops */ 906 length -= subtract ? subtract : 1; 907 } 908 909 return 0; 910} 911