Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | #include "curl_setup.h" |
26 | | |
27 | | #ifdef HAVE_FCNTL_H |
28 | | #include <fcntl.h> |
29 | | #endif |
30 | | #ifdef HAVE_ARPA_INET_H |
31 | | #include <arpa/inet.h> |
32 | | #endif |
33 | | #ifdef HAVE_ARC4RANDOM |
34 | | /* Some platforms might have the prototype missing (ubuntu + libressl) */ |
35 | | uint32_t arc4random(void); |
36 | | #endif |
37 | | |
38 | | #include <curl/curl.h> |
39 | | #include "vtls/vtls.h" |
40 | | #include "sendf.h" |
41 | | #include "timeval.h" |
42 | | #include "rand.h" |
43 | | |
44 | | /* The last 3 #include files should be in this order */ |
45 | | #include "curl_printf.h" |
46 | | #include "curl_memory.h" |
47 | | #include "memdebug.h" |
48 | | |
49 | | #ifdef WIN32 |
50 | | |
51 | | #if defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR) |
52 | | # define HAVE_MINGW_ORIGINAL |
53 | | #endif |
54 | | |
55 | | #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 && \ |
56 | | !defined(HAVE_MINGW_ORIGINAL) |
57 | | # define HAVE_WIN_BCRYPTGENRANDOM |
58 | | # include <bcrypt.h> |
59 | | # ifdef _MSC_VER |
60 | | # pragma comment(lib, "bcrypt.lib") |
61 | | # endif |
62 | | # ifndef BCRYPT_USE_SYSTEM_PREFERRED_RNG |
63 | | # define BCRYPT_USE_SYSTEM_PREFERRED_RNG 0x00000002 |
64 | | # endif |
65 | | # ifndef STATUS_SUCCESS |
66 | | # define STATUS_SUCCESS ((NTSTATUS)0x00000000L) |
67 | | # endif |
68 | | #elif defined(USE_WIN32_CRYPTO) |
69 | | # include <wincrypt.h> |
70 | | # ifdef _MSC_VER |
71 | | # pragma comment(lib, "advapi32.lib") |
72 | | # endif |
73 | | #endif |
74 | | |
75 | | CURLcode Curl_win32_random(unsigned char *entropy, size_t length) |
76 | | { |
77 | | memset(entropy, 0, length); |
78 | | |
79 | | #if defined(HAVE_WIN_BCRYPTGENRANDOM) |
80 | | if(BCryptGenRandom(NULL, entropy, (ULONG)length, |
81 | | BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS) |
82 | | return CURLE_FAILED_INIT; |
83 | | |
84 | | return CURLE_OK; |
85 | | #elif defined(USE_WIN32_CRYPTO) |
86 | | { |
87 | | HCRYPTPROV hCryptProv = 0; |
88 | | |
89 | | if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, |
90 | | CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) |
91 | | return CURLE_FAILED_INIT; |
92 | | |
93 | | if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) { |
94 | | CryptReleaseContext(hCryptProv, 0UL); |
95 | | return CURLE_FAILED_INIT; |
96 | | } |
97 | | |
98 | | CryptReleaseContext(hCryptProv, 0UL); |
99 | | } |
100 | | return CURLE_OK; |
101 | | #else |
102 | | return CURLE_NOT_BUILT_IN; |
103 | | #endif |
104 | | } |
105 | | #endif |
106 | | |
107 | | static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) |
108 | 324 | { |
109 | 324 | unsigned int r; |
110 | 324 | CURLcode result = CURLE_OK; |
111 | 324 | static unsigned int randseed; |
112 | 324 | static bool seeded = FALSE; |
113 | | |
114 | 324 | #ifdef CURLDEBUG |
115 | 324 | char *force_entropy = getenv("CURL_ENTROPY"); |
116 | 324 | if(force_entropy) { |
117 | 0 | if(!seeded) { |
118 | 0 | unsigned int seed = 0; |
119 | 0 | size_t elen = strlen(force_entropy); |
120 | 0 | size_t clen = sizeof(seed); |
121 | 0 | size_t min = elen < clen ? elen : clen; |
122 | 0 | memcpy((char *)&seed, force_entropy, min); |
123 | 0 | randseed = ntohl(seed); |
124 | 0 | seeded = TRUE; |
125 | 0 | } |
126 | 0 | else |
127 | 0 | randseed++; |
128 | 0 | *rnd = randseed; |
129 | 0 | return CURLE_OK; |
130 | 0 | } |
131 | 324 | #endif |
132 | | |
133 | | /* data may be NULL! */ |
134 | 324 | result = Curl_ssl_random(data, (unsigned char *)rnd, sizeof(*rnd)); |
135 | 324 | if(result != CURLE_NOT_BUILT_IN) |
136 | | /* only if there is no random function in the TLS backend do the non crypto |
137 | | version, otherwise return result */ |
138 | 0 | return result; |
139 | | |
140 | | /* ---- non-cryptographic version following ---- */ |
141 | | |
142 | | #ifdef WIN32 |
143 | | if(!seeded) { |
144 | | result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd)); |
145 | | if(result != CURLE_NOT_BUILT_IN) |
146 | | return result; |
147 | | } |
148 | | #endif |
149 | | |
150 | | #ifdef HAVE_ARC4RANDOM |
151 | | *rnd = (unsigned int)arc4random(); |
152 | | return CURLE_OK; |
153 | | #endif |
154 | | |
155 | | #if defined(RANDOM_FILE) && !defined(WIN32) |
156 | | if(!seeded) { |
157 | | /* if there's a random file to read a seed from, use it */ |
158 | | int fd = open(RANDOM_FILE, O_RDONLY); |
159 | | if(fd > -1) { |
160 | | /* read random data into the randseed variable */ |
161 | | ssize_t nread = read(fd, &randseed, sizeof(randseed)); |
162 | | if(nread == sizeof(randseed)) |
163 | | seeded = TRUE; |
164 | | close(fd); |
165 | | } |
166 | | } |
167 | | #endif |
168 | | |
169 | 324 | if(!seeded) { |
170 | 1 | struct curltime now = Curl_now(); |
171 | 1 | infof(data, "WARNING: using weak random seed"); |
172 | 1 | randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; |
173 | 1 | randseed = randseed * 1103515245 + 12345; |
174 | 1 | randseed = randseed * 1103515245 + 12345; |
175 | 1 | randseed = randseed * 1103515245 + 12345; |
176 | 1 | seeded = TRUE; |
177 | 1 | } |
178 | | |
179 | | /* Return an unsigned 32-bit pseudo-random number. */ |
180 | 324 | r = randseed = randseed * 1103515245 + 12345; |
181 | 324 | *rnd = (r << 16) | ((r >> 16) & 0xFFFF); |
182 | 324 | return CURLE_OK; |
183 | 324 | } |
184 | | |
185 | | /* |
186 | | * Curl_rand() stores 'num' number of random unsigned integers in the buffer |
187 | | * 'rndptr' points to. |
188 | | * |
189 | | * If libcurl is built without TLS support or with a TLS backend that lacks a |
190 | | * proper random API (rustls, Gskit or mbedTLS), this function will use "weak" |
191 | | * random. |
192 | | * |
193 | | * When built *with* TLS support and a backend that offers strong random, it |
194 | | * will return error if it cannot provide strong random values. |
195 | | * |
196 | | * NOTE: 'data' may be passed in as NULL when coming from external API without |
197 | | * easy handle! |
198 | | * |
199 | | */ |
200 | | |
201 | | CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) |
202 | 162 | { |
203 | 162 | CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; |
204 | | |
205 | 162 | DEBUGASSERT(num > 0); |
206 | | |
207 | 486 | while(num) { |
208 | 324 | unsigned int r; |
209 | 324 | size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int); |
210 | | |
211 | 324 | result = randit(data, &r); |
212 | 324 | if(result) |
213 | 0 | return result; |
214 | | |
215 | 1.62k | while(left) { |
216 | 1.29k | *rnd++ = (unsigned char)(r & 0xFF); |
217 | 1.29k | r >>= 8; |
218 | 1.29k | --num; |
219 | 1.29k | --left; |
220 | 1.29k | } |
221 | 324 | } |
222 | | |
223 | 162 | return result; |
224 | 162 | } |
225 | | |
226 | | /* |
227 | | * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random |
228 | | * hexadecimal digits PLUS a null-terminating byte. It must be an odd number |
229 | | * size. |
230 | | */ |
231 | | |
232 | | CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd, |
233 | | size_t num) |
234 | 162 | { |
235 | 162 | CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; |
236 | 162 | const char *hex = "0123456789abcdef"; |
237 | 162 | unsigned char buffer[128]; |
238 | 162 | unsigned char *bufp = buffer; |
239 | 162 | DEBUGASSERT(num > 1); |
240 | | |
241 | | #ifdef __clang_analyzer__ |
242 | | /* This silences a scan-build warning about accessing this buffer with |
243 | | uninitialized memory. */ |
244 | | memset(buffer, 0, sizeof(buffer)); |
245 | | #endif |
246 | | |
247 | 162 | if((num/2 >= sizeof(buffer)) || !(num&1)) |
248 | | /* make sure it fits in the local buffer and that it is an odd number! */ |
249 | 0 | return CURLE_BAD_FUNCTION_ARGUMENT; |
250 | | |
251 | 162 | num--; /* save one for null-termination */ |
252 | | |
253 | 162 | result = Curl_rand(data, buffer, num/2); |
254 | 162 | if(result) |
255 | 0 | return result; |
256 | | |
257 | 1.45k | while(num) { |
258 | | /* clang-tidy warns on this line without this comment: */ |
259 | | /* NOLINTNEXTLINE(clang-analyzer-core.UndefinedBinaryOperatorResult) */ |
260 | 1.29k | *rnd++ = hex[(*bufp & 0xF0)>>4]; |
261 | 1.29k | *rnd++ = hex[*bufp & 0x0F]; |
262 | 1.29k | bufp++; |
263 | 1.29k | num -= 2; |
264 | 1.29k | } |
265 | 162 | *rnd = 0; |
266 | | |
267 | 162 | return result; |
268 | 162 | } |