enable_getrandom=getentropy],
[AC_MSG_RESULT(no)])
+AM_CONDITIONAL(HAVE_GETENTROPY, test "$enable_getrandom" = "getentropy")
+
dnl Try the hooks.m4
LIBGNUTLS_HOOKS
LIBGNUTLS_EXTRA_HOOKS
rnd.c int/rsa-fips.h int/rsa-keygen-fips186.c int/provable-prime.c \
int/dsa-fips.h int/dsa-keygen-fips186.c int/dsa-validate.c
+if WINDOWS
+libcrypto_la_SOURCES += rnd-windows.c
+else
+if HAVE_GETENTROPY
+libcrypto_la_SOURCES += rnd-getentropy.c
+else
+libcrypto_la_SOURCES += rnd-linux.c
+endif
+endif
+
if ENABLE_FIPS140
libcrypto_la_SOURCES += rnd-fips.c int/drbg-aes-self-test.c \
int/drbg-aes.c int/drbg-aes.h
# endif
#endif
+get_entropy_func _rnd_get_system_entropy = NULL;
+
void _rnd_get_event(struct event_st *e)
{
static unsigned count = 0;
return;
}
-
-#ifdef _WIN32
-/* The windows randomness gatherer.
- */
-
-#include <windows.h>
-#include <wincrypt.h>
-
-static HCRYPTPROV device_fd = 0;
-
-static
-int _rnd_get_system_entropy_win32(void* rnd, size_t size)
-{
- if (!CryptGenRandom(device_fd, (DWORD) size, rnd)) {
- _gnutls_debug_log("Error in CryptGenRandom: %d\n",
- (int)GetLastError());
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
-
- return 0;
-}
-
-get_entropy_func _rnd_get_system_entropy = _rnd_get_system_entropy_win32;
-
-int _rnd_system_entropy_check(void)
-{
- return 0;
-}
-
-int _rnd_system_entropy_init(void)
-{
- int old;
-
- if (!CryptAcquireContext
- (&device_fd, NULL, NULL, PROV_RSA_FULL,
- CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
- _gnutls_debug_log
- ("error in CryptAcquireContext!\n");
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
-
- return 0;
-}
-
-void _rnd_system_entropy_deinit(void)
-{
- CryptReleaseContext(device_fd, 0);
-}
-
-#else /* POSIX */
-
-/* The POSIX (Linux-BSD) randomness gatherer.
- */
-
-#include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <fcntl.h>
-#include <locks.h>
-#include "egd.h"
-
-static int _gnutls_urandom_fd = -1;
-static ino_t _gnutls_urandom_fd_ino = 0;
-static dev_t _gnutls_urandom_fd_rdev = 0;
-
-
-get_entropy_func _rnd_get_system_entropy = NULL;
-
-#if defined(HAVE_GETENTROPY)
-static int _rnd_get_system_entropy_simple(void* _rnd, size_t size)
-{
- if (getentropy(_rnd, size) < 0) {
- gnutls_assert();
- _gnutls_debug_log
- ("Failed to use getentropy: %s\n",
- strerror(errno));
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
- return 0;
-}
-
-int _rnd_system_entropy_init(void)
-{
- _rnd_get_system_entropy = _rnd_get_system_entropy_simple;
- return 0;
-}
-
-int _rnd_system_entropy_check(void)
-{
- return 0;
-}
-
-void _rnd_system_entropy_deinit(void)
-{
- return;
-}
-
-#else /* /dev/urandom - egd approach */
-
-#if defined(__linux)
-# ifdef HAVE_LINUX_GETRANDOM
-# include <linux/random.h>
-# else
-# include <sys/syscall.h>
-# undef getrandom
-# define getrandom(dst,s,flags) syscall(__NR_getrandom, (void*)dst, (size_t)s, (unsigned int)flags)
-# endif
-
-static unsigned have_getrandom(void)
-{
- char c;
- int ret;
- ret = getrandom(&c, 1, 1/*GRND_NONBLOCK*/);
- if (ret == 1 || (ret == -1 && errno == EAGAIN))
- return 1;
- return 0;
-}
-
-static int _rnd_get_system_entropy_getrandom(void* _rnd, size_t size)
-{
- int ret;
- ret = getrandom(_rnd, size, 0);
- if (ret == -1) {
- gnutls_assert();
- _gnutls_debug_log
- ("Failed to use getrandom: %s\n",
- strerror(errno));
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
- return 0;
-}
-#else
-# define have_getrandom() 0
-#endif
-
-static int _rnd_get_system_entropy_urandom(void* _rnd, size_t size)
-{
- uint8_t* rnd = _rnd;
- uint32_t done;
-
- for (done = 0; done < size;) {
- int res;
- do {
- res = read(_gnutls_urandom_fd, rnd + done, size - done);
- } while (res < 0 && errno == EINTR);
-
- if (res <= 0) {
- if (res < 0) {
- _gnutls_debug_log
- ("Failed to read /dev/urandom: %s\n",
- strerror(errno));
- } else {
- _gnutls_debug_log
- ("Failed to read /dev/urandom: end of file\n");
- }
-
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
-
- done += res;
- }
-
- return 0;
-}
-
-static
-int _rnd_get_system_entropy_egd(void* _rnd, size_t size)
-{
- unsigned int done;
- uint8_t* rnd = _rnd;
- int res;
-
- for (done = 0; done < size;) {
- res =
- _rndegd_read(&_gnutls_urandom_fd, rnd + done, size - done);
- if (res <= 0) {
- if (res < 0) {
- _gnutls_debug_log("Failed to read egd.\n");
- } else {
- _gnutls_debug_log("Failed to read egd: end of file\n");
- }
-
- return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
- }
- done += res;
- }
-
- return 0;
-}
-
-int _rnd_system_entropy_check(void)
-{
- int ret;
- struct stat st;
-
- if (_gnutls_urandom_fd == -1) /* not using urandom */
- return 0;
-
- ret = fstat(_gnutls_urandom_fd, &st);
- if (ret < 0 || st.st_ino != _gnutls_urandom_fd_ino || st.st_rdev != _gnutls_urandom_fd_rdev) {
- return _rnd_system_entropy_init();
- }
- return 0;
-}
-
-int _rnd_system_entropy_init(void)
-{
- int old;
- struct stat st;
-
-#if defined(__linux)
- /* Enable getrandom() usage if available */
- if (have_getrandom()) {
- _rnd_get_system_entropy = _rnd_get_system_entropy_getrandom;
- _gnutls_debug_log("getrandom random generator was detected\n");
- return 0;
- }
-#endif
-
- /* First fallback: /dev/unrandom */
- _gnutls_urandom_fd = open("/dev/urandom", O_RDONLY);
- if (_gnutls_urandom_fd < 0) {
- _gnutls_debug_log("Cannot open urandom!\n");
- goto fallback;
- }
-
- old = fcntl(_gnutls_urandom_fd, F_GETFD);
- if (old != -1)
- fcntl(_gnutls_urandom_fd, F_SETFD, old | FD_CLOEXEC);
-
- if (fstat(_gnutls_urandom_fd, &st) >= 0) {
- _gnutls_urandom_fd_ino = st.st_ino;
- _gnutls_urandom_fd_rdev = st.st_rdev;
- }
-
- _rnd_get_system_entropy = _rnd_get_system_entropy_urandom;
-
- return 0;
-fallback:
- /* Third fallback: EGD */
- _gnutls_urandom_fd = _rndegd_connect_socket();
- if (_gnutls_urandom_fd < 0) {
- _gnutls_debug_log("Cannot open egd socket!\n");
- return
- gnutls_assert_val
- (GNUTLS_E_RANDOM_DEVICE_ERROR);
- }
-
- if (fstat(_gnutls_urandom_fd, &st) >= 0) {
- _gnutls_urandom_fd_ino = st.st_ino;
- _gnutls_urandom_fd_rdev = st.st_rdev;
- }
-
- _gnutls_debug_log("EGD random generator was detected\n");
- _rnd_get_system_entropy = _rnd_get_system_entropy_egd;
-
- return 0;
-}
-
-void _rnd_system_entropy_deinit(void)
-{
- if (_gnutls_urandom_fd >= 0) {
- close(_gnutls_urandom_fd);
- _gnutls_urandom_fd = -1;
- }
-}
-#endif /* GETENTROPY */
-
-#endif /* _WIN32 */
-
--- /dev/null
+/*
+ * Copyright (C) 2010-2016 Free Software Foundation, Inc.
+ * Copyright (C) 2015-2016 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* The *BSD getentropy() system random generator. The simplest of all.
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include <locks.h>
+#include <num.h>
+#include <errno.h>
+#include <rnd-common.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+/* gnulib wants to claim strerror even if it cannot provide it. WTF */
+#undef strerror
+
+/* The POSIX (Linux-BSD) randomness gatherer.
+ */
+
+#include <time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <fcntl.h>
+
+static int _rnd_get_system_entropy_simple(void* _rnd, size_t size)
+{
+ if (getentropy(_rnd, size) < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Failed to use getentropy: %s\n",
+ strerror(errno));
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+ return 0;
+}
+
+int _rnd_system_entropy_init(void)
+{
+ _rnd_get_system_entropy = _rnd_get_system_entropy_simple;
+ return 0;
+}
+
+int _rnd_system_entropy_check(void)
+{
+ return 0;
+}
+
+void _rnd_system_entropy_deinit(void)
+{
+ return;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2010-2016 Free Software Foundation, Inc.
+ * Copyright (C) 2015-2016 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* The Linux style system random generator: That is,
+ * getrandom() -> /dev/urandom -> EGD, where "->" indicates fallback.
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include <locks.h>
+#include <num.h>
+#include <nettle/yarrow.h>
+#include <errno.h>
+#include <rnd-common.h>
+#include <hash-pjw-bare.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+/* gnulib wants to claim strerror even if it cannot provide it. WTF */
+#undef strerror
+
+#include <time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <fcntl.h>
+#include <locks.h>
+#include "egd.h"
+
+static int _gnutls_urandom_fd = -1;
+static ino_t _gnutls_urandom_fd_ino = 0;
+static dev_t _gnutls_urandom_fd_rdev = 0;
+
+#if defined(__linux)
+# ifdef HAVE_LINUX_GETRANDOM
+# include <linux/random.h>
+# else
+# include <sys/syscall.h>
+# undef getrandom
+# define getrandom(dst,s,flags) syscall(__NR_getrandom, (void*)dst, (size_t)s, (unsigned int)flags)
+# endif
+
+static unsigned have_getrandom(void)
+{
+ char c;
+ int ret;
+ ret = getrandom(&c, 1, 1/*GRND_NONBLOCK*/);
+ if (ret == 1 || (ret == -1 && errno == EAGAIN))
+ return 1;
+ return 0;
+}
+
+static int _rnd_get_system_entropy_getrandom(void* _rnd, size_t size)
+{
+ int ret;
+ ret = getrandom(_rnd, size, 0);
+ if (ret == -1) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Failed to use getrandom: %s\n",
+ strerror(errno));
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+ return 0;
+}
+#else
+# define have_getrandom() 0
+#endif
+
+static int _rnd_get_system_entropy_urandom(void* _rnd, size_t size)
+{
+ uint8_t* rnd = _rnd;
+ uint32_t done;
+
+ for (done = 0; done < size;) {
+ int res;
+ do {
+ res = read(_gnutls_urandom_fd, rnd + done, size - done);
+ } while (res < 0 && errno == EINTR);
+
+ if (res <= 0) {
+ if (res < 0) {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: %s\n",
+ strerror(errno));
+ } else {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: end of file\n");
+ }
+
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+ done += res;
+ }
+
+ return 0;
+}
+
+static
+int _rnd_get_system_entropy_egd(void* _rnd, size_t size)
+{
+ unsigned int done;
+ uint8_t* rnd = _rnd;
+ int res;
+
+ for (done = 0; done < size;) {
+ res =
+ _rndegd_read(&_gnutls_urandom_fd, rnd + done, size - done);
+ if (res <= 0) {
+ if (res < 0) {
+ _gnutls_debug_log("Failed to read egd.\n");
+ } else {
+ _gnutls_debug_log("Failed to read egd: end of file\n");
+ }
+
+ return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
+ done += res;
+ }
+
+ return 0;
+}
+
+int _rnd_system_entropy_check(void)
+{
+ int ret;
+ struct stat st;
+
+ if (_gnutls_urandom_fd == -1) /* not using urandom */
+ return 0;
+
+ ret = fstat(_gnutls_urandom_fd, &st);
+ if (ret < 0 || st.st_ino != _gnutls_urandom_fd_ino || st.st_rdev != _gnutls_urandom_fd_rdev) {
+ return _rnd_system_entropy_init();
+ }
+ return 0;
+}
+
+int _rnd_system_entropy_init(void)
+{
+ int old;
+ struct stat st;
+
+#if defined(__linux)
+ /* Enable getrandom() usage if available */
+ if (have_getrandom()) {
+ _rnd_get_system_entropy = _rnd_get_system_entropy_getrandom;
+ _gnutls_debug_log("getrandom random generator was detected\n");
+ return 0;
+ }
+#endif
+
+ /* First fallback: /dev/unrandom */
+ _gnutls_urandom_fd = open("/dev/urandom", O_RDONLY);
+ if (_gnutls_urandom_fd < 0) {
+ _gnutls_debug_log("Cannot open urandom!\n");
+ goto fallback;
+ }
+
+ old = fcntl(_gnutls_urandom_fd, F_GETFD);
+ if (old != -1)
+ fcntl(_gnutls_urandom_fd, F_SETFD, old | FD_CLOEXEC);
+
+ if (fstat(_gnutls_urandom_fd, &st) >= 0) {
+ _gnutls_urandom_fd_ino = st.st_ino;
+ _gnutls_urandom_fd_rdev = st.st_rdev;
+ }
+
+ _rnd_get_system_entropy = _rnd_get_system_entropy_urandom;
+
+ return 0;
+fallback:
+ /* Third fallback: EGD */
+ _gnutls_urandom_fd = _rndegd_connect_socket();
+ if (_gnutls_urandom_fd < 0) {
+ _gnutls_debug_log("Cannot open egd socket!\n");
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
+
+ if (fstat(_gnutls_urandom_fd, &st) >= 0) {
+ _gnutls_urandom_fd_ino = st.st_ino;
+ _gnutls_urandom_fd_rdev = st.st_rdev;
+ }
+
+ _gnutls_debug_log("EGD random generator was detected\n");
+ _rnd_get_system_entropy = _rnd_get_system_entropy_egd;
+
+ return 0;
+}
+
+void _rnd_system_entropy_deinit(void)
+{
+ if (_gnutls_urandom_fd >= 0) {
+ close(_gnutls_urandom_fd);
+ _gnutls_urandom_fd = -1;
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2010-2016 Free Software Foundation, Inc.
+ * Copyright (C) 2015-2016 Red Hat, Inc.
+ * Copyright (C) 2000, 2001, 2008 Niels Möller
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* Here are the common parts of the random generator layer.
+ * Some of this code was based on the LSH
+ * random generator (the trivia and device source functions for POSIX)
+ * and modified to fit gnutls' needs. Relicenced with permission.
+ * Original author Niels Möller.
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include <locks.h>
+#include <num.h>
+#include <nettle/yarrow.h>
+#include <errno.h>
+#include <rnd-common.h>
+#include <hash-pjw-bare.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+/* The windows randomness gatherer.
+ */
+
+#include <windows.h>
+#include <wincrypt.h>
+
+static HCRYPTPROV device_fd = 0;
+
+static
+int _rnd_get_system_entropy_win32(void* rnd, size_t size)
+{
+ if (!CryptGenRandom(device_fd, (DWORD) size, rnd)) {
+ _gnutls_debug_log("Error in CryptGenRandom: %d\n",
+ (int)GetLastError());
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+ return 0;
+}
+
+int _rnd_system_entropy_check(void)
+{
+ return 0;
+}
+
+int _rnd_system_entropy_init(void)
+{
+ int old;
+
+ if (!CryptAcquireContext
+ (&device_fd, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
+ _gnutls_debug_log
+ ("error in CryptAcquireContext!\n");
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+ _rnd_get_system_entropy = _rnd_get_system_entropy_win32;
+ return 0;
+}
+
+void _rnd_system_entropy_deinit(void)
+{
+ CryptReleaseContext(device_fd, 0);
+}
projects / thirdparty / gnutls.git / commitdiff
