/* Initialize this random subsystem. */ static int _rngfips_init(void **_ctx) { /* Basic initialization is required to initialize mutexes and do a few checks on the implementation. */ struct fips_ctx *ctx; int ret; ret = _rnd_system_entropy_init(); if (ret < 0) return gnutls_assert_val(ret); ctx = gnutls_calloc(1, sizeof(*ctx)); if (ctx == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); ret = gnutls_mutex_init(&rnd_mutex); if (ret < 0) return gnutls_assert_val(ret); ret = _rngfips_ctx_init(ctx); if (ret < 0) return gnutls_assert_val(ret); *_ctx = ctx; return 0; }
int _gnutls_rnd_preinit(void) { int ret; #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) # warning Insecure PRNG is enabled ret = gnutls_crypto_rnd_register(100, &_gnutls_fuzz_rnd_ops); if (ret < 0) return ret; #elif defined(ENABLE_FIPS140) /* The FIPS140 random generator is only enabled when we are compiled * with FIPS support, _and_ the system requires FIPS140. */ if (_gnutls_fips_mode_enabled() == 1) { ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops); if (ret < 0) return ret; } #endif ret = _rnd_system_entropy_init(); if (ret < 0) { gnutls_assert(); return GNUTLS_E_RANDOM_FAILED; } return 0; }
void doit(void) { char buf[512]; char empty[32]; int ret; struct itimerval ival; struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = sig_handler; sigemptyset (&sa.sa_mask); sigaction(SIGALRM, &sa, NULL); memset(&ival, 0, sizeof(ival)); ival.it_interval.tv_usec = 5000; ival.it_value.tv_usec = 5000; _rnd_system_entropy_init(); ret = setitimer(ITIMER_REAL, &ival, NULL); if (ret < 0) { fail("error in setitimer: %s\n", strerror(errno)); } memset(empty, 0, sizeof(empty)); for (;stop_loop<1024;) { memset(buf, 0, sizeof(buf)); ret = _rnd_get_system_entropy(buf, sizeof(buf)); if (ret < 0) { fail("error obtaining entropy: %s\n", gnutls_strerror(ret)); } if (memcmp(empty, buf+sizeof(buf)-sizeof(empty)-1, sizeof(empty)) == 0) { fail("_rnd_get_system_entropy: did not fill buffer\n"); } } _rnd_system_entropy_deinit(); }