diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 7033af837..586f0d9ee 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -164,6 +164,80 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; */ void mbedtls_platform_zeroize( void *buf, size_t len ); +/** + * \brief Secure memset + * + * This is a constant-time version of memset(). If + * MBEDTLS_ENTROPY_HARDWARE_ALT is defined, the buffer is + * initialised with random data and the order is also + * randomised using the hardware RNG in order to further harden + * against side-channel attacks. + * + * \param ptr Buffer to be set. + * \param value Value to be used when setting the buffer. + * \param num The length of the buffer in bytes. + * + * \return The value of \p ptr. + */ +void *mbedtls_platform_memset( void *ptr, int value, size_t num ); + +/** + * \brief Secure memcpy + * + * This is a constant-time version of memcpy(). If + * MBEDTLS_ENTROPY_HARDWARE_ALT is defined, the buffer is + * initialised with random data and the order is also + * randomised using the hardware RNG in order to further harden + * against side-channel attacks. + * + * \param dst Destination buffer where the data is being copied to. + * \param src Source buffer where the data is being copied from. + * \param num The length of the buffers in bytes. + * + * \return The value of \p dst. + */ +void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num ); + +/** + * \brief Secure memcmp + * + * This is a constant-time version of memcmp(). If + * MBEDTLS_ENTROPY_HARDWARE_ALT is defined, the order is also + * randomised using the hardware RNG in order to further harden + * against side-channel attacks. + * + * \param buf1 First buffer to compare. + * \param buf2 Second buffer to compare against. + * \param num The length of the buffers in bytes. + * + * \return 0 if the buffers were equal or an unspecified non-zero value + * otherwise. + */ +int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num ); + +/** + * \brief RNG-function for getting a random in given range. + * + * This function is meant to provide a global RNG to be used + * throughout Mbed TLS for hardening the library. It is used + * for generating a random delay, random data or random offset + * for utility functions. It is not meant to be a + * cryptographically secure RNG, but provide an RNG for utility + * functions. + * + * \note Currently the function is dependent of hardware providing an + * rng with MBEDTLS_ENTROPY_HARDWARE_ALT. By default, 0 is + * returned. + * + * \note If the given range is [0, 0), 0 is returned. + * + * \param num Max-value for the generated random number, exclusive. + * The generated number will be on range [0, num). + * + * \return The generated random number. + */ +uint32_t mbedtls_platform_random_in_range( size_t num ); + #if defined(MBEDTLS_HAVE_TIME_DATE) /** * \brief Platform-specific implementation of gmtime_r() diff --git a/library/platform_util.c b/library/platform_util.c index 6f6d8b67e..9461a9c73 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -38,6 +38,10 @@ #include "mbedtls/platform.h" #include "mbedtls/threading.h" +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +#include "mbedtls/entropy_poll.h" +#endif + #include #include @@ -79,6 +83,87 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ +void *mbedtls_platform_memset( void *ptr, int value, size_t num ) +{ + /* Randomize start offset. */ + size_t start_offset = (size_t) mbedtls_platform_random_in_range( num ); + /* Randomize data */ + uint32_t data = mbedtls_platform_random_in_range( 256 ); + + /* Perform a pair of memset operations from random locations with + * random data */ + memset( (void *) ( (unsigned char *) ptr + start_offset ), data, + ( num - start_offset ) ); + memset( (void *) ptr, data, start_offset ); + + /* Perform the original memset */ + return( memset( ptr, value, num ) ); +} + +void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num ) +{ + /* Randomize start offset. */ + size_t start_offset = (size_t) mbedtls_platform_random_in_range( num ); + /* Randomize initial data to prevent leakage while copying */ + uint32_t data = mbedtls_platform_random_in_range( 256 ); + + memset( (void *) dst, data, num ); + memcpy( (void *) ( (unsigned char *) dst + start_offset ), + (void *) ( (unsigned char *) src + start_offset ), + ( num - start_offset ) ); + return( memcpy( (void *) dst, (void *) src, start_offset ) ); +} + +int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num ) +{ + volatile const unsigned char *A = (volatile const unsigned char *) buf1; + volatile const unsigned char *B = (volatile const unsigned char *) buf2; + volatile unsigned char diff = 0; + + size_t i = num; + + size_t start_offset = (size_t) mbedtls_platform_random_in_range( num ); + + for( i = start_offset; i < num; i++ ) + { + unsigned char x = A[i], y = B[i]; + diff |= x ^ y; + } + + for( i = 0; i < start_offset; i++ ) + { + unsigned char x = A[i], y = B[i]; + diff |= x ^ y; + } + + return( diff ); +} + +uint32_t mbedtls_platform_random_in_range( size_t num ) +{ +#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) + (void) num; + return 0; +#else + uint32_t result = 0; + size_t olen = 0; + + mbedtls_hardware_poll( NULL, (unsigned char *) &result, sizeof( result ), + &olen ); + + if( num == 0 ) + { + result = 0; + } + else + { + result %= num; + } + + return( result ); +#endif +} + #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #include #if !defined(_WIN32) && (defined(unix) || \ diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 8242ea7c9..70f0a1eaf 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -80,6 +80,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 8d671abf2..f9cf6b2bb 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -82,6 +82,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index ed5357f08..d154e5956 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -52,6 +52,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif static int generic_wrapper( mbedtls_md_handle_t md_info, char *filename, unsigned char *sum ) { diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 55a0c7e74..7e3b20e26 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -48,6 +48,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( void ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 86b260ca0..12f4de704 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -72,6 +72,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( void ) { diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index bf5482ed0..8431ae6d1 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -69,6 +69,18 @@ int main( void ) */ #define GENERATOR "4" +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char **argv ) { diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c01177485..78efba17b 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -72,6 +72,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( void ) { diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index b851c3173..4cde07056 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -100,6 +100,18 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 23e4e145c..8fcfeb4d7 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -137,6 +137,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif /* * global options diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 793930991..a106dbb19 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -74,6 +74,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif /* * global options diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 16dd1b6a2..315810d96 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -99,6 +99,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif /* * global options diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index ecdcd329a..2ae441ca3 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -50,6 +50,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( void ) { diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index bf425079e..19ec2dac1 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -60,6 +60,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index a32b14761..4ab2cac62 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -61,6 +61,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index ba4f779c8..84a613b94 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -61,6 +61,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif /* * For the currently used signature algorithms the buffer to store any signature diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index f80bf640e..ccfc149fc 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -57,6 +57,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index ff71bd055..cde5f2468 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -59,6 +59,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 4a71c15dd..721057879 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -59,6 +59,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index d556c1902..a8d5f05af 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -64,6 +64,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( void ) { diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 9bcd7a627..4db052881 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -56,6 +56,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 42209e27c..2e25163d8 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -60,6 +60,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 94f0ef9ce..73f547344 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -55,6 +55,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 148cd5110..27533a806 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -60,6 +60,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 6ae63b725..f2596f92b 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -51,6 +51,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 59df34b66..4fc8086d5 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -54,6 +54,18 @@ int main( void ) } #else +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index b31090f13..336d6958c 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -109,6 +109,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret, len; diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 1dddf8e1f..8190f1e52 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -118,6 +118,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( void ) { int ret, len; diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 7d868549a..3d15c6004 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -180,6 +180,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( void ) { int ret = exit_ok; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 9922a7e32..1ab2e10c6 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -99,6 +99,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( void ) { int ret = 1, len; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1a07c9dea..e470f3bc9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -925,6 +925,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 0, len, tail_len, i, written, frags, retry_left; diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 7033b86ce..e9c220c29 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -116,6 +116,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( void ) { int ret = 1, len, cnt = 0, pid; diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 24000a2ed..6e728dce7 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -375,6 +375,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1, len; diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index e13af918f..0ad63b107 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -111,6 +111,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( void ) { int ret, len; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c0476dc59..0470bf32f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1536,6 +1536,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 88e3290d0..9c6aafb4f 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -258,6 +258,18 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif int main( int argc, char *argv[] ) { diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 727054ee6..82f08fa1b 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -279,6 +279,19 @@ const selftest_t selftests[] = }; #endif /* MBEDTLS_SELF_TEST */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { #if defined(MBEDTLS_SELF_TEST) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 29cc0ac3c..54f7c628d 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -99,3 +99,16 @@ int main( int argc, char** argv ) return( exit_code ); } + +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index b82f83f8f..bdc20172c 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -165,6 +165,19 @@ int rng_wrap( void *ctx, unsigned char *dst, size_t len ) } #endif /* MBEDTLS_SSL_CONF_RNG */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index f3d915750..33e4078db 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -154,6 +154,19 @@ int write_certificate_request( mbedtls_x509write_csr *req, const char *output_fi return( 0 ); } +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ef40447be..a0ef2dd8f 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -214,6 +214,19 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file, return( 0 ); } +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index fc2218800..87793f7fb 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -72,6 +72,19 @@ struct options const char *filename; /* filename of the certificate file */ } opt; +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index ed8015574..ddde3f66c 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -72,6 +72,19 @@ struct options const char *filename; /* filename of the certificate request */ } opt; +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + size_t i; + (void) data; + for( i = 0; i < len; ++i ) + output[i] = rand(); + *olen = len; + return( 0 ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 365410e99..a996dd65a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1591,6 +1591,16 @@ component_test_baremetal () { if_build_succeeded tests/ssl-opt.sh --filter "^Default, DTLS$" } +component_test_hardware_entropy () { + msg "build: default config + MBEDTLS_ENTROPY_HARDWARE_ALT" + scripts/config.pl set MBEDTLS_ENTROPY_HARDWARE_ALT + make CFLAGS='-Werror -O1' + + msg "test: default config + MBEDTLS_ENTROPY_HARDWARE_ALT" + if_build_succeeded make test + if_build_succeeded tests/ssl-opt.sh --filter "^Default, DTLS$" +} + component_test_allow_sha1 () { msg "build: allow SHA1 in certificates by default" scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 6ead2d349..43426f5ae 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -561,6 +561,16 @@ static int uecc_rng_wrapper( uint8_t *dest, unsigned int size ) } #endif /* MBEDTLS_USE_TINYCRYPT */ +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +int mbedtls_hardware_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + (void) data; + *olen = len; + return( rnd_std_rand( NULL, output, len ) ); +} +#endif + /** * This function only returns zeros *