TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-03 02:56:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make the random device configurable

Browse Source 
Instead of unconditionally using `/dev/urandom`, make the device path
configurable at compile time through `MBEDTLS_PLATFORM_DEV_RANDOM` or
at run time through `mbedtls_platform_dev_random`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2026-02-25 22:10:17 +01:00
parent 7c2f728178
commit 2ccda0f48c
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
include/mbedtls/platform.h
View File

@@ -385,6 +385,31 @@ int mbedtls_platform_set_exit(void (*exit_func)(int status));
#define MBEDTLS_EXIT_FAILURE 1
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
!defined(MBEDTLS_NO_PLATFORM_ENTROPY) && \
!(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32))
/* Platforms where MBEDTLS_PLATFORM_DEV_RANDOM is used
* unless a dedicated system call is available both at
* compile time and at run time. */
#define MBEDTLS_PLATFORM_HAVE_DEV_RANDOM
#endif
#if !defined(MBEDTLS_PLATFORM_DEV_RANDOM)
#define MBEDTLS_PLATFORM_DEV_RANDOM "/dev/urandom"
#endif
#if defined(MBEDTLS_PLATFORM_HAVE_DEV_RANDOM)
/**
* Path to a special file that returns cryptographic-quality random bytes
* when read. This is used by the default platform entropy source on
* non-Windows platforms unless a dedicated system call is available
* (see #MBEDTLS_NO_PLATFORM_ENTROPY).
*
* The default value is #MBEDTLS_PLATFORM_DEV_RANDOM.
*/
extern const char *mbedtls_platform_dev_random;
#endif
/*
* The function pointers for reading from and writing a seed file to
* Non-Volatile storage (NV) in a platform-independent way

4
library/entropy_poll.c
View File

@@ -147,6 +147,8 @@ static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
#include <stdio.h>
const char *mbedtls_platform_dev_random = MBEDTLS_PLATFORM_DEV_RANDOM;
int mbedtls_platform_entropy_poll(void *data,
unsigned char *output, size_t len, size_t *olen)
{
@@ -180,7 +182,7 @@ int mbedtls_platform_entropy_poll(void *data,
*olen = 0;
file = fopen("/dev/urandom", "rb");
file = fopen(mbedtls_platform_dev_random, "rb");
if (file == NULL) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}