--- a/src/crypto/random.c +++ b/src/crypto/random.c @@ -38,6 +38,8 @@ #include "sha1.h" #include "random.h" +#define RANDOM_STAMPFILE "/var/run/.random_available" + #define POOL_WORDS 32 #define POOL_WORDS_MASK (POOL_WORDS - 1) #define POOL_TAP1 26 @@ -48,6 +50,8 @@ #define EXTRACT_LEN 16 #define MIN_READY_MARK 2 +#ifndef CONFIG_NO_RANDOM_POOL + static u32 pool[POOL_WORDS]; static unsigned int input_rotate = 0; static unsigned int pool_pos = 0; @@ -128,7 +132,7 @@ static void random_extract(u8 *out) } -void random_add_randomness(const void *buf, size_t len) +static void random_pool_add_randomness(const void *buf, size_t len) { struct os_time t; static unsigned int count = 0; @@ -197,16 +201,22 @@ int random_get_bytes(void *buf, size_t l int random_pool_ready(void) { #ifdef __linux__ + struct stat st; int fd; ssize_t res; + if (stat(RANDOM_STAMPFILE, &st) == 0) + return 1; + /* * Make sure that there is reasonable entropy available before allowing * some key derivation operations to proceed. */ - if (dummy_key_avail == sizeof(dummy_key)) + if (dummy_key_avail == sizeof(dummy_key)) { + random_mark_pool_ready(); return 1; /* Already initialized - good to continue */ + } /* * Try to fetch some more data from the kernel high quality @@ -241,6 +251,7 @@ int random_pool_ready(void) if (dummy_key_avail == sizeof(dummy_key)) { if (own_pool_ready < MIN_READY_MARK) own_pool_ready = MIN_READY_MARK; + random_mark_pool_ready(); random_write_entropy(); return 1; } @@ -253,6 +264,7 @@ int random_pool_ready(void) total_collected + 10 * own_pool_ready > MIN_COLLECT_ENTROPY) { wpa_printf(MSG_INFO, "random: Allow operation to proceed " "based on internal entropy"); + random_mark_pool_ready(); return 1; } @@ -268,10 +280,16 @@ int random_pool_ready(void) void random_mark_pool_ready(void) { + int fd; + own_pool_ready++; wpa_printf(MSG_DEBUG, "random: Mark internal entropy pool to be " "ready (count=%u/%u)", own_pool_ready, MIN_READY_MARK); random_write_entropy(); + + fd = open(RANDOM_STAMPFILE, O_CREAT | O_WRONLY | O_EXCL | O_NOFOLLOW, 0600); + if (fd >= 0) + close(fd); } @@ -428,3 +446,22 @@ void random_deinit(void) os_free(random_entropy_file); random_entropy_file = NULL; } + +#endif /* CONFIG_NO_RANDOM_POOL */ + + +void random_add_randomness(const void *buf, size_t len) +{ +#ifdef __linux__ + int fd; + + fd = open("/dev/random", O_RDWR); + if (fd >= 0) { + write(fd, buf, len); + close(fd); + } +#endif +#ifndef CONFIG_NO_RANDOM_POOL + random_pool_add_randomness(buf, len); +#endif +} --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1137,9 +1137,8 @@ endif ifdef CONFIG_NO_RANDOM_POOL CFLAGS += -DCONFIG_NO_RANDOM_POOL -else -OBJS += ../src/crypto/random.o endif +OBJS += ../src/crypto/random.o ifdef CONFIG_CTRL_IFACE ifeq ($(CONFIG_CTRL_IFACE), y) --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1132,9 +1132,8 @@ endif ifdef CONFIG_NO_RANDOM_POOL L_CFLAGS += -DCONFIG_NO_RANDOM_POOL -else -OBJS += src/crypto/random.c endif +OBJS += src/crypto/random.c ifdef CONFIG_CTRL_IFACE ifeq ($(CONFIG_CTRL_IFACE), y) --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -720,11 +720,11 @@ endif ifdef CONFIG_NO_RANDOM_POOL L_CFLAGS += -DCONFIG_NO_RANDOM_POOL else -OBJS += src/crypto/random.c -HOBJS += src/crypto/random.c HOBJS += $(SHA1OBJS) HOBJS += src/crypto/md5.c endif +OBJS += src/crypto/random.c +HOBJS += src/crypto/random.c ifdef CONFIG_RADIUS_SERVER L_CFLAGS += -DRADIUS_SERVER --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -707,12 +707,12 @@ endif ifdef CONFIG_NO_RANDOM_POOL CFLAGS += -DCONFIG_NO_RANDOM_POOL else -OBJS += ../src/crypto/random.o -HOBJS += ../src/crypto/random.o HOBJS += ../src/utils/eloop.o HOBJS += $(SHA1OBJS) HOBJS += ../src/crypto/md5.o endif +OBJS += ../src/crypto/random.o +HOBJS += ../src/crypto/random.o ifdef CONFIG_RADIUS_SERVER CFLAGS += -DRADIUS_SERVER