1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * Copyright (C) 1998 by the FundsXpress, INC. 10 * 11 * All rights reserved. 12 * 13 * Export of this software from the United States of America may require 14 * a specific license from the United States Government. It is the 15 * responsibility of any person or organization contemplating export to 16 * obtain such a license before exporting. 17 * 18 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 19 * distribute this software and its documentation for any purpose and 20 * without fee is hereby granted, provided that the above copyright 21 * notice appear in all copies and that both that copyright notice and 22 * this permission notice appear in supporting documentation, and that 23 * the name of FundsXpress. not be used in advertising or publicity pertaining 24 * to distribution of the software without specific, written prior 25 * permission. FundsXpress makes no representations about the suitability of 26 * this software for any purpose. It is provided "as is" without express 27 * or implied warranty. 28 * 29 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 30 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 31 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 32 */ 33 34 #include <k5-int.h> 35 36 #ifdef _KERNEL 37 #include <sys/random.h> 38 #endif 39 40 #ifndef _KERNEL 41 42 /* 43 * Solaris kerberos: we don't need a random number generator 44 * for the /dev/[u]random, as it uses entropy in the kernel. 45 * Keep this function as some apps might call it directly. 46 */ 47 48 /*ARGSUSED*/ 49 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV 50 krb5_c_random_seed(krb5_context context, krb5_data *data) 51 { 52 /* 53 * We can't do much if this fails, so ignore the 54 * return code. /dev/urandom has its own entropy 55 * source, so seeding it from here is of questionable 56 * value in the first place. 57 */ 58 (void) C_SeedRandom(krb_ctx_hSession(context), 59 (CK_BYTE_PTR)data->data, 60 (CK_ULONG)data->length); 61 62 return(0); 63 } 64 #endif /* !_KERNEL */ 65 66 /* 67 * krb5_get_random_octets 68 * New for Solaris 9. This routine takes advantage of the new 69 * /dev/[u]random interface provided in Solaris 9 for getting random 70 * bytes generated from the kernel. The entropy produced there is generally 71 * considered better than the current MIT PRNG code that we are replacing. 72 * 73 * This func is visible so that it can be used to generate a 74 * random confounder. 75 */ 76 77 #ifndef _KERNEL 78 79 #endif /* ! _KERNEL */ 80 81 /* 82 * We can assume that the memory for data is already malloc'd. 83 * Return an error if there is an error, but don't clear the data->length 84 * or free data->data. This will be done by the calling function. 85 */ 86 87 /*ARGSUSED*/ 88 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV 89 krb5_c_random_make_octets(krb5_context context, krb5_data *data) 90 { 91 /* 92 * Solaris kerberos uses /dev/[u]random 93 */ 94 #ifndef _KERNEL /* User space code */ 95 96 krb5_error_code err = 0; 97 CK_RV rv; 98 99 KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, user space using " 100 "krb5_get_random_octets()\n"); 101 102 rv = C_GenerateRandom(krb_ctx_hSession(context), (CK_BYTE_PTR)data->data, 103 (CK_ULONG)data->length); 104 105 if (rv != CKR_OK) { 106 KRB5_LOG(KRB5_ERR, "C_GenerateRandom failed in " 107 "krb5_c_random_make_octets: rv = 0x%x.", rv); 108 err = PKCS_ERR; 109 } 110 if (err != 0) { 111 KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, error"); 112 return (err); 113 } 114 115 #else /* Kernel code section */ 116 117 /* 118 * Solaris Kerberos: for kernel code we use the randomness generator native 119 * to Solaris 9. We avoid global variables and other nastiness this way. 120 * 121 * Using random_get_pseudo_bytes() instead of random_get_bytes() because it 122 * will not return an error code if there isn't enough entropy but will use 123 * a pseudo random algorithm to produce randomness. Most of the time it 124 * should be as good as random_get_bytes() and we don't have to worry about 125 * dealing with a non-fatal error. 126 */ 127 KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, kernel using " 128 "random_get_pseudo_bytes()\n "); 129 130 if(random_get_pseudo_bytes((uint8_t *)data->data, data->length) != 0) { 131 KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, " 132 "random_get_pseudo_bytes() error.\n"); 133 return(KRB5_CRYPTO_INTERNAL); 134 } 135 136 #endif /* !_KERNEL */ 137 138 KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() end\n"); 139 return(0); 140 } 141