Use getentropy(2) as random source.

Gather entropy from system call getentropy(2).  This is available
since in OpenBSD 5.6 and Solaris 11.3.  It can provide up to 256
bytes entropy from the kernel without blocking.  As a system call
it does not need a file descriptor and works in chroot(2) environments
without device nodes.

4 files changed, 78 insertions, 0 deletions

diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp
index 252be4fa1..d9d5cfe4b 100644
--- a/src/lib/entropy/entropy_srcs.cpp
+++ b/src/lib/entropy/entropy_srcs.cpp
@@ -36,6 +36,10 @@
   #include <botan/internal/darwin_secrandom.h>
 #endif
 
+#if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY)
+  #include <botan/internal/getentropy.h>
+#endif
+
 namespace Botan {
 
 std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
@@ -61,6 +65,13 @@ std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
 #endif
       }
 
+   if(name == "getentropy")
+      {
+#if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY)
+      return std::unique_ptr<Entropy_Source>(new Getentropy);
+#endif
+      }
+
    if(name == "dev_random")
       {
 #if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM)
diff --git a/src/lib/entropy/getentropy/getentropy.cpp b/src/lib/entropy/getentropy/getentropy.cpp
new file mode 100644
index 000000000..56c356eba
--- /dev/null
+++ b/src/lib/entropy/getentropy/getentropy.cpp
@@ -0,0 +1,30 @@
+/*
+* System Call getentropy(2)
+* (C) 2017 Alexander Bluhm (genua GmbH)
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/getentropy.h>
+
+#include <unistd.h>
+
+namespace Botan {
+
+/**
+* Gather BOTAN_SYSTEM_RNG_POLL_REQUEST bytes entropy from getentropy(2).
+* This is 64 bytes, note that maximum buffer size is limited to 256 bytes.
+*/
+size_t Getentropy::poll(RandomNumberGenerator& rng)
+   {
+   secure_vector<uint8_t> buf(BOTAN_SYSTEM_RNG_POLL_REQUEST);
+
+   if(::getentropy(buf.data(), buf.size()) == 0)
+      {
+      rng.add_entropy(buf.data(), buf.size());
+      return buf.size() * 8;
+      }
+
+   return 0;
+   }
+}
diff --git a/src/lib/entropy/getentropy/getentropy.h b/src/lib/entropy/getentropy/getentropy.h
new file mode 100644
index 000000000..ebc49320b
--- /dev/null
+++ b/src/lib/entropy/getentropy/getentropy.h
@@ -0,0 +1,28 @@
+/*
+* Entropy Source Using OpenBSD getentropy(2) system call
+* (C) 2017 Alexander Bluhm (genua GmbH)
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_ENTROPY_SRC_GETENTROPY_H__
+#define BOTAN_ENTROPY_SRC_GETENTROPY_H__
+
+#include <botan/entropy_src.h>
+
+namespace Botan {
+
+/**
+* Entropy source using the getentropy(2) sustem call first introduced in
+* OpenBSD 5.6 and added to Solaris 11.3.
+*/
+class Getentropy final : public Entropy_Source
+   {
+   public:
+      std::string name() const override { return "getentropy"; }
+      size_t poll(RandomNumberGenerator& rng) override;
+   };
+
+}
+
+#endif
diff --git a/src/lib/entropy/getentropy/info.txt b/src/lib/entropy/getentropy/info.txt
new file mode 100644
index 000000000..89e7b120d
--- /dev/null
+++ b/src/lib/entropy/getentropy/info.txt
@@ -0,0 +1,9 @@
+define ENTROPY_SRC_GETENTROPY 20170327
+
+<header:internal>
+getentropy.h
+</header:internal>
+
+<os>
+openbsd
+</os>