Add two fallback options to secure randomness generation. If getrandom() fails, we first try manually sourcing from /dev/urandom ourselves to exclude this being a simple library error. If this does not work either, we resort to using mbedtls' DRBG method.

Signed-off-by: DL6ER <[email protected]>

Author: DL6ER

src/api/2fa.c

@@ -267,6 +267,7 @@ int generateTOTP(struct ftl_conn *api)
 {
 	// Generate random secret using the system's random number generator
 	uint8_t random_secret[RFC6238_SECRET_LEN];
+	log_info("A");
 	if(!get_secure_randomness(random_secret, sizeof(random_secret)))
 		return send_json_error(api, 500, "internal_error", "Failed to generate random secret", strerror(errno));
 

src/api/auth.c

@@ -435,6 +435,7 @@ static int send_api_auth_status(struct ftl_conn *api, const int user_id, const t
 static void generateSID(char *sid)
 {
 	uint8_t raw_sid[SID_SIZE];
+	log_info("B");
 	if(!get_secure_randomness(raw_sid, sizeof(raw_sid)))
 		return;
 

src/config/password.c

@@ -93,8 +93,7 @@ static char * __attribute__((malloc)) double_sha256_password(const char *passwor
 
 bool get_secure_randomness(uint8_t *buffer, const size_t length)
 {
-	ssize_t result;
-
+	ssize_t result = -1;
 	// First try to get randomness in non-blocking mode and print a warning when not enough entropy is available right now
 	do {
 		result = getrandom(buffer, length, GRND_NONBLOCK);
@@ -103,32 +102,49 @@ bool get_secure_randomness(uint8_t *buffer, const size_t length)
 	// If not enough entropy is available right now, try again in blocking mode
 	if (result < 0 && errno == EAGAIN)
 	{
-		log_warn("getrandom() failed in get_secure_randomness(): Not enough entropy available right now, retrying in blocking mode");
+		log_warn("Not enough entropy available right now for generating secure randomness, retrying in blocking mode");
 		// Sleep for 1 second to give the kernel some time to gather entropy
 		sleepms(1000);
 	}
 	else
 	{
 		// If the first try was successful, return the result
 		if (result >= 0)
-			return true;
+			goto random_success;
 	}
 	do {
 		result = getrandom(buffer, length, 0);
 	} while (result < 0 && errno == EINTR);
 
-	if (result < 0)
+	if(result < 0)
 	{
-		const int err = errno;
-		log_err("getrandom() failed in get_secure_randomness(): %s", strerror(errno));
-		errno = err;
-		return false;
+		log_warn("Getting secure randomness failed (%s), trying /dev/urandom", strerror(errno));
+		result = getrandom_fallback(buffer, length, 0);
+		if(result < 0 || result < (ssize_t)length)
+		{
+			log_warn("Fallback failed, trying internal DRBG generator");
+			result = drbg_random(buffer, length);
+			if(result < 0)
+			{
+				// Warning will be printed by drbg_random()
+				return false;
+			}
+
+			log_info("Internal DRBG generator successfully used");
+		}
+		else
+			log_info("Fallback to /dev/urandom successful");
 	}
-	else if((size_t)result != length)
+
+	// Check if enough bytes were generated
+	if(result != (ssize_t)length)
 	{
-		log_err("getrandom() failed in get_secure_randomness(): Not enough bytes generated (%zu != %zu)", (size_t)result, length);
+		log_err("Randomness generator failed: not enough bytes generated (%zd != %zu)", result, length);
 		return false;
 	}
+
+random_success:
+	log_debug(DEBUG_ANY, "Generated %zd bytes of secure randomness", result);
 	return true;
 }
 

src/webserver/x509.c

@@ -98,6 +98,29 @@ void destroy_entropy(void)
 	mbedtls_ctr_drbg_free(&ctr_drbg);
 }
 
+/**
+ * @brief Generates random bytes using the CTR_DRBG (Counter mode Deterministic
+ * Random Byte Generator).
+ *
+ * @param output Pointer to the buffer where the generated random bytes will be
+ * stored.
+ * @param len The number of random bytes to generate.
+ * @return The number of bytes generated on success, or -1 on failure.
+ */
+ssize_t drbg_random(unsigned char *output, size_t len)
+{
+	init_entropy();
+	const int ret = mbedtls_ctr_drbg_random(&ctr_drbg, output, len);
+	if(ret != 0)
+	{
+		log_err("mbedtls_ctr_drbg_random returned %d\n", ret);
+		return -1;
+	}
+
+	// Return number of bytes generated
+	return len;
+}
+
 // Generate private RSA key
 static int generate_private_key_rsa(mbedtls_pk_context *key,
                                     unsigned char key_buffer[])
@@ -701,4 +724,10 @@ void destroy_entropy(void)
 {
 }
 
+ssize_t drbg_random(unsigned char *output, size_t len)
+{
+	log_warn("FTL was not compiled with mbedtls support, fallback random number generator not available");
+	return -1;
+}
+
 #endif

src/webserver/x509.h

@@ -17,11 +17,14 @@
 
 #include "enums.h"
 #include <stdbool.h>
+// ssize_t
+#include <unistd.h>
 
 bool generate_certificate(const char* certfile, bool rsa, const char *domain);
 enum cert_check read_certificate(const char* certfile, const char *domain, const bool private_key);
 
 bool init_entropy(void);
 void destroy_entropy(void);
+ssize_t drbg_random(unsigned char *output, size_t len);
 
 #endif // X509_H