From: Guus Sliepen Date: Wed, 24 Dec 2014 15:54:12 +0000 (+0100) Subject: Avoid using OpenSSL's random number functions. X-Git-Tag: release-1.1pre11~18 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a99ded7d987c3242f972162e02767c498257f2b8;p=oweals%2Ftinc.git Avoid using OpenSSL's random number functions. --- diff --git a/src/Makefile.am b/src/Makefile.am index c48e3fd..02d7ec2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -21,7 +21,6 @@ ed25519_SOURCES = \ ed25519/keypair.c \ ed25519/precomp_data.h \ ed25519/sc.c ed25519/sc.h \ - ed25519/seed.c \ ed25519/sha512.c ed25519/sha512.h \ ed25519/sign.c \ ed25519/verify.c diff --git a/src/ed25519/seed.c b/src/ed25519/seed.c deleted file mode 100644 index ca4089c..0000000 --- a/src/ed25519/seed.c +++ /dev/null @@ -1,40 +0,0 @@ -#include "ed25519.h" - -#ifndef ED25519_NO_SEED - -#ifdef _WIN32 -#include -#include -#else -#include -#endif - -int ed25519_create_seed(unsigned char *seed) { -#ifdef _WIN32 - HCRYPTPROV prov; - - if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - return 1; - } - - if (!CryptGenRandom(prov, 32, seed)) { - CryptReleaseContext(prov, 0); - return 1; - } - - CryptReleaseContext(prov, 0); -#else - FILE *f = fopen("/dev/urandom", "rb"); - - if (f == NULL) { - return 1; - } - - fread(seed, 1, 32, f); - fclose(f); -#endif - - return 0; -} - -#endif \ No newline at end of file diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c index 6c5cbc8..ed8c8e2 100644 --- a/src/openssl/crypto.c +++ b/src/openssl/crypto.c @@ -1,6 +1,6 @@ /* crypto.c -- Cryptographic miscellaneous functions and initialisation - Copyright (C) 2007-2013 Guus Sliepen + Copyright (C) 2007-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -25,8 +25,65 @@ #include "../crypto.h" +#ifndef HAVE_MINGW + +static int random_fd = -1; + +static void random_init(void) { + random_fd = open("/dev/urandom", O_RDONLY); + if(random_fd < 0) + random_fd = open("/dev/random", O_RDONLY); + if(random_fd < 0) { + fprintf(stderr, "Could not open source of random numbers: %s\n", strerror(errno)); + abort(); + } +} + +static void random_exit(void) { + close(random_fd); +} + +void randomize(void *out, size_t outlen) { + while(outlen) { + size_t len = read(random_fd, out, outlen); + if(len <= 0) { + if(errno == EAGAIN || errno == EINTR) + continue; + fprintf(stderr, "Could not read random numbers: %s\n", strerror(errno)); + abort(); + } + out += len; + outlen -= len; + } +} + +#else + +#include +HCRYPTPROV prov; + +void random_init(void) { + if(!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { + fprintf(stderr, "CryptAcquireContext() failed!\n"); + abort(); + } +} + +void random_exit(void) { + CryptReleaseContext(prov, 0); +} + +void randomize(void *out, size_t outlen) { + if(!CryptGenRandom(prov, outlen, out)) { + fprintf(stderr, "CryptGenRandom() failed\n"); + abort(); + } +} + +#endif + void crypto_init(void) { - RAND_load_file("/dev/urandom", 1024); + random_init(); ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); @@ -42,8 +99,5 @@ void crypto_init(void) { void crypto_exit(void) { EVP_cleanup(); -} - -void randomize(void *out, size_t outlen) { - RAND_pseudo_bytes(out, outlen); + random_exit(); }