Reworked scrandom ugliness, no longer builds a shared

library nor seeds OpenSSL internally, if available. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@593 c6295689-39f2-0310-b995-f0e70906c6a9
2002-05-06 06:36:11 +00:00 · 2002-05-06 06:36:11 +00:00 · de9cc2e67a
parent e1b6a03ccf
commit de9cc2e67a
6 changed files with 36 additions and 60 deletions
--- a/configure.in
+++ b/configure.in
@ -1002,7 +1002,7 @@ LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la"
 AC_SUBST(LIBSCLDAP)
 LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la"
 AC_SUBST(LIBSCRANDOM)
-LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la"
+LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.a"

 AM_CONDITIONAL(HAVE_SCIDI, test "foo" = "bar")

--- a/src/scam/Makefile.am
+++ b/src/scam/Makefile.am
@ -7,19 +7,19 @@ INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@
 lib_LTLIBRARIES = libscam.la

 if HAVE_LDAP
-LDAP_LTLIBS = @LIBSCLDAP@
+LDAP_LIB = @LIBSCLDAP@
 endif
 if HAVE_SSL
-SSL_LTLIBS = @LIBCRYPTO@
+SSL_LIB = @LIBCRYPTO@
 endif
 # Temporary
 if HAVE_SCIDI
-SCIDI_LTLIBS = @LIBSSP@
+SCIDI_LIB = @LIBSSP@
 SCIDI_SRC = ../../../scam/sp.c
 SCIDI_INC = @CFLAGS_SSP@
 endif

-LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LTLIBS) $(SSL_LTLIBS) $(SCIDI_LTLIBS)
+LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LIB) $(SSL_LIB) $(SCIDI_LIB)
 EXTRAINC = $(SCIDI_INC)

 SRC = scam.c scam.h p15_eid.c p15_ldap.c $(SCIDI_SRC)
--- a/src/scam/p15_eid.c
+++ b/src/scam/p15_eid.c
@ -31,6 +31,7 @@
 #include <sys/stat.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include <openssl/rand.h>
 #include <openssl/pem.h>
 #include <opensc/opensc.h>
 #include <opensc/pkcs15.h>
@ -287,6 +288,7 @@ int p15_eid_auth(scam_context * sctx, int argc, const char **argv,
 		scam_log_msg(sctx, "scrandom_get_data failed.\n");
 		goto end;
 	}
+	RAND_seed(random_data, sizeof(random_data));
 	r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
 	if (r != SC_SUCCESS) {
 		scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
--- a/src/scam/p15_ldap.c
+++ b/src/scam/p15_ldap.c
@ -31,6 +31,7 @@
 #include <sys/stat.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include <openssl/rand.h>
 #include <opensc/opensc.h>
 #include <opensc/pkcs15.h>
 #include <opensc/scldap.h>
@ -220,6 +221,7 @@ int p15_ldap_auth(scam_context * sctx, int argc, const char **argv,
 		scam_log_msg(sctx, "scrandom_get_data failed.\n");
 		goto end;
 	}
+	RAND_seed(random_data, sizeof(random_data));
 	r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
 	if (r != SC_SUCCESS) {
 		scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
--- a/src/scrandom/Makefile.am
+++ b/src/scrandom/Makefile.am
@ -7,15 +7,14 @@ MAINTAINERCLEANFILES = Makefile.in
 include_HEADERS = scrandom.h

 if HAVE_SSL
-SSL_LTLIB = @LIBCRYPTO@
+SSL_LIB = @LIBCRYPTO@
 endif

-lib_LTLIBRARIES = libscrandom.la
+lib_LIBRARIES = libscrandom.a

-libscrandom_la_SOURCES = scrandom.c scrandom.h
-libscrandom_la_LIBADD = $(SSL_LTLIB)
+libscrandom_a_SOURCES = scrandom.c scrandom.h

 noinst_PROGRAMS = test-random

 test_random_SOURCES = test-random.c
-test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@
+test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@ $(SSL_LIB)
--- a/src/scrandom/scrandom.c
+++ b/src/scrandom/scrandom.c
@ -32,33 +32,8 @@
 #include <sys/un.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
-#ifdef HAVE_OPENSSL
-#include <openssl/rand.h>
-#endif
 #include "scrandom.h"

-static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n)
-{
-	char *s = (char *) _s;
-	size_t pos = 0;
-	ssize_t res;
-
-	while (n > pos) {
-		res = (f) (fd, s + pos, n - pos);
-		switch (res) {
-		case -1:
-			if (errno == EINTR || errno == EAGAIN) {
-				continue;
-			}
-		case 0:
-			return res;
-		default:
-			pos += res;
-		}
-	}
-	return pos;
-}
-
 #if defined(PRNGD_SOCKET) || defined(PRNGD_PORT)
 #include <signal.h>

@ -99,6 +74,28 @@ static mysig_t mysignal(int sig, mysig_t act)

 #if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)

+static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n)
+{
+	char *s = (char *) _s;
+	size_t pos = 0;
+	ssize_t res;
+
+	while (n > pos) {
+		res = (f) (fd, s + pos, n - pos);
+		switch (res) {
+		case -1:
+			if (errno == EINTR || errno == EAGAIN) {
+				continue;
+			}
+		case 0:
+			return res;
+		default:
+			pos += res;
+		}
+	}
+	return pos;
+}
+
 /* Get entropy from:
 * /dev/[u]random or pipe
 * PRNGD/EGD (socket)
@ -245,32 +242,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
 	}
 	return rval;
 #endif
+	return 0;
 }

 #endif

-/*
- * Seed OpenSSL's random number pool
- */
-
-static int scrandom_seed_generator(void)
-{
-#ifdef HAVE_OPENSSL
-	unsigned char buf[32];
-
-	if (!scrandom_get_bytes(buf, sizeof(buf))) {
-		if (!RAND_status()) {
-			fprintf(stderr, "Entropy collection failed and entropy exhausted\n");
-			return 0;
-		}
-	} else {
-		RAND_add(buf, sizeof(buf), sizeof(buf));
-	}
-	memset(buf, '\0', sizeof(buf));
-#endif
-	return 1;
-}
-
 /* Read random data from random data source */

 int scrandom_get_data(unsigned char *buf, unsigned int len)
@ -287,9 +263,6 @@ int scrandom_get_data(unsigned char *buf, unsigned int len)
 		return -1;
 	}
 #if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
-	if (!scrandom_seed_generator()) {
-		return -1;
-	}
 	div = len / BLOCK_SIZE;
 	mod = len % BLOCK_SIZE;
 	p = buf;