From de9cc2e67a671f0b1367158494428fddc238bb83 Mon Sep 17 00:00:00 2001 From: aet Date: Mon, 6 May 2002 06:36:11 +0000 Subject: [PATCH] Reworked scrandom ugliness, no longer builds a shared library nor seeds OpenSSL internally, if available. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@593 c6295689-39f2-0310-b995-f0e70906c6a9 --- configure.in | 2 +- src/scam/Makefile.am | 8 ++--- src/scam/p15_eid.c | 2 ++ src/scam/p15_ldap.c | 2 ++ src/scrandom/Makefile.am | 9 +++-- src/scrandom/scrandom.c | 73 +++++++++++++--------------------------- 6 files changed, 36 insertions(+), 60 deletions(-) diff --git a/configure.in b/configure.in index 134f59fb..eebb0384 100644 --- a/configure.in +++ b/configure.in @@ -1002,7 +1002,7 @@ LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la" AC_SUBST(LIBSCLDAP) LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la" AC_SUBST(LIBSCRANDOM) -LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la" +LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.a" AM_CONDITIONAL(HAVE_SCIDI, test "foo" = "bar") diff --git a/src/scam/Makefile.am b/src/scam/Makefile.am index 37275222..927890d3 100644 --- a/src/scam/Makefile.am +++ b/src/scam/Makefile.am @@ -7,19 +7,19 @@ INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ lib_LTLIBRARIES = libscam.la if HAVE_LDAP -LDAP_LTLIBS = @LIBSCLDAP@ +LDAP_LIB = @LIBSCLDAP@ endif if HAVE_SSL -SSL_LTLIBS = @LIBCRYPTO@ +SSL_LIB = @LIBCRYPTO@ endif # Temporary if HAVE_SCIDI -SCIDI_LTLIBS = @LIBSSP@ +SCIDI_LIB = @LIBSSP@ SCIDI_SRC = ../../../scam/sp.c SCIDI_INC = @CFLAGS_SSP@ endif -LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LTLIBS) $(SSL_LTLIBS) $(SCIDI_LTLIBS) +LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LIB) $(SSL_LIB) $(SCIDI_LIB) EXTRAINC = $(SCIDI_INC) SRC = scam.c scam.h p15_eid.c p15_ldap.c $(SCIDI_SRC) diff --git a/src/scam/p15_eid.c b/src/scam/p15_eid.c index be655c11..97901c0a 100644 --- a/src/scam/p15_eid.c +++ b/src/scam/p15_eid.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -287,6 +288,7 @@ int p15_eid_auth(scam_context * sctx, int argc, const char **argv, scam_log_msg(sctx, "scrandom_get_data failed.\n"); goto end; } + RAND_seed(random_data, sizeof(random_data)); r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password)); if (r != SC_SUCCESS) { scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r)); diff --git a/src/scam/p15_ldap.c b/src/scam/p15_ldap.c index 3af05d23..3d65d727 100644 --- a/src/scam/p15_ldap.c +++ b/src/scam/p15_ldap.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -220,6 +221,7 @@ int p15_ldap_auth(scam_context * sctx, int argc, const char **argv, scam_log_msg(sctx, "scrandom_get_data failed.\n"); goto end; } + RAND_seed(random_data, sizeof(random_data)); r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password)); if (r != SC_SUCCESS) { scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r)); diff --git a/src/scrandom/Makefile.am b/src/scrandom/Makefile.am index 4119e020..3c094160 100644 --- a/src/scrandom/Makefile.am +++ b/src/scrandom/Makefile.am @@ -7,15 +7,14 @@ MAINTAINERCLEANFILES = Makefile.in include_HEADERS = scrandom.h if HAVE_SSL -SSL_LTLIB = @LIBCRYPTO@ +SSL_LIB = @LIBCRYPTO@ endif -lib_LTLIBRARIES = libscrandom.la +lib_LIBRARIES = libscrandom.a -libscrandom_la_SOURCES = scrandom.c scrandom.h -libscrandom_la_LIBADD = $(SSL_LTLIB) +libscrandom_a_SOURCES = scrandom.c scrandom.h noinst_PROGRAMS = test-random test_random_SOURCES = test-random.c -test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@ +test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@ $(SSL_LIB) diff --git a/src/scrandom/scrandom.c b/src/scrandom/scrandom.c index b3f55519..efa10794 100644 --- a/src/scrandom/scrandom.c +++ b/src/scrandom/scrandom.c @@ -32,33 +32,8 @@ #include #include #include -#ifdef HAVE_OPENSSL -#include -#endif #include "scrandom.h" -static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n) -{ - char *s = (char *) _s; - size_t pos = 0; - ssize_t res; - - while (n > pos) { - res = (f) (fd, s + pos, n - pos); - switch (res) { - case -1: - if (errno == EINTR || errno == EAGAIN) { - continue; - } - case 0: - return res; - default: - pos += res; - } - } - return pos; -} - #if defined(PRNGD_SOCKET) || defined(PRNGD_PORT) #include @@ -99,6 +74,28 @@ static mysig_t mysignal(int sig, mysig_t act) #if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET) +static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n) +{ + char *s = (char *) _s; + size_t pos = 0; + ssize_t res; + + while (n > pos) { + res = (f) (fd, s + pos, n - pos); + switch (res) { + case -1: + if (errno == EINTR || errno == EAGAIN) { + continue; + } + case 0: + return res; + default: + pos += res; + } + } + return pos; +} + /* Get entropy from: * /dev/[u]random or pipe * PRNGD/EGD (socket) @@ -245,32 +242,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len) } return rval; #endif + return 0; } #endif -/* - * Seed OpenSSL's random number pool - */ - -static int scrandom_seed_generator(void) -{ -#ifdef HAVE_OPENSSL - unsigned char buf[32]; - - if (!scrandom_get_bytes(buf, sizeof(buf))) { - if (!RAND_status()) { - fprintf(stderr, "Entropy collection failed and entropy exhausted\n"); - return 0; - } - } else { - RAND_add(buf, sizeof(buf), sizeof(buf)); - } - memset(buf, '\0', sizeof(buf)); -#endif - return 1; -} - /* Read random data from random data source */ int scrandom_get_data(unsigned char *buf, unsigned int len) @@ -287,9 +263,6 @@ int scrandom_get_data(unsigned char *buf, unsigned int len) return -1; } #if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET) - if (!scrandom_seed_generator()) { - return -1; - } div = len / BLOCK_SIZE; mod = len % BLOCK_SIZE; p = buf;