Reworked scrandom ugliness, no longer builds a shared
library nor seeds OpenSSL internally, if available. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@593 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
e1b6a03ccf
commit
de9cc2e67a
|
@ -1002,7 +1002,7 @@ LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la"
|
||||||
AC_SUBST(LIBSCLDAP)
|
AC_SUBST(LIBSCLDAP)
|
||||||
LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la"
|
LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la"
|
||||||
AC_SUBST(LIBSCRANDOM)
|
AC_SUBST(LIBSCRANDOM)
|
||||||
LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la"
|
LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.a"
|
||||||
|
|
||||||
AM_CONDITIONAL(HAVE_SCIDI, test "foo" = "bar")
|
AM_CONDITIONAL(HAVE_SCIDI, test "foo" = "bar")
|
||||||
|
|
||||||
|
|
|
@ -7,19 +7,19 @@ INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@
|
||||||
lib_LTLIBRARIES = libscam.la
|
lib_LTLIBRARIES = libscam.la
|
||||||
|
|
||||||
if HAVE_LDAP
|
if HAVE_LDAP
|
||||||
LDAP_LTLIBS = @LIBSCLDAP@
|
LDAP_LIB = @LIBSCLDAP@
|
||||||
endif
|
endif
|
||||||
if HAVE_SSL
|
if HAVE_SSL
|
||||||
SSL_LTLIBS = @LIBCRYPTO@
|
SSL_LIB = @LIBCRYPTO@
|
||||||
endif
|
endif
|
||||||
# Temporary
|
# Temporary
|
||||||
if HAVE_SCIDI
|
if HAVE_SCIDI
|
||||||
SCIDI_LTLIBS = @LIBSSP@
|
SCIDI_LIB = @LIBSSP@
|
||||||
SCIDI_SRC = ../../../scam/sp.c
|
SCIDI_SRC = ../../../scam/sp.c
|
||||||
SCIDI_INC = @CFLAGS_SSP@
|
SCIDI_INC = @CFLAGS_SSP@
|
||||||
endif
|
endif
|
||||||
|
|
||||||
LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LTLIBS) $(SSL_LTLIBS) $(SCIDI_LTLIBS)
|
LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LIB) $(SSL_LIB) $(SCIDI_LIB)
|
||||||
EXTRAINC = $(SCIDI_INC)
|
EXTRAINC = $(SCIDI_INC)
|
||||||
|
|
||||||
SRC = scam.c scam.h p15_eid.c p15_ldap.c $(SCIDI_SRC)
|
SRC = scam.c scam.h p15_eid.c p15_ldap.c $(SCIDI_SRC)
|
||||||
|
|
|
@ -31,6 +31,7 @@
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
|
#include <openssl/rand.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <opensc/opensc.h>
|
#include <opensc/opensc.h>
|
||||||
#include <opensc/pkcs15.h>
|
#include <opensc/pkcs15.h>
|
||||||
|
@ -287,6 +288,7 @@ int p15_eid_auth(scam_context * sctx, int argc, const char **argv,
|
||||||
scam_log_msg(sctx, "scrandom_get_data failed.\n");
|
scam_log_msg(sctx, "scrandom_get_data failed.\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
RAND_seed(random_data, sizeof(random_data));
|
||||||
r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
|
r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
|
||||||
if (r != SC_SUCCESS) {
|
if (r != SC_SUCCESS) {
|
||||||
scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
|
scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
|
||||||
|
|
|
@ -31,6 +31,7 @@
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
|
#include <openssl/rand.h>
|
||||||
#include <opensc/opensc.h>
|
#include <opensc/opensc.h>
|
||||||
#include <opensc/pkcs15.h>
|
#include <opensc/pkcs15.h>
|
||||||
#include <opensc/scldap.h>
|
#include <opensc/scldap.h>
|
||||||
|
@ -220,6 +221,7 @@ int p15_ldap_auth(scam_context * sctx, int argc, const char **argv,
|
||||||
scam_log_msg(sctx, "scrandom_get_data failed.\n");
|
scam_log_msg(sctx, "scrandom_get_data failed.\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
RAND_seed(random_data, sizeof(random_data));
|
||||||
r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
|
r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
|
||||||
if (r != SC_SUCCESS) {
|
if (r != SC_SUCCESS) {
|
||||||
scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
|
scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
|
||||||
|
|
|
@ -7,15 +7,14 @@ MAINTAINERCLEANFILES = Makefile.in
|
||||||
include_HEADERS = scrandom.h
|
include_HEADERS = scrandom.h
|
||||||
|
|
||||||
if HAVE_SSL
|
if HAVE_SSL
|
||||||
SSL_LTLIB = @LIBCRYPTO@
|
SSL_LIB = @LIBCRYPTO@
|
||||||
endif
|
endif
|
||||||
|
|
||||||
lib_LTLIBRARIES = libscrandom.la
|
lib_LIBRARIES = libscrandom.a
|
||||||
|
|
||||||
libscrandom_la_SOURCES = scrandom.c scrandom.h
|
libscrandom_a_SOURCES = scrandom.c scrandom.h
|
||||||
libscrandom_la_LIBADD = $(SSL_LTLIB)
|
|
||||||
|
|
||||||
noinst_PROGRAMS = test-random
|
noinst_PROGRAMS = test-random
|
||||||
|
|
||||||
test_random_SOURCES = test-random.c
|
test_random_SOURCES = test-random.c
|
||||||
test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@
|
test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@ $(SSL_LIB)
|
||||||
|
|
|
@ -32,33 +32,8 @@
|
||||||
#include <sys/un.h>
|
#include <sys/un.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#ifdef HAVE_OPENSSL
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
#endif
|
|
||||||
#include "scrandom.h"
|
#include "scrandom.h"
|
||||||
|
|
||||||
static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n)
|
|
||||||
{
|
|
||||||
char *s = (char *) _s;
|
|
||||||
size_t pos = 0;
|
|
||||||
ssize_t res;
|
|
||||||
|
|
||||||
while (n > pos) {
|
|
||||||
res = (f) (fd, s + pos, n - pos);
|
|
||||||
switch (res) {
|
|
||||||
case -1:
|
|
||||||
if (errno == EINTR || errno == EAGAIN) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
case 0:
|
|
||||||
return res;
|
|
||||||
default:
|
|
||||||
pos += res;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return pos;
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(PRNGD_SOCKET) || defined(PRNGD_PORT)
|
#if defined(PRNGD_SOCKET) || defined(PRNGD_PORT)
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
|
|
||||||
|
@ -99,6 +74,28 @@ static mysig_t mysignal(int sig, mysig_t act)
|
||||||
|
|
||||||
#if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
|
#if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
|
||||||
|
|
||||||
|
static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n)
|
||||||
|
{
|
||||||
|
char *s = (char *) _s;
|
||||||
|
size_t pos = 0;
|
||||||
|
ssize_t res;
|
||||||
|
|
||||||
|
while (n > pos) {
|
||||||
|
res = (f) (fd, s + pos, n - pos);
|
||||||
|
switch (res) {
|
||||||
|
case -1:
|
||||||
|
if (errno == EINTR || errno == EAGAIN) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
case 0:
|
||||||
|
return res;
|
||||||
|
default:
|
||||||
|
pos += res;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return pos;
|
||||||
|
}
|
||||||
|
|
||||||
/* Get entropy from:
|
/* Get entropy from:
|
||||||
* /dev/[u]random or pipe
|
* /dev/[u]random or pipe
|
||||||
* PRNGD/EGD (socket)
|
* PRNGD/EGD (socket)
|
||||||
|
@ -245,32 +242,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
||||||
}
|
}
|
||||||
return rval;
|
return rval;
|
||||||
#endif
|
#endif
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Seed OpenSSL's random number pool
|
|
||||||
*/
|
|
||||||
|
|
||||||
static int scrandom_seed_generator(void)
|
|
||||||
{
|
|
||||||
#ifdef HAVE_OPENSSL
|
|
||||||
unsigned char buf[32];
|
|
||||||
|
|
||||||
if (!scrandom_get_bytes(buf, sizeof(buf))) {
|
|
||||||
if (!RAND_status()) {
|
|
||||||
fprintf(stderr, "Entropy collection failed and entropy exhausted\n");
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
} else {
|
|
||||||
RAND_add(buf, sizeof(buf), sizeof(buf));
|
|
||||||
}
|
|
||||||
memset(buf, '\0', sizeof(buf));
|
|
||||||
#endif
|
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Read random data from random data source */
|
/* Read random data from random data source */
|
||||||
|
|
||||||
int scrandom_get_data(unsigned char *buf, unsigned int len)
|
int scrandom_get_data(unsigned char *buf, unsigned int len)
|
||||||
|
@ -287,9 +263,6 @@ int scrandom_get_data(unsigned char *buf, unsigned int len)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
|
#if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
|
||||||
if (!scrandom_seed_generator()) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
div = len / BLOCK_SIZE;
|
div = len / BLOCK_SIZE;
|
||||||
mod = len % BLOCK_SIZE;
|
mod = len % BLOCK_SIZE;
|
||||||
p = buf;
|
p = buf;
|
||||||
|
|
Loading…
Reference in New Issue