Reworked scrandom ugliness, no longer builds a shared
library nor seeds OpenSSL internally, if available. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@593 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
e1b6a03ccf
commit
de9cc2e67a
|
@ -1002,7 +1002,7 @@ LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la"
|
|||
AC_SUBST(LIBSCLDAP)
|
||||
LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la"
|
||||
AC_SUBST(LIBSCRANDOM)
|
||||
LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la"
|
||||
LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.a"
|
||||
|
||||
AM_CONDITIONAL(HAVE_SCIDI, test "foo" = "bar")
|
||||
|
||||
|
|
|
@ -7,19 +7,19 @@ INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@
|
|||
lib_LTLIBRARIES = libscam.la
|
||||
|
||||
if HAVE_LDAP
|
||||
LDAP_LTLIBS = @LIBSCLDAP@
|
||||
LDAP_LIB = @LIBSCLDAP@
|
||||
endif
|
||||
if HAVE_SSL
|
||||
SSL_LTLIBS = @LIBCRYPTO@
|
||||
SSL_LIB = @LIBCRYPTO@
|
||||
endif
|
||||
# Temporary
|
||||
if HAVE_SCIDI
|
||||
SCIDI_LTLIBS = @LIBSSP@
|
||||
SCIDI_LIB = @LIBSSP@
|
||||
SCIDI_SRC = ../../../scam/sp.c
|
||||
SCIDI_INC = @CFLAGS_SSP@
|
||||
endif
|
||||
|
||||
LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LTLIBS) $(SSL_LTLIBS) $(SCIDI_LTLIBS)
|
||||
LDFLAGS = @LIBOPENSC@ @LIBSCRANDOM@ $(LDAP_LIB) $(SSL_LIB) $(SCIDI_LIB)
|
||||
EXTRAINC = $(SCIDI_INC)
|
||||
|
||||
SRC = scam.c scam.h p15_eid.c p15_ldap.c $(SCIDI_SRC)
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <sys/stat.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <opensc/opensc.h>
|
||||
#include <opensc/pkcs15.h>
|
||||
|
@ -287,6 +288,7 @@ int p15_eid_auth(scam_context * sctx, int argc, const char **argv,
|
|||
scam_log_msg(sctx, "scrandom_get_data failed.\n");
|
||||
goto end;
|
||||
}
|
||||
RAND_seed(random_data, sizeof(random_data));
|
||||
r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
|
||||
if (r != SC_SUCCESS) {
|
||||
scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <sys/stat.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <opensc/opensc.h>
|
||||
#include <opensc/pkcs15.h>
|
||||
#include <opensc/scldap.h>
|
||||
|
@ -220,6 +221,7 @@ int p15_ldap_auth(scam_context * sctx, int argc, const char **argv,
|
|||
scam_log_msg(sctx, "scrandom_get_data failed.\n");
|
||||
goto end;
|
||||
}
|
||||
RAND_seed(random_data, sizeof(random_data));
|
||||
r = sc_pkcs15_verify_pin(data->p15card, (struct sc_pkcs15_pin_info *) data->pin->data, (const u8 *) password, strlen(password));
|
||||
if (r != SC_SUCCESS) {
|
||||
scam_print_msg(sctx, "sc_pkcs15_verify_pin: %s\n", sc_strerror(r));
|
||||
|
|
|
@ -7,15 +7,14 @@ MAINTAINERCLEANFILES = Makefile.in
|
|||
include_HEADERS = scrandom.h
|
||||
|
||||
if HAVE_SSL
|
||||
SSL_LTLIB = @LIBCRYPTO@
|
||||
SSL_LIB = @LIBCRYPTO@
|
||||
endif
|
||||
|
||||
lib_LTLIBRARIES = libscrandom.la
|
||||
lib_LIBRARIES = libscrandom.a
|
||||
|
||||
libscrandom_la_SOURCES = scrandom.c scrandom.h
|
||||
libscrandom_la_LIBADD = $(SSL_LTLIB)
|
||||
libscrandom_a_SOURCES = scrandom.c scrandom.h
|
||||
|
||||
noinst_PROGRAMS = test-random
|
||||
|
||||
test_random_SOURCES = test-random.c
|
||||
test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@
|
||||
test_random_LDFLAGS = @LDFLAGS@ @LIBSCRANDOM@ $(SSL_LIB)
|
||||
|
|
|
@ -32,33 +32,8 @@
|
|||
#include <sys/un.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/rand.h>
|
||||
#endif
|
||||
#include "scrandom.h"
|
||||
|
||||
static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n)
|
||||
{
|
||||
char *s = (char *) _s;
|
||||
size_t pos = 0;
|
||||
ssize_t res;
|
||||
|
||||
while (n > pos) {
|
||||
res = (f) (fd, s + pos, n - pos);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR || errno == EAGAIN) {
|
||||
continue;
|
||||
}
|
||||
case 0:
|
||||
return res;
|
||||
default:
|
||||
pos += res;
|
||||
}
|
||||
}
|
||||
return pos;
|
||||
}
|
||||
|
||||
#if defined(PRNGD_SOCKET) || defined(PRNGD_PORT)
|
||||
#include <signal.h>
|
||||
|
||||
|
@ -99,6 +74,28 @@ static mysig_t mysignal(int sig, mysig_t act)
|
|||
|
||||
#if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
|
||||
|
||||
static ssize_t atomicio(ssize_t(*f) (int fd, void *_s, size_t n), int fd, void *_s, size_t n)
|
||||
{
|
||||
char *s = (char *) _s;
|
||||
size_t pos = 0;
|
||||
ssize_t res;
|
||||
|
||||
while (n > pos) {
|
||||
res = (f) (fd, s + pos, n - pos);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR || errno == EAGAIN) {
|
||||
continue;
|
||||
}
|
||||
case 0:
|
||||
return res;
|
||||
default:
|
||||
pos += res;
|
||||
}
|
||||
}
|
||||
return pos;
|
||||
}
|
||||
|
||||
/* Get entropy from:
|
||||
* /dev/[u]random or pipe
|
||||
* PRNGD/EGD (socket)
|
||||
|
@ -245,32 +242,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||
}
|
||||
return rval;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Seed OpenSSL's random number pool
|
||||
*/
|
||||
|
||||
static int scrandom_seed_generator(void)
|
||||
{
|
||||
#ifdef HAVE_OPENSSL
|
||||
unsigned char buf[32];
|
||||
|
||||
if (!scrandom_get_bytes(buf, sizeof(buf))) {
|
||||
if (!RAND_status()) {
|
||||
fprintf(stderr, "Entropy collection failed and entropy exhausted\n");
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
RAND_add(buf, sizeof(buf), sizeof(buf));
|
||||
}
|
||||
memset(buf, '\0', sizeof(buf));
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Read random data from random data source */
|
||||
|
||||
int scrandom_get_data(unsigned char *buf, unsigned int len)
|
||||
|
@ -287,9 +263,6 @@ int scrandom_get_data(unsigned char *buf, unsigned int len)
|
|||
return -1;
|
||||
}
|
||||
#if defined(RANDOM_POOL) || defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
|
||||
if (!scrandom_seed_generator()) {
|
||||
return -1;
|
||||
}
|
||||
div = len / BLOCK_SIZE;
|
||||
mod = len % BLOCK_SIZE;
|
||||
p = buf;
|
||||
|
|
Loading…
Reference in New Issue