Avoid using OpenSSL's random number functions.
This commit is contained in:
Guus Sliepen
parent
199573f1e8
commit
a99ded7d98
3 changed files with 60 additions and 47 deletions
|
|
@ -21,7 +21,6 @@ ed25519_SOURCES = \
|
|||
ed25519/keypair.c \
|
||||
ed25519/precomp_data.h \
|
||||
ed25519/sc.c ed25519/sc.h \
|
||||
ed25519/seed.c \
|
||||
ed25519/sha512.c ed25519/sha512.h \
|
||||
ed25519/sign.c \
|
||||
ed25519/verify.c
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
#include "ed25519.h"
|
||||
|
||||
#ifndef ED25519_NO_SEED
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#include <wincrypt.h>
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
int ed25519_create_seed(unsigned char *seed) {
|
||||
#ifdef _WIN32
|
||||
HCRYPTPROV prov;
|
||||
|
||||
if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!CryptGenRandom(prov, 32, seed)) {
|
||||
CryptReleaseContext(prov, 0);
|
||||
return 1;
|
||||
}
|
||||
|
||||
CryptReleaseContext(prov, 0);
|
||||
#else
|
||||
FILE *f = fopen("/dev/urandom", "rb");
|
||||
|
||||
if (f == NULL) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
fread(seed, 1, 32, f);
|
||||
fclose(f);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
crypto.c -- Cryptographic miscellaneous functions and initialisation
|
||||
Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -25,8 +25,65 @@
|
|||
|
||||
#include "../crypto.h"
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
|
||||
static int random_fd = -1;
|
||||
|
||||
static void random_init(void) {
|
||||
random_fd = open("/dev/urandom", O_RDONLY);
|
||||
if(random_fd < 0)
|
||||
random_fd = open("/dev/random", O_RDONLY);
|
||||
if(random_fd < 0) {
|
||||
fprintf(stderr, "Could not open source of random numbers: %s\n", strerror(errno));
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
static void random_exit(void) {
|
||||
close(random_fd);
|
||||
}
|
||||
|
||||
void randomize(void *out, size_t outlen) {
|
||||
while(outlen) {
|
||||
size_t len = read(random_fd, out, outlen);
|
||||
if(len <= 0) {
|
||||
if(errno == EAGAIN || errno == EINTR)
|
||||
continue;
|
||||
fprintf(stderr, "Could not read random numbers: %s\n", strerror(errno));
|
||||
abort();
|
||||
}
|
||||
out += len;
|
||||
outlen -= len;
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#include <wincrypt.h>
|
||||
HCRYPTPROV prov;
|
||||
|
||||
void random_init(void) {
|
||||
if(!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
|
||||
fprintf(stderr, "CryptAcquireContext() failed!\n");
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
void random_exit(void) {
|
||||
CryptReleaseContext(prov, 0);
|
||||
}
|
||||
|
||||
void randomize(void *out, size_t outlen) {
|
||||
if(!CryptGenRandom(prov, outlen, out)) {
|
||||
fprintf(stderr, "CryptGenRandom() failed\n");
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
void crypto_init(void) {
|
||||
RAND_load_file("/dev/urandom", 1024);
|
||||
random_init();
|
||||
|
||||
ENGINE_load_builtin_engines();
|
||||
ENGINE_register_all_complete();
|
||||
|
|
@ -42,8 +99,5 @@ void crypto_init(void) {
|
|||
|
||||
void crypto_exit(void) {
|
||||
EVP_cleanup();
|
||||
}
|
||||
|
||||
void randomize(void *out, size_t outlen) {
|
||||
RAND_pseudo_bytes(out, outlen);
|
||||
random_exit();
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue