package-update/security/csprng/0001-configure-add-option-to-disable-http-rng.patch

# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../csprng/0001-configure-add-option-to-disable-http-rng.patch
# Copyright (C) 2013 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---

From 1ff114f41520671408445e18835b34a756e29650 Mon Sep 17 00:00:00 2001
From: Christian Wiese <chris@opensde.org>
Date: Wed, 4 Sep 2013 22:39:09 +0200
Subject: [PATCH] configure: add option to disable http rng

---
 configure.ac            |   17 +++++++++++++++++
 src/Makefile.am         |   15 ++++++++++-----
 src/csprng.c            |   12 ++++++++++++
 test/Makefile.am        |    5 ++++-
 utils/csprng-generate.c |    6 ++++++
 5 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index 40dfaa4..12fd277 100755
--- a/configure.ac
+++ b/configure.ac
@@ -55,6 +55,23 @@ AC_FUNC_SELECT_ARGTYPES
 AC_TYPE_SIGNAL
 AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt clock_gettime])
 
+#### disable http rng feature (default: enabled)
+AC_ARG_ENABLE([http-rng],
+    AS_HELP_STRING([--disable-http-rng], [Disable feature to fetch random data via http from random.irb.hr]))
+
+AS_IF([test "x$enable_http_rng" != "xno"], [
+	dnl Do the stuff needed for enabling the feature
+	DISABLE_HTTP_RNG="yes"
+])
+
+AM_CONDITIONAL([ENABLE_HTTP_RNG], [test "x$DISABLE_HTTP_RNG" = "xyes"])
+
+# Define HTTP_RNG in config.h if we're going to compile against it
+if test "x$DISABLE_HTTP_RNG" = "xyes"; then
+    AC_DEFINE([ENABLE_HTTP_RNG], 1, ["Define to 1 if you want to enable http rng feature."])
+    AC_MSG_NOTICE([disable http rng])
+fi
+
 #### Find OpenSSL
 AC_MSG_CHECKING([for --with-openssl])
 AC_ARG_WITH(
diff --git a/src/Makefile.am b/src/Makefile.am
index 8e1a2bb..fb0ff98 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -16,6 +16,14 @@ libcsprng_la_LIBADD =
 libcsprng_la_CPPFLAGS = -I$(top_srcdir)/include
 libcsprng_la_LDFLAGS = -version-number @CSPRNG_LT_VERSION@
 
+if ENABLE_HTTP_RNG
+HTTP_RNG_SOURCES = \
+		QRBG.h \
+		QRBG.cpp \
+		qrbg-c.cpp \
+		http_rng.c
+endif
+
 # Sources
 # The shell script is the easy way to do this, by far.  But it may not
 # be sufficiently portable.
@@ -29,11 +37,8 @@ libcsprng_la_SOURCES = \
 		       csprng.c \
 		       memt19937ar-JH.c \
 		       sha1_rng.c \
-                       fips.c \
-                       QRBG.h \
-                       QRBG.cpp \
-                       qrbg-c.cpp \
-		       http_rng.c
+		       $(HTTP_RNG_SOURCES) \
+		       fips.c
 
 MAINTAINERCLEANFILES = Makefile.in
 
diff --git a/src/csprng.c b/src/csprng.c
index 76823e2..89dedad 100644
--- a/src/csprng.c
+++ b/src/csprng.c
@@ -38,7 +38,9 @@ along with CSRNG.  If not, see <http://www.gnu.org/licenses/>.
 #include <csprng/nist_ctr_drbg.h>
 #include <csprng/memt19937ar-JH.h>
 #include <csprng/sha1_rng.h>
+#if defined(ENABLE_HTTP_RNG)
 #include <csprng/http_rng.h>
+#endif
 #include <csprng/csprng.h>
 #include <csprng/fips.h>
 
@@ -282,6 +284,7 @@ static void fill_buffer_using_SHA ( rng_buf_type* data )
 }
 //}}}
 
+#if defined(ENABLE_HTTP_RNG)
 //{{{ static void fill_buffer_using_HTTP ( rng_buf_type* data )
 static void fill_buffer_using_HTTP ( rng_buf_type* data )
 {
@@ -332,6 +335,7 @@ static void fill_buffer_using_HTTP ( rng_buf_type* data )
   return;
 }
 //}}}
+#endif
 
 //{{{ static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
 static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
@@ -380,9 +384,11 @@ static const unsigned char* get_data_from_RNG_buffer ( rng_buf_type* data, unsig
       case SHA1_RNG:
         fill_buffer_using_SHA (data);
         break;
+#if defined(ENABLE_HTTP_RNG)
       case HTTP_RNG:
         fill_buffer_using_HTTP (data);
         break;
+#endif
       case MT_RNG:
         fill_buffer_using_MT_RNG (data);
         break;
@@ -906,9 +912,11 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
   unsigned int allocated_size;  //Number of bytes allocated for seed.
   rng_state_type rng_state;
   csprng_state_type* csprng_state;
+#if defined(ENABLE_HTTP_RNG)
   char* QRBG_RNG_login_name;       //User name for random.irb.hr
   char* QRBG_RNG_passwd;           //Password for  random.irb.hr
   char HTTP_source_bitmask;        //source bitmask for http_random_init 
+#endif
 
   //{{{ Init csprng_state, do sanity checks
   assert ( mode_of_operation->entropy_source   < SOURCES_COUNT );
@@ -1072,6 +1080,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
   }
   //}}} 
 
+#if defined(ENABLE_HTTP_RNG)
   //{{{ Check if need HTTP_RNG and init it
   if ( csprng_state->mode.entropy_source == HTTP_RNG || csprng_state->mode.add_input_source == HTTP_RNG ) {
     QRBG_RNG_login_name = getenv("QRBG_USER");
@@ -1097,6 +1106,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
     if ( unsetenv("QRBG_PASSWD") ) fprintf(stderr, "WARNING: unsetenv(\"QRBG_PASSWD\") failed with %s.\n", strerror(errno));
   }
   //}}}
+#endif
 
   //{{{ Check if need HAVEGE and init it
   if ( csprng_state->mode.entropy_source == HAVEGE || csprng_state->mode.add_input_source == HAVEGE ) {
@@ -1485,9 +1495,11 @@ csprng_destroy ( csprng_state_type* csprng_state )
     destroy_buffer( csprng_state->entropy_buf );
   }
 
+#if defined(ENABLE_HTTP_RNG)
   if ( csprng_state->http != NULL ) {
     http_random_destroy( csprng_state->http );
   }
+#endif
 
   if ( csprng_state->sha != NULL ) {
     destroy_SHA1( csprng_state->sha );
diff --git a/test/Makefile.am b/test/Makefile.am
index d3e045e..023ded7 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -4,7 +4,10 @@ include $(top_srcdir)/common.mk
 #bin_PROGRAMS = openssl-rand sha1_main memt qrbg_main http_main ctr_drbg_test
 #TODO - link static does not work for qrbg_main.c => move it to C++ ??
 
-bin_PROGRAMS = openssl-rand_main sha1_main memt_main qrbg_main http_main ctr_drbg_test havege_main 
+bin_PROGRAMS = openssl-rand_main sha1_main memt_main ctr_drbg_test havege_main 
+if ENABLE_HTTP_RNG
+  bin_PROGRAMS += qrbg_main http_main
+endif
 if HAVE_LIBTESTU01
   bin_PROGRAMS += TestU01_raw_stdin_input_with_log
 endif
diff --git a/utils/csprng-generate.c b/utils/csprng-generate.c
index f9207fb..7a1928a 100644
--- a/utils/csprng-generate.c
+++ b/utils/csprng-generate.c
@@ -832,7 +832,9 @@ int main(int argc, char **argv) {
   mode_of_operation.file_read_size = 16384;
   mode_of_operation.max_number_of_csprng_blocks   = arguments.max_num_of_blocks;
   mode_of_operation.random_length_of_csprng_generated_bytes = arguments.randomize_num_of_blocks;
+#if defined(ENABLE_HTTP_RNG)
   mode_of_operation.http_random_verbosity         = arguments.verbose;
+#endif
 
   fips_state = fips_approved_csprng_initialize(arguments.fips_test, 0, &mode_of_operation);
 
@@ -942,9 +944,11 @@ int main(int argc, char **argv) {
       current_time = time(NULL);
       strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(&current_time));
       fprintf ( stderr, "\n========================= %s ==========================\n", current_time_string );
+#if defined(ENABLE_HTTP_RNG)
       if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
         http_random_status( fips_state->csprng_state->http, 1);
       }
+#endif
       print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
       fprintf(stderr, "\n");
       if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );
@@ -968,9 +972,11 @@ int main(int argc, char **argv) {
   current_time = time(NULL);
   strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(&current_time));
   fprintf ( stderr, "\n======FINAL REPORT======= %s ==========================\n", current_time_string );
+#if defined(ENABLE_HTTP_RNG)
   if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
     http_random_status( fips_state->csprng_state->http, 1);
   }
+#endif
   print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
   fprintf(stderr, "\n");
   if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );
-- 
1.7.2.3