karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

csprng: improved to be able to disable the fetching of random data via http

stable/0.5
Christian Wiese 12 years ago committed by Christian Wiese
parent
c5c9b51041
commit
0c7b0a8fc3
2 changed files with 209 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 206
      security/csprng/0001-add-disable-http-rng.patch
  2. 3
      security/csprng/csprng.conf

206
security/csprng/0001-add-disable-http-rng.patch
Unescape View File

@ -0,0 +1,206 @@
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../csprng/0001-add-disable-http-rng.patch
# Copyright (C) 2013 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
This patch introduces a new configure option '--disable-http-rng' to disable
the feature to fetch random data via http from random.irb.hr.
--- a/configure.ac 2013-09-04 15:24:23.917623411 +0200
+++ b/configure.ac 2013-09-04 15:33:53.843839270 +0200
@@ -55,6 +55,23 @@
AC_TYPE_SIGNAL
AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt clock_gettime])
+#### disable http rng feature (default: enabled)
+AC_ARG_ENABLE([http-rng],
+ AS_HELP_STRING([--disable-http-rng], [Disable feature to fetch random data via http from random.irb.hr]))
+
+AS_IF([test "x$enable_http_rng" != "xno"], [
+ dnl Do the stuff needed for enabling the feature
+ DISABLE_HTTP_RNG="yes"
+])
+
+AM_CONDITIONAL([ENABLE_HTTP_RNG], [test "x$DISABLE_HTTP_RNG" = "xyes"])
+
+# Define HTTP_RNG in config.h if we're going to compile against it
+if test "x$DISABLE_HTTP_RNG" = "xyes"; then
+ AC_DEFINE([ENABLE_HTTP_RNG], 1, ["Define to 1 if you want to enable http rng feature."])
+ AC_MSG_NOTICE([disable http rng])
+fi
+
#### Find OpenSSL
AC_MSG_CHECKING([for --with-openssl])
AC_ARG_WITH(
--- a/src/Makefile.am 2013-09-04 13:25:26.970114877 +0200
+++ b/src/Makefile.am 2013-09-04 15:43:09.946405852 +0200
@@ -16,6 +16,14 @@
libcsprng_la_CPPFLAGS = -I$(top_srcdir)/include
libcsprng_la_LDFLAGS = -version-number @CSPRNG_LT_VERSION@
+if ENABLE_HTTP_RNG
+ HTTP_RNG_SOURCES= \
+ QRBG.h \
+ QRBG.cpp \
+ qrbg-c.cpp \
+ http_rng.c
+endif
+
# Sources
# The shell script is the easy way to do this, by far. But it may not
# be sufficiently portable.
@@ -29,11 +37,8 @@
csprng.c \
memt19937ar-JH.c \
sha1_rng.c \
- fips.c \
- QRBG.h \
- QRBG.cpp \
- qrbg-c.cpp \
- http_rng.c
+ $(HTTP_RNG_SOURCES) \
+ fips.c
MAINTAINERCLEANFILES = Makefile.in
--- a/src/csprng.c 2013-09-04 14:41:34.295736601 +0200
+++ b/src/csprng.c 2013-09-04 15:37:22.230823512 +0200
@@ -38,7 +38,9 @@
#include <csprng/nist_ctr_drbg.h>
#include <csprng/memt19937ar-JH.h>
#include <csprng/sha1_rng.h>
+#if defined(ENABLE_HTTP_RNG)
#include <csprng/http_rng.h>
+#endif
#include <csprng/csprng.h>
#include <csprng/fips.h>
@@ -282,6 +284,7 @@
}
//}}}
+#if defined(ENABLE_HTTP_RNG)
//{{{ static void fill_buffer_using_HTTP ( rng_buf_type* data )
static void fill_buffer_using_HTTP ( rng_buf_type* data )
{
@@ -332,6 +335,7 @@
return;
}
//}}}
+#endif
//{{{ static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
@@ -380,9 +384,11 @@
case SHA1_RNG:
fill_buffer_using_SHA (data);
break;
+#if defined(ENABLE_HTTP_RNG)
case HTTP_RNG:
fill_buffer_using_HTTP (data);
break;
+#endif
case MT_RNG:
fill_buffer_using_MT_RNG (data);
break;
@@ -906,9 +912,11 @@
unsigned int allocated_size; //Number of bytes allocated for seed.
rng_state_type rng_state;
csprng_state_type* csprng_state;
+#if defined(ENABLE_HTTP_RNG)
char* QRBG_RNG_login_name; //User name for random.irb.hr
char* QRBG_RNG_passwd; //Password for random.irb.hr
char HTTP_source_bitmask; //source bitmask for http_random_init
+#endif
//{{{ Init csprng_state, do sanity checks
assert ( mode_of_operation->entropy_source < SOURCES_COUNT );
@@ -1072,6 +1080,7 @@
}
//}}}
+#if defined(ENABLE_HTTP_RNG)
//{{{ Check if need HTTP_RNG and init it
if ( csprng_state->mode.entropy_source == HTTP_RNG || csprng_state->mode.add_input_source == HTTP_RNG ) {
QRBG_RNG_login_name = getenv("QRBG_USER");
@@ -1097,6 +1106,7 @@
if ( unsetenv("QRBG_PASSWD") ) fprintf(stderr, "WARNING: unsetenv(\"QRBG_PASSWD\") failed with %s.\n", strerror(errno));
}
//}}}
+#endif
//{{{ Check if need HAVEGE and init it
if ( csprng_state->mode.entropy_source == HAVEGE || csprng_state->mode.add_input_source == HAVEGE ) {
@@ -1485,9 +1495,11 @@
destroy_buffer( csprng_state->entropy_buf );
}
+#if defined(ENABLE_HTTP_RNG)
if ( csprng_state->http != NULL ) {
http_random_destroy( csprng_state->http );
}
+#endif
if ( csprng_state->sha != NULL ) {
destroy_SHA1( csprng_state->sha );
--- a/test/Makefile.am 2013-09-04 15:14:20.288198731 +0200
+++ b/test/Makefile.am 2013-09-04 15:18:27.146249565 +0200
@@ -4,7 +4,10 @@
#bin_PROGRAMS = openssl-rand sha1_main memt qrbg_main http_main ctr_drbg_test
#TODO - link static does not work for qrbg_main.c => move it to C++ ??
-bin_PROGRAMS = openssl-rand_main sha1_main memt_main qrbg_main http_main ctr_drbg_test havege_main
+bin_PROGRAMS = openssl-rand_main sha1_main memt_main ctr_drbg_test havege_main
+if ENABLE_HTTP_RNG
+ bin_PROGRAMS += qrbg_main http_main
+endif
if HAVE_LIBTESTU01
bin_PROGRAMS += TestU01_raw_stdin_input_with_log
endif
--- a/utils/csprng-generate.c 2013-09-04 14:39:26.110846139 +0200
+++ b/utils/csprng-generate.c 2013-09-04 15:13:04.426054925 +0200
@@ -832,7 +832,9 @@
mode_of_operation.file_read_size = 16384;
mode_of_operation.max_number_of_csprng_blocks = arguments.max_num_of_blocks;
mode_of_operation.random_length_of_csprng_generated_bytes = arguments.randomize_num_of_blocks;
+#if defined(ENABLE_HTTP_RNG)
mode_of_operation.http_random_verbosity = arguments.verbose;
+#endif
fips_state = fips_approved_csprng_initialize(arguments.fips_test, 0, &mode_of_operation);
@@ -942,9 +944,11 @@
current_time = time(NULL);
strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(&current_time));
fprintf ( stderr, "\n========================= %s ==========================\n", current_time_string );
+#if defined(ENABLE_HTTP_RNG)
if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
http_random_status( fips_state->csprng_state->http, 1);
}
+#endif
print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
fprintf(stderr, "\n");
if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );
@@ -968,9 +972,11 @@
current_time = time(NULL);
strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(&current_time));
fprintf ( stderr, "\n======FINAL REPORT======= %s ==========================\n", current_time_string );
+#if defined(ENABLE_HTTP_RNG)
if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
http_random_status( fips_state->csprng_state->http, 1);
}
+#endif
print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
fprintf(stderr, "\n");
if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );

3
security/csprng/csprng.conf
Unescape View File

@ -12,6 +12,9 @@
# GNU General Public License can be found in the file COPYING.
# --- SDE-COPYRIGHT-NOTE-END ---
# we patch in --disable-http-rng
hook_add preconf 9 'autoreconf -vfi'
# cross-compiling help
if atstage cross; then
# always assuming a "gnu compatible" malloc

Write Preview
Loading…
Cancel
Save