# --- SDE-COPYRIGHT-NOTE-BEGIN --- # This copyright note is auto-generated by ./scripts/Create-CopyPatch. # # Filename: package/.../csprng/0001-configure-add-option-to-disable-http-rng.patch # Copyright (C) 2013 The OpenSDE Project # # More information can be found in the files COPYING and README. # # This patch file is dual-licensed. It is available under the license the # patched project is licensed under, as long as it is an OpenSource license # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms # of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or (at your option) any later # version. # --- SDE-COPYRIGHT-NOTE-END --- From 1ff114f41520671408445e18835b34a756e29650 Mon Sep 17 00:00:00 2001 From: Christian Wiese Date: Wed, 4 Sep 2013 22:39:09 +0200 Subject: [PATCH] configure: add option to disable http rng --- configure.ac | 17 +++++++++++++++++ src/Makefile.am | 15 ++++++++++----- src/csprng.c | 12 ++++++++++++ test/Makefile.am | 5 ++++- utils/csprng-generate.c | 6 ++++++ 5 files changed, 49 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 40dfaa4..12fd277 100755 --- a/configure.ac +++ b/configure.ac @@ -55,6 +55,23 @@ AC_FUNC_SELECT_ARGTYPES AC_TYPE_SIGNAL AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt clock_gettime]) +#### disable http rng feature (default: enabled) +AC_ARG_ENABLE([http-rng], + AS_HELP_STRING([--disable-http-rng], [Disable feature to fetch random data via http from random.irb.hr])) + +AS_IF([test "x$enable_http_rng" != "xno"], [ + dnl Do the stuff needed for enabling the feature + DISABLE_HTTP_RNG="yes" +]) + +AM_CONDITIONAL([ENABLE_HTTP_RNG], [test "x$DISABLE_HTTP_RNG" = "xyes"]) + +# Define HTTP_RNG in config.h if we're going to compile against it +if test "x$DISABLE_HTTP_RNG" = "xyes"; then + AC_DEFINE([ENABLE_HTTP_RNG], 1, ["Define to 1 if you want to enable http rng feature."]) + AC_MSG_NOTICE([disable http rng]) +fi + #### Find OpenSSL AC_MSG_CHECKING([for --with-openssl]) AC_ARG_WITH( diff --git a/src/Makefile.am b/src/Makefile.am index 8e1a2bb..fb0ff98 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -16,6 +16,14 @@ libcsprng_la_LIBADD = libcsprng_la_CPPFLAGS = -I$(top_srcdir)/include libcsprng_la_LDFLAGS = -version-number @CSPRNG_LT_VERSION@ +if ENABLE_HTTP_RNG +HTTP_RNG_SOURCES = \ + QRBG.h \ + QRBG.cpp \ + qrbg-c.cpp \ + http_rng.c +endif + # Sources # The shell script is the easy way to do this, by far. But it may not # be sufficiently portable. @@ -29,11 +37,8 @@ libcsprng_la_SOURCES = \ csprng.c \ memt19937ar-JH.c \ sha1_rng.c \ - fips.c \ - QRBG.h \ - QRBG.cpp \ - qrbg-c.cpp \ - http_rng.c + $(HTTP_RNG_SOURCES) \ + fips.c MAINTAINERCLEANFILES = Makefile.in diff --git a/src/csprng.c b/src/csprng.c index 76823e2..89dedad 100644 --- a/src/csprng.c +++ b/src/csprng.c @@ -38,7 +38,9 @@ along with CSRNG. If not, see . #include #include #include +#if defined(ENABLE_HTTP_RNG) #include +#endif #include #include @@ -282,6 +284,7 @@ static void fill_buffer_using_SHA ( rng_buf_type* data ) } //}}} +#if defined(ENABLE_HTTP_RNG) //{{{ static void fill_buffer_using_HTTP ( rng_buf_type* data ) static void fill_buffer_using_HTTP ( rng_buf_type* data ) { @@ -332,6 +335,7 @@ static void fill_buffer_using_HTTP ( rng_buf_type* data ) return; } //}}} +#endif //{{{ static void fill_buffer_using_MT_RNG ( rng_buf_type* data ) static void fill_buffer_using_MT_RNG ( rng_buf_type* data ) @@ -380,9 +384,11 @@ static const unsigned char* get_data_from_RNG_buffer ( rng_buf_type* data, unsig case SHA1_RNG: fill_buffer_using_SHA (data); break; +#if defined(ENABLE_HTTP_RNG) case HTTP_RNG: fill_buffer_using_HTTP (data); break; +#endif case MT_RNG: fill_buffer_using_MT_RNG (data); break; @@ -906,9 +912,11 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper unsigned int allocated_size; //Number of bytes allocated for seed. rng_state_type rng_state; csprng_state_type* csprng_state; +#if defined(ENABLE_HTTP_RNG) char* QRBG_RNG_login_name; //User name for random.irb.hr char* QRBG_RNG_passwd; //Password for random.irb.hr char HTTP_source_bitmask; //source bitmask for http_random_init +#endif //{{{ Init csprng_state, do sanity checks assert ( mode_of_operation->entropy_source < SOURCES_COUNT ); @@ -1072,6 +1080,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper } //}}} +#if defined(ENABLE_HTTP_RNG) //{{{ Check if need HTTP_RNG and init it if ( csprng_state->mode.entropy_source == HTTP_RNG || csprng_state->mode.add_input_source == HTTP_RNG ) { QRBG_RNG_login_name = getenv("QRBG_USER"); @@ -1097,6 +1106,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper if ( unsetenv("QRBG_PASSWD") ) fprintf(stderr, "WARNING: unsetenv(\"QRBG_PASSWD\") failed with %s.\n", strerror(errno)); } //}}} +#endif //{{{ Check if need HAVEGE and init it if ( csprng_state->mode.entropy_source == HAVEGE || csprng_state->mode.add_input_source == HAVEGE ) { @@ -1485,9 +1495,11 @@ csprng_destroy ( csprng_state_type* csprng_state ) destroy_buffer( csprng_state->entropy_buf ); } +#if defined(ENABLE_HTTP_RNG) if ( csprng_state->http != NULL ) { http_random_destroy( csprng_state->http ); } +#endif if ( csprng_state->sha != NULL ) { destroy_SHA1( csprng_state->sha ); diff --git a/test/Makefile.am b/test/Makefile.am index d3e045e..023ded7 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -4,7 +4,10 @@ include $(top_srcdir)/common.mk #bin_PROGRAMS = openssl-rand sha1_main memt qrbg_main http_main ctr_drbg_test #TODO - link static does not work for qrbg_main.c => move it to C++ ?? -bin_PROGRAMS = openssl-rand_main sha1_main memt_main qrbg_main http_main ctr_drbg_test havege_main +bin_PROGRAMS = openssl-rand_main sha1_main memt_main ctr_drbg_test havege_main +if ENABLE_HTTP_RNG + bin_PROGRAMS += qrbg_main http_main +endif if HAVE_LIBTESTU01 bin_PROGRAMS += TestU01_raw_stdin_input_with_log endif diff --git a/utils/csprng-generate.c b/utils/csprng-generate.c index f9207fb..7a1928a 100644 --- a/utils/csprng-generate.c +++ b/utils/csprng-generate.c @@ -832,7 +832,9 @@ int main(int argc, char **argv) { mode_of_operation.file_read_size = 16384; mode_of_operation.max_number_of_csprng_blocks = arguments.max_num_of_blocks; mode_of_operation.random_length_of_csprng_generated_bytes = arguments.randomize_num_of_blocks; +#if defined(ENABLE_HTTP_RNG) mode_of_operation.http_random_verbosity = arguments.verbose; +#endif fips_state = fips_approved_csprng_initialize(arguments.fips_test, 0, &mode_of_operation); @@ -942,9 +944,11 @@ int main(int argc, char **argv) { current_time = time(NULL); strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(¤t_time)); fprintf ( stderr, "\n========================= %s ==========================\n", current_time_string ); +#if defined(ENABLE_HTTP_RNG) if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) { http_random_status( fips_state->csprng_state->http, 1); } +#endif print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time); fprintf(stderr, "\n"); if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) ); @@ -968,9 +972,11 @@ int main(int argc, char **argv) { current_time = time(NULL); strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(¤t_time)); fprintf ( stderr, "\n======FINAL REPORT======= %s ==========================\n", current_time_string ); +#if defined(ENABLE_HTTP_RNG) if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) { http_random_status( fips_state->csprng_state->http, 1); } +#endif print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time); fprintf(stderr, "\n"); if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) ); -- 1.7.2.3