# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../csprng/0001-configure-add-option-to-disable-http-rng.patch
# Copyright (C) 2013 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
From 1ff114f41520671408445e18835b34a756e29650 Mon Sep 17 00:00:00 2001
From: Christian Wiese <chris@opensde.org>
Date: Wed, 4 Sep 2013 22:39:09 +0200
Subject: [PATCH] configure: add option to disable http rng
---
configure.ac | 17 +++++++++++++++++
src/Makefile.am | 15 ++++++++++-----
src/csprng.c | 12 ++++++++++++
test/Makefile.am | 5 ++++-
utils/csprng-generate.c | 6 ++++++
5 files changed, 49 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 40dfaa4..12fd277 100755
--- a/configure.ac
+++ b/configure.ac
@@ -55,6 +55,23 @@ AC_FUNC_SELECT_ARGTYPES
AC_TYPE_SIGNAL
AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt clock_gettime])
+#### disable http rng feature (default: enabled)
+AC_ARG_ENABLE([http-rng],
+ AS_HELP_STRING([--disable-http-rng], [Disable feature to fetch random data via http from random.irb.hr]))
+
+AS_IF([test "x$enable_http_rng" != "xno"], [
+ dnl Do the stuff needed for enabling the feature
+ DISABLE_HTTP_RNG="yes"
+])
+
+AM_CONDITIONAL([ENABLE_HTTP_RNG], [test "x$DISABLE_HTTP_RNG" = "xyes"])
+
+# Define HTTP_RNG in config.h if we're going to compile against it
+if test "x$DISABLE_HTTP_RNG" = "xyes"; then
+ AC_DEFINE([ENABLE_HTTP_RNG], 1, ["Define to 1 if you want to enable http rng feature."])
+ AC_MSG_NOTICE([disable http rng])
+fi
+
#### Find OpenSSL
AC_MSG_CHECKING([for --with-openssl])
AC_ARG_WITH(
diff --git a/src/Makefile.am b/src/Makefile.am
index 8e1a2bb..fb0ff98 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -16,6 +16,14 @@ libcsprng_la_LIBADD =
libcsprng_la_CPPFLAGS = -I$(top_srcdir)/include
libcsprng_la_LDFLAGS = -version-number @CSPRNG_LT_VERSION@
+if ENABLE_HTTP_RNG
+HTTP_RNG_SOURCES = \
+ QRBG.h \
+ QRBG.cpp \
+ qrbg-c.cpp \
+ http_rng.c
+endif
+
# Sources
# The shell script is the easy way to do this, by far. But it may not
# be sufficiently portable.
@@ -29,11 +37,8 @@ libcsprng_la_SOURCES = \
csprng.c \
memt19937ar-JH.c \
sha1_rng.c \
- fips.c \
- QRBG.h \
- QRBG.cpp \
- qrbg-c.cpp \
- http_rng.c
+ $(HTTP_RNG_SOURCES) \
+ fips.c
MAINTAINERCLEANFILES = Makefile.in
diff --git a/src/csprng.c b/src/csprng.c
index 76823e2..89dedad 100644
--- a/src/csprng.c
+++ b/src/csprng.c
@@ -38,7 +38,9 @@ along with CSRNG. If not, see <http://www.gnu.org/licenses/>.
#include <csprng/nist_ctr_drbg.h>
#include <csprng/memt19937ar-JH.h>
#include <csprng/sha1_rng.h>
+#if defined(ENABLE_HTTP_RNG)
#include <csprng/http_rng.h>
+#endif
#include <csprng/csprng.h>
#include <csprng/fips.h>
@@ -282,6 +284,7 @@ static void fill_buffer_using_SHA ( rng_buf_type* data )
}
//}}}
+#if defined(ENABLE_HTTP_RNG)
//{{{ static void fill_buffer_using_HTTP ( rng_buf_type* data )
static void fill_buffer_using_HTTP ( rng_buf_type* data )
{
@@ -332,6 +335,7 @@ static void fill_buffer_using_HTTP ( rng_buf_type* data )
return;
}
//}}}
+#endif
//{{{ static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
@@ -380,9 +384,11 @@ static const unsigned char* get_data_from_RNG_buffer ( rng_buf_type* data, unsig
case SHA1_RNG:
fill_buffer_using_SHA (data);
break;
+#if defined(ENABLE_HTTP_RNG)
case HTTP_RNG:
fill_buffer_using_HTTP (data);
break;
+#endif
case MT_RNG:
fill_buffer_using_MT_RNG (data);
break;
@@ -906,9 +912,11 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
unsigned int allocated_size; //Number of bytes allocated for seed.
rng_state_type rng_state;
csprng_state_type* csprng_state;
+#if defined(ENABLE_HTTP_RNG)
char* QRBG_RNG_login_name; //User name for random.irb.hr
char* QRBG_RNG_passwd; //Password for random.irb.hr
char HTTP_source_bitmask; //source bitmask for http_random_init
+#endif
//{{{ Init csprng_state, do sanity checks
assert ( mode_of_operation->entropy_source < SOURCES_COUNT );
@@ -1072,6 +1080,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
}
//}}}
+#if defined(ENABLE_HTTP_RNG)
//{{{ Check if need HTTP_RNG and init it
if ( csprng_state->mode.entropy_source == HTTP_RNG || csprng_state->mode.add_input_source == HTTP_RNG ) {
QRBG_RNG_login_name = getenv("QRBG_USER");
@@ -1097,6 +1106,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
if ( unsetenv("QRBG_PASSWD") ) fprintf(stderr, "WARNING: unsetenv(\"QRBG_PASSWD\") failed with %s.\n", strerror(errno));
}
//}}}
+#endif
//{{{ Check if need HAVEGE and init it
if ( csprng_state->mode.entropy_source == HAVEGE || csprng_state->mode.add_input_source == HAVEGE ) {
@@ -1485,9 +1495,11 @@ csprng_destroy ( csprng_state_type* csprng_state )
destroy_buffer( csprng_state->entropy_buf );
}
+#if defined(ENABLE_HTTP_RNG)
if ( csprng_state->http != NULL ) {
http_random_destroy( csprng_state->http );
}
+#endif
if ( csprng_state->sha != NULL ) {
destroy_SHA1( csprng_state->sha );
diff --git a/test/Makefile.am b/test/Makefile.am
index d3e045e..023ded7 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -4,7 +4,10 @@ include $(top_srcdir)/common.mk
#bin_PROGRAMS = openssl-rand sha1_main memt qrbg_main http_main ctr_drbg_test
#TODO - link static does not work for qrbg_main.c => move it to C++ ??
-bin_PROGRAMS = openssl-rand_main sha1_main memt_main qrbg_main http_main ctr_drbg_test havege_main
+bin_PROGRAMS = openssl-rand_main sha1_main memt_main ctr_drbg_test havege_main
+if ENABLE_HTTP_RNG
+ bin_PROGRAMS += qrbg_main http_main
+endif
if HAVE_LIBTESTU01
bin_PROGRAMS += TestU01_raw_stdin_input_with_log
endif
diff --git a/utils/csprng-generate.c b/utils/csprng-generate.c
index f9207fb..7a1928a 100644
--- a/utils/csprng-generate.c
+++ b/utils/csprng-generate.c
@@ -832,7 +832,9 @@ int main(int argc, char **argv) {
mode_of_operation.file_read_size = 16384;
mode_of_operation.max_number_of_csprng_blocks = arguments.max_num_of_blocks;
mode_of_operation.random_length_of_csprng_generated_bytes = arguments.randomize_num_of_blocks;
+#if defined(ENABLE_HTTP_RNG)
mode_of_operation.http_random_verbosity = arguments.verbose;
+#endif
fips_state = fips_approved_csprng_initialize(arguments.fips_test, 0, &mode_of_operation);
@@ -942,9 +944,11 @@ int main(int argc, char **argv) {
current_time = time(NULL);
strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(¤t_time));
fprintf ( stderr, "\n========================= %s ==========================\n", current_time_string );
+#if defined(ENABLE_HTTP_RNG)
if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
http_random_status( fips_state->csprng_state->http, 1);
}
+#endif
print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
fprintf(stderr, "\n");
if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );
@@ -968,9 +972,11 @@ int main(int argc, char **argv) {
current_time = time(NULL);
strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(¤t_time));
fprintf ( stderr, "\n======FINAL REPORT======= %s ==========================\n", current_time_string );
+#if defined(ENABLE_HTTP_RNG)
if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
http_random_status( fips_state->csprng_state->http, 1);
}
+#endif
print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
fprintf(stderr, "\n");
if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );
--
1.7.2.3