OpenSDE
/
package-nopast
3
0
Fork 0
Code Issues 9 Projects 1 Releases Activity
OpenSDE Packages Database (without history before r20070)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11735 Commits
49 Branches
0 Tags
34 MiB
Tree: d16cefe0ba
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd16cefe0ba'
${ noResults }
package-nopast/security/csprng/0001-configure-add-option-t...

229 lines
8.6 KiB
Raw Normal View History

csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: fixed patch that adds --disable-http-rng option variables shouldn't be "prefixed" with a \t.
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: fixed patch that adds --disable-http-rng option variables shouldn't be "prefixed" with a \t.
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: fixed patch that adds --disable-http-rng option variables shouldn't be "prefixed" with a \t.
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
csprng: improved to be able to disable the fetching of random data via http
11 years ago
csprng: renamed patch for disabling http rng
11 years ago
  1. # --- SDE-COPYRIGHT-NOTE-BEGIN ---
  2. # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
  3. #
  4. # Filename: package/.../csprng/0001-configure-add-option-to-disable-http-rng.patch
  5. # Copyright (C) 2013 The OpenSDE Project
  6. #
  7. # More information can be found in the files COPYING and README.
  8. #
  9. # This patch file is dual-licensed. It is available under the license the
  10. # patched project is licensed under, as long as it is an OpenSource license
  11. # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  12. # of the GNU General Public License as published by the Free Software
  13. # Foundation; either version 2 of the License, or (at your option) any later
  14. # version.
  15. # --- SDE-COPYRIGHT-NOTE-END ---
  17. From 1ff114f41520671408445e18835b34a756e29650 Mon Sep 17 00:00:00 2001
  18. From: Christian Wiese <chris@opensde.org>
  19. Date: Wed, 4 Sep 2013 22:39:09 +0200
  20. Subject: [PATCH] configure: add option to disable http rng
  22. ---
  23. configure.ac | 17 +++++++++++++++++
  24. src/Makefile.am | 15 ++++++++++-----
  25. src/csprng.c | 12 ++++++++++++
  26. test/Makefile.am | 5 ++++-
  27. utils/csprng-generate.c | 6 ++++++
  28. 5 files changed, 49 insertions(+), 6 deletions(-)
  30. diff --git a/configure.ac b/configure.ac
  31. index 40dfaa4..12fd277 100755
  32. --- a/configure.ac
  33. +++ b/configure.ac
  34. @@ -55,6 +55,23 @@ AC_FUNC_SELECT_ARGTYPES
  35. AC_TYPE_SIGNAL
  36. AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt clock_gettime])
  38. +#### disable http rng feature (default: enabled)
  39. +AC_ARG_ENABLE([http-rng],
  40. + AS_HELP_STRING([--disable-http-rng], [Disable feature to fetch random data via http from random.irb.hr]))
  41. +
  42. +AS_IF([test "x$enable_http_rng" != "xno"], [
  43. + dnl Do the stuff needed for enabling the feature
  44. + DISABLE_HTTP_RNG="yes"
  45. +])
  46. +
  47. +AM_CONDITIONAL([ENABLE_HTTP_RNG], [test "x$DISABLE_HTTP_RNG" = "xyes"])
  48. +
  49. +# Define HTTP_RNG in config.h if we're going to compile against it
  50. +if test "x$DISABLE_HTTP_RNG" = "xyes"; then
  51. + AC_DEFINE([ENABLE_HTTP_RNG], 1, ["Define to 1 if you want to enable http rng feature."])
  52. + AC_MSG_NOTICE([disable http rng])
  53. +fi
  54. +
  55. #### Find OpenSSL
  56. AC_MSG_CHECKING([for --with-openssl])
  57. AC_ARG_WITH(
  58. diff --git a/src/Makefile.am b/src/Makefile.am
  59. index 8e1a2bb..fb0ff98 100644
  60. --- a/src/Makefile.am
  61. +++ b/src/Makefile.am
  62. @@ -16,6 +16,14 @@ libcsprng_la_LIBADD =
  63. libcsprng_la_CPPFLAGS = -I$(top_srcdir)/include
  64. libcsprng_la_LDFLAGS = -version-number @CSPRNG_LT_VERSION@
  66. +if ENABLE_HTTP_RNG
  67. +HTTP_RNG_SOURCES = \
  68. + QRBG.h \
  69. + QRBG.cpp \
  70. + qrbg-c.cpp \
  71. + http_rng.c
  72. +endif
  73. +
  74. # Sources
  75. # The shell script is the easy way to do this, by far. But it may not
  76. # be sufficiently portable.
  77. @@ -29,11 +37,8 @@ libcsprng_la_SOURCES = \
  78. csprng.c \
  79. memt19937ar-JH.c \
  80. sha1_rng.c \
  81. - fips.c \
  82. - QRBG.h \
  83. - QRBG.cpp \
  84. - qrbg-c.cpp \
  85. - http_rng.c
  86. + $(HTTP_RNG_SOURCES) \
  87. + fips.c
  89. MAINTAINERCLEANFILES = Makefile.in
  91. diff --git a/src/csprng.c b/src/csprng.c
  92. index 76823e2..89dedad 100644
  93. --- a/src/csprng.c
  94. +++ b/src/csprng.c
  95. @@ -38,7 +38,9 @@ along with CSRNG. If not, see <http://www.gnu.org/licenses/>.
  96. #include <csprng/nist_ctr_drbg.h>
  97. #include <csprng/memt19937ar-JH.h>
  98. #include <csprng/sha1_rng.h>
  99. +#if defined(ENABLE_HTTP_RNG)
  100. #include <csprng/http_rng.h>
  101. +#endif
  102. #include <csprng/csprng.h>
  103. #include <csprng/fips.h>
  105. @@ -282,6 +284,7 @@ static void fill_buffer_using_SHA ( rng_buf_type* data )
  106. }
  107. //}}}
  109. +#if defined(ENABLE_HTTP_RNG)
  110. //{{{ static void fill_buffer_using_HTTP ( rng_buf_type* data )
  111. static void fill_buffer_using_HTTP ( rng_buf_type* data )
  112. {
  113. @@ -332,6 +335,7 @@ static void fill_buffer_using_HTTP ( rng_buf_type* data )
  114. return;
  115. }
  116. //}}}
  117. +#endif
  119. //{{{ static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
  120. static void fill_buffer_using_MT_RNG ( rng_buf_type* data )
  121. @@ -380,9 +384,11 @@ static const unsigned char* get_data_from_RNG_buffer ( rng_buf_type* data, unsig
  122. case SHA1_RNG:
  123. fill_buffer_using_SHA (data);
  124. break;
  125. +#if defined(ENABLE_HTTP_RNG)
  126. case HTTP_RNG:
  127. fill_buffer_using_HTTP (data);
  128. break;
  129. +#endif
  130. case MT_RNG:
  131. fill_buffer_using_MT_RNG (data);
  132. break;
  133. @@ -906,9 +912,11 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
  134. unsigned int allocated_size; //Number of bytes allocated for seed.
  135. rng_state_type rng_state;
  136. csprng_state_type* csprng_state;
  137. +#if defined(ENABLE_HTTP_RNG)
  138. char* QRBG_RNG_login_name; //User name for random.irb.hr
  139. char* QRBG_RNG_passwd; //Password for random.irb.hr
  140. char HTTP_source_bitmask; //source bitmask for http_random_init
  141. +#endif
  143. //{{{ Init csprng_state, do sanity checks
  144. assert ( mode_of_operation->entropy_source < SOURCES_COUNT );
  145. @@ -1072,6 +1080,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
  146. }
  147. //}}}
  149. +#if defined(ENABLE_HTTP_RNG)
  150. //{{{ Check if need HTTP_RNG and init it
  151. if ( csprng_state->mode.entropy_source == HTTP_RNG || csprng_state->mode.add_input_source == HTTP_RNG ) {
  152. QRBG_RNG_login_name = getenv("QRBG_USER");
  153. @@ -1097,6 +1106,7 @@ csprng_state_type* csprng_initialize( const mode_of_operation_type* mode_of_oper
  154. if ( unsetenv("QRBG_PASSWD") ) fprintf(stderr, "WARNING: unsetenv(\"QRBG_PASSWD\") failed with %s.\n", strerror(errno));
  155. }
  156. //}}}
  157. +#endif
  159. //{{{ Check if need HAVEGE and init it
  160. if ( csprng_state->mode.entropy_source == HAVEGE || csprng_state->mode.add_input_source == HAVEGE ) {
  161. @@ -1485,9 +1495,11 @@ csprng_destroy ( csprng_state_type* csprng_state )
  162. destroy_buffer( csprng_state->entropy_buf );
  163. }
  165. +#if defined(ENABLE_HTTP_RNG)
  166. if ( csprng_state->http != NULL ) {
  167. http_random_destroy( csprng_state->http );
  168. }
  169. +#endif
  171. if ( csprng_state->sha != NULL ) {
  172. destroy_SHA1( csprng_state->sha );
  173. diff --git a/test/Makefile.am b/test/Makefile.am
  174. index d3e045e..023ded7 100644
  175. --- a/test/Makefile.am
  176. +++ b/test/Makefile.am
  177. @@ -4,7 +4,10 @@ include $(top_srcdir)/common.mk
  178. #bin_PROGRAMS = openssl-rand sha1_main memt qrbg_main http_main ctr_drbg_test
  179. #TODO - link static does not work for qrbg_main.c => move it to C++ ??
  181. -bin_PROGRAMS = openssl-rand_main sha1_main memt_main qrbg_main http_main ctr_drbg_test havege_main
  182. +bin_PROGRAMS = openssl-rand_main sha1_main memt_main ctr_drbg_test havege_main
  183. +if ENABLE_HTTP_RNG
  184. + bin_PROGRAMS += qrbg_main http_main
  185. +endif
  186. if HAVE_LIBTESTU01
  187. bin_PROGRAMS += TestU01_raw_stdin_input_with_log
  188. endif
  189. diff --git a/utils/csprng-generate.c b/utils/csprng-generate.c
  190. index f9207fb..7a1928a 100644
  191. --- a/utils/csprng-generate.c
  192. +++ b/utils/csprng-generate.c
  193. @@ -832,7 +832,9 @@ int main(int argc, char **argv) {
  194. mode_of_operation.file_read_size = 16384;
  195. mode_of_operation.max_number_of_csprng_blocks = arguments.max_num_of_blocks;
  196. mode_of_operation.random_length_of_csprng_generated_bytes = arguments.randomize_num_of_blocks;
  197. +#if defined(ENABLE_HTTP_RNG)
  198. mode_of_operation.http_random_verbosity = arguments.verbose;
  199. +#endif
  201. fips_state = fips_approved_csprng_initialize(arguments.fips_test, 0, &mode_of_operation);
  203. @@ -942,9 +944,11 @@ int main(int argc, char **argv) {
  204. current_time = time(NULL);
  205. strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(&current_time));
  206. fprintf ( stderr, "\n========================= %s ==========================\n", current_time_string );
  207. +#if defined(ENABLE_HTTP_RNG)
  208. if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
  209. http_random_status( fips_state->csprng_state->http, 1);
  210. }
  211. +#endif
  212. print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
  213. fprintf(stderr, "\n");
  214. if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );
  215. @@ -968,9 +972,11 @@ int main(int argc, char **argv) {
  216. current_time = time(NULL);
  217. strftime(current_time_string, sizeof(current_time_string) , "%a %b %H:%M:%S %Y", localtime(&current_time));
  218. fprintf ( stderr, "\n======FINAL REPORT======= %s ==========================\n", current_time_string );
  219. +#if defined(ENABLE_HTTP_RNG)
  220. if ( arguments.entropy_source == HTTP_RNG || arguments.add_input_source == HTTP_RNG ) {
  221. http_random_status( fips_state->csprng_state->http, 1);
  222. }
  223. +#endif
  224. print_statistics(total_bytes_written, arguments.unlimited, remaining_bytes, arguments.size, stderr, &start_time);
  225. fprintf(stderr, "\n");
  226. if ( arguments.fips_test) fprintf ( stderr, "%s", dump_fips_statistics ( &fips_state->fips_ctx.fips_statistics ) );
  227. --
  228. 1.7.2.3