From: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed, 24 Dec 2014 15:54:12 +0000 (+0100)
Subject: Avoid using OpenSSL's random number functions.
X-Git-Tag: release-1.1pre11~18
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=a99ded7d987c3242f972162e02767c498257f2b8

Avoid using OpenSSL's random number functions.
---

diff --git a/src/Makefile.am b/src/Makefile.am
index c48e3fdd..02d7ec2b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -21,7 +21,6 @@ ed25519_SOURCES = \
 	ed25519/keypair.c \
 	ed25519/precomp_data.h \
 	ed25519/sc.c ed25519/sc.h \
-	ed25519/seed.c \
 	ed25519/sha512.c ed25519/sha512.h \
 	ed25519/sign.c \
 	ed25519/verify.c
diff --git a/src/ed25519/seed.c b/src/ed25519/seed.c
deleted file mode 100644
index ca4089c1..00000000
--- a/src/ed25519/seed.c
+++ /dev/null
@@ -1,40 +0,0 @@
-#include "ed25519.h"
-
-#ifndef ED25519_NO_SEED
-
-#ifdef _WIN32
-#include <windows.h>
-#include <wincrypt.h>
-#else
-#include <stdio.h>
-#endif
-
-int ed25519_create_seed(unsigned char *seed) {
-#ifdef _WIN32
-    HCRYPTPROV prov;
-
-    if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))  {
-        return 1;
-    }
-
-    if (!CryptGenRandom(prov, 32, seed))  {
-        CryptReleaseContext(prov, 0);
-        return 1;
-    }
-
-    CryptReleaseContext(prov, 0);
-#else
-    FILE *f = fopen("/dev/urandom", "rb");
-
-    if (f == NULL) {
-        return 1;
-    }
-
-    fread(seed, 1, 32, f);
-    fclose(f);
-#endif
-
-    return 0;
-}
-
-#endif
\ No newline at end of file
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index 6c5cbc88..ed8c8e29 100644
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -1,6 +1,6 @@
 /*
     crypto.c -- Cryptographic miscellaneous functions and initialisation
-    Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -25,8 +25,65 @@
 
 #include "../crypto.h"
 
+#ifndef HAVE_MINGW
+
+static int random_fd = -1;
+
+static void random_init(void) {
+	random_fd = open("/dev/urandom", O_RDONLY);
+	if(random_fd < 0)
+		random_fd = open("/dev/random", O_RDONLY);
+	if(random_fd < 0) {
+		fprintf(stderr, "Could not open source of random numbers: %s\n", strerror(errno));
+		abort();
+	}
+}
+
+static void random_exit(void) {
+	close(random_fd);
+}
+
+void randomize(void *out, size_t outlen) {
+	while(outlen) {
+		size_t len = read(random_fd, out, outlen);
+		if(len <= 0) {
+			if(errno == EAGAIN || errno == EINTR)
+				continue;
+			fprintf(stderr, "Could not read random numbers: %s\n", strerror(errno));
+			abort();
+		}
+		out += len;
+		outlen -= len;
+	}
+}
+
+#else
+
+#include <wincrypt.h>
+HCRYPTPROV prov;
+
+void random_init(void) {
+	if(!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+		fprintf(stderr, "CryptAcquireContext() failed!\n");
+		abort();
+	}
+}
+
+void random_exit(void) {
+	CryptReleaseContext(prov, 0);
+}
+
+void randomize(void *out, size_t outlen) {
+	if(!CryptGenRandom(prov, outlen, out)) {
+		fprintf(stderr, "CryptGenRandom() failed\n");
+		abort();
+	}
+}
+
+#endif
+
 void crypto_init(void) {
-	RAND_load_file("/dev/urandom", 1024);
+	random_init();
 
 	ENGINE_load_builtin_engines();
 	ENGINE_register_all_complete();
@@ -42,8 +99,5 @@ void crypto_init(void) {
 
 void crypto_exit(void) {
 	EVP_cleanup();
-}
-
-void randomize(void *out, size_t outlen) {
-	RAND_pseudo_bytes(out, outlen);
+	random_exit();
 }