mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
Refactored to rand_bytes for OpenSSL-independency
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
This commit is contained in:
parent
0a18017472
commit
6825182b81
@ -85,7 +85,7 @@ openvpn_SOURCES = \
|
||||
clinat.c clinat.h \
|
||||
common.h \
|
||||
config-win32.h \
|
||||
crypto.c crypto.h \
|
||||
crypto.c crypto.h crypto_backend.h \
|
||||
dhcp.c dhcp.h \
|
||||
errlevel.h \
|
||||
error.c error.h \
|
||||
@ -152,6 +152,11 @@ configure.h: Makefile
|
||||
awk -f $(srcdir)/configure_h.awk config.h > $@
|
||||
awk -f $(srcdir)/configure_log.awk config.log >> $@
|
||||
|
||||
if USE_OPENSSL
|
||||
openvpn_SOURCES += \
|
||||
crypto_openssl.c crypto_openssl.h
|
||||
endif
|
||||
|
||||
dist-hook:
|
||||
cd $(distdir) && for i in $(EXTRA_DIST) $(SUBDIRS) ; do find $$i -name .svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E '(^|\/)\.?\#|\~$$|\.s?o$$'` ; done
|
||||
|
||||
|
11
crypto.c
11
crypto.c
@ -6,6 +6,7 @@
|
||||
* packet compression.
|
||||
*
|
||||
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
||||
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2
|
||||
@ -803,8 +804,8 @@ generate_key_random (struct key *key, const struct key_type *kt)
|
||||
if (kt->digest && kt->hmac_length > 0 && kt->hmac_length <= hmac_len)
|
||||
hmac_len = kt->hmac_length;
|
||||
}
|
||||
if (!RAND_bytes (key->cipher, cipher_len)
|
||||
|| !RAND_bytes (key->hmac, hmac_len))
|
||||
if (!rand_bytes (key->cipher, cipher_len)
|
||||
|| !rand_bytes (key->hmac, hmac_len))
|
||||
msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation");
|
||||
|
||||
dmsg (D_SHOW_KEY_SOURCE, "Cipher source entropy: %s", format_hex (key->cipher, cipher_len, 0, &gc));
|
||||
@ -870,7 +871,7 @@ test_crypto (const struct crypto_options *co, struct frame* frame)
|
||||
ASSERT (buf_init (&src, 0));
|
||||
ASSERT (i <= src.capacity);
|
||||
src.len = i;
|
||||
ASSERT (RAND_pseudo_bytes (BPTR (&src), BLEN (&src)));
|
||||
ASSERT (rand_bytes (BPTR (&src), BLEN (&src)));
|
||||
|
||||
/* copy source to input buf */
|
||||
buf = work;
|
||||
@ -1671,7 +1672,7 @@ prng_init (const char *md_name, const int nonce_secret_len_parm)
|
||||
nonce_data = (uint8_t*) malloc (size);
|
||||
check_malloc_return (nonce_data);
|
||||
#if 1 /* Must be 1 for real usage */
|
||||
if (!RAND_bytes (nonce_data, size))
|
||||
if (!rand_bytes (nonce_data, size))
|
||||
msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for PRNG");
|
||||
#else
|
||||
/* Only for testing -- will cause a predictable PRNG sequence */
|
||||
@ -1716,7 +1717,7 @@ prng_bytes (uint8_t *output, int len)
|
||||
}
|
||||
}
|
||||
else
|
||||
RAND_bytes (output, len);
|
||||
rand_bytes (output, len);
|
||||
}
|
||||
|
||||
/* an analogue to the random() function, but use prng_bytes */
|
||||
|
61
crypto_backend.h
Normal file
61
crypto_backend.h
Normal file
@ -0,0 +1,61 @@
|
||||
/*
|
||||
* OpenVPN -- An application to securely tunnel IP networks
|
||||
* over a single TCP/UDP port, with support for SSL/TLS-based
|
||||
* session authentication and key exchange,
|
||||
* packet encryption, packet authentication, and
|
||||
* packet compression.
|
||||
*
|
||||
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
||||
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program (see the file COPYING included with this
|
||||
* distribution); if not, write to the Free Software Foundation, Inc.,
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file Data Channel Cryptography SSL library-specific backend interface
|
||||
*/
|
||||
|
||||
#ifndef CRYPTO_BACKEND_H_
|
||||
#define CRYPTO_BACKEND_H_
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
#include "crypto_openssl.h"
|
||||
#endif
|
||||
|
||||
#include "basic.h"
|
||||
|
||||
/*
|
||||
*
|
||||
* Random number functions, used in cases where we want
|
||||
* reasonably strong cryptographic random number generation
|
||||
* without depleting our entropy pool. Used for random
|
||||
* IV values and a number of other miscellaneous tasks.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Wrapper for secure random number generator. Retrieves len bytes of random
|
||||
* data, and places it in output.
|
||||
*
|
||||
* @param output Output buffer
|
||||
* @param len Length of the output buffer, in bytes
|
||||
*
|
||||
* @return \c 1 on success, \c 0 on failure
|
||||
*/
|
||||
int rand_bytes (uint8_t *output, int len);
|
||||
|
||||
#endif /* CRYPTO_BACKEND_H_ */
|
53
crypto_openssl.c
Normal file
53
crypto_openssl.c
Normal file
@ -0,0 +1,53 @@
|
||||
/*
|
||||
* OpenVPN -- An application to securely tunnel IP networks
|
||||
* over a single TCP/UDP port, with support for SSL/TLS-based
|
||||
* session authentication and key exchange,
|
||||
* packet encryption, packet authentication, and
|
||||
* packet compression.
|
||||
*
|
||||
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
||||
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program (see the file COPYING included with this
|
||||
* distribution); if not, write to the Free Software Foundation, Inc.,
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file Data Channel Cryptography OpenSSL-specific backend interface
|
||||
*/
|
||||
|
||||
#include "syshead.h"
|
||||
|
||||
#include "basic.h"
|
||||
#include "buffer.h"
|
||||
#include "integer.h"
|
||||
#include "crypto_backend.h"
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/des.h>
|
||||
|
||||
/*
|
||||
*
|
||||
* Random number functions, used in cases where we want
|
||||
* reasonably strong cryptographic random number generation
|
||||
* without depleting our entropy pool. Used for random
|
||||
* IV values and a number of other miscellaneous tasks.
|
||||
*
|
||||
*/
|
||||
|
||||
int rand_bytes(uint8_t *output, int len)
|
||||
{
|
||||
return RAND_bytes (output, len);
|
||||
}
|
||||
|
37
crypto_openssl.h
Normal file
37
crypto_openssl.h
Normal file
@ -0,0 +1,37 @@
|
||||
/*
|
||||
* OpenVPN -- An application to securely tunnel IP networks
|
||||
* over a single TCP/UDP port, with support for SSL/TLS-based
|
||||
* session authentication and key exchange,
|
||||
* packet encryption, packet authentication, and
|
||||
* packet compression.
|
||||
*
|
||||
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
||||
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program (see the file COPYING included with this
|
||||
* distribution); if not, write to the Free Software Foundation, Inc.,
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file Data Channel Cryptography OpenSSL-specific backend interface
|
||||
*/
|
||||
|
||||
#ifndef CRYPTO_OPENSSL_H_
|
||||
#define CRYPTO_OPENSSL_H_
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#endif /* CRYPTO_OPENSSL_H_ */
|
2
init.c
2
init.c
@ -751,7 +751,7 @@ init_static (void)
|
||||
#if 1
|
||||
prng_bytes (rndbuf, sizeof (rndbuf));
|
||||
#else
|
||||
ASSERT(RAND_bytes (rndbuf, sizeof (rndbuf)));
|
||||
ASSERT(rand_bytes (rndbuf, sizeof (rndbuf)));
|
||||
#endif
|
||||
printf ("[%d] %s\n", i, format_hex (rndbuf, sizeof (rndbuf), 0, &gc));
|
||||
}
|
||||
|
2
proxy.c
2
proxy.c
@ -740,7 +740,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p,
|
||||
const char *opaque = get_pa_var("opaque", pa, &gc);
|
||||
|
||||
/* generate a client nonce */
|
||||
ASSERT(RAND_bytes(cnonce_raw, sizeof(cnonce_raw)));
|
||||
ASSERT(rand_bytes(cnonce_raw, sizeof(cnonce_raw)));
|
||||
cnonce = make_base64_string2(cnonce_raw, sizeof(cnonce_raw), &gc);
|
||||
|
||||
|
||||
|
2
ssl.c
2
ssl.c
@ -3916,7 +3916,7 @@ random_bytes_to_buf (struct buffer *buf,
|
||||
uint8_t *out,
|
||||
int outlen)
|
||||
{
|
||||
if (!RAND_bytes (out, outlen))
|
||||
if (!rand_bytes (out, outlen))
|
||||
msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation [SSL]");
|
||||
if (!buf_write (buf, out, outlen))
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user