Check-in [8fd7944e81]
Overview
Comment:Improved checking for entropy sources
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 8fd7944e8146533b5a5466b60085006b9776c229edc593757fdbe8c091fa835b
User & Date: rkeene on 2018-07-02 21:24:22
Other Links: manifest | tags
Context
2018-07-02
23:07
Improvements to block handling check-in: 7811cddc2e user: rkeene tags: trunk
21:24
Improved checking for entropy sources check-in: 8fd7944e81 user: rkeene tags: trunk
20:37
Use correct build path for testing check-in: f932e88e25 user: rkeene tags: trunk
Changes

Modified .fossil-settings/ignore-glob from [8f7b522e82] to [06761af2ef].

1
2



3
4
5
6
7
8
9
nano.so
nano.o



nano.syms
nano.tcl.h
Makefile
pkgIndex.tcl
aclocal.m4
config.guess
config.sub


>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
nano.so
nano.o
randombytes.o
blake2b.o
tweetnacl.o
nano.syms
nano.tcl.h
Makefile
pkgIndex.tcl
aclocal.m4
config.guess
config.sub

Modified Makefile.in from [c774748e94] to [373b671eea].

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
CC            := @CC@
AR            := @AR@
RANLIB        := @RANLIB@
CFLAGS        := @CFLAGS@ @SHOBJFLAGS@
CPPFLAGS      := -I. -I@srcdir@/tweetnacl/ -I@srcdir@/blake2b/ -DNACL_ED25519_BLAKE2B=1 @CPPFLAGS@ @SHOBJCPPFLAGS@ @DEFS@
LDFLAGS       := @LDFLAGS@
LIBS          := @LIBS@
SHOBJLDFLAGS  := @SHOBJLDFLAGS@
srcdir        := @srcdir@
export CC CFLAGS CPPFLAGS

all: @EXTENSION_TARGET@ pkgIndex.tcl

@EXTENSION_TARGET@: tweetnacl.o blake2b.o nano.o Makefile
ifeq (@TCLEXT_BUILD@,shared)
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o tweetnacl.o blake2b.o $(LIBS)
	-@WEAKENSYMS@ @EXTENSION_TARGET@
	-@REMOVESYMS@ @EXTENSION_TARGET@
else
	rm -f @EXTENSION_TARGET@
	$(AR) rc @EXTENSION_TARGET@ nano.o blake2b.o tweetnacl.o
	-$(RANLIB) @EXTENSION_TARGET@
endif

pkgIndex.tcl: pkgIndex.tcl-@TCLEXT_BUILD@
	cp pkgIndex.tcl-@TCLEXT_BUILD@ pkgIndex.tcl

nano.o: @srcdir@/nano.c @srcdir@/tweetnacl/tweetnacl.h @srcdir@/blake2b/blake2.h nano.tcl.h Makefile
	$(CC) $(CPPFLAGS) $(CFLAGS) -o nano.o -c @srcdir@/nano.c




nano.tcl.h: @srcdir@/nano.tcl Makefile
	od -A n -v -t xC < '@srcdir@/nano.tcl' > nano.tcl.h.new.1
	sed 's@  *@@g;s@..@0x&, @g' < nano.tcl.h.new.1 > nano.tcl.h.new.2
	rm -f nano.tcl.h.new.1
	mv nano.tcl.h.new.2 nano.tcl.h

tweetnacl.o: @srcdir@/tweetnacl/tweetnacl.c @srcdir@/tweetnacl/tweetnacl.h
	$(CC) $(CPPFLAGS) $(CFLAGS) -o tweetnacl.o -c @srcdir@/tweetnacl/tweetnacl.c

blake2b.o: @srcdir@/blake2b/blake2b.c @srcdir@/blake2b/blake2.h @srcdir@/blake2b/blake2-impl.h
	$(CC) $(CPPFLAGS) $(CFLAGS) -o blake2b.o -c @srcdir@/blake2b/blake2b.c

test: @EXTENSION_TARGET@
	@srcdir@/build/test/test.tcl .

clean:
	rm -f @EXTENSION_TARGET@ nano.o
	rm -f blake2b.o tweetnacl.o

distclean: clean
	rm -f Makefile pkgIndex.tcl-shared pkgIndex.tcl-static nano.syms
	rm -f pkgIndex.tcl
	rm -f config.log config.status
	rm -f nano.tcl.h nano.tcl.h.new.1 nano.tcl.h.new.2

mrproper: distclean
	rm -f configure aclocal.m4 config.guess config.sub install-sh
	rm -rf tweetnacl blake2b
	rm -rf build/tweetnacl/out build/blake2b/out

.PHONY: all test clean distclean mrproper













|

|




|






|


>
>
>

















|













1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
CC            := @CC@
AR            := @AR@
RANLIB        := @RANLIB@
CFLAGS        := @CFLAGS@ @SHOBJFLAGS@
CPPFLAGS      := -I. -I@srcdir@/tweetnacl/ -I@srcdir@/blake2b/ -DNACL_ED25519_BLAKE2B=1 @CPPFLAGS@ @SHOBJCPPFLAGS@ @DEFS@
LDFLAGS       := @LDFLAGS@
LIBS          := @LIBS@
SHOBJLDFLAGS  := @SHOBJLDFLAGS@
srcdir        := @srcdir@
export CC CFLAGS CPPFLAGS

all: @EXTENSION_TARGET@ pkgIndex.tcl

@EXTENSION_TARGET@: tweetnacl.o blake2b.o randombytes.o nano.o Makefile
ifeq (@TCLEXT_BUILD@,shared)
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o randombytes.o tweetnacl.o blake2b.o $(LIBS)
	-@WEAKENSYMS@ @EXTENSION_TARGET@
	-@REMOVESYMS@ @EXTENSION_TARGET@
else
	rm -f @EXTENSION_TARGET@
	$(AR) rc @EXTENSION_TARGET@ nano.o randombytes.o blake2b.o tweetnacl.o
	-$(RANLIB) @EXTENSION_TARGET@
endif

pkgIndex.tcl: pkgIndex.tcl-@TCLEXT_BUILD@
	cp pkgIndex.tcl-@TCLEXT_BUILD@ pkgIndex.tcl

nano.o: @srcdir@/nano.c @srcdir@/tweetnacl/tweetnacl.h @srcdir@/blake2b/blake2.h @srcdir@/randombytes.h nano.tcl.h Makefile
	$(CC) $(CPPFLAGS) $(CFLAGS) -o nano.o -c @srcdir@/nano.c

randombytes.o: @srcdir@/randombytes.c @srcdir@/randombytes.h
	$(CC) $(CPPFLAGS) $(CFLAGS) -o randombytes.o -c @srcdir@/randombytes.c

nano.tcl.h: @srcdir@/nano.tcl Makefile
	od -A n -v -t xC < '@srcdir@/nano.tcl' > nano.tcl.h.new.1
	sed 's@  *@@g;s@..@0x&, @g' < nano.tcl.h.new.1 > nano.tcl.h.new.2
	rm -f nano.tcl.h.new.1
	mv nano.tcl.h.new.2 nano.tcl.h

tweetnacl.o: @srcdir@/tweetnacl/tweetnacl.c @srcdir@/tweetnacl/tweetnacl.h
	$(CC) $(CPPFLAGS) $(CFLAGS) -o tweetnacl.o -c @srcdir@/tweetnacl/tweetnacl.c

blake2b.o: @srcdir@/blake2b/blake2b.c @srcdir@/blake2b/blake2.h @srcdir@/blake2b/blake2-impl.h
	$(CC) $(CPPFLAGS) $(CFLAGS) -o blake2b.o -c @srcdir@/blake2b/blake2b.c

test: @EXTENSION_TARGET@
	@srcdir@/build/test/test.tcl .

clean:
	rm -f @EXTENSION_TARGET@ nano.o
	rm -f blake2b.o tweetnacl.o randombytes.o

distclean: clean
	rm -f Makefile pkgIndex.tcl-shared pkgIndex.tcl-static nano.syms
	rm -f pkgIndex.tcl
	rm -f config.log config.status
	rm -f nano.tcl.h nano.tcl.h.new.1 nano.tcl.h.new.2

mrproper: distclean
	rm -f configure aclocal.m4 config.guess config.sub install-sh
	rm -rf tweetnacl blake2b
	rm -rf build/tweetnacl/out build/blake2b/out

.PHONY: all test clean distclean mrproper

Modified configure.ac from [f696851fb3] to [1c59841736].

57
58
59
60
61
62
63







64
65
66
67
68
69
70
	AX_CHECK_COMPILE_FLAG([-Wno-self-assign], [CFLAGS="$CFLAGS -Wno-self-assign"])
])

dnl Enable hardening
AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"])
AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"])
AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification])








dnl Sync the RPATH if requested
if test "$TCLEXT_BUILD" != 'static'; then
	if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
		DC_SYNC_RPATH([no])
	else
		DC_SYNC_RPATH([yes])







>
>
>
>
>
>
>







57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
	AX_CHECK_COMPILE_FLAG([-Wno-self-assign], [CFLAGS="$CFLAGS -Wno-self-assign"])
])

dnl Enable hardening
AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"])
AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"])
AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification])

dnl Random number generation mechanisms
AC_CHECK_FUNC(getrandom,, [
	AC_CHECK_FUNC(getentropy,, [
		AC_CHECK_FUNC(CryptGenRandom)
	])
])

dnl Sync the RPATH if requested
if test "$TCLEXT_BUILD" != 'static'; then
	if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
		DC_SYNC_RPATH([no])
	else
		DC_SYNC_RPATH([yes])

Modified nano.c from [f56ecd10ff] to [3fe2cef44c].

1
2
3
4
5
6
7

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#include <stdint.h>
#include <limits.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <tcl.h>


#include "tweetnacl.h"
#include "blake2.h"

#define NANO_SECRET_KEY_LENGTH (crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES)
#define NANO_PUBLIC_KEY_LENGTH (crypto_sign_PUBLICKEYBYTES)
#define TclNano_AttemptAlloc(x) ((void *) Tcl_AttemptAlloc(x))
#define TclNano_Free(x) Tcl_Free((char *) x)

#if defined(HAVE_GETRANDOM)
#  ifdef HAVE_SYS_RANDOM_H
#    include <sys/random.h>
#  endif

void randombytes(uint8_t *buffer, uint64_t length) {
	ssize_t gr_ret;

	while (length > 0) {
		gr_ret = getrandom(buffer, length, 0);
		if (gr_ret <= 0) {
			continue;
		}

		buffer += gr_ret;
		length -= gr_ret;
	}

	return;
}
#elif defined(HAVE_GETENTROPY)
void randombytes(uint8_t *buffer, uint64_t length) {
	int ge_ret;
	int current_length;

	while (length > 0) {
		current_length = length;
		if (current_length > 256) {
			current_length = 256;
		}

		ge_ret = getentropy(buffer, current_length);
		if (ge_ret != 0) {
			continue;
		}

		buffer += current_length;
		length -= current_length;
	}

	return;
}
#else
#  ifdef HAVE_SYS_TYPES_H
#    include <sys/types.h>
#  endif
#  ifdef HAVE_SYS_STAT_H
#    include <sys/stat.h>
#  endif
#  ifdef HAVE_FCNTL_H
#    include <fcntl.h>
# endif
void randombytes(uint8_t *buffer, uint64_t length) {
	ssize_t read_ret;
	int fd = -1;

	while (fd < 0) {
		fd = open("/dev/urandom", O_RDONLY);
	}

	while (length > 0) {
		read_ret = read(fd, buffer, length);
		if (read_ret <= 0) {
			continue;
		}

		buffer += read_ret;
		length -= read_ret;
	}

	close(fd);
	return;
}
#endif

static unsigned char *nano_parse_secret_key(Tcl_Obj *secret_key_only_obj, int *out_key_length) {
	unsigned char *secret_key, *public_key, *secret_key_only;
	int secret_key_length, secret_key_only_length;

	secret_key_only = Tcl_GetByteArrayFromObj(secret_key_only_obj, &secret_key_only_length);
	if (secret_key_only_length != NANO_SECRET_KEY_LENGTH) {
		return(NULL);







>








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16











































































17
18
19
20
21
22
23
#include <stdint.h>
#include <limits.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <tcl.h>

#include "randombytes.h"
#include "tweetnacl.h"
#include "blake2.h"

#define NANO_SECRET_KEY_LENGTH (crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES)
#define NANO_PUBLIC_KEY_LENGTH (crypto_sign_PUBLICKEYBYTES)
#define TclNano_AttemptAlloc(x) ((void *) Tcl_AttemptAlloc(x))
#define TclNano_Free(x) Tcl_Free((char *) x)












































































static unsigned char *nano_parse_secret_key(Tcl_Obj *secret_key_only_obj, int *out_key_length) {
	unsigned char *secret_key, *public_key, *secret_key_only;
	int secret_key_length, secret_key_only_length;

	secret_key_only = Tcl_GetByteArrayFromObj(secret_key_only_obj, &secret_key_only_length);
	if (secret_key_only_length != NANO_SECRET_KEY_LENGTH) {
		return(NULL);

Added randombytes.c version [71404a8978].































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#include "randombytes.h"

#if defined(HAVE_GETRANDOM)
#  ifdef HAVE_SYS_RANDOM_H
#    include <sys/random.h>
#  endif

void randombytes(uint8_t *buffer, uint64_t length) {
	ssize_t gr_ret;

	while (length > 0) {
		gr_ret = getrandom(buffer, length, 0);
		if (gr_ret <= 0) {
			continue;
		}

		buffer += gr_ret;
		length -= gr_ret;
	}

	return;
}
#elif defined(HAVE_GETENTROPY)
void randombytes(uint8_t *buffer, uint64_t length) {
	int ge_ret;
	int current_length;

	while (length > 0) {
		current_length = length;
		if (current_length > 256) {
			current_length = 256;
		}

		ge_ret = getentropy(buffer, current_length);
		if (ge_ret != 0) {
			continue;
		}

		buffer += current_length;
		length -= current_length;
	}

	return;
}
#else
#  ifdef HAVE_SYS_TYPES_H
#    include <sys/types.h>
#  endif
#  ifdef HAVE_SYS_STAT_H
#    include <sys/stat.h>
#  endif
#  ifdef HAVE_FCNTL_H
#    include <fcntl.h>
# endif
# ifdef HAVE_UNISTD_H
#    include <unistd.h>
# endif
void randombytes(uint8_t *buffer, uint64_t length) {
	ssize_t read_ret;
	int fd = -1;

	while (fd < 0) {
		fd = open("/dev/urandom", O_RDONLY);
	}

	while (length > 0) {
		read_ret = read(fd, buffer, length);
		if (read_ret <= 0) {
			continue;
		}

		buffer += read_ret;
		length -= read_ret;
	}

	close(fd);
	return;
}
#endif

Added randombytes.h version [424e250e05].





>
>
1
2
#include <stdint.h>
void randombytes(uint8_t *buffer, uint64_t length);