Overview
Comment: | Improved checking for entropy sources |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
8fd7944e8146533b5a5466b60085006b |
User & Date: | rkeene on 2018-07-02 21:24:22 |
Other Links: | manifest | tags |
Context
2018-07-02
| ||
23:07 | Improvements to block handling check-in: 7811cddc2e user: rkeene tags: trunk | |
21:24 | Improved checking for entropy sources check-in: 8fd7944e81 user: rkeene tags: trunk | |
20:37 | Use correct build path for testing check-in: f932e88e25 user: rkeene tags: trunk | |
Changes
Modified .fossil-settings/ignore-glob from [8f7b522e82] to [06761af2ef].
1 2 3 4 5 6 7 8 9 | nano.so nano.o nano.syms nano.tcl.h Makefile pkgIndex.tcl aclocal.m4 config.guess config.sub | > > > | 1 2 3 4 5 6 7 8 9 10 11 12 | nano.so nano.o randombytes.o blake2b.o tweetnacl.o nano.syms nano.tcl.h Makefile pkgIndex.tcl aclocal.m4 config.guess config.sub |
︙ | ︙ |
Modified Makefile.in from [c774748e94] to [373b671eea].
1 2 3 4 5 6 7 8 9 10 11 12 13 | CC := @CC@ AR := @AR@ RANLIB := @RANLIB@ CFLAGS := @CFLAGS@ @SHOBJFLAGS@ CPPFLAGS := -I. -I@srcdir@/tweetnacl/ -I@srcdir@/blake2b/ -DNACL_ED25519_BLAKE2B=1 @CPPFLAGS@ @SHOBJCPPFLAGS@ @DEFS@ LDFLAGS := @LDFLAGS@ LIBS := @LIBS@ SHOBJLDFLAGS := @SHOBJLDFLAGS@ srcdir := @srcdir@ export CC CFLAGS CPPFLAGS all: @EXTENSION_TARGET@ pkgIndex.tcl | | | | | > > > | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | CC := @CC@ AR := @AR@ RANLIB := @RANLIB@ CFLAGS := @CFLAGS@ @SHOBJFLAGS@ CPPFLAGS := -I. -I@srcdir@/tweetnacl/ -I@srcdir@/blake2b/ -DNACL_ED25519_BLAKE2B=1 @CPPFLAGS@ @SHOBJCPPFLAGS@ @DEFS@ LDFLAGS := @LDFLAGS@ LIBS := @LIBS@ SHOBJLDFLAGS := @SHOBJLDFLAGS@ srcdir := @srcdir@ export CC CFLAGS CPPFLAGS all: @EXTENSION_TARGET@ pkgIndex.tcl @EXTENSION_TARGET@: tweetnacl.o blake2b.o randombytes.o nano.o Makefile ifeq (@TCLEXT_BUILD@,shared) $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o randombytes.o tweetnacl.o blake2b.o $(LIBS) -@WEAKENSYMS@ @EXTENSION_TARGET@ -@REMOVESYMS@ @EXTENSION_TARGET@ else rm -f @EXTENSION_TARGET@ $(AR) rc @EXTENSION_TARGET@ nano.o randombytes.o blake2b.o tweetnacl.o -$(RANLIB) @EXTENSION_TARGET@ endif pkgIndex.tcl: pkgIndex.tcl-@TCLEXT_BUILD@ cp pkgIndex.tcl-@TCLEXT_BUILD@ pkgIndex.tcl nano.o: @srcdir@/nano.c @srcdir@/tweetnacl/tweetnacl.h @srcdir@/blake2b/blake2.h @srcdir@/randombytes.h nano.tcl.h Makefile $(CC) $(CPPFLAGS) $(CFLAGS) -o nano.o -c @srcdir@/nano.c randombytes.o: @srcdir@/randombytes.c @srcdir@/randombytes.h $(CC) $(CPPFLAGS) $(CFLAGS) -o randombytes.o -c @srcdir@/randombytes.c nano.tcl.h: @srcdir@/nano.tcl Makefile od -A n -v -t xC < '@srcdir@/nano.tcl' > nano.tcl.h.new.1 sed 's@ *@@g;s@..@0x&, @g' < nano.tcl.h.new.1 > nano.tcl.h.new.2 rm -f nano.tcl.h.new.1 mv nano.tcl.h.new.2 nano.tcl.h tweetnacl.o: @srcdir@/tweetnacl/tweetnacl.c @srcdir@/tweetnacl/tweetnacl.h $(CC) $(CPPFLAGS) $(CFLAGS) -o tweetnacl.o -c @srcdir@/tweetnacl/tweetnacl.c blake2b.o: @srcdir@/blake2b/blake2b.c @srcdir@/blake2b/blake2.h @srcdir@/blake2b/blake2-impl.h $(CC) $(CPPFLAGS) $(CFLAGS) -o blake2b.o -c @srcdir@/blake2b/blake2b.c test: @EXTENSION_TARGET@ @srcdir@/build/test/test.tcl . clean: rm -f @EXTENSION_TARGET@ nano.o rm -f blake2b.o tweetnacl.o randombytes.o distclean: clean rm -f Makefile pkgIndex.tcl-shared pkgIndex.tcl-static nano.syms rm -f pkgIndex.tcl rm -f config.log config.status rm -f nano.tcl.h nano.tcl.h.new.1 nano.tcl.h.new.2 mrproper: distclean rm -f configure aclocal.m4 config.guess config.sub install-sh rm -rf tweetnacl blake2b rm -rf build/tweetnacl/out build/blake2b/out .PHONY: all test clean distclean mrproper |
Modified configure.ac from [f696851fb3] to [1c59841736].
︙ | ︙ | |||
57 58 59 60 61 62 63 64 65 66 67 68 69 70 | AX_CHECK_COMPILE_FLAG([-Wno-self-assign], [CFLAGS="$CFLAGS -Wno-self-assign"]) ]) dnl Enable hardening AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"]) AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"]) AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) dnl Sync the RPATH if requested if test "$TCLEXT_BUILD" != 'static'; then if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then DC_SYNC_RPATH([no]) else DC_SYNC_RPATH([yes]) | > > > > > > > | 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | AX_CHECK_COMPILE_FLAG([-Wno-self-assign], [CFLAGS="$CFLAGS -Wno-self-assign"]) ]) dnl Enable hardening AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"]) AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"]) AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) dnl Random number generation mechanisms AC_CHECK_FUNC(getrandom,, [ AC_CHECK_FUNC(getentropy,, [ AC_CHECK_FUNC(CryptGenRandom) ]) ]) dnl Sync the RPATH if requested if test "$TCLEXT_BUILD" != 'static'; then if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then DC_SYNC_RPATH([no]) else DC_SYNC_RPATH([yes]) |
︙ | ︙ |
Modified nano.c from [f56ecd10ff] to [3fe2cef44c].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | #include <stdint.h> #include <limits.h> #include <string.h> #include <stdlib.h> #include <unistd.h> #include <tcl.h> #include "tweetnacl.h" #include "blake2.h" #define NANO_SECRET_KEY_LENGTH (crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES) #define NANO_PUBLIC_KEY_LENGTH (crypto_sign_PUBLICKEYBYTES) #define TclNano_AttemptAlloc(x) ((void *) Tcl_AttemptAlloc(x)) #define TclNano_Free(x) Tcl_Free((char *) x) | > < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | #include <stdint.h> #include <limits.h> #include <string.h> #include <stdlib.h> #include <unistd.h> #include <tcl.h> #include "randombytes.h" #include "tweetnacl.h" #include "blake2.h" #define NANO_SECRET_KEY_LENGTH (crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES) #define NANO_PUBLIC_KEY_LENGTH (crypto_sign_PUBLICKEYBYTES) #define TclNano_AttemptAlloc(x) ((void *) Tcl_AttemptAlloc(x)) #define TclNano_Free(x) Tcl_Free((char *) x) static unsigned char *nano_parse_secret_key(Tcl_Obj *secret_key_only_obj, int *out_key_length) { unsigned char *secret_key, *public_key, *secret_key_only; int secret_key_length, secret_key_only_length; secret_key_only = Tcl_GetByteArrayFromObj(secret_key_only_obj, &secret_key_only_length); if (secret_key_only_length != NANO_SECRET_KEY_LENGTH) { return(NULL); |
︙ | ︙ |
Added randombytes.c version [71404a8978].
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | #include "randombytes.h" #if defined(HAVE_GETRANDOM) # ifdef HAVE_SYS_RANDOM_H # include <sys/random.h> # endif void randombytes(uint8_t *buffer, uint64_t length) { ssize_t gr_ret; while (length > 0) { gr_ret = getrandom(buffer, length, 0); if (gr_ret <= 0) { continue; } buffer += gr_ret; length -= gr_ret; } return; } #elif defined(HAVE_GETENTROPY) void randombytes(uint8_t *buffer, uint64_t length) { int ge_ret; int current_length; while (length > 0) { current_length = length; if (current_length > 256) { current_length = 256; } ge_ret = getentropy(buffer, current_length); if (ge_ret != 0) { continue; } buffer += current_length; length -= current_length; } return; } #else # ifdef HAVE_SYS_TYPES_H # include <sys/types.h> # endif # ifdef HAVE_SYS_STAT_H # include <sys/stat.h> # endif # ifdef HAVE_FCNTL_H # include <fcntl.h> # endif # ifdef HAVE_UNISTD_H # include <unistd.h> # endif void randombytes(uint8_t *buffer, uint64_t length) { ssize_t read_ret; int fd = -1; while (fd < 0) { fd = open("/dev/urandom", O_RDONLY); } while (length > 0) { read_ret = read(fd, buffer, length); if (read_ret <= 0) { continue; } buffer += read_ret; length -= read_ret; } close(fd); return; } #endif |
Added randombytes.h version [424e250e05].
> > | 1 2 | #include <stdint.h> void randombytes(uint8_t *buffer, uint64_t length); |