Index: .fossil-settings/ignore-glob ================================================================== --- .fossil-settings/ignore-glob +++ .fossil-settings/ignore-glob @@ -1,7 +1,10 @@ nano.so nano.o +randombytes.o +blake2b.o +tweetnacl.o nano.syms nano.tcl.h Makefile pkgIndex.tcl aclocal.m4 Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -9,27 +9,30 @@ srcdir := @srcdir@ export CC CFLAGS CPPFLAGS all: @EXTENSION_TARGET@ pkgIndex.tcl -@EXTENSION_TARGET@: tweetnacl.o blake2b.o nano.o Makefile +@EXTENSION_TARGET@: tweetnacl.o blake2b.o randombytes.o nano.o Makefile ifeq (@TCLEXT_BUILD@,shared) - $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o tweetnacl.o blake2b.o $(LIBS) + $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o randombytes.o tweetnacl.o blake2b.o $(LIBS) -@WEAKENSYMS@ @EXTENSION_TARGET@ -@REMOVESYMS@ @EXTENSION_TARGET@ else rm -f @EXTENSION_TARGET@ - $(AR) rc @EXTENSION_TARGET@ nano.o blake2b.o tweetnacl.o + $(AR) rc @EXTENSION_TARGET@ nano.o randombytes.o blake2b.o tweetnacl.o -$(RANLIB) @EXTENSION_TARGET@ endif pkgIndex.tcl: pkgIndex.tcl-@TCLEXT_BUILD@ cp pkgIndex.tcl-@TCLEXT_BUILD@ pkgIndex.tcl -nano.o: @srcdir@/nano.c @srcdir@/tweetnacl/tweetnacl.h @srcdir@/blake2b/blake2.h nano.tcl.h Makefile +nano.o: @srcdir@/nano.c @srcdir@/tweetnacl/tweetnacl.h @srcdir@/blake2b/blake2.h @srcdir@/randombytes.h nano.tcl.h Makefile $(CC) $(CPPFLAGS) $(CFLAGS) -o nano.o -c @srcdir@/nano.c +randombytes.o: @srcdir@/randombytes.c @srcdir@/randombytes.h + $(CC) $(CPPFLAGS) $(CFLAGS) -o randombytes.o -c @srcdir@/randombytes.c + nano.tcl.h: @srcdir@/nano.tcl Makefile od -A n -v -t xC < '@srcdir@/nano.tcl' > nano.tcl.h.new.1 sed 's@ *@@g;s@..@0x&, @g' < nano.tcl.h.new.1 > nano.tcl.h.new.2 rm -f nano.tcl.h.new.1 mv nano.tcl.h.new.2 nano.tcl.h @@ -43,11 +46,11 @@ test: @EXTENSION_TARGET@ @srcdir@/build/test/test.tcl . clean: rm -f @EXTENSION_TARGET@ nano.o - rm -f blake2b.o tweetnacl.o + rm -f blake2b.o tweetnacl.o randombytes.o distclean: clean rm -f Makefile pkgIndex.tcl-shared pkgIndex.tcl-static nano.syms rm -f pkgIndex.tcl rm -f config.log config.status Index: configure.ac ================================================================== --- configure.ac +++ configure.ac @@ -59,10 +59,17 @@ dnl Enable hardening AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"]) AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"]) AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) + +dnl Random number generation mechanisms +AC_CHECK_FUNC(getrandom,, [ + AC_CHECK_FUNC(getentropy,, [ + AC_CHECK_FUNC(CryptGenRandom) + ]) +]) dnl Sync the RPATH if requested if test "$TCLEXT_BUILD" != 'static'; then if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then DC_SYNC_RPATH([no]) Index: nano.c ================================================================== --- nano.c +++ nano.c @@ -3,93 +3,19 @@ #include #include #include #include +#include "randombytes.h" #include "tweetnacl.h" #include "blake2.h" #define NANO_SECRET_KEY_LENGTH (crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES) #define NANO_PUBLIC_KEY_LENGTH (crypto_sign_PUBLICKEYBYTES) #define TclNano_AttemptAlloc(x) ((void *) Tcl_AttemptAlloc(x)) #define TclNano_Free(x) Tcl_Free((char *) x) -#if defined(HAVE_GETRANDOM) -# ifdef HAVE_SYS_RANDOM_H -# include -# endif - -void randombytes(uint8_t *buffer, uint64_t length) { - ssize_t gr_ret; - - while (length > 0) { - gr_ret = getrandom(buffer, length, 0); - if (gr_ret <= 0) { - continue; - } - - buffer += gr_ret; - length -= gr_ret; - } - - return; -} -#elif defined(HAVE_GETENTROPY) -void randombytes(uint8_t *buffer, uint64_t length) { - int ge_ret; - int current_length; - - while (length > 0) { - current_length = length; - if (current_length > 256) { - current_length = 256; - } - - ge_ret = getentropy(buffer, current_length); - if (ge_ret != 0) { - continue; - } - - buffer += current_length; - length -= current_length; - } - - return; -} -#else -# ifdef HAVE_SYS_TYPES_H -# include -# endif -# ifdef HAVE_SYS_STAT_H -# include -# endif -# ifdef HAVE_FCNTL_H -# include -# endif -void randombytes(uint8_t *buffer, uint64_t length) { - ssize_t read_ret; - int fd = -1; - - while (fd < 0) { - fd = open("/dev/urandom", O_RDONLY); - } - - while (length > 0) { - read_ret = read(fd, buffer, length); - if (read_ret <= 0) { - continue; - } - - buffer += read_ret; - length -= read_ret; - } - - close(fd); - return; -} -#endif - static unsigned char *nano_parse_secret_key(Tcl_Obj *secret_key_only_obj, int *out_key_length) { unsigned char *secret_key, *public_key, *secret_key_only; int secret_key_length, secret_key_only_length; secret_key_only = Tcl_GetByteArrayFromObj(secret_key_only_obj, &secret_key_only_length); ADDED randombytes.c Index: randombytes.c ================================================================== --- /dev/null +++ randombytes.c @@ -0,0 +1,79 @@ +#include "randombytes.h" + +#if defined(HAVE_GETRANDOM) +# ifdef HAVE_SYS_RANDOM_H +# include +# endif + +void randombytes(uint8_t *buffer, uint64_t length) { + ssize_t gr_ret; + + while (length > 0) { + gr_ret = getrandom(buffer, length, 0); + if (gr_ret <= 0) { + continue; + } + + buffer += gr_ret; + length -= gr_ret; + } + + return; +} +#elif defined(HAVE_GETENTROPY) +void randombytes(uint8_t *buffer, uint64_t length) { + int ge_ret; + int current_length; + + while (length > 0) { + current_length = length; + if (current_length > 256) { + current_length = 256; + } + + ge_ret = getentropy(buffer, current_length); + if (ge_ret != 0) { + continue; + } + + buffer += current_length; + length -= current_length; + } + + return; +} +#else +# ifdef HAVE_SYS_TYPES_H +# include +# endif +# ifdef HAVE_SYS_STAT_H +# include +# endif +# ifdef HAVE_FCNTL_H +# include +# endif +# ifdef HAVE_UNISTD_H +# include +# endif +void randombytes(uint8_t *buffer, uint64_t length) { + ssize_t read_ret; + int fd = -1; + + while (fd < 0) { + fd = open("/dev/urandom", O_RDONLY); + } + + while (length > 0) { + read_ret = read(fd, buffer, length); + if (read_ret <= 0) { + continue; + } + + buffer += read_ret; + length -= read_ret; + } + + close(fd); + return; +} +#endif ADDED randombytes.h Index: randombytes.h ================================================================== --- /dev/null +++ randombytes.h @@ -0,0 +1,2 @@ +#include +void randombytes(uint8_t *buffer, uint64_t length);