diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-12-02 16:02:56 +0100 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2010-12-02 16:02:56 +0100 |
commit | 87e5a1d6a40de880a85eefb4fb6479ff4238860d (patch) | |
tree | d4a4ca1c84b68a50f954778ebf6ec234810a16ac | |
parent | a2dd3a2b9045b5a787e0981bef2f378ab148ac1f (diff) | |
download | ncrypto-87e5a1d6a40de880a85eefb4fb6479ff4238860d.tar.gz ncrypto-87e5a1d6a40de880a85eefb4fb6479ff4238860d.tar.xz ncrypto-87e5a1d6a40de880a85eefb4fb6479ff4238860d.zip |
Use NSS for random number generation
-rw-r--r-- | lib/ncrypto_local.c | 11 | ||||
-rw-r--r-- | lib/ncrypto_nss.c | 19 | ||||
-rw-r--r-- | tests/symm_ciphers.c | 4 | ||||
-rw-r--r-- | tests/symm_keys.c | 5 | ||||
-rw-r--r-- | tests/symm_signatures.c | 4 |
5 files changed, 32 insertions, 11 deletions
diff --git a/lib/ncrypto_local.c b/lib/ncrypto_local.c index c4af43a..07823e3 100644 --- a/lib/ncrypto_local.c +++ b/lib/ncrypto_local.c @@ -33,7 +33,6 @@ Red Hat author: Miloslav Trmač <mitr@redhat.com> */ #include <glib.h> #include <openssl/evp.h> #include <openssl/hmac.h> -#include <openssl/rand.h> #include <ncrypto/ncrypto.h> @@ -48,16 +47,6 @@ ckr_openssl (void) return CKR_GENERAL_ERROR; } - /* Random numbers */ - -CK_RV -ncr_get_random_bytes (void *dest, size_t size) -{ - /* This is not strong enough, we need cryptographically strong random - numbers! */ - return RAND_pseudo_bytes (dest, size) != 0 ? CKR_OK : ckr_openssl (); -} - /* Symmetric keys */ CK_RV diff --git a/lib/ncrypto_nss.c b/lib/ncrypto_nss.c index a430c3f..46716ea 100644 --- a/lib/ncrypto_nss.c +++ b/lib/ncrypto_nss.c @@ -114,6 +114,25 @@ ncr_close (void) return res; } + /* Random numbers */ + +CK_RV +ncr_get_random_bytes (void *dest, size_t size) +{ + CK_RV res; + + g_return_val_if_fail (dest != NULL, CKR_ARGUMENTS_BAD); + g_return_val_if_fail (size <= INT_MAX, CKR_ARGUMENTS_BAD); + + res = ensure_ncr_is_open (); + if (res != CKR_OK) + return res; + + if (PK11_GenerateRandom (dest, size) != SECSuccess) + return CKR_GENERAL_ERROR; + return CKR_OK; +} + /* Asymmetric keys */ struct ncr_public_key diff --git a/tests/symm_ciphers.c b/tests/symm_ciphers.c index 892cfed..bdc29d3 100644 --- a/tests/symm_ciphers.c +++ b/tests/symm_ciphers.c @@ -403,5 +403,9 @@ main (void) res = ncr_symm_cipher_free (sess); assert (res == CKR_OK); + /* Close the implicit reference, primarily to shut up valgrind. */ + res = ncr_close (); + assert (res == CKR_OK); + return EXIT_SUCCESS; } diff --git a/tests/symm_keys.c b/tests/symm_keys.c index 3f5aed0..5c64070 100644 --- a/tests/symm_keys.c +++ b/tests/symm_keys.c @@ -135,5 +135,10 @@ main (void) res = ncr_symm_key_destroy (key); assert (res == CKR_OK); + + /* Close the implicit reference, primarily to shut up valgrind. */ + res = ncr_close (); + assert (res == CKR_OK); + return EXIT_SUCCESS; } diff --git a/tests/symm_signatures.c b/tests/symm_signatures.c index fa672fd..69eb8eb 100644 --- a/tests/symm_signatures.c +++ b/tests/symm_signatures.c @@ -361,5 +361,9 @@ main (void) assert (res == CKR_OK); } + /* Close the implicit reference, primarily to shut up valgrind. */ + res = ncr_close (); + assert (res == CKR_OK); + return EXIT_SUCCESS; } |