sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

lib:util: Use GnuTLS random number generator in genrand.c

Browse Source 
FIPS requires that a random number generator from a certified crypto
library is used.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 18 01:30:20 UTC 2019 on sn-devel-184
This commit is contained in:
Andreas Schneider 2019-03-18 17:03:30 +01:00 committed by Jeremy Allison
parent 69cca061a4
commit 664eed2e92
3 changed files with 12 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lib/util/genrand.c
View File

@ -20,35 +20,17 @@
*/
#include "replace.h"
#include "system/filesys.h"
#include "lib/util/genrand.h"
#include "sys_rw_data.h"
#include "lib/util/blocking.h"
static int urand_fd = -1;
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
static void open_urandom(void)
{
if (urand_fd != -1) {
return;
}
urand_fd = open( "/dev/urandom", O_RDONLY,0);
if (urand_fd == -1) {
abort();
}
smb_set_close_on_exec(urand_fd);
}
/* TODO: Add API for generating nonce or use gnutls_rnd directly everywhere. */
_PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
{
ssize_t rw_ret;
open_urandom();
rw_ret = read_data(urand_fd, out, len);
if (rw_ret != len) {
abort();
}
/* Thread and fork safe random number generator for temporary keys. */
gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
}
/*
@ -57,5 +39,6 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
*/
_PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
{
generate_random_buffer(out, len);
/* Thread and fork safe random number generator for long term keys. */
gnutls_rnd(GNUTLS_RND_KEY, out, len);
}

11
lib/util/genrand.h
View File

@ -20,14 +20,11 @@
*/
/**
Interface to the (hopefully) good crypto random number generator.
Will use our internal PRNG if more than 40 bytes of random generation
has been requested, otherwise tries to read from /dev/random
**/
* Thread and fork safe random number generator for temporary keys.
*/
void generate_random_buffer(uint8_t *out, int len);
/**
Interface to the (hopefully) good crypto random number generator.
Will always use /dev/urandom if available.
**/
* Thread and fork safe random number generator for long term keys.
*/
void generate_secret_buffer(uint8_t *out, int len);

2
lib/util/wscript_build
View File

@ -104,7 +104,7 @@ else:
bld.SAMBA_LIBRARY('genrand',
source='genrand.c',
deps='replace socket-blocking sys_rw',
deps='replace gnutls',
local_include=False,
private_library=True)