diff options
-rw-r--r-- | lib/libkeynote/Makefile.in | 4 | ||||
-rw-r--r-- | lib/libkeynote/README | 4 | ||||
-rw-r--r-- | lib/libkeynote/config.hin | 5 | ||||
-rw-r--r-- | lib/libkeynote/configure | 66 | ||||
-rw-r--r-- | lib/libkeynote/configure.in | 3 | ||||
-rw-r--r-- | lib/libkeynote/environment.c | 15 | ||||
-rw-r--r-- | lib/libkeynote/header.h | 11 | ||||
-rw-r--r-- | lib/libkeynote/keynote-keygen.c | 48 |
8 files changed, 34 insertions, 122 deletions
diff --git a/lib/libkeynote/Makefile.in b/lib/libkeynote/Makefile.in index 9b7a73abdb1..b6234c086b2 100644 --- a/lib/libkeynote/Makefile.in +++ b/lib/libkeynote/Makefile.in @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.in,v 1.10 2000/02/12 01:02:02 angelos Exp $ +# $OpenBSD: Makefile.in,v 1.11 2000/09/26 23:28:45 angelos Exp $ # # The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) # @@ -18,7 +18,7 @@ # MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR # PURPOSE. -VERSION = 2.2 +VERSION = 2.3 DISTFILE = keynote-${VERSION}.tar.gz KNSUBDIR = keynote-${VERSION} diff --git a/lib/libkeynote/README b/lib/libkeynote/README index 29ed366b63e..3cc17a008db 100644 --- a/lib/libkeynote/README +++ b/lib/libkeynote/README @@ -1,6 +1,6 @@ -# $OpenBSD: README,v 1.9 2000/05/17 05:38:18 angelos Exp $ +# $OpenBSD: README,v 1.10 2000/09/26 23:28:45 angelos Exp $ -This is release 2.2 of the KeyNote trust management library reference +This is release 2.3 of the KeyNote trust management library reference implementation (in case you are wondering, there was never an official 1.0 release). diff --git a/lib/libkeynote/config.hin b/lib/libkeynote/config.hin index e36925bc493..9caa3e47ac3 100644 --- a/lib/libkeynote/config.hin +++ b/lib/libkeynote/config.hin @@ -1,4 +1,4 @@ -/* $OpenBSD: config.hin,v 1.2 1999/10/26 22:31:37 angelos Exp $ */ +/* $OpenBSD: config.hin,v 1.3 2000/09/26 23:28:45 angelos Exp $ */ /* config.hin. Generated automatically from configure.in by autoheader. */ @@ -91,6 +91,3 @@ /* Define if you have the crypto library (-lcrypto). */ #undef HAVE_LIBCRYPTO - -/* Define if you have /dev/urandom file. */ -#undef HAVE__DEV_URANDOM diff --git a/lib/libkeynote/configure b/lib/libkeynote/configure index 81b2b00b93e..170e50b33ca 100644 --- a/lib/libkeynote/configure +++ b/lib/libkeynote/configure @@ -1,5 +1,5 @@ #! /bin/sh -# $OpenBSD: configure,v 1.2 1999/10/26 22:31:38 angelos Exp $ +# $OpenBSD: configure,v 1.3 2000/09/26 23:28:45 angelos Exp $ # Guess values for system-dependent variables and create Makefiles. # Generated automatically using autoconf version 2.13 @@ -1725,46 +1725,14 @@ fi done -for ac_file in /dev/urandom -do - -ac_safe=`echo "$ac_file" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_file""... $ac_c" 1>&6 -echo "configure:1733: checking for $ac_file" >&5 -if eval "test \"`echo '$''{'ac_cv_file_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test "$cross_compiling" = yes; then - { echo "configure: error: Cannot check for file existence when cross compiling" 1>&2; exit 1; } -else - if test -r $ac_file; then - eval "ac_cv_file_$ac_safe=yes" - else - eval "ac_cv_file_$ac_safe=no" - fi -fi -fi -if eval "test \"`echo '$ac_cv_file_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_file=HAVE_`echo $ac_file | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_file 1 -EOF - -else - echo "$ac_t""no" 1>&6 - -fi -done - echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:1762: checking for working const" >&5 +echo "configure:1730: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1767 "configure" +#line 1735 "configure" #include "confdefs.h" int main() { @@ -1813,7 +1781,7 @@ ccp = (char const *const *) p; ; return 0; } EOF -if { (eval echo configure:1816: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -1834,12 +1802,12 @@ EOF fi echo $ac_n "checking for u_int""... $ac_c" 1>&6 -echo "configure:1837: checking for u_int" >&5 +echo "configure:1805: checking for u_int" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1842 "configure" +#line 1810 "configure" #include "confdefs.h" #include <sys/types.h> #if STDC_HEADERS @@ -1867,12 +1835,12 @@ EOF fi echo $ac_n "checking for u_char""... $ac_c" 1>&6 -echo "configure:1870: checking for u_char" >&5 +echo "configure:1838: checking for u_char" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1875 "configure" +#line 1843 "configure" #include "confdefs.h" #include <sys/types.h> #if STDC_HEADERS @@ -1903,12 +1871,12 @@ fi for ac_func in regcomp open close read _open _close _read strchr memcpy do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1906: checking for $ac_func" >&5 +echo "configure:1874: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1911 "configure" +#line 1879 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -1931,7 +1899,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:1934: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1958,12 +1926,12 @@ done for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1961: checking for $ac_func" >&5 +echo "configure:1929: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1966 "configure" +#line 1934 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -1986,7 +1954,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:1989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2013,12 +1981,12 @@ done for ac_func in getopt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2016: checking for $ac_func" >&5 +echo "configure:1984: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2021 "configure" +#line 1989 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -2041,7 +2009,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:2044: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else diff --git a/lib/libkeynote/configure.in b/lib/libkeynote/configure.in index 39c536ad264..9ad14b5a68d 100644 --- a/lib/libkeynote/configure.in +++ b/lib/libkeynote/configure.in @@ -1,4 +1,4 @@ -dnl $OpenBSD: configure.in,v 1.2 1999/10/26 22:31:38 angelos Exp $ +dnl $OpenBSD: configure.in,v 1.3 2000/09/26 23:28:45 angelos Exp $ dnl Process this file with autoconf to produce a configure script. AC_INIT(assertion.h) @@ -42,7 +42,6 @@ AC_CHECK_HEADERS(fcntl.h limits.h unistd.h regex.h sys/time.h io.h) AC_CHECK_HEADERS(ssl/crypto.h openssl/crypto.h crypto.h memory.h) dnl Checks for other files -AC_CHECK_FILES(/dev/urandom) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST diff --git a/lib/libkeynote/environment.c b/lib/libkeynote/environment.c index a048354b314..6cfeef2f616 100644 --- a/lib/libkeynote/environment.c +++ b/lib/libkeynote/environment.c @@ -1,4 +1,4 @@ -/* $OpenBSD: environment.c,v 1.12 2000/06/13 19:16:15 angelos Exp $ */ +/* $OpenBSD: environment.c,v 1.13 2000/09/26 23:28:46 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) * @@ -371,18 +371,7 @@ static int keynote_init_environment(void) { #ifdef CRYPTO - int cnt = KEYNOTE_RAND_INIT_LEN, i; - - do - { - if ((i = RAND_load_file(KEYNOTERNDFILENAME, cnt)) <= 0) - { - keynote_errno = ERROR_MEMORY; - return -1; - } - - cnt -= i; - } while (cnt > 0); + RAND_set_rand_method(RAND_SSLeay()); #endif /* CRYPTO */ memset(keynote_current_session->ks_env_table, 0, diff --git a/lib/libkeynote/header.h b/lib/libkeynote/header.h index 816ff4e5b30..7f73e988036 100644 --- a/lib/libkeynote/header.h +++ b/lib/libkeynote/header.h @@ -1,4 +1,4 @@ -/* $OpenBSD: header.h,v 1.5 1999/10/26 22:31:38 angelos Exp $ */ +/* $OpenBSD: header.h,v 1.6 2000/09/26 23:28:46 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) * @@ -37,7 +37,6 @@ int sessid; /* Defines */ #define SEED_LEN 40 -#define RND_BYTES 1024 #define DEFAULT_PUBLIC 0x10001 #define KEY_PRINT_OFFSET 12 @@ -66,14 +65,6 @@ int sessid; #define close _close #endif /* !HAVE_CLOSE && HAVE__CLOSE */ -#if defined(CRYPTO) -#if HAVE__DEV_URANDOM -#define KEYNOTERNDFILENAME "/dev/urandom" -#else /* HAVE__DEV_URANDOM */ -#error "You need a random device!" -#endif /* HAVE__DEV_URANDOM */ -#endif /* CRYPTO */ - /* Includes */ #if HAVE_REGEX_H #include <sys/types.h> diff --git a/lib/libkeynote/keynote-keygen.c b/lib/libkeynote/keynote-keygen.c index 4bb5c99d68f..581639cf10d 100644 --- a/lib/libkeynote/keynote-keygen.c +++ b/lib/libkeynote/keynote-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: keynote-keygen.c,v 1.9 1999/11/03 03:17:58 angelos Exp $ */ +/* $OpenBSD: keynote-keygen.c,v 1.10 2000/09/26 23:28:46 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) * @@ -112,7 +112,6 @@ keynote_keygen(int argc, char *argv[]) DSA *dsa; RSA *rsa; FILE *fp; - int fd, cnt = RND_BYTES; #endif /* CRYPTO || PGPLIB */ char *algname; @@ -177,49 +176,18 @@ keynote_keygen(int argc, char *argv[]) exit(-1); } - fd = open(KEYNOTERNDFILENAME, O_RDONLY, 0); - if (fd < 0) - { - perror(KEYNOTERNDFILENAME); - exit(-1); - } - - for (h = 0; h < 5; h++) - { - if (read(fd, seed, SEED_LEN) <= 0) - { - perror("read()"); - exit(-1); - } - - RAND_seed(seed, SEED_LEN); - } - - if (read(fd, seed, SEED_LEN) < SEED_LEN) - { - perror("read()"); - exit(-1); - } - - close(fd); - - /* Make sure we read RND_BYTES bytes */ - do - { - if ((fd = RAND_load_file(KEYNOTERNDFILENAME, cnt)) <= 0) - { - perror(KEYNOTERNDFILENAME); - exit(-1); - } - - cnt -= fd; - } while (cnt > 0); - + RAND_set_rand_method(RAND_SSLeay()); if ((alg == KEYNOTE_ALGORITHM_DSA) && (ienc == INTERNAL_ENC_ASN1) && ((enc == ENCODING_HEX) || (enc == ENCODING_BASE64))) { + if (RAND_bytes(seed, SEED_LEN) == 0) + { + fprintf(stderr, "Failed to acquire %d random bytes\n", SEED_LEN); + exit(-1); + } + dsa = DSA_generate_parameters(len, seed, SEED_LEN, &counter, &h, NULL #if SSLEAY_VERSION_NUMBER >= 0x0900 , NULL |