Commit 8dfd2208 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

vtls: make the random function mandatory in the TLS backend 

To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.

This commit makes sure it works for darwinssl, gnutls, nss and openssl.
parent 37faf55e

lib/vtls/curl_darwinssl.c

+3 −4
Original line number Diff line number Diff line
@@ -2267,8 +2267,7 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn, 
    return false;

}



void Curl_darwinssl_random(struct SessionHandle *data,

                           unsigned char *entropy,

int Curl_darwinssl_random(unsigned char *entropy,

                          size_t length)

{

  /* arc4random_buf() isn't available on cats older than Lion, so let's
@@ -2283,7 +2282,7 @@ void Curl_darwinssl_random(struct SessionHandle *data, 
    random_number >>= 8;

  }

  i = random_number = 0;

  (void)data;

  return 0;

}



void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */

lib/vtls/curl_darwinssl.h

+4 −6
Original line number Diff line number Diff line
@@ -7,7 +7,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 2012 - 2013, Nick Zitzmann, <nickzman@gmail.com>.

 * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -44,8 +44,7 @@ int Curl_darwinssl_check_cxn(struct connectdata *conn); 
bool Curl_darwinssl_data_pending(const struct connectdata *conn,

                                 int connindex);



void Curl_darwinssl_random(struct SessionHandle *data,

                           unsigned char *entropy,

int Curl_darwinssl_random(unsigned char *entropy,

                          size_t length);

void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */

                           size_t tmplen,
@@ -53,7 +52,6 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ 
                           size_t md5len);



/* this backend provides these functions: */

#define have_curlssl_random 1

#define have_curlssl_md5sum 1



/* API setup for SecureTransport */
@@ -71,7 +69,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ 
#define curlssl_version Curl_darwinssl_version

#define curlssl_check_cxn Curl_darwinssl_check_cxn

#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)

#define curlssl_random(x,y,z) Curl_darwinssl_random(x,y,z)

#define curlssl_random(x,y,z) Curl_darwinssl_random(y,z)

#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)



#endif /* USE_DARWINSSL */

lib/vtls/gtls.c

+8 −5
Original line number Diff line number Diff line
@@ -1261,7 +1261,7 @@ size_t Curl_gtls_version(char *buffer, size_t size) 
  return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));

}



int Curl_gtls_seed(struct SessionHandle *data)

static int Curl_gtls_seed(struct SessionHandle *data)

{

  /* we have the "SSL is seeded" boolean static to prevent multiple

     time-consuming seedings in vain */
@@ -1285,7 +1285,8 @@ int Curl_gtls_seed(struct SessionHandle *data) 
  return 0;

}



void Curl_gtls_random(struct SessionHandle *data,

/* data might be NULL! */

int Curl_gtls_random(struct SessionHandle *data,

                     unsigned char *entropy,

                     size_t length)

{
@@ -1293,9 +1294,11 @@ void Curl_gtls_random(struct SessionHandle *data, 
  (void)data;

  gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);

#elif defined(USE_GNUTLS)

  if(data)

    Curl_gtls_seed(data); /* Initiate the seed if not already done */

  gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);

#endif

  return 0;

}



void Curl_gtls_md5sum(unsigned char *tmp, /* input */

lib/vtls/gtls.h

+4 −7
Original line number Diff line number Diff line
@@ -7,7 +7,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -45,9 +45,7 @@ void Curl_gtls_close(struct connectdata *conn, int sockindex); 
void Curl_gtls_session_free(void *ptr);

size_t Curl_gtls_version(char *buffer, size_t size);

int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);

int Curl_gtls_seed(struct SessionHandle *data);



void Curl_gtls_random(struct SessionHandle *data,

int Curl_gtls_random(struct SessionHandle *data,

                     unsigned char *entropy,

                     size_t length);

void Curl_gtls_md5sum(unsigned char *tmp, /* input */
@@ -56,7 +54,6 @@ void Curl_gtls_md5sum(unsigned char *tmp, /* input */ 
                      size_t md5len);



/* this backend provides these functions: */

#define have_curlssl_random 1

#define have_curlssl_md5sum 1



/* API setup for GnuTLS */

lib/vtls/nss.c

+7 −4
Original line number Diff line number Diff line
@@ -1913,16 +1913,19 @@ int Curl_nss_seed(struct SessionHandle *data) 
  return !!Curl_nss_force_init(data);

}



void Curl_nss_random(struct SessionHandle *data,

/* data might be NULL */

int Curl_nss_random(struct SessionHandle *data,

                    unsigned char *entropy,

                    size_t length)

{

  if(data)

    Curl_nss_seed(data);  /* Initiate the seed if not already done */

  if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {

    /* no way to signal a failure from here, we have to abort */

    failf(data, "PK11_GenerateRandom() failed, calling abort()...");

    abort();

  }

  return 0;

}



void Curl_nss_md5sum(unsigned char *tmp, /* input */