From: Lukasz Pawelczyk Date: Tue, 31 May 2016 16:31:54 +0000 (+0200) Subject: Make sure we have enough entropy on start, bail if we don't X-Git-Tag: accepted/tizen/common/20160810.161523~82 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F85%2F72385%2F4;p=platform%2Fcore%2Fsecurity%2Fyaca.git Make sure we have enough entropy on start, bail if we don't Change-Id: I4095c95aac3644db62bec902320cd10f59322e3f --- diff --git a/src/crypto.c b/src/crypto.c index 3622579..1011aec 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -74,6 +74,21 @@ API int yaca_init(void) return YACA_ERROR_INTERNAL; // TODO introduce new one? OPENSSL_init(); + + /* This should never fail on a /dev/random equipped system. If it does it + * means we might need to figure out another way of a truly random seed. + * https://wiki.openssl.org/index.php/Random_Numbers + * + * Another things to maybe consider for the future: + * - entropy on a mobile device (no mouse/keyboard) + * - fork safety: https://wiki.openssl.org/index.php/Random_fork-safety + * - hardware random generator (RdRand on new Intels, Samsung hardware?) + */ + if (RAND_status() != 1) { + ERROR_DUMP(YACA_ERROR_INTERNAL); + return YACA_ERROR_INTERNAL; + } + OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); @@ -120,6 +135,7 @@ API void yaca_exit(void) ERR_free_strings(); ERR_remove_thread_state(NULL); EVP_cleanup(); + RAND_cleanup(); CRYPTO_cleanup_all_ex_data(); /* threads support cleanup */ diff --git a/src/key.c b/src/key.c index 3813941..3f3e037 100755 --- a/src/key.c +++ b/src/key.c @@ -1086,8 +1086,6 @@ API int yaca_key_export(const yaca_key_h key, return YACA_ERROR_INVALID_ARGUMENT; } -// TODO: this NEEDS random number generator initialized -// there is some other TODO elsewhere about it API int yaca_key_gen(yaca_key_type_e key_type, size_t key_bits, yaca_key_h *key)