From f0a3ba361ec385ba70d669fbb314607263aa0961 Mon Sep 17 00:00:00 2001
From: "yuseok.jeon" <yuseok.jeon@samsung.com>
Date: Tue, 24 Jun 2014 18:56:59 +0900
Subject: [PATCH] Fix initialization method of CryptoService

Signed-off-by: yuseok.jeon <yuseok.jeon@samsung.com>
---
 src/manager/service/CryptoService.cpp | 24 ++++++++++++++----------
 src/manager/service/CryptoService.h   | 10 ++++++++--
 2 files changed, 22 insertions(+), 12 deletions(-)
 mode change 100644 => 100755 src/manager/service/CryptoService.cpp
 mode change 100644 => 100755 src/manager/service/CryptoService.h

diff --git a/src/manager/service/CryptoService.cpp b/src/manager/service/CryptoService.cpp
old mode 100644
new mode 100755
index 1063287..c3c2962
--- a/src/manager/service/CryptoService.cpp
+++ b/src/manager/service/CryptoService.cpp
@@ -19,7 +19,7 @@
 #include <generic-key.h>
 #include <CryptoService.h>
 #include <key-manager-util.h>
-
+#include <assert.h>
 #include <dpl/log/log.h>
 
 #define OPENSSL_SUCCESS 1       // DO NOTCHANGE THIS VALUE
@@ -123,7 +123,9 @@ EVP_PKEY *to_pkey_ec_private_key(const unsigned char *derPrivateKey, int length)
 }
 
 int CryptoService::initialize() {
-	int mode, ret, rc;
+	int mode = 0;
+	int rc = 0;
+	int hw_ret = 0, u_ret = 0;
 
 	// try to initialize using ERR_load_crypto_strings and OpenSSL_add_all_algorithms
 	ERR_load_crypto_strings();
@@ -132,22 +134,24 @@ int CryptoService::initialize() {
 	// turn on FIPS_mode
 	mode = FIPS_mode();
 
-	if(mode == 0)
-	{
+	if(mode == 0) {
 		rc = FIPS_mode_set(1);
 
 		if(rc == 0) {
-			return CKM_CRYPTO_INIT_ERROR;
+			LogError("Error in FIPS_mode_set function");
+			ThrowMsg(Exception::Base, "Error in FIPS_mode_set function");
 		}
-
-		return CKM_CRYPTO_INIT_ERROR;
 	}
 
 	// initialize entropy
-	ret = RAND_load_file(DEV_RANDOM_FILE, 32);
+	hw_ret = RAND_load_file(DEV_HW_RANDOM_FILE, 32);
 
-	if(ret != 32) {
-		return CKM_CRYPTO_INIT_ERROR;
+	if(hw_ret != 32) {
+		u_ret= RAND_load_file(DEV_URANDOM_FILE, 32);
+		if(u_ret != 32) {
+			LogError("Error in RAND_load_file function");
+			ThrowMsg(Exception::Base, "Error in RAND_load_file function");
+		}
 	}
 
 	return CKM_CRYPTO_INIT_SUCCESS;
diff --git a/src/manager/service/CryptoService.h b/src/manager/service/CryptoService.h
old mode 100644
new mode 100755
index 642c290..2cd8fa0
--- a/src/manager/service/CryptoService.h
+++ b/src/manager/service/CryptoService.h
@@ -1,7 +1,6 @@
 #pragma once
 
 #include <iostream>
-
 #include <generic-key.h>
 #include <certificate-impl.h>
 #include <ckm/ckm-type.h>
@@ -17,8 +16,10 @@
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
+#include <dpl/exception.h>
 
-#define DEV_RANDOM_FILE	"/dev/random"
+#define DEV_HW_RANDOM_FILE	"/dev/hwrng"
+#define DEV_URANDOM_FILE	"/dev/urandom"
 
 #define EVP_SUCCESS	1	// DO NOTCHANGE THIS VALUE
 #define EVP_FAIL	0	// DO NOTCHANGE THIS VALUE
@@ -45,6 +46,11 @@ class CryptoService {
      CryptoService();
      virtual ~CryptoService();
 
+     class Exception {
+     	public:
+     	     DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
+     };
+
      // During initialization, FIPS_MODE and the antropy source are set.
      // And system certificates are loaded in the memory during initialization.
      //    FIPS_MODE - ON, OFF(Default)
-- 
2.7.4