hostapd: remove random pool support - the entropy it gathers is questionable and we have better entropy sources on common platforms now

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38852
This commit is contained in:
Felix Fietkau 2013-11-18 13:54:26 +00:00
parent edc8ac6246
commit cd1c8d463f
6 changed files with 5 additions and 177 deletions

View File

@ -158,6 +158,7 @@ CONFIG_INTERNAL_LIBTOMMATH=y
CONFIG_INTERNAL_AES=y
NEED_AES_DEC=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_NO_DUMP_STATE=y
CONFIG_WPS=y

View File

@ -154,6 +154,7 @@ CONFIG_NO_RADIUS=y
CONFIG_TLS=internal
CONFIG_NO_RANDOM_POOL=y
CONFIG_NO_DUMP_STATE=y
CONFIG_UBUS=y

View File

@ -403,6 +403,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
CONFIG_NO_RANDOM_POOL=y
NEED_80211_COMMON=y
CONFIG_IBSS_RSN=y

View File

@ -403,4 +403,5 @@ CONFIG_TLS=internal
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
CONFIG_NO_RANDOM_POOL=y
NEED_80211_COMMON=y

View File

@ -403,6 +403,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
CONFIG_NO_RANDOM_POOL=y
NEED_80211_COMMON=y
CONFIG_IBSS_RSN=y

View File

@ -1,177 +0,0 @@
--- a/src/crypto/random.c
+++ b/src/crypto/random.c
@@ -25,6 +25,7 @@
#include "utils/includes.h"
#ifdef __linux__
#include <fcntl.h>
+#include <sys/stat.h>
#endif /* __linux__ */
#include "utils/common.h"
@@ -33,6 +34,8 @@
#include "sha1.h"
#include "random.h"
+#define RANDOM_STAMPFILE "/var/run/.random_available"
+
#define POOL_WORDS 32
#define POOL_WORDS_MASK (POOL_WORDS - 1)
#define POOL_TAP1 26
@@ -43,6 +46,8 @@
#define EXTRACT_LEN 16
#define MIN_READY_MARK 2
+#ifndef CONFIG_NO_RANDOM_POOL
+
static u32 pool[POOL_WORDS];
static unsigned int input_rotate = 0;
static unsigned int pool_pos = 0;
@@ -123,7 +128,7 @@ static void random_extract(u8 *out)
}
-void random_add_randomness(const void *buf, size_t len)
+static void random_pool_add_randomness(const void *buf, size_t len)
{
struct os_time t;
static unsigned int count = 0;
@@ -213,16 +218,22 @@ int random_get_bytes(void *buf, size_t l
int random_pool_ready(void)
{
#ifdef __linux__
+ struct stat st;
int fd;
ssize_t res;
+ if (stat(RANDOM_STAMPFILE, &st) == 0)
+ return 1;
+
/*
* Make sure that there is reasonable entropy available before allowing
* some key derivation operations to proceed.
*/
- if (dummy_key_avail == sizeof(dummy_key))
+ if (dummy_key_avail == sizeof(dummy_key)) {
+ random_mark_pool_ready();
return 1; /* Already initialized - good to continue */
+ }
/*
* Try to fetch some more data from the kernel high quality
@@ -257,6 +268,7 @@ int random_pool_ready(void)
if (dummy_key_avail == sizeof(dummy_key)) {
if (own_pool_ready < MIN_READY_MARK)
own_pool_ready = MIN_READY_MARK;
+ random_mark_pool_ready();
random_write_entropy();
return 1;
}
@@ -269,6 +281,7 @@ int random_pool_ready(void)
total_collected + 10 * own_pool_ready > MIN_COLLECT_ENTROPY) {
wpa_printf(MSG_INFO, "random: Allow operation to proceed "
"based on internal entropy");
+ random_mark_pool_ready();
return 1;
}
@@ -284,10 +297,16 @@ int random_pool_ready(void)
void random_mark_pool_ready(void)
{
+ int fd;
+
own_pool_ready++;
wpa_printf(MSG_DEBUG, "random: Mark internal entropy pool to be "
"ready (count=%u/%u)", own_pool_ready, MIN_READY_MARK);
random_write_entropy();
+
+ fd = open(RANDOM_STAMPFILE, O_CREAT | O_WRONLY | O_EXCL | O_NOFOLLOW, 0600);
+ if (fd >= 0)
+ close(fd);
}
@@ -444,3 +463,22 @@ void random_deinit(void)
os_free(random_entropy_file);
random_entropy_file = NULL;
}
+
+#endif /* CONFIG_NO_RANDOM_POOL */
+
+
+void random_add_randomness(const void *buf, size_t len)
+{
+#ifdef __linux__
+ int fd;
+
+ fd = open("/dev/random", O_RDWR);
+ if (fd >= 0) {
+ write(fd, buf, len);
+ close(fd);
+ }
+#endif
+#ifndef CONFIG_NO_RANDOM_POOL
+ random_pool_add_randomness(buf, len);
+#endif
+}
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1236,9 +1236,8 @@ endif
ifdef CONFIG_NO_RANDOM_POOL
CFLAGS += -DCONFIG_NO_RANDOM_POOL
-else
-OBJS += ../src/crypto/random.o
endif
+OBJS += ../src/crypto/random.o
ifdef CONFIG_CTRL_IFACE
ifeq ($(CONFIG_CTRL_IFACE), y)
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -1208,9 +1208,8 @@ endif
ifdef CONFIG_NO_RANDOM_POOL
L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
-else
-OBJS += src/crypto/random.c
endif
+OBJS += src/crypto/random.c
ifdef CONFIG_CTRL_IFACE
ifeq ($(CONFIG_CTRL_IFACE), y)
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -785,12 +785,12 @@ endif
ifdef CONFIG_NO_RANDOM_POOL
L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
else
-OBJS += src/crypto/random.c
-HOBJS += src/crypto/random.c
HOBJS += src/utils/eloop.c
HOBJS += $(SHA1OBJS)
HOBJS += src/crypto/md5.c
endif
+OBJS += src/crypto/random.c
+HOBJS += src/crypto/random.c
ifdef CONFIG_RADIUS_SERVER
L_CFLAGS += -DRADIUS_SERVER
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -755,12 +755,12 @@ endif
ifdef CONFIG_NO_RANDOM_POOL
CFLAGS += -DCONFIG_NO_RANDOM_POOL
else
-OBJS += ../src/crypto/random.o
-HOBJS += ../src/crypto/random.o
HOBJS += ../src/utils/eloop.o
HOBJS += $(SHA1OBJS)
HOBJS += ../src/crypto/md5.o
endif
+OBJS += ../src/crypto/random.o
+HOBJS += ../src/crypto/random.o
ifdef CONFIG_RADIUS_SERVER
CFLAGS += -DRADIUS_SERVER