[prev in list] [next in list] [prev in thread] [next in thread] 

List:       subversion-commits
Subject:    svn commit: r1307917 - /subversion/trunk/subversion/libsvn_subr/crypto.c
From:       gstein () apache ! org
Date:       2012-03-31 21:57:41
Message-ID: 20120331215741.6970523889BF () eris ! apache ! org
[Download RAW message or body]

Author: gstein
Date: Sat Mar 31 21:57:41 2012
New Revision: 1307917

URL: http://svn.apache.org/viewvc?rev=1307917&view=rev
Log:
Solve Daniel's review of apr_random_t usage (need entropy) by using
APR's other interface for generating random bytes.

* subversion/libsvn_subr/crypto.c:
  (svn_crypto__ctx_t): note possible future use of apr_random_t
  (get_random_bytes): take a CTX, rename to RESULT_POOL. rejigger the
    code to use apr_generate_random_bytes()
  (svn_crypto__context_create): note possible apr_random_t usage
  (svn_crypto__encrypt_cstring): pass the CTX to get_random_bytes()

Modified:
    subversion/trunk/subversion/libsvn_subr/crypto.c

Modified: subversion/trunk/subversion/libsvn_subr/crypto.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/crypto.c?rev=1307917&r1=1307916&r2=1307917&view=diff
 ==============================================================================
--- subversion/trunk/subversion/libsvn_subr/crypto.c (original)
+++ subversion/trunk/subversion/libsvn_subr/crypto.c Sat Mar 31 21:57:41 2012
@@ -35,6 +35,13 @@
 
 struct svn_crypto__ctx_t {
   apr_crypto_t *crypto;
+
+#if 0
+  /* ### For now, we will use apr_generate_random_bytes(). If we need more
+     ### strength, then we can use that function to generate entropy for
+     ### seeding apr_random_t. See httpd/server/core.c:ap_init_rng()  */
+  apr_random_t *rand;
+#endif
 };
 
 
@@ -85,18 +92,19 @@ err_from_apu_err(apr_status_t apr_err,
 
 static svn_error_t *
 get_random_bytes(void **rand_bytes,
+                 svn_crypto__ctx_t *ctx,
                  apr_size_t rand_len,
-                 apr_pool_t *pool)
+                 apr_pool_t *result_pool)
 {
-  apr_random_t *apr_rand;
   apr_status_t apr_err;
 
-  *rand_bytes = apr_palloc(pool, rand_len);
-  apr_rand = apr_random_standard_new(pool);
-  apr_err = apr_random_secure_bytes(apr_rand, *rand_bytes, rand_len);
+  /* ### need to check APR_HAS_RANDOM  */
+
+  *rand_bytes = apr_palloc(result_pool, rand_len);
+  apr_err = apr_generate_random_bytes(*rand_bytes, rand_len);
   if (apr_err != APR_SUCCESS)
-    return svn_error_create(apr_err, NULL, _("Error obtaining random data"));
-  
+    return svn_error_wrap_apr(apr_err, _("Error obtaining random data"));
+
   return SVN_NO_ERROR;
 }
 
@@ -113,6 +121,11 @@ svn_crypto__context_create(svn_crypto__c
 
   *ctx = apr_palloc(result_pool, sizeof(**ctx));
 
+#if 0
+  /* ### Seeding with entropy is needed. See svn_crypto__ctx_t comments.  */
+  ctx->rand = apr_random_standard_new(result_pool);
+#endif
+
   /* ### TODO: So much for abstraction.  APR's wrappings around NSS
          and OpenSSL aren't quite as opaque as I'd hoped, requiring us
          to specify a driver type and then params to the driver.  We
@@ -163,7 +176,7 @@ svn_crypto__encrypt_cstring(unsigned cha
 
   /* Generate the salt. */
   *salt_len = 8;
-  SVN_ERR(get_random_bytes((void **)salt, *salt_len, result_pool));
+  SVN_ERR(get_random_bytes((void **)salt, ctx, *salt_len, result_pool));
 
   /* Initialize the passphrase.  */
   apr_err = apr_crypto_passphrase(&key, NULL, secret, strlen(secret),
@@ -179,7 +192,7 @@ svn_crypto__encrypt_cstring(unsigned cha
     }
 
   /* Generate a 4-byte prefix. */
-  SVN_ERR(get_random_bytes((void **)&prefix, 4, scratch_pool));
+  SVN_ERR(get_random_bytes((void **)&prefix, ctx, 4, scratch_pool));
 
   /* Initialize block encryption. */
   apr_err = apr_crypto_block_encrypt_init(&block_ctx, iv, key, &block_size,


[prev in list] [next in list] [prev in thread] [next in thread]