From 380e851e29967131dc132d422ebc0c1e3536d25f Mon Sep 17 00:00:00 2001 From: fengweihao Date: Mon, 21 Jan 2019 15:32:34 +0600 Subject: [PATCH] =?UTF-8?q?#6=20=E4=BF=AE=E5=A4=8D=E7=94=B1=E4=BA=8E?= =?UTF-8?q?=E4=BD=BF=E7=94=A8RAND=5Fpseudo=5Fbytes=EF=BC=88=E7=94=9F?= =?UTF-8?q?=E6=88=90=E7=9A=84=E4=BC=AA=E9=9A=8F=E6=9C=BA=E5=AD=97=E8=8A=82?= =?UTF-8?q?=E5=BA=8F=E5=88=97=E5=85=B7=E6=9C=89=E8=B6=B3=E5=A4=9F=E7=9A=84?= =?UTF-8?q?=E9=95=BF=E5=BA=A6=EF=BC=8C=E9=82=A3=E4=B9=88=E5=AE=83=E4=BB=AC?= =?UTF-8?q?=E5=B0=86=E6=98=AF=E6=83=9F=E4=B8=80=E7=9A=84=EF=BC=8C=E4=BD=86?= =?UTF-8?q?=E4=B8=8D=E4=B8=80=E5=AE=9A=E6=98=AF=E4=B8=8D=E5=8F=AF=E9=A2=84?= =?UTF-8?q?=E6=B5=8B=E7=9A=84=EF=BC=89=E6=8E=A5=E5=8F=A3=EF=BC=8C=E5=9C=A8?= =?UTF-8?q?CERTSTORE=E9=87=8D=E5=90=AF=E5=B9=B6=E6=B8=85=E7=A9=BARedis?= =?UTF-8?q?=E5=90=8E=EF=BC=8C=E5=AF=B9=E4=B8=8D=E5=90=8C=E7=BD=91=E5=9D=80?= =?UTF-8?q?=E7=AD=BE=E5=8F=91=E7=9B=B8=E5=90=8C=E5=BA=8F=E5=88=97=E5=8F=B7?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=EF=BC=8C=E9=80=A0=E6=88=90Firefox=E6=8A=A5?= =?UTF-8?q?=E9=94=99=E3=80=82=E4=BF=AE=E6=94=B9=E6=96=B9=E5=BC=8F=E4=BD=BF?= =?UTF-8?q?=E7=94=A8UUID=E8=8E=B7=E5=8F=96=E9=9A=8F=E6=9C=BA=E5=BA=8F?= =?UTF-8?q?=E5=88=97=E5=8F=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Makefile | 2 +- src/cert_session.c | 43 ++++++++++++++----------------------------- 2 files changed, 15 insertions(+), 30 deletions(-) diff --git a/src/Makefile b/src/Makefile index 73eaf7e..be8bf7e 100644 --- a/src/Makefile +++ b/src/Makefile @@ -52,7 +52,7 @@ OBJS += $(OBJS_$(dir)) LDFLAGS_GLOBAL += -L ./lib -lcrypto -lssl -levent -lhiredis LDFLAGS_GLOBAL += -L ./lib -lMESA_htable -lMESA_field_stat2 -lMESA_handle_logger -lMESA_prof_load LDFLAGS_GLOBAL += \ - -lpthread -lcrypt -lm -lz -ldl -lmaatframe -lstdc++ + -lpthread -lcrypt -lm -lz -ldl -luuid -lmaatframe -lstdc++ CFLAGS_LOCAL = -std=gnu99 -g -O3 -W -Wall \ -I.\ diff --git a/src/cert_session.c b/src/cert_session.c index dc70d6a..7f970b2 100644 --- a/src/cert_session.c +++ b/src/cert_session.c @@ -23,6 +23,8 @@ #include #include +#include + #include "rt_string.h" #include "rt_common.h" #include "rt_stdlib.h" @@ -333,19 +335,18 @@ void key_ring_list_destroy(MESA_htable_handle *htable) } int -ssl_rand(void *p, size_t sz) +ssl_rand(long *r) { - int rv; + int i = 0; + uuid_t uu; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - rv = RAND_pseudo_bytes((unsigned char*)p, sz); - if (rv == 1) - return 0; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - rv = RAND_bytes((unsigned char*)p, sz); - if (rv == 1) - return 0; - return -1; + uuid_generate(uu); + + for (i = 0; i < 16; i++) { + (*r) <<= 8; + (*r) |= (unsigned char)uu[i]; + } + return 0; } int @@ -353,15 +354,10 @@ ssl_x509_serial_copyrand(X509 *dstcrt, X509 *srccrt) { ASN1_INTEGER *srcptr, *dstptr; BIGNUM *bnserial; - long rand; + long rand = 0; int rv; -#ifndef PURIFY - rv = ssl_rand(&rand, sizeof(rand)); -#else /* PURIFY */ - rand = 0xF001; - rv = 0; -#endif /* PURIFY */ + rv = ssl_rand(&rand); dstptr = X509_get_serialNumber(dstcrt); srcptr = X509_get_serialNumber(srccrt); if ((rv == -1) || !dstptr || !srcptr) @@ -593,18 +589,7 @@ x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, _crl) == -1) { goto errout; } - }else{ - char *crlurlval = x509_get_CrlDistPoints(origcrt); - if (crlurlval) { - if (ssl_x509_v3ext_add(&ctx, crt, "crlDistributionPoints", - crlurlval) == -1) { - free(crlurlval); - goto errout; - } - free(crlurlval); - } } - char *cfval; if (x509_get_alt_name(origcrt, extraname) == 0) { /* no extraname provided: copy original subjectAltName ext */