1 files changed, 16 insertions, 36 deletions
diff --git a/src/util/crypto_random.c b/src/util/crypto_random.c
index b61d59613..8ba6641b9 100644
--- a/src/util/crypto_random.c
+++ b/src/util/crypto_random.c
@@ -35,13 +35,6 @@
 #define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall)
-/**
- * GNUNET_YES if we are using a 'weak' (low-entropy) PRNG.
- */ 
-static int weak_random;
 /* TODO: ndurner, move this to plibc? */
 /* The code is derived from glibc, obviously */
 #if MINGW
@@ -237,31 +230,6 @@ GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 /**
- * Check if we are using weak random number generation.
- *
- * @return GNUNET_YES if weak number generation is on
- */
-int
-GNUNET_CRYPTO_random_is_weak ()
-{
-  return weak_random;
-}
-/**
- * This function should only be called in testcases
- * where strong entropy gathering is not desired
- * (for example, for hostkey generation).
- */
-void
-GNUNET_CRYPTO_random_disable_entropy_gathering ()
-{
-  weak_random = GNUNET_YES;
-  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
-}
-/**
 * Process ID of the "find" process that we use for
 * entropy gathering.
 */
@@ -332,10 +300,12 @@ killfind ()
 }
-void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
+void __attribute__ ((constructor)) 
+GNUNET_CRYPTO_random_init ()
 {
-  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+  gcry_error_t rc;
-  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
+  if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
  {
    FPRINTF (stderr,
             _
@@ -343,6 +313,15 @@ void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
             NEED_LIBGCRYPT_VERSION);
    GNUNET_abort ();
  }
+  if ((rc = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
+    FPRINTF (stderr, "Failed to set libgcrypt option %s: %s\n", "DISABLE_SECMEM",
+             gcry_strerror (rc));
+  /* we only generate ephemeral keys in-process; for those,
+     we are fine with "just" using GCRY_STRONG_RANDOM */
+  if ((rc = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
+    FPRINTF (stderr,  "Failed to set libgcrypt option %s: %s\n", "ENABLE_QUICK_RANDOM",
+             gcry_strerror (rc));
+  
 #ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 #endif
@@ -357,7 +336,8 @@ void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
 }
-void __attribute__ ((destructor)) GNUNET_CRYPTO_random_fini ()
+void __attribute__ ((destructor)) 
+GNUNET_CRYPTO_random_fini ()
 {
  gcry_set_progress_handler (NULL, NULL);
 }

diff --git a/src/util/crypto_random.c b/src/util/crypto_random.c index b61d59613..8ba6641b9 100644 --- a/src/util/crypto_random.c +++ b/src/util/crypto_random.c
@@ -35,13 +35,6 @@
35	#define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall)	35	#define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall)
36		36
37		37
38	/**
39	* GNUNET_YES if we are using a 'weak' (low-entropy) PRNG.
40	*/
41	static int weak_random;
42
43
44
45	/* TODO: ndurner, move this to plibc? */	38	/* TODO: ndurner, move this to plibc? */
46	/* The code is derived from glibc, obviously */	39	/* The code is derived from glibc, obviously */
47	#if MINGW	40	#if MINGW
@@ -237,31 +230,6 @@ GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
237		230
238		231
239	/**	232	/**
240	* Check if we are using weak random number generation.
241	*
242	* @return GNUNET_YES if weak number generation is on
243	*/
244	int
245	GNUNET_CRYPTO_random_is_weak ()
246	{
247	return weak_random;
248	}
249
250
251	/**
252	* This function should only be called in testcases
253	* where strong entropy gathering is not desired
254	* (for example, for hostkey generation).
255	*/
256	void
257	GNUNET_CRYPTO_random_disable_entropy_gathering ()
258	{
259	weak_random = GNUNET_YES;
260	gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
261	}
262
263
264	/**
265	* Process ID of the "find" process that we use for	233	* Process ID of the "find" process that we use for
266	* entropy gathering.	234	* entropy gathering.
267	*/	235	*/
@@ -332,10 +300,12 @@ killfind ()
332	}	300	}
333		301
334		302
335	void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()	303	void __attribute__ ((constructor))
		304	GNUNET_CRYPTO_random_init ()
336	{	305	{
337	gcry_control (GCRYCTL_DISABLE_SECMEM, 0);	306	gcry_error_t rc;
338	if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))	307
		308	if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
339	{	309	{
340	FPRINTF (stderr,	310	FPRINTF (stderr,
341	_	311	_
@@ -343,6 +313,15 @@ void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
343	NEED_LIBGCRYPT_VERSION);	313	NEED_LIBGCRYPT_VERSION);
344	GNUNET_abort ();	314	GNUNET_abort ();
345	}	315	}
		316	if ((rc = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
		317	FPRINTF (stderr, "Failed to set libgcrypt option %s: %s\n", "DISABLE_SECMEM",
		318	gcry_strerror (rc));
		319	/* we only generate ephemeral keys in-process; for those,
		320	we are fine with "just" using GCRY_STRONG_RANDOM */
		321	if ((rc = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
		322	FPRINTF (stderr, "Failed to set libgcrypt option %s: %s\n", "ENABLE_QUICK_RANDOM",
		323	gcry_strerror (rc));
		324
346	#ifdef GCRYCTL_INITIALIZATION_FINISHED	325	#ifdef GCRYCTL_INITIALIZATION_FINISHED
347	gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);	326	gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
348	#endif	327	#endif
@@ -357,7 +336,8 @@ void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
357	}	336	}
358		337
359		338
360	void __attribute__ ((destructor)) GNUNET_CRYPTO_random_fini ()	339	void __attribute__ ((destructor))
		340	GNUNET_CRYPTO_random_fini ()
361	{	341	{
362	gcry_set_progress_handler (NULL, NULL);	342	gcry_set_progress_handler (NULL, NULL);
363	}	343	}