lib:util: Use GnuTLS random number generator in genrand.c

FIPS requires that a random number generator from a certified crypto
library is used.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 18 01:30:20 UTC 2019 on sn-devel-184

diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index a775535c49e781140bbf5a26a8577f01193f0c52..55997c3dd5561ae162c453d4f99a7d61e0c4ae3a 100644 (file)
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -20,35 +20,17 @@
 */
 
 #include "replace.h"
-#include "system/filesys.h"
 #include "lib/util/genrand.h"
-#include "sys_rw_data.h"
-#include "lib/util/blocking.h"
 
-static int urand_fd = -1;
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
 
-static void open_urandom(void)
-{
-       if (urand_fd != -1) {
-               return;
-       }
-       urand_fd = open( "/dev/urandom", O_RDONLY,0);
-       if (urand_fd == -1) {
-               abort();
-       }
-       smb_set_close_on_exec(urand_fd);
-}
+/* TODO: Add API for generating nonce or use gnutls_rnd directly everywhere. */
 
 _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
 {
-       ssize_t rw_ret;
-
-       open_urandom();
-
-       rw_ret = read_data(urand_fd, out, len);
-       if (rw_ret != len) {
-               abort();
-       }
+       /* Thread and fork safe random number generator for temporary keys. */
+       gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
 }
 
 /*
@@ -57,5 +39,6 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
  */
 _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
 {
-       generate_random_buffer(out, len);
+       /* Thread and fork safe random number generator for long term keys. */
+       gnutls_rnd(GNUTLS_RND_KEY, out, len);
 }

diff --git a/lib/util/genrand.h b/lib/util/genrand.h
index ef6bbc641570b5fcaa8dbc6b2949ebbc8894cafe..899ce8badc0ee2b27eaa8dd48e2e970429694992 100644 (file)
--- a/lib/util/genrand.h
+++ b/lib/util/genrand.h
@@ -20,14 +20,11 @@
 */
 
 /**
- Interface to the (hopefully) good crypto random number generator.
- Will use our internal PRNG if more than 40 bytes of random generation
- has been requested, otherwise tries to read from /dev/random
-**/
+ * Thread and fork safe random number generator for temporary keys.
+ */
 void generate_random_buffer(uint8_t *out, int len);
 
 /**
- Interface to the (hopefully) good crypto random number generator.
- Will always use /dev/urandom if available.
-**/
+ * Thread and fork safe random number generator for long term keys.
+ */
 void generate_secret_buffer(uint8_t *out, int len);

diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index ff1c76e3686793b969061e9bb0340704c4b89839..5f005c41e4958fa6b51218fb5f8b425d32b5fc99 100644 (file)
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -104,7 +104,7 @@ else:
 
     bld.SAMBA_LIBRARY('genrand',
                       source='genrand.c',
-                      deps='replace socket-blocking sys_rw',
+                      deps='replace gnutls',
                       local_include=False,
                       private_library=True)