px5g-standalone: use /dev/urandom to initialize serial (#18232)

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43080

package/utils/px5g-standalone/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 PKG_CHECK_FORMAT_SECURITY:=0

package/utils/px5g-standalone/src/library/x509write.c

@@ -999,6 +999,26 @@ static int x509write_make_sign(x509_raw *chain, rsa_context *privkey)
                   (unsigned char*)"", 0);
 }
 
+/*
+ * Create a random serial
+ */
+static int get_random_serial(void)
+{
+    int random = 0;
+    FILE *fd;
+
+    fd = fopen("/dev/urandom", "r");
+
+    if (fd) {
+	if (fread(&random, 1, sizeof(random), fd) != sizeof(random))
+            random = 0;
+
+        fclose(fd);
+    }
+
+    return random;
+}
+
 /*
  * Create a self signed certificate
  */
@@ -1020,8 +1040,11 @@ int x509write_create_sign(x509_raw *chain, rsa_context *privkey)
     /*
      *  CertificateSerialNumber  ::=  INTEGER
      */
-    srand((unsigned int) time(NULL));
+    serial = get_random_serial();
-    serial = rand();
+
+    if (serial == 0)
+        return 1;
+
     if ((ret = asn1_add_int(serial, &chain->serial)) != 0)
         return ret;