px5g-standalone: use /dev/urandom to initialize serial (#18232)

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43080
This commit is contained in:
Jo-Philipp Wich 2014-10-27 11:07:38 +00:00
parent e6da32c086
commit 9b1ad94f1c
2 changed files with 27 additions and 4 deletions

View file

@ -1,5 +1,5 @@
#
# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
PKG_CHECK_FORMAT_SECURITY:=0

View file

@ -999,6 +999,26 @@ static int x509write_make_sign(x509_raw *chain, rsa_context *privkey)
(unsigned char*)"", 0);
}
/*
* Create a random serial
*/
static int get_random_serial(void)
{
int random = 0;
FILE *fd;
fd = fopen("/dev/urandom", "r");
if (fd) {
if (fread(&random, 1, sizeof(random), fd) != sizeof(random))
random = 0;
fclose(fd);
}
return random;
}
/*
* Create a self signed certificate
*/
@ -1020,8 +1040,11 @@ int x509write_create_sign(x509_raw *chain, rsa_context *privkey)
/*
* CertificateSerialNumber ::= INTEGER
*/
srand((unsigned int) time(NULL));
serial = rand();
serial = get_random_serial();
if (serial == 0)
return 1;
if ((ret = asn1_add_int(serial, &chain->serial)) != 0)
return ret;