diff options
Diffstat (limited to 'package/utils')
-rw-r--r-- | package/utils/px5g-standalone/Makefile | 4 | ||||
-rw-r--r-- | package/utils/px5g-standalone/src/library/x509write.c | 27 | ||||
-rw-r--r-- | package/utils/px5g/Makefile | 7 | ||||
-rw-r--r-- | package/utils/px5g/px5g.c | 10 |
4 files changed, 37 insertions, 11 deletions
diff --git a/package/utils/px5g-standalone/Makefile b/package/utils/px5g-standalone/Makefile index fc5f391..d6843b0 100644 --- a/package/utils/px5g-standalone/Makefile +++ b/package/utils/px5g-standalone/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org> +# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org> # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=px5g -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) PKG_CHECK_FORMAT_SECURITY:=0 diff --git a/package/utils/px5g-standalone/src/library/x509write.c b/package/utils/px5g-standalone/src/library/x509write.c index fabee20..1091568 100644 --- a/package/utils/px5g-standalone/src/library/x509write.c +++ b/package/utils/px5g-standalone/src/library/x509write.c @@ -1000,6 +1000,26 @@ static int x509write_make_sign(x509_raw *chain, rsa_context *privkey) } /* + * Create a random serial + */ +static int get_random_serial(void) +{ + int random = 0; + FILE *fd; + + fd = fopen("/dev/urandom", "r"); + + if (fd) { + if (fread(&random, 1, sizeof(random), fd) != sizeof(random)) + random = 0; + + fclose(fd); + } + + return random; +} + +/* * Create a self signed certificate */ int x509write_create_sign(x509_raw *chain, rsa_context *privkey) @@ -1020,8 +1040,11 @@ int x509write_create_sign(x509_raw *chain, rsa_context *privkey) /* * CertificateSerialNumber ::= INTEGER */ - srand((unsigned int) time(NULL)); - serial = rand(); + serial = get_random_serial(); + + if (serial == 0) + return 1; + if ((ret = asn1_add_int(serial, &chain->serial)) != 0) return ret; diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile index 9c0caa7..8677a8b 100644 --- a/package/utils/px5g/Makefile +++ b/package/utils/px5g/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org> +# Copyright (C) 2010-2015 Jo-Philipp Wich <jow@openwrt.org> # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,9 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=px5g -PKG_RELEASE:=1 +PKG_RELEASE:=3 -PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT) PKG_USE_MIPS16:=0 include $(INCLUDE_DIR)/package.mk @@ -19,7 +18,7 @@ define Package/px5g SECTION:=utils CATEGORY:=Utilities TITLE:=X.509 certificate generator (using PolarSSL) - MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org> + MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> DEPENDS:=+libpolarssl endef diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c index 6b97708..eec8fd3 100644 --- a/package/utils/px5g/px5g.c +++ b/package/utils/px5g/px5g.c @@ -143,7 +143,7 @@ int selfsigned(char **arg) char *keypath = NULL, *certpath = NULL; bool pem = true; time_t from = time(NULL), to; - char fstr[20], tstr[20]; + char fstr[20], tstr[20], sstr[17]; int len; while (*arg && **arg == '-') { @@ -188,7 +188,7 @@ int selfsigned(char **arg) } memcpy(newc, oldc, delim - oldc); newc += delim - oldc; - *newc++ = ';'; + *newc++ = ','; oldc = delim + 1; } while(*delim); arg++; @@ -222,8 +222,12 @@ int selfsigned(char **arg) x509write_crt_set_subject_key_identifier(&cert); x509write_crt_set_authority_key_identifier(&cert); + _urandom(NULL, buf, 8); + for (len = 0; len < 8; len++) + sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); + mpi_init(&serial); - mpi_read_string(&serial, 10, "1"); + mpi_read_string(&serial, 16, sstr); x509write_crt_set_serial(&cert, &serial); if (pem) { |