hostapd: make entropy collection contribute to the kernel pool

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26272 3c298f89-4303-0410-b956-a3cf2f4a3e73

2 files changed, 120 insertions, 47 deletions

diff --git a/package/hostapd/patches/700-random_pool_add_kernel.patch b/package/hostapd/patches/700-random_pool_add_kernel.patch
new file mode 100644
index 000000000..1edaff9e7
--- /dev/null
+++ b/package/hostapd/patches/700-random_pool_add_kernel.patch
@@ -0,0 +1,120 @@
+--- a/src/crypto/random.c
++++ b/src/crypto/random.c
+@@ -47,6 +47,8 @@
+ #define EXTRACT_LEN 16
+ #define MIN_READY_MARK 2
+ 
++#ifndef CONFIG_NO_RANDOM_POOL
++
+ static u32 pool[POOL_WORDS];
+ static unsigned int input_rotate = 0;
+ static unsigned int pool_pos = 0;
+@@ -120,7 +122,7 @@ static void random_extract(u8 *out)
+ }
+ 
+ 
+-void random_add_randomness(const void *buf, size_t len)
++static void random_pool_add_randomness(const void *buf, size_t len)
+ {
+ 	struct os_time t;
+ 	static unsigned int count = 0;
+@@ -260,3 +262,22 @@ void random_mark_pool_ready(void)
+ 	wpa_printf(MSG_DEBUG, "random: Mark internal entropy pool to be "
+ 		   "ready (count=%u/%u)", own_pool_ready, MIN_READY_MARK);
+ }
++
++#endif /* CONFIG_NO_RANDOM_POOL */
++
++
++void random_add_randomness(const void *buf, size_t len)
++{
++#ifdef __linux__
++	int fd;
++
++	fd = open("/dev/random", O_RDWR);
++	if (fd >= 0) {
++		write(fd, buf, len);
++		close(fd);
++	}
++#endif
++#ifndef CONFIG_NO_RANDOM_POOL
++	random_pool_add_randomness(buf, len);
++#endif
++}
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -698,11 +698,11 @@ endif
+ ifdef CONFIG_NO_RANDOM_POOL
+ CFLAGS += -DCONFIG_NO_RANDOM_POOL
+ else
+-OBJS += ../src/crypto/random.o
+-HOBJS += ../src/crypto/random.o
+ HOBJS += $(SHA1OBJS)
+ HOBJS += ../src/crypto/md5.o
+ endif
++OBJS += ../src/crypto/random.o
++HOBJS += ../src/crypto/random.o
+ 
+ ifdef CONFIG_RADIUS_SERVER
+ CFLAGS += -DRADIUS_SERVER
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -1101,9 +1101,8 @@ endif
+ 
+ ifdef CONFIG_NO_RANDOM_POOL
+ CFLAGS += -DCONFIG_NO_RANDOM_POOL
+-else
+-OBJS += ../src/crypto/random.o
+ endif
++OBJS += ../src/crypto/random.o
+ 
+ ifdef CONFIG_CTRL_IFACE
+ ifeq ($(CONFIG_CTRL_IFACE), y)
+--- a/wpa_supplicant/Android.mk
++++ b/wpa_supplicant/Android.mk
+@@ -1102,9 +1102,8 @@ endif
+ 
+ ifdef CONFIG_NO_RANDOM_POOL
+ L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
+-else
+-OBJS += src/crypto/random.c
+ endif
++OBJS += src/crypto/random.c
+ 
+ ifdef CONFIG_CTRL_IFACE
+ ifeq ($(CONFIG_CTRL_IFACE), y)
+--- a/hostapd/Android.mk
++++ b/hostapd/Android.mk
+@@ -717,11 +717,11 @@ endif
+ ifdef CONFIG_NO_RANDOM_POOL
+ L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
+ else
+-OBJS += src/crypto/random.c
+-HOBJS += src/crypto/random.c
+ HOBJS += $(SHA1OBJS)
+ HOBJS += src/crypto/md5.c
+ endif
++OBJS += src/crypto/random.c
++HOBJS += src/crypto/random.c
+ 
+ ifdef CONFIG_RADIUS_SERVER
+ L_CFLAGS += -DRADIUS_SERVER
+--- a/src/crypto/random.h
++++ b/src/crypto/random.h
+@@ -16,15 +16,14 @@
+ #define RANDOM_H
+ 
+ #ifdef CONFIG_NO_RANDOM_POOL
+-#define random_add_randomness(b, l) do { } while (0)
+ #define random_get_bytes(b, l) os_get_random((b), (l))
+ #define random_pool_ready() 1
+ #define random_mark_pool_ready() do { } while (0)
+ #else /* CONFIG_NO_RANDOM_POOL */
+-void random_add_randomness(const void *buf, size_t len);
+ int random_get_bytes(void *buf, size_t len);
+ int random_pool_ready(void);
+ void random_mark_pool_ready(void);
+ #endif /* CONFIG_NO_RANDOM_POOL */
++void random_add_randomness(const void *buf, size_t len);
+ 
+ #endif /* RANDOM_H */
diff --git a/package/hostapd/patches/700-use_dev_urandom.patch b/package/hostapd/patches/700-use_dev_urandom.patch
deleted file mode 100644
index b72319ff1..000000000
--- a/package/hostapd/patches/700-use_dev_urandom.patch
+++ /dev/null
@@ -1,47 +0,0 @@
---- a/src/crypto/random.c
-+++ b/src/crypto/random.c
-@@ -202,16 +202,16 @@ int random_pool_ready(void)
- 
- 	/*
- 	 * Try to fetch some more data from the kernel high quality
--	 * /dev/random. There may not be enough data available at this point,
-+	 * /dev/urandom. There may not be enough data available at this point,
- 	 * so use non-blocking read to avoid blocking the application
- 	 * completely.
- 	 */
--	fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
-+	fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK);
- 	if (fd < 0) {
- #ifndef CONFIG_NO_STDOUT_DEBUG
- 		int error = errno;
--		perror("open(/dev/random)");
--		wpa_printf(MSG_ERROR, "random: Cannot open /dev/random: %s",
-+		perror("open(/dev/urandom)");
-+		wpa_printf(MSG_ERROR, "random: Cannot open /dev/urandom: %s",
- 			   strerror(error));
- #endif /* CONFIG_NO_STDOUT_DEBUG */
- 		return -1;
-@@ -220,12 +220,12 @@ int random_pool_ready(void)
- 	res = read(fd, dummy_key + dummy_key_avail,
- 		   sizeof(dummy_key) - dummy_key_avail);
- 	if (res < 0) {
--		wpa_printf(MSG_ERROR, "random: Cannot read from /dev/random: "
-+		wpa_printf(MSG_ERROR, "random: Cannot read from /dev/urandom: "
- 			   "%s", strerror(errno));
- 		res = 0;
- 	}
- 	wpa_printf(MSG_DEBUG, "random: Got %u/%u bytes from "
--		   "/dev/random", (unsigned) res,
-+		   "/dev/urandom", (unsigned) res,
- 		   (unsigned) (sizeof(dummy_key) - dummy_key_avail));
- 	dummy_key_avail += res;
- 	close(fd);
-@@ -234,7 +234,7 @@ int random_pool_ready(void)
- 		return 1;
- 
- 	wpa_printf(MSG_INFO, "random: Only %u/%u bytes of strong "
--		   "random data available from /dev/random",
-+		   "random data available from /dev/urandom",
- 		   (unsigned) dummy_key_avail, (unsigned) sizeof(dummy_key));
- 
- 	if (own_pool_ready >= MIN_READY_MARK ||