summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--package/utils/px5g-standalone/Makefile4
-rw-r--r--package/utils/px5g-standalone/src/library/x509write.c27
-rw-r--r--package/utils/px5g/Makefile7
-rw-r--r--package/utils/px5g/px5g.c10
4 files changed, 37 insertions, 11 deletions
diff --git a/package/utils/px5g-standalone/Makefile b/package/utils/px5g-standalone/Makefile
index fc5f391..d6843b0 100644
--- a/package/utils/px5g-standalone/Makefile
+++ b/package/utils/px5g-standalone/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
PKG_CHECK_FORMAT_SECURITY:=0
diff --git a/package/utils/px5g-standalone/src/library/x509write.c b/package/utils/px5g-standalone/src/library/x509write.c
index fabee20..1091568 100644
--- a/package/utils/px5g-standalone/src/library/x509write.c
+++ b/package/utils/px5g-standalone/src/library/x509write.c
@@ -1000,6 +1000,26 @@ static int x509write_make_sign(x509_raw *chain, rsa_context *privkey)
}
/*
+ * Create a random serial
+ */
+static int get_random_serial(void)
+{
+ int random = 0;
+ FILE *fd;
+
+ fd = fopen("/dev/urandom", "r");
+
+ if (fd) {
+ if (fread(&random, 1, sizeof(random), fd) != sizeof(random))
+ random = 0;
+
+ fclose(fd);
+ }
+
+ return random;
+}
+
+/*
* Create a self signed certificate
*/
int x509write_create_sign(x509_raw *chain, rsa_context *privkey)
@@ -1020,8 +1040,11 @@ int x509write_create_sign(x509_raw *chain, rsa_context *privkey)
/*
* CertificateSerialNumber ::= INTEGER
*/
- srand((unsigned int) time(NULL));
- serial = rand();
+ serial = get_random_serial();
+
+ if (serial == 0)
+ return 1;
+
if ((ret = asn1_add_int(serial, &chain->serial)) != 0)
return ret;
diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile
index 9c0caa7..8677a8b 100644
--- a/package/utils/px5g/Makefile
+++ b/package/utils/px5g/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+# Copyright (C) 2010-2015 Jo-Philipp Wich <jow@openwrt.org>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@@ -8,9 +8,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g
-PKG_RELEASE:=1
+PKG_RELEASE:=3
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)
PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/package.mk
@@ -19,7 +18,7 @@ define Package/px5g
SECTION:=utils
CATEGORY:=Utilities
TITLE:=X.509 certificate generator (using PolarSSL)
- MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org>
+ MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
DEPENDS:=+libpolarssl
endef
diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c
index 6b97708..eec8fd3 100644
--- a/package/utils/px5g/px5g.c
+++ b/package/utils/px5g/px5g.c
@@ -143,7 +143,7 @@ int selfsigned(char **arg)
char *keypath = NULL, *certpath = NULL;
bool pem = true;
time_t from = time(NULL), to;
- char fstr[20], tstr[20];
+ char fstr[20], tstr[20], sstr[17];
int len;
while (*arg && **arg == '-') {
@@ -188,7 +188,7 @@ int selfsigned(char **arg)
}
memcpy(newc, oldc, delim - oldc);
newc += delim - oldc;
- *newc++ = ';';
+ *newc++ = ',';
oldc = delim + 1;
} while(*delim);
arg++;
@@ -222,8 +222,12 @@ int selfsigned(char **arg)
x509write_crt_set_subject_key_identifier(&cert);
x509write_crt_set_authority_key_identifier(&cert);
+ _urandom(NULL, buf, 8);
+ for (len = 0; len < 8; len++)
+ sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
+
mpi_init(&serial);
- mpi_read_string(&serial, 10, "1");
+ mpi_read_string(&serial, 16, sstr);
x509write_crt_set_serial(&cert, &serial);
if (pem) {