Add new public function RANDOM-BYTES, an lispy wrapper over the OpenSSL RAND_bytes function.
parent
1efe48e86c
commit
d1650a2341
|
@ -19,7 +19,8 @@
|
|||
(:cond ((:featurep :clisp) "ffi-buffer-clisp")
|
||||
((:featurep (:not :clisp)) "ffi-buffer"))
|
||||
"streams"
|
||||
"bio")
|
||||
"bio"
|
||||
"random")
|
||||
:build-depends-on ("flexi-streams" "trivial-gray-streams" "cffi")
|
||||
:supersedes-asdf ("cl+ssl")))
|
||||
|
||||
|
|
|
@ -25,4 +25,5 @@
|
|||
#-clisp (:file "ffi-buffer")
|
||||
#+clisp (:file "ffi-buffer-clisp")
|
||||
(:file "streams")
|
||||
(:file "bio")))
|
||||
(:file "bio")
|
||||
(:file "random")))
|
||||
|
|
13
ffi.lisp
13
ffi.lisp
|
@ -131,10 +131,6 @@
|
|||
(cffi:defcfun ("SSL_CTX_free" ssl-ctx-free)
|
||||
:void
|
||||
(ctx ssl-ctx))
|
||||
(cffi:defcfun ("RAND_seed" rand-seed)
|
||||
:void
|
||||
(buf :pointer)
|
||||
(num :int))
|
||||
(cffi:defcfun ("BIO_ctrl" bio-set-fd)
|
||||
:long
|
||||
(bio :pointer)
|
||||
|
@ -213,6 +209,15 @@
|
|||
:void
|
||||
(fun :pointer))
|
||||
|
||||
(cffi:defcfun ("RAND_seed" rand-seed)
|
||||
:void
|
||||
(buf :pointer)
|
||||
(num :int))
|
||||
(cffi:defcfun ("RAND_bytes" rand-bytes)
|
||||
:int
|
||||
(buf :pointer)
|
||||
(num :int))
|
||||
|
||||
;;; Funcall wrapper
|
||||
;;;
|
||||
(defvar *socket*)
|
||||
|
|
|
@ -15,4 +15,5 @@
|
|||
#:stream-fd
|
||||
#:make-ssl-client-stream
|
||||
#:make-ssl-server-stream
|
||||
#:use-certificate-chain-file))
|
||||
#:use-certificate-chain-file
|
||||
#:random-bytes))
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#+xcvb
|
||||
(module
|
||||
(:depends-on ("package" "conditions" "ffi"
|
||||
(:cond ((:featurep :clisp) "ffi-buffer-clisp")
|
||||
(t "ffi-buffer"))
|
||||
"ffi-buffer-all")))
|
||||
|
||||
(in-package :cl+ssl)
|
||||
|
||||
(defun random-bytes (count)
|
||||
"Generates COUNT cryptographically strong pseudo-random bytes. Returns
|
||||
the bytes as a SIMPLE-ARRAY with ELEMENT-TYPE '(UNSIGNED-BYTE 8). Signals
|
||||
an ERROR in case of problems, for example when the OpenSSL random number
|
||||
generator has not been seeded with enough randomness to ensure an
|
||||
unpredictable byte sequence."
|
||||
(let* ((result (make-array count :element-type '(unsigned-byte 8)))
|
||||
(buf (make-buffer count))
|
||||
(ret (with-pointer-to-vector-data (ptr buf)
|
||||
(rand-bytes ptr count))))
|
||||
(when (/= 1 ret)
|
||||
(error "RANDOM-BYTES failed: error reported by the OpenSSL RAND_bytes function. ~A."
|
||||
(with-output-to-string (s) (write-ssl-error-queue s))))
|
||||
(v/b-replace result buf)))
|
||||
|
||||
;; TODO: Should we define random-specific constants and condition classes for
|
||||
;; RAND_F_RAND_GET_RAND_METHOD, RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED
|
||||
;; (defined in the rand.h file of the OpenSSl sources)?
|
||||
;; Where to place these constants/condtitions, here or in the conditions.lisp?
|
||||
;; On the other hand, those constants are just numbers defined for C,
|
||||
;; for now we jsut report human readable strings, without possibility
|
||||
;; to distinguish these error causes programmatically.
|
||||
|
|
@ -9,7 +9,8 @@
|
|||
(module
|
||||
(:depends-on ("package" "conditions" "ffi"
|
||||
(:cond ((:featurep :clisp) "ffi-buffer-clisp")
|
||||
(t "ffi-buffer")))))
|
||||
(t "ffi-buffer"))
|
||||
"ffi-buffer-all")))
|
||||
|
||||
(eval-when (:compile-toplevel)
|
||||
(declaim
|
||||
|
|
Loading…
Reference in New Issue