From a4c4331b71076bf3612fe3d0c99d3818acab7bc1 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 15 Jun 2020 16:32:26 +0200 Subject: [PATCH] TLS applications: initialize RNG --- albatross.opam | 2 +- client/albatross_client_remote_tls.ml | 2 +- client/dune | 2 +- tls/albatross_tls_endpoint.ml | 4 ++-- tls/albatross_tls_inetd.ml | 4 ++-- tls/dune | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/albatross.opam b/albatross.opam index 0007f3f..e0bcbc8 100644 --- a/albatross.opam +++ b/albatross.opam @@ -24,7 +24,7 @@ depends: [ "x509" {>= "0.11.0"} "tls" {>= "0.12.0"} "mirage-crypto-pk" - "mirage-crypto-rng" + "mirage-crypto-rng" {>= "0.7.0"} "asn1-combinators" {>= "0.2.0"} "duration" "decompress" {>= "0.9.0" & < "1.0.0"} diff --git a/client/albatross_client_remote_tls.ml b/client/albatross_client_remote_tls.ml index 8259f32..9533a5f 100644 --- a/client/albatross_client_remote_tls.ml +++ b/client/albatross_client_remote_tls.ml @@ -15,6 +15,7 @@ let rec read_tls_write_cons t = | Error e -> Lwt.return e let client cas host port cert priv_key = + Mirage_crypto_rng_lwt.initialize () >>= fun () -> let auth = if Sys.is_directory cas then `Ca_dir cas else `Ca_file cas in X509_lwt.authenticator auth >>= fun authenticator -> Lwt.catch (fun () -> @@ -46,7 +47,6 @@ let run_client _ cas cert key (host, port) = | Tls_lwt.Tls_failure f -> Some ("TLS failure: " ^ Tls.Engine.string_of_failure f) | _ -> None) ; Sys.(set_signal sigpipe Signal_ignore) ; - Mirage_crypto_rng_unix.initialize (); Lwt_main.run (client cas host port cert key) open Cmdliner diff --git a/client/dune b/client/dune index 70d8921..c14e1ac 100644 --- a/client/dune +++ b/client/dune @@ -17,4 +17,4 @@ (public_name albatross-client-remote-tls) (package albatross) (modules albatross_client_remote_tls) - (libraries albatross.cli albatross albatross.tls albatross_tls_cli)) + (libraries albatross.cli albatross albatross.tls albatross_tls_cli mirage-crypto-rng.lwt)) diff --git a/tls/albatross_tls_endpoint.ml b/tls/albatross_tls_endpoint.ml index 177e4af..822b8af 100644 --- a/tls/albatross_tls_endpoint.ml +++ b/tls/albatross_tls_endpoint.ml @@ -15,10 +15,10 @@ let server_socket port = let jump _ cacert cert priv_key port tmpdir = Sys.(set_signal sigpipe Signal_ignore); - Mirage_crypto_rng_unix.initialize (); Albatross_cli.set_tmpdir tmpdir; Lwt_main.run - (server_socket port >>= fun socket -> + (Mirage_crypto_rng_lwt.initialize () >>= fun () -> + server_socket port >>= fun socket -> tls_config cacert cert priv_key >>= fun config -> let rec loop () = Lwt.catch (fun () -> diff --git a/tls/albatross_tls_inetd.ml b/tls/albatross_tls_inetd.ml index 5aee82a..96e4da5 100644 --- a/tls/albatross_tls_inetd.ml +++ b/tls/albatross_tls_inetd.ml @@ -5,10 +5,10 @@ open Albatross_tls_common let jump cacert cert priv_key tmpdir = Sys.(set_signal sigpipe Signal_ignore) ; - Mirage_crypto_rng_unix.initialize (); Albatross_cli.set_tmpdir tmpdir; Lwt_main.run - (tls_config cacert cert priv_key >>= fun config -> + (Mirage_crypto_rng_lwt.initialize () >>= fun () -> + tls_config cacert cert priv_key >>= fun config -> let fd = Lwt_unix.of_unix_file_descr Unix.stdin in Lwt.catch (fun () -> Tls_lwt.Unix.server_of_fd config fd) diff --git a/tls/dune b/tls/dune index b7e989d..d706c1c 100644 --- a/tls/dune +++ b/tls/dune @@ -16,11 +16,11 @@ (public_name albatross-tls-endpoint) (package albatross) (modules albatross_tls_endpoint) - (libraries albatross_cli albatross_tls_cli albatross)) + (libraries albatross_cli albatross_tls_cli albatross mirage-crypto-rng.lwt)) (executable (name albatross_tls_inetd) (public_name albatross-tls-inetd) (package albatross) (modules albatross_tls_inetd) - (libraries albatross_cli albatross_tls_cli albatross)) + (libraries albatross_cli albatross_tls_cli albatross mirage-crypto-rng.lwt))