Added the --quick-random option to certtool to improve generation time of private keys.

They delay is quite annoying especially when generating test keys.
author: Nikos Mavrogiannopoulos <nmav@crystal.(none)> 2007-10-06 13:19:11 +0300
committer: Nikos Mavrogiannopoulos <nmav@crystal.(none)> 2007-10-06 13:19:11 +0300
commit: 00025568ed76d0675b0530246c9f826a7632958e (patch)
tree: edb4098c89488222ee1be085d2c49d9183c067af /src
parent: 53dfd162a53b1e8df17761aedb7d3b1e83d3c652 (diff)
download: gnutls-00025568ed76d0675b0530246c9f826a7632958e.tar.gz
4 files changed, 96 insertions, 70 deletions
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index 2b154a61a4..d078ba42d8 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -147,6 +147,7 @@ void gaa_help(void)
 	__gaa_helpsingle(0, "load-ca-certificate", "FILE ", "Certificate authority's certificate file to use.");
 	__gaa_helpsingle(0, "password", "PASSWORD ", "Password to use.");
 	__gaa_helpsingle('i', "certificate-info", "", "Print information on a certificate.");
+	__gaa_helpsingle(0, "quick-random", "", "Use /dev/urandom for all operation, reducing the quality of randomness used.");
 	__gaa_helpsingle('l', "crl-info", "", "Print information on a CRL.");
 	__gaa_helpsingle(0, "p12-info", "", "Print information on a PKCS #12 structure.");
 	__gaa_helpsingle(0, "p7-info", "", "Print information on a PKCS #7 structure.");
@@ -182,32 +183,34 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 107 "certtool.gaa"
+#line 110 "certtool.gaa"
 	int debug;
-#line 103 "certtool.gaa"
+#line 106 "certtool.gaa"
 	char *template;
-#line 100 "certtool.gaa"
+#line 103 "certtool.gaa"
 	char *infile;
-#line 97 "certtool.gaa"
+#line 100 "certtool.gaa"
 	char *outfile;
-#line 94 "certtool.gaa"
+#line 97 "certtool.gaa"
 	int bits;
-#line 91 "certtool.gaa"
+#line 94 "certtool.gaa"
 	int outcert_format;
-#line 88 "certtool.gaa"
+#line 91 "certtool.gaa"
 	int xml;
-#line 85 "certtool.gaa"
+#line 88 "certtool.gaa"
 	int incert_format;
-#line 82 "certtool.gaa"
+#line 85 "certtool.gaa"
 	int export;
-#line 79 "certtool.gaa"
+#line 82 "certtool.gaa"
 	char *hash;
-#line 76 "certtool.gaa"
+#line 79 "certtool.gaa"
 	int dsa;
-#line 73 "certtool.gaa"
+#line 76 "certtool.gaa"
 	int pkcs8;
-#line 68 "certtool.gaa"
+#line 71 "certtool.gaa"
 	int fix_key;
+#line 58 "certtool.gaa"
+	int quick_random;
 #line 53 "certtool.gaa"
 	char *pass;
 #line 50 "certtool.gaa"
@@ -276,7 +279,7 @@ static int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           39
+#define GAA_NB_OPTION           40
 #define GAAOPTID_version	1
 #define GAAOPTID_help	2
 #define GAAOPTID_debug	3
@@ -298,24 +301,25 @@ static int gaa_error = 0;
 #define GAAOPTID_p7_info	19
 #define GAAOPTID_p12_info	20
 #define GAAOPTID_crl_info	21
-#define GAAOPTID_certificate_info	22
-#define GAAOPTID_password	23
-#define GAAOPTID_load_ca_certificate	24
-#define GAAOPTID_load_ca_privkey	25
-#define GAAOPTID_load_certificate	26
-#define GAAOPTID_load_request	27
-#define GAAOPTID_load_privkey	28
-#define GAAOPTID_get_dh_params	29
-#define GAAOPTID_generate_dh_params	30
-#define GAAOPTID_verify_crl	31
-#define GAAOPTID_verify_chain	32
-#define GAAOPTID_generate_request	33
-#define GAAOPTID_generate_privkey	34
-#define GAAOPTID_update_certificate	35
-#define GAAOPTID_generate_crl	36
-#define GAAOPTID_generate_proxy	37
-#define GAAOPTID_generate_certificate	38
-#define GAAOPTID_generate_self_signed	39
+#define GAAOPTID_quick_random	22
+#define GAAOPTID_certificate_info	23
+#define GAAOPTID_password	24
+#define GAAOPTID_load_ca_certificate	25
+#define GAAOPTID_load_ca_privkey	26
+#define GAAOPTID_load_certificate	27
+#define GAAOPTID_load_request	28
+#define GAAOPTID_load_privkey	29
+#define GAAOPTID_get_dh_params	30
+#define GAAOPTID_generate_dh_params	31
+#define GAAOPTID_verify_crl	32
+#define GAAOPTID_verify_chain	33
+#define GAAOPTID_generate_request	34
+#define GAAOPTID_generate_privkey	35
+#define GAAOPTID_update_certificate	36
+#define GAAOPTID_generate_crl	37
+#define GAAOPTID_generate_proxy	38
+#define GAAOPTID_generate_certificate	39
+#define GAAOPTID_generate_self_signed	40
 
 #line 168 "gaa.skel"
 
@@ -632,6 +636,7 @@ static int gaa_get_option_num(char *str, int status)
 			GAA_CHECK1STR("", GAAOPTID_p7_info);
 			GAA_CHECK1STR("", GAAOPTID_p12_info);
 			GAA_CHECK1STR("l", GAAOPTID_crl_info);
+			GAA_CHECK1STR("", GAAOPTID_quick_random);
 			GAA_CHECK1STR("i", GAAOPTID_certificate_info);
 			GAA_CHECK1STR("", GAAOPTID_get_dh_params);
 			GAA_CHECK1STR("", GAAOPTID_generate_dh_params);
@@ -669,6 +674,7 @@ static int gaa_get_option_num(char *str, int status)
 			GAA_CHECKSTR("p7-info", GAAOPTID_p7_info);
 			GAA_CHECKSTR("p12-info", GAAOPTID_p12_info);
 			GAA_CHECKSTR("crl-info", GAAOPTID_crl_info);
+			GAA_CHECKSTR("quick-random", GAAOPTID_quick_random);
 			GAA_CHECKSTR("certificate-info", GAAOPTID_certificate_info);
 			GAA_CHECKSTR("password", GAAOPTID_password);
 			GAA_CHECKSTR("load-ca-certificate", GAAOPTID_load_ca_certificate);
@@ -733,14 +739,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
 	case GAAOPTID_version:
 	OK = 0;
-#line 112 "certtool.gaa"
+#line 115 "certtool.gaa"
 { certtool_version(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_help:
 	OK = 0;
-#line 110 "certtool.gaa"
+#line 113 "certtool.gaa"
 { gaa_help(); exit(0); ;};
 
 		return GAA_OK;
@@ -750,7 +756,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
 		gaa_index++;
-#line 108 "certtool.gaa"
+#line 111 "certtool.gaa"
 { gaaval->debug = GAATMP_debug.arg1 ;};
 
 		return GAA_OK;
@@ -760,7 +766,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_template.arg1, gaa_getstr, GAATMP_template.size1);
 		gaa_index++;
-#line 104 "certtool.gaa"
+#line 107 "certtool.gaa"
 { gaaval->template = GAATMP_template.arg1 ;};
 
 		return GAA_OK;
@@ -770,7 +776,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
 		gaa_index++;
-#line 101 "certtool.gaa"
+#line 104 "certtool.gaa"
 { gaaval->infile = GAATMP_infile.arg1 ;};
 
 		return GAA_OK;
@@ -780,7 +786,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
 		gaa_index++;
-#line 98 "certtool.gaa"
+#line 101 "certtool.gaa"
 { gaaval->outfile = GAATMP_outfile.arg1 ;};
 
 		return GAA_OK;
@@ -790,35 +796,35 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
 		gaa_index++;
-#line 95 "certtool.gaa"
+#line 98 "certtool.gaa"
 { gaaval->bits = GAATMP_bits.arg1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_outder:
 	OK = 0;
-#line 92 "certtool.gaa"
+#line 95 "certtool.gaa"
 { gaaval->outcert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_xml:
 	OK = 0;
-#line 89 "certtool.gaa"
+#line 92 "certtool.gaa"
 { gaaval->xml=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_inder:
 	OK = 0;
-#line 86 "certtool.gaa"
+#line 89 "certtool.gaa"
 { gaaval->incert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_export_ciphers:
 	OK = 0;
-#line 83 "certtool.gaa"
+#line 86 "certtool.gaa"
 { gaaval->export=1 ;};
 
 		return GAA_OK;
@@ -828,74 +834,81 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1);
 		gaa_index++;
-#line 80 "certtool.gaa"
+#line 83 "certtool.gaa"
 { gaaval->hash = GAATMP_hash.arg1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_dsa:
 	OK = 0;
-#line 77 "certtool.gaa"
+#line 80 "certtool.gaa"
 { gaaval->dsa=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_pkcs8:
 	OK = 0;
-#line 74 "certtool.gaa"
+#line 77 "certtool.gaa"
 { gaaval->pkcs8=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_to_p12:
 	OK = 0;
-#line 71 "certtool.gaa"
+#line 74 "certtool.gaa"
 { gaaval->action = 8; ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_fix_key:
 	OK = 0;
-#line 69 "certtool.gaa"
+#line 72 "certtool.gaa"
 { gaaval->fix_key = 1; ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_key_info:
 	OK = 0;
-#line 66 "certtool.gaa"
+#line 69 "certtool.gaa"
 { gaaval->action = 6; ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_smime_to_p7:
 	OK = 0;
-#line 64 "certtool.gaa"
+#line 67 "certtool.gaa"
 { gaaval->action = 15; ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_p7_info:
 	OK = 0;
-#line 62 "certtool.gaa"
+#line 65 "certtool.gaa"
 { gaaval->action = 12; ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_p12_info:
 	OK = 0;
-#line 60 "certtool.gaa"
+#line 63 "certtool.gaa"
 { gaaval->action = 9; ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_crl_info:
 	OK = 0;
-#line 58 "certtool.gaa"
+#line 61 "certtool.gaa"
 { gaaval->action = 11; ;};
 
 		return GAA_OK;
 		break;
+	case GAAOPTID_quick_random:
+	OK = 0;
+#line 59 "certtool.gaa"
+{ gaaval->quick_random = 1; ;};
+
+		return GAA_OK;
+		break;
 	case GAAOPTID_certificate_info:
 	OK = 0;
 #line 56 "certtool.gaa"
@@ -1064,11 +1077,11 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 114 "certtool.gaa"
+#line 117 "certtool.gaa"
 { gaaval->bits = 1024; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; 
 	gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; 
 	gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; 
-	gaaval->export = 0; gaaval->template = NULL; gaaval->xml = 0; gaaval->hash=NULL; gaaval->fix_key = 0;;};
+	gaaval->export = 0; gaaval->template = NULL; gaaval->xml = 0; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=0; ;};
 
     }
     inited = 1;
@@ -1216,7 +1229,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc
 
         len++;
         a = fgetc( file);
-        if(a==EOF) return 0; /* a = ' '; */
+        if(a==EOF) return 0; //a = ' ';
     }
 
     len += 1;
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index 0c4b9c92f6..19ed86f2cb 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,32 +8,34 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 107 "certtool.gaa"
+#line 110 "certtool.gaa"
 	int debug;
-#line 103 "certtool.gaa"
+#line 106 "certtool.gaa"
 	char *template;
-#line 100 "certtool.gaa"
+#line 103 "certtool.gaa"
 	char *infile;
-#line 97 "certtool.gaa"
+#line 100 "certtool.gaa"
 	char *outfile;
-#line 94 "certtool.gaa"
+#line 97 "certtool.gaa"
 	int bits;
-#line 91 "certtool.gaa"
+#line 94 "certtool.gaa"
 	int outcert_format;
-#line 88 "certtool.gaa"
+#line 91 "certtool.gaa"
 	int xml;
-#line 85 "certtool.gaa"
+#line 88 "certtool.gaa"
 	int incert_format;
-#line 82 "certtool.gaa"
+#line 85 "certtool.gaa"
 	int export;
-#line 79 "certtool.gaa"
+#line 82 "certtool.gaa"
 	char *hash;
-#line 76 "certtool.gaa"
+#line 79 "certtool.gaa"
 	int dsa;
-#line 73 "certtool.gaa"
+#line 76 "certtool.gaa"
 	int pkcs8;
-#line 68 "certtool.gaa"
+#line 71 "certtool.gaa"
 	int fix_key;
+#line 58 "certtool.gaa"
+	int quick_random;
 #line 53 "certtool.gaa"
 	char *pass;
 #line 50 "certtool.gaa"
diff --git a/src/certtool.c b/src/certtool.c
index 2524918cc9..e637c1f14d 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -20,6 +20,7 @@
 
 #include <config.h>
 #include <gnutls/gnutls.h>
+#include <gcrypt.h>
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -137,6 +138,10 @@ generate_private_key_int (void)
   fprintf (stderr, "Generating a %d bit %s private key...\n", info.bits,
 	   gnutls_pk_algorithm_get_name (key_type));
 
+  if (info.quick_random == 0)
+    fprintf (stderr, "This might take several minutes depending on availability of randomness"
+      " in /dev/random. You can consider using --quick-random option but this reduces the quality of randomness used.\n");
+
   ret = gnutls_x509_privkey_generate (key, key_type, info.bits, 0);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
@@ -804,6 +809,9 @@ gaa_parser (int argc, char **argv)
       template_parse (info.template);
     }
 
+  if (info.quick_random != 0)
+  	gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+
   gnutls_global_set_log_function (tls_log_func);
   gnutls_global_set_log_level (info.debug);
 
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 0c9dfb7b0a..3f6c430ea2 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -55,6 +55,9 @@ option (password) STR "PASSWORD" { $pass = $1 } "Password to use."
 
 option (i, certificate-info) { $action = 2; } "Print information on a certificate."
 
+#int quick_random;
+option (quick-random) { $quick_random = 1; } "Use /dev/urandom for all operation, reducing the quality of randomness used."
+
 option (l, crl-info) { $action = 11; } "Print information on a CRL."
 
 option (p12-info) { $action = 9; } "Print information on a PKCS #12 structure."
@@ -114,5 +117,5 @@ option (v, version) { certtool_version(); exit(0); } "shows the program's versio
 init { $bits = 1024; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; 
 	$debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; 
 	$incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; 
-	$export = 0; $template = NULL; $xml = 0; $hash=NULL; $fix_key = 0;}
+	$export = 0; $template = NULL; $xml = 0; $hash=NULL; $fix_key = 0; $quick_random=0; }
author	Nikos Mavrogiannopoulos <nmav@crystal.(none)>	2007-10-06 13:19:11 +0300
committer	Nikos Mavrogiannopoulos <nmav@crystal.(none)>	2007-10-06 13:19:11 +0300
commit	00025568ed76d0675b0530246c9f826a7632958e (patch)
tree	edb4098c89488222ee1be085d2c49d9183c067af /src
parent	53dfd162a53b1e8df17761aedb7d3b1e83d3c652 (diff)
download	gnutls-00025568ed76d0675b0530246c9f826a7632958e.tar.gz