openssl: SHA1 and RAND cleanups, use uuid_random instead RAND_bytes i…

…n access_ticket_create()

src/access.c

@@ -30,9 +30,6 @@
 #include <arpa/inet.h>
 #include <sys/socket.h>
 
-#include <openssl/sha.h>
-#include <openssl/rand.h>
-
 #include "tvheadend.h"
 #include "access.h"
 #include "settings.h"
@@ -116,7 +113,7 @@ access_ticket_create(const char *resource, access_t *a)
 
   at = calloc(1, sizeof(access_ticket_t));
 
-  RAND_bytes(buf, 20);
+  uuid_random(buf, 20);
 
   //convert to hexstring
   for(i=0; i<sizeof(buf); i++){
@@ -1485,7 +1482,6 @@ passwd_verify_digest2(const char *username, const uint8_t *digest,
                       const uint8_t *challenge,
                       const char *username2, const char *passwd2)
 {
-  SHA_CTX shactx;
   uint8_t d[20];
 
   if (username == NULL || username[0] == '\0' ||
@@ -1496,10 +1492,7 @@ passwd_verify_digest2(const char *username, const uint8_t *digest,
   if (strcmp(username, username2))
     return -1;
 
-  SHA1_Init(&shactx);
-  SHA1_Update(&shactx, (const uint8_t *)passwd2, strlen(passwd2));
-  SHA1_Update(&shactx, challenge, 32);
-  SHA1_Final(d, &shactx);
+  sha1_calc(d, (uint8_t *)passwd2, strlen(passwd2), challenge, 32);
 
   return memcmp(d, digest, 20) ? -1 : 0;
 }
@@ -1723,19 +1716,10 @@ access_init(int createdefault, int noacl)
   access_entry_t *ae;
   const char *s;
 
-  static struct {
-    pid_t pid;
-    struct timeval tv;
-  } randseed;
-
   access_noacl = noacl;
   if (noacl)
     tvhlog(LOG_WARNING, "access", "Access control checking disabled");
 
-  randseed.pid = getpid();
-  gettimeofday(&randseed.tv, NULL);
-  RAND_seed(&randseed, sizeof(randseed));
-
   TAILQ_INIT(&access_entries);
   TAILQ_INIT(&access_tickets);
   TAILQ_INIT(&passwd_entries);

src/input/mpegts/satip/satip.c

@@ -424,7 +424,7 @@ satip_device_calc_uuid( tvh_uuid_t *uuid, const char *satip_uuid )
 {
   uint8_t uuidbin[20];
 
-  satip_device_calc_bin_uuid(uuidbin, satip_uuid);
+  sha1_calc(uuidbin, (const uint8_t *)satip_uuid, strlen(satip_uuid), NULL, 0);
   bin2hex(uuid->hex, sizeof(uuid->hex), uuidbin, sizeof(uuidbin));
 }
 

src/main.c

@@ -580,6 +580,11 @@ main(int argc, char **argv)
   uid_t uid = -1;
   char buf[512];
   FILE *pidfile = NULL;
+  static struct {
+    pid_t pid;
+    struct timeval tv;
+    uint8_t ru[32];
+  } randseed;
   extern int dvb_bouquets_parse;
 
   main_tid = pthread_self();
@@ -960,6 +965,11 @@ main(int argc, char **argv)
   OPENSSL_config(NULL);
   SSL_load_error_strings();
   SSL_library_init();
+  /* Rand seed */
+  randseed.pid = main_tid;
+  gettimeofday(&randseed.tv, NULL);
+  uuid_random(randseed.ru, sizeof(randseed.ru));
+  RAND_seed(&randseed, sizeof(randseed));
 
   /* Initialise configuration */
   notify_init();

src/tvheadend.h

@@ -753,6 +753,8 @@ int mpegts_word_count(const uint8_t *tsb, int len, uint32_t mask);
 
 int deferred_unlink(const char *filename, const char *rootdir);
 
+void sha1_calc(uint8_t *dst, const uint8_t *d1, size_t d1_len, const uint8_t *d2, size_t d2_len);
+
 static inline int32_t deltaI32(int32_t a, int32_t b) { return (a > b) ? (a - b) : (b - a); }
 static inline uint32_t deltaU32(uint32_t a, uint32_t b) { return (a > b) ? (a - b) : (b - a); }
 

src/utils.c

@@ -26,6 +26,9 @@
 #include <dirent.h>
 #include <unistd.h>
 #include <ctype.h>
+
+#include <openssl/sha.h>
+
 #include "tvheadend.h"
 #include "tvh_endian.h"
 
@@ -724,3 +727,18 @@ deferred_unlink(const char *filename, const char *rootdir)
   }
   return 0;
 }
+
+void
+sha1_calc(uint8_t *dst,
+          const uint8_t *d1, size_t d1_len,
+          const uint8_t *d2, size_t d2_len)
+{
+  SHA_CTX shactx;
+
+  SHA1_Init(&shactx);
+  if (d1)
+    SHA1_Update(&shactx, d1, d1_len);
+  if (d2)
+    SHA1_Update(&shactx, d2, d2_len);
+  SHA1_Final(dst, &shactx);
+}