Mercurial > dovecot > core-2.2
changeset 1335:5ad84c54eb7e HEAD
Support using OpenSSL's pseudo-random generator instead of /dev/urandom. If
neither are found, allow dovecot-auth still to be started because currently
only DIGEST-MD5 requires prng.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Fri, 04 Apr 2003 17:40:13 +0300 |
| parents | 968c9d53506a |
| children | adca691bd671 |
| files | configure.in src/auth/Makefile.am src/lib/randgen.c |
| diffstat | 3 files changed, 63 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/configure.in Fri Apr 04 15:40:24 2003 +0300 +++ b/configure.in Fri Apr 04 17:40:13 2003 +0300 @@ -464,6 +464,22 @@ AC_DEFINE(HAVE_SOCKLEN_T,, Define to 'int' if you don't have socklen_t) fi +dnl * find random source +AC_MSG_CHECKING([for /dev/urandom]) +if test -e /dev/urandom; then + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_DEV_URANDOM,, Define if you have /dev/urandom) + have_random_source=yes +else + AC_MSG_RESULT(no) + + AC_CHECK_HEADER(openssl/rand.h, [ + AC_DEFINE(HAVE_OPENSSL_RAND_H,, Define if you have openssl/rand.h) + RAND_LIBS=-lcrypto + ]) +fi +AC_SUBST(RAND_LIBS) + dnl * do we have tm_gmtoff AC_MSG_CHECKING([for tm_gmtoff]) AC_CACHE_VAL(i_cv_field_tm_gmtoff,
--- a/src/auth/Makefile.am Fri Apr 04 15:40:24 2003 +0300 +++ b/src/auth/Makefile.am Fri Apr 04 17:40:13 2003 +0300 @@ -11,7 +11,8 @@ dovecot_auth_LDADD = \ ../lib-settings/libsettings.a \ ../lib/liblib.a \ - $(AUTH_LIBS) + $(AUTH_LIBS) \ + $(RAND_LIBS) if AUTH_MODULES dovecot_auth_LDFLAGS = -export-dynamic
--- a/src/lib/randgen.c Fri Apr 04 15:40:24 2003 +0300 +++ b/src/lib/randgen.c Fri Apr 04 17:40:13 2003 +0300 @@ -24,9 +24,11 @@ */ #include "lib.h" -#include "fd-close-on-exec.h" #include "randgen.h" +#ifdef HAVE_URANDOM + +#include "fd-close-on-exec.h" #include <unistd.h> #include <fcntl.h> @@ -74,3 +76,45 @@ (void)close(urandom_fd); urandom_fd = -1; } + +#elif defined(HAVE_OPENSSL_RAND_H) +#include <openssl/rand.h> +#include <openssl/err.h> + +static const char *ssl_last_error(void) +{ + unsigned long err; + char *buf; + size_t err_size = 256; + + err = ERR_get_error(); + if (err == 0) + return strerror(errno); + + buf = t_malloc(err_size); + buf[err_size-1] = '\0'; + ERR_error_string_n(err, buf, err_size-1); + return buf; +} + +void random_fill(void *buf, size_t size) +{ + if (RAND_pseudo_bytes(buf, size) != 1) + i_fatal("RAND_pseudo_bytes() failed: %s", ssl_last_error()); +} + +void random_init(void) {} +void random_deinit(void) {} + +#else +# warning Random generator disabled + +void random_fill(void *buf, size_t size) +{ + i_fatal("random_fill(): No random source"); +} + +void random_init(void) {} +void random_deinit(void) {} + +#endif