diff options
| author | Yann Ylavic <ylavic@apache.org> | 2018-06-11 22:06:09 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2018-06-11 22:06:09 +0000 |
| commit | 214bee3ec4c25be010a0b94091da61de005c604c (patch) | |
| tree | ed79099e853bca1344dfd7a8bd18a6d47b2a6e42 /build | |
| parent | ecbddf2ead64b58a9c17136113eb0b91cd858a59 (diff) | |
| download | apr-214bee3ec4c25be010a0b94091da61de005c604c.tar.gz | |
Cryptographic Pseudo Random Number Generator (CPRNG).
New apr_crypto_prng API and apr_crypto[_thread]_random_bytes() functions.
Allows to generate cryptographically secure random bytes indefinitely
given an initial seed of APR_CRYPTO_PRNG_SEED_SIZE bytes (32), which
is either provided by the caller or automatically gathered from the system.
The CPRNG can also be re-seeded at any time, or after a process is fork()ed.
The internal key is renewed every APR_CRYPTO_PRNG_SEED_SIZE random
bytes produced and those data once returned to the caller are cleared from
the internal state, which ensures forward secrecy.
This CPRNG is fast, based on a stream cipher, and will never block besides
the initial seed or any reseed if it depends on the system entropy.
Finally, it can be used either globally (locked in multithread environment),
per-thread (a lock free instance is automatically created for each thread on
first use), or created as standalone instance (manageable independently).
For now it's only implemented with the OpenSSL library as underlying crypto,
that is --with-crypto --with-openssl needs to be configured, and the latter
links libcrypto with APR.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1833359 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'build')
| -rw-r--r-- | build/crypto.m4 | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/build/crypto.m4 b/build/crypto.m4 index e972494d7..7d69ed027 100644 --- a/build/crypto.m4 +++ b/build/crypto.m4 @@ -23,6 +23,7 @@ dnl APU_CHECK_CRYPTO: look for crypto libraries and headers dnl AC_DEFUN([APU_CHECK_CRYPTO], [ apu_have_crypto=0 + apu_have_crypto_prng=0 apu_have_openssl=0 apu_have_nss=0 apu_have_commoncrypto=0 @@ -66,13 +67,18 @@ AC_DEFUN([APU_CHECK_CRYPTO], [ dnl add checks for other varieties of ssl here if test "$apu_have_crypto" = "0"; then AC_ERROR([Crypto was requested but no crypto library could be enabled; specify the location of a crypto library using --with-openssl, --with-nss, and/or --with-commoncrypto.]) + elif test "$apu_have_openssl" = "1"; then + dnl PRNG only implemented with openssl for now + apu_have_crypto_prng=1 fi fi ], [ apu_have_crypto=0 + apu_have_crypto_prng=0 ]) AC_SUBST(apu_have_crypto) + AC_SUBST(apu_have_crypto_prng) ]) dnl @@ -153,6 +159,11 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [ LIBS="$old_libs" CPPFLAGS="$old_cppflags" LDFLAGS="$old_ldflags" + + if test "$apu_have_openssl" = "1"; then + APR_ADDTO(APRUTIL_EXPORT_LIBS, [-lcrypto]) + APR_ADDTO(LIBS, [-lcrypto]) + fi ]) AC_DEFUN([APU_CHECK_CRYPTO_NSS], [ |