summaryrefslogtreecommitdiff
path: root/src/rand.c
Commit message (Collapse)AuthorAgeFilesLines
* [core] _WIN32 use rand_s() to init pseudo RNGGlenn Strauss2023-05-031-0/+22
|
* [core] _WIN32 sys-unistd.h to wrap <unistd.h>Glenn Strauss2023-05-031-1/+1
| | | | (selective implementations; not complete)
* [doc] remove references to removed modulesGlenn Strauss2023-01-031-1/+1
|
* [core] fall back to getauxval(AT_RANDOM), if availGlenn Strauss2022-02-191-0/+23
| | | | | | fall back to use getauxval(AT_RANDOM), if available, for srand() init getauxval(AT_RANDOM) is a glibc extension
* [core] use diff var name w/ CCRandomGenerateBytes (fixes #3141)Glenn Strauss2022-01-221-3/+3
| | | | | | | | | | | (thx ryandesign) CCRandomGenerateBytes is a fallback and might be present alongside crypto libraries which (previously) used the same variable name. x-ref: "error: redefinition of 'i'" https://redmine.lighttpd.net/issues/3141
* [core] avoid CCRandomGenerateBytes on MacOS <10.12 (fixes #3140)Glenn Strauss2022-01-221-1/+2
| | | | | | | | (thx ryandesign) x-ref: "lighttpd build failure on macOS 10.13 and earlier" https://redmine.lighttpd.net/issues/3140
* [core] CCRandomGenerateBytes() for rand on macOS (fixes #3129)Glenn Strauss2022-01-031-0/+17
| | | | | | | | (thx devnexen) x-ref: "rand macOs case handling update" https://redmine.lighttpd.net/issues/3129
* [core] move backtrace and assert macros to ck.[ch]Glenn Strauss2021-08-271-10/+7
|
* [multiple] rename safe_memclear() -> ck_memzero()Glenn Strauss2021-08-271-2/+2
|
* [core] consistent inclusion of sys-time.hGlenn Strauss2021-04-281-1/+1
|
* [multiple] include mbedtls/config.h after selectGlenn Strauss2020-10-291-1/+1
| | | | | include mbedtls/config.h crypto lib config after selecting crypto lib to use
* [multiple] consistent order for crypto lib selectGlenn Strauss2020-10-291-6/+6
|
* [build] WITHOUT_LIB_CRYPTO option in codeGlenn Strauss2020-10-271-0/+8
| | | | | | | | | | | | | (not (yet?) an end-user option in the build system) (If extended to build system, build system should also unset CRYPTO_LIB) If WITHOUT_LIB_CRYPTO is defined in sys-crypto.h, then non-TLS modules will have access to MD5() and SHA1() built with lighttpd (algo_md5.[ch] and algo_sha1.[ch]), but not to other message digest algorithms. As of this commit, this affects only mod_secdownload with SHA256 digest and mod_auth* modules using HTTP Digest Auth with digest=SHA-256, which is not currently well-supported by client browers (besides Opera)
* [multiple] test for nss includesGlenn Strauss2020-10-221-0/+5
| | | | | some distro packages deploy NSS includes under nss/, others nss3/ (and similar for nspr/ vs nspr4/)
* [core] add missing declaration for NSS randGlenn Strauss2020-10-211-0/+1
| | | | (bug on master branch; never released)
* [multiple] use NSS crypto if no other crypto availGlenn Strauss2020-10-191-0/+25
| | | | | | | use NSS crypto if no other crypto avail, but NSS crypto is available "NSS crypto support" is not included in tests/LightyTest.pm:has_crypto() due to NSS libraries (freebl3) lacking public export for HMAC funcs
* [core] allow symlinks under /dev for rand devicesGlenn Strauss2020-10-111-1/+1
| | | | (fix code to match comment)
* [mod_wolfssl] standalone moduleGlenn Strauss2020-10-111-5/+5
| | | | standalone module forked from mod_openssl
* [multiple] address coverity warningsGlenn Strauss2020-07-101-0/+9
|
* [mod_openssl] prefer some WolfSSL native APIsGlenn Strauss2020-07-081-0/+64
| | | | | | | | Prefer some WolfSSL native APIs when building with WolfSSL. However, some functionality in WolfSSL is available only through the WolfSSL compatibility layer for OpenSSL, so the effort to create a native mod_wolfssl halted here.
* [multiple] add summaries to top of some modulesGlenn Strauss2020-07-081-0/+6
|
* [mod_gnutls] GnuTLS option for TLS (fixes #109)Glenn Strauss2020-07-081-0/+20
| | | | | | | | | | (experimental) mod_gnutls supports most ssl.* config options supported by mod_openssl x-ref: "GnuTLS support for the mod_ssl" https://redmine.lighttpd.net/issues/109
* [mod_mbedtls] mbedTLS option for TLSGlenn Strauss2020-07-081-0/+67
| | | | | | | | | (experimental) mod_mbedtls supports most ssl.* config options supported by mod_openssl thx Ward Willats for the initial discussion and attempt in the comments https://redmine.lighttpd.net/boards/3/topics/7029
* [core] add seed before openssl RAND_pseudo_bytes()Glenn Strauss2020-07-081-1/+1
|
* [multiple] ./configure --with-nettle to use NettleGlenn Strauss2020-07-081-1/+65
| | | | | | | | | ./configure --with-nettle to use Nettle crypto lib for algorithms, instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS. x-ref: "How to use SHA-256 without OpenSSL?" https://redmine.lighttpd.net/boards/2/topics/8903
* [core] remove include base.h where unusedGlenn Strauss2020-07-081-1/+0
|
* [core] pass conf.follow_symlink in more placesGlenn Strauss2019-03-101-1/+1
|
* [core] Don't call RAND_cleanup with OpenSSL 1.1.xRosen Penev2018-11-121-0/+2
| | | | | | | | | RAND_cleanup is deprecated and does nothing with 1.1.x. It also breaks with OpenSSL compiled with no deprecated APIs. (-DOPENSSL_API_COMPAT=<version>) github: closes #93
* [TLS] sys-crypto.h abstractionGlenn Strauss2018-09-261-3/+1
|
* [core] adjust li_rand_pseudo* interfacesGlenn Strauss2017-09-201-3/+8
|
* [core] attempt to quiet compiler warning in LEDEGlenn Strauss2017-09-101-1/+2
|
* [core] fix compiler warnings on Mac OS XGlenn Strauss2017-06-131-0/+3
| | | | (thx wardw)
* [core] remove some unused header includesGlenn Strauss2017-03-281-1/+0
| | | | remove exposure of stdio.h in buffer.h for print_backtrace(), now static
* [TLS] include <openssl/opensslv.h> in rand.cGlenn Strauss2017-01-311-0/+1
| | | | | | include <openssl/opensslv.h> in rand.c for OPENSSL_VERSION_NUMBER (openssl 1.1.0 deprecates RAND_pseudo_bytes())
* [TLS] mark code that uses -lcrypto but not -lsslGlenn Strauss2017-01-141-5/+8
| | | | | mark code that uses openssl -lcrypto with USE_OPENSSL_CRYPTO to note that it does not depend on openssl -lssl (USE_OPENSSL)
* [core] defer li_rand_init() until first useGlenn Strauss2016-12-091-1/+18
| | | | | | | | | | | | | | defer li_rand_init() until first use of li_rand_pseudo_bytes() li_rand_init() is now deferred until first use so that installations that do not use modules which use these routines do need to potentially block at startup. Current use by core lighttpd modules is in mod_auth HTTP Digest auth and in mod_usertrack. Deferring collection of random data until first use may allow sufficient entropy to be collected by kernel before first use, helping reduce or avoid situations in low-entropy-generating embedded devices which might otherwise block lighttpd for minutes at device startup. Further discussion in https://redmine.lighttpd.net/boards/2/topics/6981
* [core] rename li_rand() to li_rand_pseudo_bytes()Glenn Strauss2016-12-051-3/+5
| | | | | to be more explicit that the result is pseudo-random data and not cryptographically random.
* RAND_pseudo_bytes() is deprecated in openssl 1.1.0Glenn Strauss2016-12-051-1/+3
|
* [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)Glenn Strauss2016-11-281-2/+2
| | | | | | | | | | Mac OS X 10.7 Lion introduces arc4random_buf() (thx ryandesign) x-ref: "Mac OS X build issue Undefined symbols" https://redmine.lighttpd.net/issues/2773
* add random() to list of rand() fallbackslighttpd-1.4.42Glenn Strauss2016-10-161-4/+13
| | | | (but prefer better mechanisms)
* [core] rand.[ch] to use better RNGs when availableGlenn Strauss2016-10-151-0/+190
prefer RAND_pseudo_bytes() (openssl), arc4random() or jrand48(), if available, over rand() These are not necessarily cryptographically secure, but should be better than rand()
View Lorry Controller Status