diff options
author | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2009-06-11 09:54:07 +0000 |
---|---|---|
committer | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2009-06-11 09:54:07 +0000 |
commit | 3906ded4276a0fe42d353ac0f23126c15105da93 (patch) | |
tree | ff508c8c6a62c2894c68fca88904e90fd5cff901 | |
parent | f7303c9872d6159bbeb9b4f28deac8eee82d7df2 (diff) | |
download | lighttpd-3906ded4276a0fe42d353ac0f23126c15105da93.tar.gz |
Add support for "real" entropy from /dev/[u]random (fixes #1977)
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@2525 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/base.h | 3 | ||||
-rw-r--r-- | src/http_auth.c | 1 | ||||
-rw-r--r-- | src/mod_usertrack.c | 1 | ||||
-rw-r--r-- | src/server.c | 14 |
5 files changed, 20 insertions, 0 deletions
@@ -112,6 +112,7 @@ NEWS * Fix segfault in mod_expire after failed config parsing (fixes #1992) * Add ssi.content-type option (default text/html, fixes #615) * Fix distbuild (add mod-compress.conf to dist files) + * Add support for "real" entropy from /dev/[u]random (fixes #1977) - 1.5.0-r19.. - * -F option added for spawn-fcgi @@ -649,6 +649,9 @@ typedef struct server { time_t last_generated_debug_ts; time_t startup_ts; + char entropy[8]; /* from /dev/[u]random if possible, otherwise rand() */ + char is_real_entropy; /* whether entropy is from /dev/[u]random */ + buffer *ts_debug_str; buffer *ts_date_str; diff --git a/src/http_auth.c b/src/http_auth.c index c8fba6c1..52614129 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -1226,6 +1226,7 @@ int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */ LI_ltostr(hh, srv->cur_ts); MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh)); + MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy)); LI_ltostr(hh, rand()); MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh)); diff --git a/src/mod_usertrack.c b/src/mod_usertrack.c index f25281ce..8ea3bf94 100644 --- a/src/mod_usertrack.c +++ b/src/mod_usertrack.c @@ -228,6 +228,7 @@ URIHANDLER_FUNC(mod_usertrack_uri_handler) { /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */ LI_ltostr(hh, srv->cur_ts); MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh)); + MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy)); LI_ltostr(hh, rand()); MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh)); diff --git a/src/server.c b/src/server.c index 0d3146fb..95b62e51 100644 --- a/src/server.c +++ b/src/server.c @@ -184,6 +184,7 @@ static void daemonize(void) { static server *server_init(void) { int i; + FILE *frandom = NULL; server *srv = calloc(1, sizeof(*srv)); assert(srv); @@ -224,6 +225,19 @@ static server *server_init(void) { srv->mtime_cache[i].str = buffer_init(); } + if ((NULL != (frandom = fopen("/dev/urandom", "rb")) || NULL != (frandom = fopen("/dev/random", "rb"))) + && 1 == fread(srv->entropy, sizeof(srv->entropy), 1, frandom)) { + srand(*(unsigned int*)srv->entropy); + srv->is_real_entropy = 1; + } else { + unsigned int j; + srand(time(NULL) ^ getpid()); + srv->is_real_entropy = 0; + for (j = 0; j < sizeof(srv->entropy); j++) + srv->entropy[j] = rand(); + } + if (frandom) fclose(frandom); + srv->cur_ts = time(NULL); srv->startup_ts = srv->cur_ts; |