Add support for "real" entropy from /dev/[u]random (fixes #1977)

git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@2525 152afb58-edef-0310-8abb-c4023f1b3aa9
author: stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> 2009-06-11 09:54:07 +0000
committer: stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> 2009-06-11 09:54:07 +0000
commit: 3906ded4276a0fe42d353ac0f23126c15105da93 (patch)
tree: ff508c8c6a62c2894c68fca88904e90fd5cff901
parent: f7303c9872d6159bbeb9b4f28deac8eee82d7df2 (diff)
download: lighttpd-3906ded4276a0fe42d353ac0f23126c15105da93.tar.gz
5 files changed, 20 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 96b5f010..d9d45d14 100644
--- a/NEWS
+++ b/NEWS
@@ -112,6 +112,7 @@ NEWS
   * Fix segfault in mod_expire after failed config parsing (fixes #1992)
   * Add ssi.content-type option (default text/html, fixes #615)
   * Fix distbuild (add mod-compress.conf to dist files)
+  * Add support for "real" entropy from /dev/[u]random (fixes #1977)
 
 - 1.5.0-r19.. -
   * -F option added for spawn-fcgi
diff --git a/src/base.h b/src/base.h
index eea41353..5ae2a480 100644
--- a/src/base.h
+++ b/src/base.h
@@ -649,6 +649,9 @@ typedef struct server {
 	time_t last_generated_debug_ts;
 	time_t startup_ts;
 
+	char entropy[8]; /* from /dev/[u]random if possible, otherwise rand() */
+	char is_real_entropy; /* whether entropy is from /dev/[u]random */
+
 	buffer *ts_debug_str;
 	buffer *ts_date_str;
 
diff --git a/src/http_auth.c b/src/http_auth.c
index c8fba6c1..52614129 100644
--- a/src/http_auth.c
+++ b/src/http_auth.c
@@ -1226,6 +1226,7 @@ int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer
 	/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
 	LI_ltostr(hh, srv->cur_ts);
 	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+	MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
 	LI_ltostr(hh, rand());
 	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
 
diff --git a/src/mod_usertrack.c b/src/mod_usertrack.c
index f25281ce..8ea3bf94 100644
--- a/src/mod_usertrack.c
+++ b/src/mod_usertrack.c
@@ -228,6 +228,7 @@ URIHANDLER_FUNC(mod_usertrack_uri_handler) {
 	/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
 	LI_ltostr(hh, srv->cur_ts);
 	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+	MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
 	LI_ltostr(hh, rand());
 	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
 
diff --git a/src/server.c b/src/server.c
index 0d3146fb..95b62e51 100644
--- a/src/server.c
+++ b/src/server.c
@@ -184,6 +184,7 @@ static void daemonize(void) {
 
 static server *server_init(void) {
 	int i;
+	FILE *frandom = NULL;
 
 	server *srv = calloc(1, sizeof(*srv));
 	assert(srv);
@@ -224,6 +225,19 @@ static server *server_init(void) {
 		srv->mtime_cache[i].str = buffer_init();
 	}
 
+	if ((NULL != (frandom = fopen("/dev/urandom", "rb")) || NULL != (frandom = fopen("/dev/random", "rb")))
+	            && 1 == fread(srv->entropy, sizeof(srv->entropy), 1, frandom)) {
+		srand(*(unsigned int*)srv->entropy);
+		srv->is_real_entropy = 1;
+	} else {
+		unsigned int j;
+		srand(time(NULL) ^ getpid());
+		srv->is_real_entropy = 0;
+		for (j = 0; j < sizeof(srv->entropy); j++)
+			srv->entropy[j] = rand();
+	}
+	if (frandom) fclose(frandom);
+
 	srv->cur_ts = time(NULL);
 	srv->startup_ts = srv->cur_ts;
author	stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9>	2009-06-11 09:54:07 +0000
committer	stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9>	2009-06-11 09:54:07 +0000
commit	3906ded4276a0fe42d353ac0f23126c15105da93 (patch)
tree	ff508c8c6a62c2894c68fca88904e90fd5cff901
parent	f7303c9872d6159bbeb9b4f28deac8eee82d7df2 (diff)
download	lighttpd-3906ded4276a0fe42d353ac0f23126c15105da93.tar.gz