Add lutil_entropy(). Currently only supports /dev/urandom or

Linux equivs. Should be extended to support other quality sources of entropy. Should be extended to support a reasonable fallback.

Add lutil_entropy(). Currently only supports /dev/urandom or
Linux equivs. Should be extended to support other quality sources of entropy. Should be extended to support a reasonable fallback.
bdca6622 · Kurt Zeilenga · 7db89cb1 · bdca6622 · bdca6622 · bdca6622
Commit bdca6622 authored Oct 26, 1999 by Kurt Zeilenga
--- a/configure
+++ b/configure
--- a/configure.in
+++ b/configure.in
@@ -1729,8 +1729,7 @@ fi

 dnl ----------------------------------------------------------------
 dnl
-dnl Check for fetch URL support
-dnl		should be extended to support other fetch URL APIs
+dnl Check for Cyrus SASL
 dnl
 ol_link_sasl=no
 if test $ol_with_cyrus_sasl != no ; then
@@ -1752,6 +1751,27 @@ if test $ol_with_cyrus_sasl != no ; then
 	fi
 fi

+dnl ----------------------------------------------------------------
+dnl Check for entropy sources
+if test $cross_compiling != yes ; then
+	dev=no
+	if test -r /dev/urandom ; then
+		dev="/dev/urandom";
+	elif test -r /idev/urandom ; then
+		dev="/idev/urandom";
+	elif test -r /dev/srandom ; then
+		dev="/dev/srandom";
+	elif test -r /dev/random ; then
+		dev="/dev/random";
+	elif test -r /idev/random ; then
+		dev="/idev/random";
+	fi
+
+	if test $dev != no ; then
+		AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])
+	fi
+fi
+
 dnl ----------------------------------------------------------------
 dnl
 dnl Check for fetch URL support

--- a/include/lutil.h
+++ b/include/lutil.h
@@ -49,6 +49,12 @@ lutil_detach LDAP_P((
 	int debug,
 	int do_close));

+/* entropy.c */
+LDAP_F( int )
+lutil_entorpy LDAP_P((
+	char *buf,
+	int nbytes ));
+
 /* passwd.c */
 LDAP_F( int )
 lutil_passwd LDAP_P((

--- a/include/portable.h.in
+++ b/include/portable.h.in
@@ -729,6 +729,9 @@
 /* define if you have Cyrus SASL */
 #undef HAVE_CYRUS_SASL

+/* set to urandom device */
+#undef URANDOM_DEVICE
+
 /* define if you actually have FreeBSD fetch(3) */
 #undef HAVE_FETCH


--- a/libraries/liblutil/Makefile.in
+++ b/libraries/liblutil/Makefile.in
@@ -4,9 +4,9 @@
 ##

 LIBRARY	= liblutil.a
-SRCS	= base64.c debug.c detach.c \
+SRCS	= base64.c debug.c detach.c entropy.c \
 	md5.c passwd.c sha1.c getpass.c lockf.c utils.c sockpair.c
-OBJS	= base64.o debug.o detach.o \
+OBJS	= base64.o debug.o detach.o entropy.o \
 	md5.o passwd.o sha1.o getpass.o lockf.o utils.o sockpair.o \
 	@LIBOBJS@


--- a/libraries/liblutil/entropy.c
+++ b/libraries/liblutil/entropy.c
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/*
+ * lutil_entropy() provides nbyptes of entropy in buf.
+ * Quality offerred is suitable for one-time uses, such as "once" keys.
+ */
+int lutil_entropy( char *buf, int nbytes )
+{
+	if( nbytes < 0 ) return -1;
+	if( nbytes == 0 ) return 0;
+
+#ifdef URANDOM_DEVICE
+	/* Linux and *BSD offer a urandom device */
+	{
+		int rc, fd;
+
+		fd = open( URANDOM_DEVICE, O_RDONLY );
+
+		if( fd < 0 ) return -1;
+
+		rc = read( fd, buf, nbytes );
+		close(fd);
+
+		if( rc < nbytes ) return -1;
+
+		return 0;
+	}
+#endif
+	return -1;
+}