Commit bdca6622 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add lutil_entropy(). Currently only supports /dev/urandom or

Linux equivs.  Should be extended to support other quality
sources of entropy.  Should be extended to support a reasonable fallback.
parent 7db89cb1
This diff is collapsed.
......@@ -1729,8 +1729,7 @@ fi
dnl ----------------------------------------------------------------
dnl
dnl Check for fetch URL support
dnl should be extended to support other fetch URL APIs
dnl Check for Cyrus SASL
dnl
ol_link_sasl=no
if test $ol_with_cyrus_sasl != no ; then
......@@ -1752,6 +1751,27 @@ if test $ol_with_cyrus_sasl != no ; then
fi
fi
dnl ----------------------------------------------------------------
dnl Check for entropy sources
if test $cross_compiling != yes ; then
dev=no
if test -r /dev/urandom ; then
dev="/dev/urandom";
elif test -r /idev/urandom ; then
dev="/idev/urandom";
elif test -r /dev/srandom ; then
dev="/dev/srandom";
elif test -r /dev/random ; then
dev="/dev/random";
elif test -r /idev/random ; then
dev="/idev/random";
fi
if test $dev != no ; then
AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])
fi
fi
dnl ----------------------------------------------------------------
dnl
dnl Check for fetch URL support
......
......@@ -49,6 +49,12 @@ lutil_detach LDAP_P((
int debug,
int do_close));
/* entropy.c */
LDAP_F( int )
lutil_entorpy LDAP_P((
char *buf,
int nbytes ));
/* passwd.c */
LDAP_F( int )
lutil_passwd LDAP_P((
......
......@@ -729,6 +729,9 @@
/* define if you have Cyrus SASL */
#undef HAVE_CYRUS_SASL
/* set to urandom device */
#undef URANDOM_DEVICE
/* define if you actually have FreeBSD fetch(3) */
#undef HAVE_FETCH
......
......@@ -4,9 +4,9 @@
##
LIBRARY = liblutil.a
SRCS = base64.c debug.c detach.c \
SRCS = base64.c debug.c detach.c entropy.c \
md5.c passwd.c sha1.c getpass.c lockf.c utils.c sockpair.c
OBJS = base64.o debug.o detach.o \
OBJS = base64.o debug.o detach.o entropy.o \
md5.o passwd.o sha1.o getpass.o lockf.o utils.o sockpair.o \
@LIBOBJS@
......
/* $OpenLDAP$ */
/*
* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/*
* lutil_entropy() provides nbyptes of entropy in buf.
* Quality offerred is suitable for one-time uses, such as "once" keys.
*/
int lutil_entropy( char *buf, int nbytes )
{
if( nbytes < 0 ) return -1;
if( nbytes == 0 ) return 0;
#ifdef URANDOM_DEVICE
/* Linux and *BSD offer a urandom device */
{
int rc, fd;
fd = open( URANDOM_DEVICE, O_RDONLY );
if( fd < 0 ) return -1;
rc = read( fd, buf, nbytes );
close(fd);
if( rc < nbytes ) return -1;
return 0;
}
#endif
return -1;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment