On Thu, Oct 26, 2017 at 6:56 AM, Stefan Sperling wrote:
> This patch adds support for using the arc4random API as an entropy source.
>
> The arc4random API originates from OpenBSD where it supersedes random(3),
> rand(3), and files in the /dev filesystem: http://man.openbsd.org/arc4random
> The arc4random_buf() function maps 1:1 onto apr_generate_random_bytes().
>
> This patch was written by Christian Weisgerber, who asked me to push
> this work upstream on his behalf.
>
> Index: configure.in
> ===
> --- configure.in(revision 1813380)
> +++ configure.in(working copy)
> @@ -2453,6 +2453,8 @@ else
> fi
>
> dnl - Checking for /dev/random
> +AC_CHECK_FUNCS(arc4random_buf)
> +
> AC_MSG_CHECKING(for entropy source)
>
> why_no_rand=""
> @@ -2471,6 +2473,13 @@ AC_ARG_WITH(egd,
>])
>
> if test "$rand" != "1"; then
> + if test "$ac_cv_func_arc4random_buf" = yes; then
> +AC_MSG_RESULT(arc4random)
> +rand="1"
> + fi
> +fi
> +
> +if test "$rand" != "1"; then
>AC_ARG_WITH(devrandom,
> [ --with-devrandom[[=DEV]] use /dev/random or compatible [[searches by
> default]]],
> [ apr_devrandom="$withval" ], [ apr_devrandom="yes" ])
> Index: misc/unix/rand.c
> ===
> --- misc/unix/rand.c(revision 1813380)
> +++ misc/unix/rand.c(working copy)
> @@ -87,8 +87,12 @@ APR_DECLARE(apr_status_t) apr_os_uuid_get(unsigned
> APR_DECLARE(apr_status_t) apr_generate_random_bytes(unsigned char *buf,
> apr_size_t length)
> {
> -#ifdef DEV_RANDOM
> +#ifdef HAVE_ARC4RANDOM
>
> +arc4random_buf(buf, length);
> +
> +#elif defined(DEV_RANDOM)
> +
> int fd = -1;
>
> /* On BSD/OS 4.1, /dev/random gives out 8 bytes at a time, then
Don't we need to check for HAVE_ARC4RANDOM_BUF rather than HAVE_ARC4RANDOM?
--
Eric Covener
cove...@gmail.com