cvs commit: httpd-test/flood CHANGES config.h.in configure.in flood_net_ssl.c

4 Dec 2001 10:26:52 -0000 

jerenkrantz    01/12/04 02:08:31

  Modified:    flood    CHANGES config.h.in configure.in flood_net_ssl.c
  Log:
  Seed OpenSSL from memory instead of from a rnd file when we don't have
  random device support.
  (Also deprecate --with-randfile as we never need it anymore.)
  Submitted by: Doug MacEachern
  Reviewed by:  Justin Erenkrantz, Aaron Bannert
  
  Revision  Changes    Path
  1.24      +3 -0      httpd-test/flood/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-test/flood/CHANGES,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- CHANGES   2001/12/04 09:38:53     1.23
  +++ CHANGES   2001/12/04 10:08:30     1.24
  @@ -1,5 +1,8 @@
   Changes since milestone-02:
   
  +* Allow OpenSSL to seed from memory rather than a file if we don't
  +  have random support.  [Doug MacEachern]
  +
   * Allow better detection of randfile and capath options when SSL is 
     enabled.  [Justin Erenkrantz]
   
  
  
  
  1.19      +0 -1      httpd-test/flood/config.h.in
  
  Index: config.h.in
  ===================================================================
  RCS file: /home/cvs/httpd-test/flood/config.h.in,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- config.h.in       2001/12/04 09:38:53     1.18
  +++ config.h.in       2001/12/04 10:08:30     1.19
  @@ -54,7 +54,6 @@
   
   #define LOCAL_SOCKET_TIMEOUT 120 * APR_USEC_PER_SEC
   
  -#define RANDFILE "@RANDFILE@"
   #define CAPATH "@CAPATH@"
   
   #define FLOOD_USE_RAND      @prngrand@
  
  
  
  1.16      +11 -14    httpd-test/flood/configure.in
  
  Index: configure.in
  ===================================================================
  RCS file: /home/cvs/httpd-test/flood/configure.in,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- configure.in      2001/12/04 09:38:53     1.15
  +++ configure.in      2001/12/04 10:08:30     1.16
  @@ -33,6 +33,17 @@
     LDFLAGS="-L${fl_openssl_prefix}/lib $LDFLAGS -R${fl_openssl_prefix}/lib"
   fi])
   
  +dnl If the OS provides random support, use it.  Otherwise, we'll be 
  +dnl cheesy.
  +if test -c "/dev/random"; then
  +  flood_has_devrand=1
  +else if test -c "/dev/urandom"; then
  +  flood_has_devrand=1
  +else
  +  flood_has_devrand=0
  +fi
  +fi
  +
   dnl SSL is disabled by default
   dnl "Export and import restrictions in some countries require that it be
   dnl  disabled by default." See: <[EMAIL PROTECTED]>
  @@ -42,7 +53,6 @@
   [enable_ssl=no])
   
   flood_has_openssl=0
  -flood_has_devrand=0
   if test "$enable_ssl" = "yes"; then
     AC_CHECK_HEADERS(openssl/ssl.h openssl/opensslv.h,,
       AC_MSG_ERROR('OpenSSL Headers not found at patch specified'))
  @@ -67,19 +77,6 @@
           CAPATH="/usr/lib/ssl/certs"
        else
           AC_MSG_ERROR('option --with-capath must be specified')
  -     fi
  -     fi
  -    ])
  -
  -  AC_ARG_WITH(randfile,
  -    [  --with-randfile=PATH    Path to a random file used by OpenSSL],
  -    [if test "$withval" = "yes"; then AC_MSG_ERROR('option --with-randfile 
requires a path'); else RANDFILE="$withval"; fi],
  -    [if test -c "/dev/random"; then
  -        flood_has_devrand=1
  -     else if test -c "/dev/urandom"; then
  -        flood_has_devrand=1
  -     else
  -        AC_MSG_ERROR(option --with-randfile must be specified to point at a 
random file used to seed OpenSSL)
        fi
        fi
       ])
  
  
  
  1.15      +37 -1     httpd-test/flood/flood_net_ssl.c
  
  Index: flood_net_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-test/flood/flood_net_ssl.c,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- flood_net_ssl.c   2001/12/04 09:38:53     1.14
  +++ flood_net_ssl.c   2001/12/04 10:08:30     1.15
  @@ -67,6 +67,8 @@
   #include <openssl/rand.h>
   
   #include <apr_portable.h>
  +#include <apr_strings.h>
  +#include <unistd.h>
   
   #define USE_RW_LOCK_FOR_SSL
   
  @@ -149,6 +151,40 @@
   }
   #endif
   
  +/* borrowed from mod_ssl */
  +static int ssl_rand_choosenum(int l, int h)
  +{
  +    int i;
  +    char buf[50];
  +
  +    srand((unsigned int)time(NULL));
  +    apr_snprintf(buf, sizeof(buf), "%.0f",
  +                (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l)));
  +    i = atoi(buf)+1;
  +    if (i < l) i = l;
  +    if (i > h) i = h;
  +    return i;
  +}
  +
  +static void load_rand(void)
  +{
  +    unsigned char stackdata[256];
  +    time_t tt;
  +    pid_t pid;
  +    int l, n;
  +
  +    tt = time(NULL);
  +    l = sizeof(time_t);
  +    RAND_seed((unsigned char *)&tt, l);
  +
  +    pid = (pid_t)getpid();
  +    l = sizeof(pid_t);
  +    RAND_seed((unsigned char *)&pid, l);
  +
  +    n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
  +    RAND_seed(stackdata+n, 128);
  +}
  +
   apr_status_t ssl_init_socket(apr_pool_t *pool)
   {
   #if APR_HAS_THREADS
  @@ -162,7 +198,7 @@
       SSL_load_error_strings();
       ERR_load_crypto_strings();
   #if !FLOOD_HAS_DEVRAND
  -    RAND_load_file(RANDFILE, -1);
  +    load_rand();
   #endif
   
   #if APR_HAS_THREADS

Reply via email to