mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

util.crand: C binding to one of OpenSSL, Linux getrandom() or OpenBSD arc4random() CSPRNG

Browse source
This commit is contained in:
Kim Alvefur 2016-02-22 18:44:43 +01:00
parent 11ebf4f1dc
commit ed8199402f
4 changed files with 187 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
configure vendored
View file

@ -19,6 +19,8 @@ CXX=g++
LD=gcc LD=gcc
RUNWITH=lua RUNWITH=lua
EXCERTS=yes EXCERTS=yes
PRNG=
PRNGLIBS=
CFLAGS="-fPIC -Wall" CFLAGS="-fPIC -Wall"
LDFLAGS="-shared" LDFLAGS="-shared"
@ -58,6 +60,11 @@ Configure Prosody prior to building.
icu: use ICU from IBM icu: use ICU from IBM
--with-ssl=LIB The name of the SSL to link with. --with-ssl=LIB The name of the SSL to link with.
Default is $OPENSSL_LIB Default is $OPENSSL_LIB
--with-random=METHOD CSPRNG backend to use. One of
getrandom: Linux kernel
arc4random: OpenBSD kernel
openssl: OpenSSL RAND method
Default is to use /dev/urandom
--cflags=FLAGS Flags to pass to the compiler --cflags=FLAGS Flags to pass to the compiler
Default is $CFLAGS Default is $CFLAGS
--ldflags=FLAGS Flags to pass to the linker --ldflags=FLAGS Flags to pass to the linker
@ -174,6 +181,16 @@ do
--with-ssl=*) --with-ssl=*)
OPENSSL_LIB="$value" OPENSSL_LIB="$value"
;; ;;
--with-random=getrandom)
PRNG=GETRANDOM
;;
--with-random=openssl)
PRNG=OPENSSL
PRNGLIBS=-lcrypto
;;
--with-random=arc4random)
PRNG=ARC4RANDOM
;;
--cflags=*) --cflags=*)
CFLAGS="$value" CFLAGS="$value"
;; ;;
@ -372,6 +389,9 @@ CXX=$CXX
LD=$LD LD=$LD
RUNWITH=$RUNWITH RUNWITH=$RUNWITH
EXCERTS=$EXCERTS EXCERTS=$EXCERTS
RANDOM=$PRNG
RANDOM_LIBS=$PRNGLIBS
EOF EOF

9
util-src/Makefile
View file

@ -8,6 +8,10 @@ TARGET?=../util/
ALL=encodings.so hashes.so net.so pposix.so signal.so table.so ringbuffer.so ALL=encodings.so hashes.so net.so pposix.so signal.so table.so ringbuffer.so
ifdef RANDOM
ALL+=crand.so
endif
.PHONY: all install clean .PHONY: all install clean
.SUFFIXES: .c .o .so .SUFFIXES: .c .o .so
@ -17,11 +21,14 @@ install: $(ALL)
$(INSTALL_DATA) $^ $(TARGET) $(INSTALL_DATA) $^ $(TARGET)
clean: clean:
rm -f $(ALL) rm -f $(ALL) $(patsubst %.so,%.o,$(ALL))
encodings.so: LDLIBS+=$(IDNA_LIBS) encodings.so: LDLIBS+=$(IDNA_LIBS)
hashes.so: LDLIBS+=$(OPENSSL_LIBS) hashes.so: LDLIBS+=$(OPENSSL_LIBS)
crand.o: CFLAGS+=-DWITH_$(RANDOM)
crand.so: LDLIBS+=$(RANDOM_LIBS)
%.so: %.o %.so: %.o
$(LD) $(LDFLAGS) -o $@ $^ $(LDLIBS) $(LD) $(LDFLAGS) -o $@ $^ $(LDLIBS)

156
util-src/crand.c Normal file
View file

@ -0,0 +1,156 @@
/* Prosody IM
-- Copyright (C) 2008-2016 Matthew Wild
-- Copyright (C) 2008-2016 Waqas Hussain
-- Copyright (C) 2016 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
*/
/*
* crand.c
* C PRNG interface
*/
#include "lualib.h"
#include "lauxlib.h"
#include <string.h>
#include <errno.h>
/*
* TODO: Decide on fixed size or dynamically allocated buffer
*/
#if 1
#include <malloc.h>
#else
#define BUFLEN 256
#endif
#if defined(WITH_GETRANDOM)
#include <unistd.h>
#include <sys/syscall.h>
#include <linux/random.h>
#ifndef SYS_getrandom
#error getrandom() requires Linux 3.17 or later
#endif
/* Was this not supposed to be a function? */
int getrandom(char *buf, size_t len, int flags) {
return syscall(SYS_getrandom, buf, len, flags);
}
#elif defined(WITH_ARC4RANDOM)
#include <stdlib.h>
#elif defined(WITH_OPENSSL)
#include <openssl/rand.h>
#else
#error util.crand compiled without a random source
#endif
int Lrandom(lua_State *L) {
#ifdef BUFLEN
unsigned char buf[BUFLEN];
#else
unsigned char *buf;
#endif
int ret = 0;
size_t len = (size_t)luaL_checkint(L, 1);
#ifdef BUFLEN
len = len > BUFLEN ? BUFLEN : len;
#else
buf = malloc(len);
if(buf == NULL) {
lua_pushnil(L);
lua_pushstring(L, "out of memory");
/* or it migth be better to
* return lua_error(L);
*/
return 2;
}
#endif
#if defined(WITH_GETRANDOM)
ret = getrandom(buf, len, 0);
if(ret < 0) {
#ifndef BUFLEN
free(buf);
#endif
lua_pushnil(L);
lua_pushstring(L, strerror(errno));
lua_pushinteger(L, errno);
return 3;
}
#elif defined(WITH_ARC4RANDOM)
arc4random_buf(buf, len);
ret = len;
#elif defined(WITH_OPENSSL)
ret = RAND_bytes(buf, len);
if(ret == 1) {
ret = len;
} else {
#ifndef BUFLEN
free(buf);
#endif
lua_pushnil(L);
lua_pushstring(L, "failed");
/* lua_pushinteger(L, ERR_get_error()); */
return 2;
}
#endif
lua_pushlstring(L, buf, ret);
#ifndef BUFLEN
free(buf);
#endif
return 1;
}
#ifdef ENABLE_SEEDING
int Lseed(lua_State *L) {
size_t len;
const char *seed = lua_tolstring(L, 1, &len);
#if defined(WITH_OPENSSL)
RAND_add(seed, len, len);
return 0;
#else
lua_pushnil(L);
lua_pushliteral(L, "not-supported");
return 2;
#endif
}
#endif
int luaopen_util_crand(lua_State *L) {
lua_newtable(L);
lua_pushcfunction(L, Lrandom);
lua_setfield(L, -2, "bytes");
#ifdef ENABLE_SEEDING
lua_pushcfunction(L, Lseed);
lua_setfield(L, -2, "seed");
#endif
#if defined(WITH_GETRANDOM)
lua_pushstring(L, "Linux");
#elif defined(WITH_ARC4RANDOM)
lua_pushstring(L, "arc4random()");
#elif defined(WITH_OPENSSL)
lua_pushstring(L, "OpenSSL");
#endif
lua_setfield(L, -2, "_source");
#if defined(WITH_OPENSSL) && defined(_WIN32)
/* Do we need to seed this on Windows? */
#endif
return 1;
}

3
util/random.lua
View file

@ -6,6 +6,9 @@
-- COPYING file in the source package for more information. -- COPYING file in the source package for more information.
-- --
local ok, crand = pcall(require, "util.crand");
if ok then return crand; end
local urandom, urandom_err = io.open("/dev/urandom", "r"); local urandom, urandom_err = io.open("/dev/urandom", "r");
local function seed() local function seed()