Software /
code /
prosody
Changeset
7187:3d2c2f0809ee
util.crand: C binding to one of OpenSSL, Linux getrandom() or OpenBSD arc4random() CSPRNG
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 22 Feb 2016 18:44:43 +0100 |
parents | 7186:9c3930bcbb72 |
children | 7188:e8f20be3e6f8 7189:72839cafdf36 |
files | configure util-src/Makefile util-src/crand.c util/random.lua |
diffstat | 4 files changed, 187 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/configure Mon Feb 22 17:43:40 2016 +0100 +++ b/configure Mon Feb 22 18:44:43 2016 +0100 @@ -19,6 +19,8 @@ LD=gcc RUNWITH=lua EXCERTS=yes +PRNG= +PRNGLIBS= CFLAGS="-fPIC -Wall" LDFLAGS="-shared" @@ -58,6 +60,11 @@ icu: use ICU from IBM --with-ssl=LIB The name of the SSL to link with. Default is $OPENSSL_LIB +--with-random=METHOD CSPRNG backend to use. One of + getrandom: Linux kernel + arc4random: OpenBSD kernel + openssl: OpenSSL RAND method + Default is to use /dev/urandom --cflags=FLAGS Flags to pass to the compiler Default is $CFLAGS --ldflags=FLAGS Flags to pass to the linker @@ -174,6 +181,16 @@ --with-ssl=*) OPENSSL_LIB="$value" ;; + --with-random=getrandom) + PRNG=GETRANDOM + ;; + --with-random=openssl) + PRNG=OPENSSL + PRNGLIBS=-lcrypto + ;; + --with-random=arc4random) + PRNG=ARC4RANDOM + ;; --cflags=*) CFLAGS="$value" ;; @@ -372,6 +389,9 @@ LD=$LD RUNWITH=$RUNWITH EXCERTS=$EXCERTS +RANDOM=$PRNG +RANDOM_LIBS=$PRNGLIBS + EOF
--- a/util-src/Makefile Mon Feb 22 17:43:40 2016 +0100 +++ b/util-src/Makefile Mon Feb 22 18:44:43 2016 +0100 @@ -8,6 +8,10 @@ ALL=encodings.so hashes.so net.so pposix.so signal.so table.so ringbuffer.so +ifdef RANDOM +ALL+=crand.so +endif + .PHONY: all install clean .SUFFIXES: .c .o .so @@ -17,11 +21,14 @@ $(INSTALL_DATA) $^ $(TARGET) clean: - rm -f $(ALL) + rm -f $(ALL) $(patsubst %.so,%.o,$(ALL)) encodings.so: LDLIBS+=$(IDNA_LIBS) hashes.so: LDLIBS+=$(OPENSSL_LIBS) +crand.o: CFLAGS+=-DWITH_$(RANDOM) +crand.so: LDLIBS+=$(RANDOM_LIBS) + %.so: %.o $(LD) $(LDFLAGS) -o $@ $^ $(LDLIBS)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/util-src/crand.c Mon Feb 22 18:44:43 2016 +0100 @@ -0,0 +1,156 @@ +/* Prosody IM +-- Copyright (C) 2008-2016 Matthew Wild +-- Copyright (C) 2008-2016 Waqas Hussain +-- Copyright (C) 2016 Kim Alvefur +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- +*/ + +/* +* crand.c +* C PRNG interface +*/ + +#include "lualib.h" +#include "lauxlib.h" + +#include <string.h> +#include <errno.h> + +/* + * TODO: Decide on fixed size or dynamically allocated buffer + */ +#if 1 +#include <malloc.h> +#else +#define BUFLEN 256 +#endif + +#if defined(WITH_GETRANDOM) +#include <unistd.h> +#include <sys/syscall.h> +#include <linux/random.h> + +#ifndef SYS_getrandom +#error getrandom() requires Linux 3.17 or later +#endif + +/* Was this not supposed to be a function? */ +int getrandom(char *buf, size_t len, int flags) { + return syscall(SYS_getrandom, buf, len, flags); +} + +#elif defined(WITH_ARC4RANDOM) +#include <stdlib.h> +#elif defined(WITH_OPENSSL) +#include <openssl/rand.h> +#else +#error util.crand compiled without a random source +#endif + +int Lrandom(lua_State *L) { +#ifdef BUFLEN + unsigned char buf[BUFLEN]; +#else + unsigned char *buf; +#endif + int ret = 0; + size_t len = (size_t)luaL_checkint(L, 1); +#ifdef BUFLEN + len = len > BUFLEN ? BUFLEN : len; +#else + buf = malloc(len); + + if(buf == NULL) { + lua_pushnil(L); + lua_pushstring(L, "out of memory"); + /* or it migth be better to + * return lua_error(L); + */ + return 2; + } +#endif + +#if defined(WITH_GETRANDOM) + ret = getrandom(buf, len, 0); + + if(ret < 0) { +#ifndef BUFLEN + free(buf); +#endif + lua_pushnil(L); + lua_pushstring(L, strerror(errno)); + lua_pushinteger(L, errno); + return 3; + } + +#elif defined(WITH_ARC4RANDOM) + arc4random_buf(buf, len); + ret = len; +#elif defined(WITH_OPENSSL) + ret = RAND_bytes(buf, len); + + if(ret == 1) { + ret = len; + } else { +#ifndef BUFLEN + free(buf); +#endif + lua_pushnil(L); + lua_pushstring(L, "failed"); + /* lua_pushinteger(L, ERR_get_error()); */ + return 2; + } + +#endif + + lua_pushlstring(L, buf, ret); +#ifndef BUFLEN + free(buf); +#endif + return 1; +} + +#ifdef ENABLE_SEEDING +int Lseed(lua_State *L) { + size_t len; + const char *seed = lua_tolstring(L, 1, &len); + +#if defined(WITH_OPENSSL) + RAND_add(seed, len, len); + return 0; +#else + lua_pushnil(L); + lua_pushliteral(L, "not-supported"); + return 2; +#endif +} +#endif + +int luaopen_util_crand(lua_State *L) { + lua_newtable(L); + lua_pushcfunction(L, Lrandom); + lua_setfield(L, -2, "bytes"); +#ifdef ENABLE_SEEDING + lua_pushcfunction(L, Lseed); + lua_setfield(L, -2, "seed"); +#endif + +#if defined(WITH_GETRANDOM) + lua_pushstring(L, "Linux"); +#elif defined(WITH_ARC4RANDOM) + lua_pushstring(L, "arc4random()"); +#elif defined(WITH_OPENSSL) + lua_pushstring(L, "OpenSSL"); +#endif + lua_setfield(L, -2, "_source"); + +#if defined(WITH_OPENSSL) && defined(_WIN32) + /* Do we need to seed this on Windows? */ +#endif + + return 1; +} +
--- a/util/random.lua Mon Feb 22 17:43:40 2016 +0100 +++ b/util/random.lua Mon Feb 22 18:44:43 2016 +0100 @@ -6,6 +6,9 @@ -- COPYING file in the source package for more information. -- +local ok, crand = pcall(require, "util.crand"); +if ok then return crand; end + local urandom, urandom_err = io.open("/dev/urandom", "r"); local function seed()