aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2016-02-22 18:44:43 +0100
committerKim Alvefur <zash@zash.se>2016-02-22 18:44:43 +0100
commit6ee4f6f618ee4a07f3b25f38c7da675d68fdceee (patch)
tree212768ff3b1d64b64c32583515751108b54d7b31
parentf22342b075c527df8e4225dbbf932fe08d1155e3 (diff)
downloadprosody-6ee4f6f618ee4a07f3b25f38c7da675d68fdceee.tar.gz
prosody-6ee4f6f618ee4a07f3b25f38c7da675d68fdceee.zip
util.crand: C binding to one of OpenSSL, Linux getrandom() or OpenBSD arc4random() CSPRNG
-rwxr-xr-xconfigure20
-rw-r--r--util-src/Makefile9
-rw-r--r--util-src/crand.c156
-rw-r--r--util/random.lua3
4 files changed, 187 insertions, 1 deletions
diff --git a/configure b/configure
index b64c2654..77aa1329 100755
--- a/configure
+++ b/configure
@@ -19,6 +19,8 @@ CXX=g++
LD=gcc
RUNWITH=lua
EXCERTS=yes
+PRNG=
+PRNGLIBS=
CFLAGS="-fPIC -Wall"
LDFLAGS="-shared"
@@ -58,6 +60,11 @@ Configure Prosody prior to building.
icu: use ICU from IBM
--with-ssl=LIB The name of the SSL to link with.
Default is $OPENSSL_LIB
+--with-random=METHOD CSPRNG backend to use. One of
+ getrandom: Linux kernel
+ arc4random: OpenBSD kernel
+ openssl: OpenSSL RAND method
+ Default is to use /dev/urandom
--cflags=FLAGS Flags to pass to the compiler
Default is $CFLAGS
--ldflags=FLAGS Flags to pass to the linker
@@ -174,6 +181,16 @@ do
--with-ssl=*)
OPENSSL_LIB="$value"
;;
+ --with-random=getrandom)
+ PRNG=GETRANDOM
+ ;;
+ --with-random=openssl)
+ PRNG=OPENSSL
+ PRNGLIBS=-lcrypto
+ ;;
+ --with-random=arc4random)
+ PRNG=ARC4RANDOM
+ ;;
--cflags=*)
CFLAGS="$value"
;;
@@ -372,6 +389,9 @@ CXX=$CXX
LD=$LD
RUNWITH=$RUNWITH
EXCERTS=$EXCERTS
+RANDOM=$PRNG
+RANDOM_LIBS=$PRNGLIBS
+
EOF
diff --git a/util-src/Makefile b/util-src/Makefile
index 85b190b9..9c6c377c 100644
--- a/util-src/Makefile
+++ b/util-src/Makefile
@@ -8,6 +8,10 @@ TARGET?=../util/
ALL=encodings.so hashes.so net.so pposix.so signal.so table.so ringbuffer.so
+ifdef RANDOM
+ALL+=crand.so
+endif
+
.PHONY: all install clean
.SUFFIXES: .c .o .so
@@ -17,11 +21,14 @@ install: $(ALL)
$(INSTALL_DATA) $^ $(TARGET)
clean:
- rm -f $(ALL)
+ rm -f $(ALL) $(patsubst %.so,%.o,$(ALL))
encodings.so: LDLIBS+=$(IDNA_LIBS)
hashes.so: LDLIBS+=$(OPENSSL_LIBS)
+crand.o: CFLAGS+=-DWITH_$(RANDOM)
+crand.so: LDLIBS+=$(RANDOM_LIBS)
+
%.so: %.o
$(LD) $(LDFLAGS) -o $@ $^ $(LDLIBS)
diff --git a/util-src/crand.c b/util-src/crand.c
new file mode 100644
index 00000000..9a45f10f
--- /dev/null
+++ b/util-src/crand.c
@@ -0,0 +1,156 @@
+/* Prosody IM
+-- Copyright (C) 2008-2016 Matthew Wild
+-- Copyright (C) 2008-2016 Waqas Hussain
+-- Copyright (C) 2016 Kim Alvefur
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+*/
+
+/*
+* crand.c
+* C PRNG interface
+*/
+
+#include "lualib.h"
+#include "lauxlib.h"
+
+#include <string.h>
+#include <errno.h>
+
+/*
+ * TODO: Decide on fixed size or dynamically allocated buffer
+ */
+#if 1
+#include <malloc.h>
+#else
+#define BUFLEN 256
+#endif
+
+#if defined(WITH_GETRANDOM)
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <linux/random.h>
+
+#ifndef SYS_getrandom
+#error getrandom() requires Linux 3.17 or later
+#endif
+
+/* Was this not supposed to be a function? */
+int getrandom(char *buf, size_t len, int flags) {
+ return syscall(SYS_getrandom, buf, len, flags);
+}
+
+#elif defined(WITH_ARC4RANDOM)
+#include <stdlib.h>
+#elif defined(WITH_OPENSSL)
+#include <openssl/rand.h>
+#else
+#error util.crand compiled without a random source
+#endif
+
+int Lrandom(lua_State *L) {
+#ifdef BUFLEN
+ unsigned char buf[BUFLEN];
+#else
+ unsigned char *buf;
+#endif
+ int ret = 0;
+ size_t len = (size_t)luaL_checkint(L, 1);
+#ifdef BUFLEN
+ len = len > BUFLEN ? BUFLEN : len;
+#else
+ buf = malloc(len);
+
+ if(buf == NULL) {
+ lua_pushnil(L);
+ lua_pushstring(L, "out of memory");
+ /* or it migth be better to
+ * return lua_error(L);
+ */
+ return 2;
+ }
+#endif
+
+#if defined(WITH_GETRANDOM)
+ ret = getrandom(buf, len, 0);
+
+ if(ret < 0) {
+#ifndef BUFLEN
+ free(buf);
+#endif
+ lua_pushnil(L);
+ lua_pushstring(L, strerror(errno));
+ lua_pushinteger(L, errno);
+ return 3;
+ }
+
+#elif defined(WITH_ARC4RANDOM)
+ arc4random_buf(buf, len);
+ ret = len;
+#elif defined(WITH_OPENSSL)
+ ret = RAND_bytes(buf, len);
+
+ if(ret == 1) {
+ ret = len;
+ } else {
+#ifndef BUFLEN
+ free(buf);
+#endif
+ lua_pushnil(L);
+ lua_pushstring(L, "failed");
+ /* lua_pushinteger(L, ERR_get_error()); */
+ return 2;
+ }
+
+#endif
+
+ lua_pushlstring(L, buf, ret);
+#ifndef BUFLEN
+ free(buf);
+#endif
+ return 1;
+}
+
+#ifdef ENABLE_SEEDING
+int Lseed(lua_State *L) {
+ size_t len;
+ const char *seed = lua_tolstring(L, 1, &len);
+
+#if defined(WITH_OPENSSL)
+ RAND_add(seed, len, len);
+ return 0;
+#else
+ lua_pushnil(L);
+ lua_pushliteral(L, "not-supported");
+ return 2;
+#endif
+}
+#endif
+
+int luaopen_util_crand(lua_State *L) {
+ lua_newtable(L);
+ lua_pushcfunction(L, Lrandom);
+ lua_setfield(L, -2, "bytes");
+#ifdef ENABLE_SEEDING
+ lua_pushcfunction(L, Lseed);
+ lua_setfield(L, -2, "seed");
+#endif
+
+#if defined(WITH_GETRANDOM)
+ lua_pushstring(L, "Linux");
+#elif defined(WITH_ARC4RANDOM)
+ lua_pushstring(L, "arc4random()");
+#elif defined(WITH_OPENSSL)
+ lua_pushstring(L, "OpenSSL");
+#endif
+ lua_setfield(L, -2, "_source");
+
+#if defined(WITH_OPENSSL) && defined(_WIN32)
+ /* Do we need to seed this on Windows? */
+#endif
+
+ return 1;
+}
+
diff --git a/util/random.lua b/util/random.lua
index e4b4a700..574e2e1c 100644
--- a/util/random.lua
+++ b/util/random.lua
@@ -6,6 +6,9 @@
-- COPYING file in the source package for more information.
--
+local ok, crand = pcall(require, "util.crand");
+if ok then return crand; end
+
local urandom, urandom_err = io.open("/dev/urandom", "r");
local function seed()