From 514ba4ca727f0b1076bc67500617722203d34daa Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Fri, 16 Nov 2007 19:53:11 -0500 Subject: [PATCH] Bug #1612: Use a stronger PRNG. Currently just reads from /dev/urandom, and only on Linux. --- configure.ac | 6 ++++++ include/dix-config.h.in | 3 +++ os/auth.c | 16 ++++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/configure.ac b/configure.ac index 35b7f0ffcc..7d43216c83 100644 --- a/configure.ac +++ b/configure.ac @@ -175,6 +175,12 @@ fi AC_CHECK_FUNC([dlopen], [], AC_CHECK_LIB([dl], [dlopen], DLOPEN_LIBS="-ldl")) +case $host_os in + linux*) + AC_DEFINE(HAVE_URANDOM, 1, [Has /dev/urandom]) ;; + *) ;; +esac + dnl Checks for library functions. AC_FUNC_VPRINTF AC_CHECK_FUNCS([geteuid getuid link memmove memset mkstemp strchr strrchr \ diff --git a/include/dix-config.h.in b/include/dix-config.h.in index d105e511c1..d0333878f4 100644 --- a/include/dix-config.h.in +++ b/include/dix-config.h.in @@ -240,6 +240,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H +/* Have /dev/urandom */ +#undef HAVE_URANDOM + /* Define to 1 if you have the `vprintf' function. */ #undef HAVE_VPRINTF diff --git a/os/auth.c b/os/auth.c index b2a145f893..fa3ba7924a 100644 --- a/os/auth.c +++ b/os/auth.c @@ -325,6 +325,20 @@ GenerateAuthorization( return -1; } +#ifdef HAVE_URANDOM + +void +GenerateRandomData (int len, char *buf) +{ + int fd; + + fd = open("/dev/urandom", O_RDONLY); + read(fd, buf, len); + close(fd); +} + +#else /* !HAVE_URANDOM */ + /* A random number generator that is more unpredictable than that shipped with some systems. This code is taken from the C standard. */ @@ -362,4 +376,6 @@ GenerateRandomData (int len, char *buf) /* XXX add getrusage, popen("ps -ale") */ } +#endif /* HAVE_URANDOM */ + #endif /* XCSECURITY */