Support using OpenSSL's pseudo-random generator instead of /dev/urandom. If

neither are found, allow dovecot-auth still to be started because currently
only DIGEST-MD5 requires prng.

--HG--
branch : HEAD

diff --git a/configure.in b/configure.in
index 46380adc29ff0dd9bf86ca134063016ed11a860d..996989436abd2845006a35c1c6d9d296f07b5cc4 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -464,6 +464,22 @@ if test $i_cv_type_socklen_t = yes; then
   AC_DEFINE(HAVE_SOCKLEN_T,, Define to 'int' if you don't have socklen_t)
 fi
 
+dnl * find random source
+AC_MSG_CHECKING([for /dev/urandom])
+if test -e /dev/urandom; then
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE_DEV_URANDOM,, Define if you have /dev/urandom)
+  have_random_source=yes
+else
+  AC_MSG_RESULT(no)
+
+  AC_CHECK_HEADER(openssl/rand.h, [
+    AC_DEFINE(HAVE_OPENSSL_RAND_H,, Define if you have openssl/rand.h)
+    RAND_LIBS=-lcrypto
+  ])
+fi
+AC_SUBST(RAND_LIBS)
+
 dnl * do we have tm_gmtoff
 AC_MSG_CHECKING([for tm_gmtoff])
 AC_CACHE_VAL(i_cv_field_tm_gmtoff,

diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am
index 0d413a91cf221a838c82a09631afb4599e1ba61e..5c8971fecc4998ce8d3a3c596208ca940096d046 100644 (file)
--- a/src/auth/Makefile.am
+++ b/src/auth/Makefile.am
@@ -11,7 +11,8 @@ INCLUDES = \
 dovecot_auth_LDADD = \
        ../lib-settings/libsettings.a \
        ../lib/liblib.a \
-       $(AUTH_LIBS)
+       $(AUTH_LIBS) \
+       $(RAND_LIBS)
 
 if AUTH_MODULES
 dovecot_auth_LDFLAGS = -export-dynamic

diff --git a/src/lib/randgen.c b/src/lib/randgen.c
index b9ac2d84883a43c42a587e0a17b8238c736d3f5e..e95fea32239b802d7027f0165cafead67661ee92 100644 (file)
--- a/src/lib/randgen.c
+++ b/src/lib/randgen.c
@@ -24,9 +24,11 @@
 */
 
 #include "lib.h"
-#include "fd-close-on-exec.h"
 #include "randgen.h"
 
+#ifdef HAVE_URANDOM
+
+#include "fd-close-on-exec.h"
 #include <unistd.h>
 #include <fcntl.h>
 
@@ -74,3 +76,45 @@ void random_deinit(void)
        (void)close(urandom_fd);
        urandom_fd = -1;
 }
+
+#elif defined(HAVE_OPENSSL_RAND_H)
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+static const char *ssl_last_error(void)
+{
+       unsigned long err;
+       char *buf;
+       size_t err_size = 256;
+
+       err = ERR_get_error();
+       if (err == 0)
+               return strerror(errno);
+
+       buf = t_malloc(err_size);
+       buf[err_size-1] = '\0';
+       ERR_error_string_n(err, buf, err_size-1);
+       return buf;
+}
+
+void random_fill(void *buf, size_t size)
+{
+       if (RAND_pseudo_bytes(buf, size) != 1)
+               i_fatal("RAND_pseudo_bytes() failed: %s", ssl_last_error());
+}
+
+void random_init(void) {}
+void random_deinit(void) {}
+
+#else
+#  warning Random generator disabled
+
+void random_fill(void *buf, size_t size)
+{
+       i_fatal("random_fill(): No random source");
+}
+
+void random_init(void) {}
+void random_deinit(void) {}
+
+#endif