Browse Source

[core] rename li_rand() to li_rand_pseudo_bytes()

to be more explicit that the result is pseudo-random data
and not cryptographically random.
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
c64c2173ce
  1. 2
      src/mod_auth.c
  2. 2
      src/mod_usertrack.c
  3. 8
      src/rand.c
  4. 2
      src/rand.h

2
src/mod_auth.c

@ -821,7 +821,7 @@ static handler_t mod_auth_send_401_unauthorized_digest(server *srv, connection *
li_itostrn(hh, sizeof(hh), srv->cur_ts);
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
li_itostrn(hh, sizeof(hh), li_rand());
li_itostrn(hh, sizeof(hh), li_rand_pseudo_bytes());
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
li_MD5_Final(h, &Md5Ctx);

2
src/mod_usertrack.c

@ -231,7 +231,7 @@ URIHANDLER_FUNC(mod_usertrack_uri_handler) {
li_itostrn(hh, sizeof(hh), srv->cur_ts);
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
li_itostrn(hh, sizeof(hh), li_rand());
li_itostrn(hh, sizeof(hh), li_rand_pseudo_bytes());
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
li_MD5_Final(h, &Md5Ctx);

8
src/rand.c

@ -31,7 +31,9 @@
* block, and are intended to be called only at startup in lighttpd, or
* immediately after fork() to start lighttpd workers.
*
* Note: results from li_rand() are not necessarily cryptographically random.
* Note: results from li_rand_pseudo_bytes() are not necessarily
* cryptographically random and must not be used for purposes such
* as key generation which require cryptographic randomness.
*
* https://wiki.openssl.org/index.php/Random_Numbers
* https://wiki.openssl.org/index.php/Random_fork-safety
@ -147,7 +149,7 @@ void li_rand_reseed (void)
#endif
}
int li_rand (void)
int li_rand_pseudo_bytes (void)
{
/* randomness *is not* cryptographically strong */
/* (attempt to use better mechanisms to replace the more portable rand()) */
@ -186,7 +188,7 @@ int li_rand_bytes (unsigned char *buf, int num)
else {
/* NOTE: not cryptographically random !!! */
for (int i = 0; i < num; ++i)
buf[i] = li_rand() & 0xFF;
buf[i] = li_rand_pseudo_bytes() & 0xFF;
/*(openssl RAND_pseudo_bytes rc for non-cryptographically random data)*/
return 0;
}

2
src/rand.h

@ -2,7 +2,7 @@
#define LI_RAND_H_
#include "first.h"
int li_rand (void);
int li_rand_pseudo_bytes (void);
void li_rand_reseed (void);
int li_rand_bytes (unsigned char *buf, int num);
void li_rand_cleanup (void);

Loading…
Cancel
Save