EGD requirement a show stopper for me

Gary E. Miller gem at rellim.com
Fri Feb 11 10:21:33 EST 2000 

Yo Damien!

I found out that the Apache product used the truerandom lib
as an alternative for /dev/random.  Here is a message I got
from SCO support about:
    ftp://ftp.research.att.com/dist/mab/librand.shar

It looks pretty easy to port.  I could do it it you are interested.


RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701
	gem at rellim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

<information on the TrueRandom library>

This library is used by Apache to generate random numbers in the absence
of /dev/random.  It isn't a standard library, but is something that seems
to have floated around on the net in more-or-less source form for some
time.  It isn't large - only a couple of hundred lines or so of source,
and works by exploiting timing differences in system interrupts, rather
than on specific and deterministic algorithms.

I picked up my copy of it from

    ftp://ftp.research.att.com/dist/mab/

in librand.shar.  It's now immortalized in the Apache build, so if you
have any problems getting it from here, I can send you a copy.

Regarding its use, well, I've appended the Apache routine that does
the either-or thing with /dev/random and librand.a.

--------------83C16BD8BCDAEE8FB656BDEA
Content-Type: text/plain; charset=us-ascii;
 name="rand"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="rand"

static void initialize_secret(server_rec *s)
{
#ifdef	DEV_RANDOM
    FILE *rnd;
    size_t got, tot;
#else
    extern int randbyte(void);	/* from the truerand library */
    unsigned int idx;
#endif

    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s,
		 "Digest: generating secret for digest authentication ...");

#ifdef	DEV_RANDOM
#define	XSTR(x)	#x
#define	STR(x)	XSTR(x)
    if ((rnd = fopen(STR(DEV_RANDOM), "rb")) == NULL) {
	ap_log_error(APLOG_MARK, APLOG_CRIT, s,
		     "Digest: Couldn't open " STR(DEV_RANDOM));
	exit(EXIT_FAILURE);
    }
    if (setvbuf(rnd, NULL, _IONBF, 0) != 0) {
	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_CRIT, s,
		     "Digest: Error trying to disable buffering for " STR(DEV_RANDOM));
	exit(EXIT_FAILURE);
    }
    for (tot=0; tot<sizeof(secret); tot += got) {
	if ((got = fread(secret+tot, 1, sizeof(secret)-tot, rnd)) < 1) {
	    ap_log_error(APLOG_MARK, APLOG_CRIT, s,
			 "Digest: Error reading " STR(DEV_RANDOM));
	    exit(EXIT_FAILURE);
	}
    }
    fclose(rnd);
#undef	STR
#undef	XSTR
#else	/* use truerand */
    /* this will increase the startup time of the server, unfortunately...
     * (generating 20 bytes takes about 8 seconds)
     */
    for (idx=0; idx<sizeof(secret); idx++)
	secret[idx] = (unsigned char) randbyte();
#endif	/* DEV_RANDOM */

    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s, "Digest: done");
}

--------------83C16BD8BCDAEE8FB656BDEA--

More information about the openssh-unix-dev mailing list