diff options
| author | Benny Prijono <bennylp@teluu.com> | 2008-01-24 15:27:30 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2008-01-24 15:27:30 +0000 |
| commit | 83e87b76edf4c5c5819a0d08ba1ba0897bec10c7 (patch) | |
| tree | 79b6644c7d0205458a844603f9fad937833a5032 | |
| parent | 6b80575da6571096086b911a8462417b1f54e685 (diff) | |
More ticket #61: SRTP will try to use /dev/urandom as RNG if fcntl.h and unistd.h is present. If it fails, it will fallback to using rand()
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1738 74dad513-b988-da41-8d7b-12977e46ad98
| -rwxr-xr-x | aconfigure | 133 | ||||
| -rw-r--r-- | aconfigure.ac | 1 | ||||
| -rw-r--r-- | pjlib/include/pj/compat/os_auto.h.in | 1 | ||||
| -rw-r--r-- | third_party/build/srtp/srtp_config.h | 11 | ||||
| -rw-r--r-- | third_party/srtp/crypto/rng/rand_source.c | 26 |
5 files changed, 166 insertions, 6 deletions
@@ -5509,6 +5509,139 @@ fi ;; esac +if test "${ac_cv_header_fcntl_h+set}" = set; then + { echo "$as_me:$LINENO: checking for fcntl.h" >&5 +echo $ECHO_N "checking for fcntl.h... $ECHO_C" >&6; } +if test "${ac_cv_header_fcntl_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_fcntl_h" >&5 +echo "${ECHO_T}$ac_cv_header_fcntl_h" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking fcntl.h usability" >&5 +echo $ECHO_N "checking fcntl.h usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <fcntl.h> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking fcntl.h presence" >&5 +echo $ECHO_N "checking fcntl.h presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <fcntl.h> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: fcntl.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: fcntl.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: fcntl.h: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: fcntl.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: fcntl.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: fcntl.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: fcntl.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: fcntl.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: fcntl.h: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: fcntl.h: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: fcntl.h: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: fcntl.h: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: fcntl.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: fcntl.h: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: fcntl.h: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: fcntl.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for fcntl.h" >&5 +echo $ECHO_N "checking for fcntl.h... $ECHO_C" >&6; } +if test "${ac_cv_header_fcntl_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_header_fcntl_h=$ac_header_preproc +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_fcntl_h" >&5 +echo "${ECHO_T}$ac_cv_header_fcntl_h" >&6; } + +fi +if test $ac_cv_header_fcntl_h = yes; then + cat >>confdefs.h <<\_ACEOF +#define PJ_HAS_FCNTL_H 1 +_ACEOF + +fi + + if test "${ac_cv_header_linux_socket_h+set}" = set; then { echo "$as_me:$LINENO: checking for linux/socket.h" >&5 echo $ECHO_N "checking for linux/socket.h... $ECHO_C" >&6; } diff --git a/aconfigure.ac b/aconfigure.ac index 011fa1d0..15a86817 100644 --- a/aconfigure.ac +++ b/aconfigure.ac @@ -138,6 +138,7 @@ case $target in ;; esac +AC_CHECK_HEADER(fcntl.h,[AC_DEFINE(PJ_HAS_FCNTL_H,1)]) AC_CHECK_HEADER(linux/socket.h,[AC_DEFINE(PJ_HAS_LINUX_SOCKET_H,1)]) AC_CHECK_HEADER(malloc.h,[AC_DEFINE(PJ_HAS_MALLOC_H,1)]) AC_CHECK_HEADER(netdb.h,[AC_DEFINE(PJ_HAS_NETDB_H,1)]) diff --git a/pjlib/include/pj/compat/os_auto.h.in b/pjlib/include/pj/compat/os_auto.h.in index 0af042a9..49cc0fdb 100644 --- a/pjlib/include/pj/compat/os_auto.h.in +++ b/pjlib/include/pj/compat/os_auto.h.in @@ -46,6 +46,7 @@ #undef PJ_HAS_ASSERT_H #undef PJ_HAS_CTYPE_H #undef PJ_HAS_ERRNO_H +#undef PJ_HAS_FCNTL_H #undef PJ_HAS_LINUX_SOCKET_H #undef PJ_HAS_MALLOC_H #undef PJ_HAS_NETDB_H diff --git a/third_party/build/srtp/srtp_config.h b/third_party/build/srtp/srtp_config.h index 2442b072..6d1cfcfc 100644 --- a/third_party/build/srtp/srtp_config.h +++ b/third_party/build/srtp/srtp_config.h @@ -26,7 +26,7 @@ (defined(PJ_M_X86_64) && PJ_M_X86_64!=0) || \ (defined(PJ_M_IA64) && PJ_M_IA64!=0) # define CPU_CISC 1 -# define HAVE_X86 1 /* use X86 inlined assembly code */ +/* # define HAVE_X86 1 use X86 inlined assembly code */ #else # define CPU_RISC 1 #endif @@ -113,7 +113,7 @@ typedef pj_int64_t int64_t; #endif -#define SIZEOF_UNSIGNED_LONG (sizeof(unsigned long)) +#define SIZEOF_UNSIGNED_LONG 8 #define SIZEOF_UNSIGNED_LONG_LONG 8 @@ -155,6 +155,13 @@ /* Path to random device */ /* #define DEV_URANDOM "/dev/urandom" */ +/* Only with PJSIP: + * Try to open PJ_DEV_URANDOM if present + */ +#if defined(PJ_HAS_FCNTL_H) && defined(PJ_HAS_UNISTD_H) +# define PJ_DEV_URANDOM "/dev/urandom" +#endif + /* We have overridden libsrtp error mechanism, so these are not used. */ /* #undef ERR_REPORTING_FILE */ /* #undef ERR_REPORTING_STDOUT */ diff --git a/third_party/srtp/crypto/rng/rand_source.c b/third_party/srtp/crypto/rng/rand_source.c index 79ec398d..d00d9806 100644 --- a/third_party/srtp/crypto/rng/rand_source.c +++ b/third_party/srtp/crypto/rng/rand_source.c @@ -44,7 +44,7 @@ #include "srtp_config.h" -#ifdef DEV_URANDOM +#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM) # include <fcntl.h> /* for open() */ # include <unistd.h> /* for close() */ #elif (_MSC_VER >= 1400) @@ -87,6 +87,13 @@ rand_source_init(void) { dev_random_fdes = open(DEV_URANDOM, O_RDONLY); if (dev_random_fdes < 0) return err_status_init_fail; +#elif defined(PJ_DEV_URANDOM) + /* open random source for reading */ + dev_random_fdes = open(PJ_DEV_URANDOM, O_RDONLY); + if (dev_random_fdes < 0) { + err_report(3,"Ugh: /dev/urandom not present, using rand() instead"); + return err_status_ok; /* it's ok, it'll fallback to using rand() */ + } #elif (_MSC_VER >= 1400) dev_random_fdes = RAND_SOURCE_READY; #else @@ -123,9 +130,16 @@ rand_source_get_octet_string(void *dest, uint32_t len) { len--; } #else + uint8_t *dst = (uint8_t *)dest; + + /* First try with /dev/urandom, if it's opened */ + if (dev_random_fdes >= 0) { + if (read(dev_random_fdes, dest, len) == len) + return err_status_ok; /* success */ + } + /* Generic C-library (rand()) version */ /* This is a random source of last resort */ - uint8_t *dst = (uint8_t *)dest; while (len) { int val = rand(); @@ -141,13 +155,17 @@ rand_source_get_octet_string(void *dest, uint32_t len) { err_status_t rand_source_deinit(void) { +#ifndef PJ_DEV_URANDOM if (dev_random_fdes < 0) return err_status_dealloc_fail; /* well, we haven't really failed, * * but there is something wrong */ -#ifdef DEV_URANDOM - close(dev_random_fdes); #endif + + if (dev_random_fdes >= 0) + close(dev_random_fdes); + dev_random_fdes = RAND_SOURCE_NOT_READY; return err_status_ok; } + |