LD=gcc
RUNWITH=lua
EXCERTS=yes
+PRNG=
+PRNGLIBS=
CFLAGS="-fPIC -Wall"
LDFLAGS="-shared"
icu: use ICU from IBM
--with-ssl=LIB The name of the SSL to link with.
Default is $OPENSSL_LIB
+--with-random=METHOD CSPRNG backend to use. One of
+ getrandom: Linux kernel
+ arc4random: OpenBSD kernel
+ openssl: OpenSSL RAND method
+ Default is to use /dev/urandom
--cflags=FLAGS Flags to pass to the compiler
Default is $CFLAGS
--ldflags=FLAGS Flags to pass to the linker
--with-ssl=*)
OPENSSL_LIB="$value"
;;
+ --with-random=getrandom)
+ PRNG=GETRANDOM
+ ;;
+ --with-random=openssl)
+ PRNG=OPENSSL
+ PRNGLIBS=-lcrypto
+ ;;
+ --with-random=arc4random)
+ PRNG=ARC4RANDOM
+ ;;
--cflags=*)
CFLAGS="$value"
;;
LD=$LD
RUNWITH=$RUNWITH
EXCERTS=$EXCERTS
+RANDOM=$PRNG
+RANDOM_LIBS=$PRNGLIBS
+
EOF
ALL=encodings.so hashes.so net.so pposix.so signal.so table.so ringbuffer.so
+ifdef RANDOM
+ALL+=crand.so
+endif
+
.PHONY: all install clean
.SUFFIXES: .c .o .so
$(INSTALL_DATA) $^ $(TARGET)
clean:
- rm -f $(ALL)
+ rm -f $(ALL) $(patsubst %.so,%.o,$(ALL))
encodings.so: LDLIBS+=$(IDNA_LIBS)
hashes.so: LDLIBS+=$(OPENSSL_LIBS)
+crand.o: CFLAGS+=-DWITH_$(RANDOM)
+crand.so: LDLIBS+=$(RANDOM_LIBS)
+
%.so: %.o
$(LD) $(LDFLAGS) -o $@ $^ $(LDLIBS)
--- /dev/null
+/* Prosody IM
+-- Copyright (C) 2008-2016 Matthew Wild
+-- Copyright (C) 2008-2016 Waqas Hussain
+-- Copyright (C) 2016 Kim Alvefur
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+*/
+
+/*
+* crand.c
+* C PRNG interface
+*/
+
+#include "lualib.h"
+#include "lauxlib.h"
+
+#include <string.h>
+#include <errno.h>
+
+/*
+ * TODO: Decide on fixed size or dynamically allocated buffer
+ */
+#if 1
+#include <malloc.h>
+#else
+#define BUFLEN 256
+#endif
+
+#if defined(WITH_GETRANDOM)
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <linux/random.h>
+
+#ifndef SYS_getrandom
+#error getrandom() requires Linux 3.17 or later
+#endif
+
+/* Was this not supposed to be a function? */
+int getrandom(char *buf, size_t len, int flags) {
+ return syscall(SYS_getrandom, buf, len, flags);
+}
+
+#elif defined(WITH_ARC4RANDOM)
+#include <stdlib.h>
+#elif defined(WITH_OPENSSL)
+#include <openssl/rand.h>
+#else
+#error util.crand compiled without a random source
+#endif
+
+int Lrandom(lua_State *L) {
+#ifdef BUFLEN
+ unsigned char buf[BUFLEN];
+#else
+ unsigned char *buf;
+#endif
+ int ret = 0;
+ size_t len = (size_t)luaL_checkint(L, 1);
+#ifdef BUFLEN
+ len = len > BUFLEN ? BUFLEN : len;
+#else
+ buf = malloc(len);
+
+ if(buf == NULL) {
+ lua_pushnil(L);
+ lua_pushstring(L, "out of memory");
+ /* or it migth be better to
+ * return lua_error(L);
+ */
+ return 2;
+ }
+#endif
+
+#if defined(WITH_GETRANDOM)
+ ret = getrandom(buf, len, 0);
+
+ if(ret < 0) {
+#ifndef BUFLEN
+ free(buf);
+#endif
+ lua_pushnil(L);
+ lua_pushstring(L, strerror(errno));
+ lua_pushinteger(L, errno);
+ return 3;
+ }
+
+#elif defined(WITH_ARC4RANDOM)
+ arc4random_buf(buf, len);
+ ret = len;
+#elif defined(WITH_OPENSSL)
+ ret = RAND_bytes(buf, len);
+
+ if(ret == 1) {
+ ret = len;
+ } else {
+#ifndef BUFLEN
+ free(buf);
+#endif
+ lua_pushnil(L);
+ lua_pushstring(L, "failed");
+ /* lua_pushinteger(L, ERR_get_error()); */
+ return 2;
+ }
+
+#endif
+
+ lua_pushlstring(L, buf, ret);
+#ifndef BUFLEN
+ free(buf);
+#endif
+ return 1;
+}
+
+#ifdef ENABLE_SEEDING
+int Lseed(lua_State *L) {
+ size_t len;
+ const char *seed = lua_tolstring(L, 1, &len);
+
+#if defined(WITH_OPENSSL)
+ RAND_add(seed, len, len);
+ return 0;
+#else
+ lua_pushnil(L);
+ lua_pushliteral(L, "not-supported");
+ return 2;
+#endif
+}
+#endif
+
+int luaopen_util_crand(lua_State *L) {
+ lua_newtable(L);
+ lua_pushcfunction(L, Lrandom);
+ lua_setfield(L, -2, "bytes");
+#ifdef ENABLE_SEEDING
+ lua_pushcfunction(L, Lseed);
+ lua_setfield(L, -2, "seed");
+#endif
+
+#if defined(WITH_GETRANDOM)
+ lua_pushstring(L, "Linux");
+#elif defined(WITH_ARC4RANDOM)
+ lua_pushstring(L, "arc4random()");
+#elif defined(WITH_OPENSSL)
+ lua_pushstring(L, "OpenSSL");
+#endif
+ lua_setfield(L, -2, "_source");
+
+#if defined(WITH_OPENSSL) && defined(_WIN32)
+ /* Do we need to seed this on Windows? */
+#endif
+
+ return 1;
+}
+
-- Variables ending with these names will not
-- have their values printed ('password' includes
-- 'new_password', etc.)
+--
+-- luacheck: ignore 122/debug
+
local censored_names = {
password = true;
passwd = true;
+local unpack = table.unpack or unpack; --luacheck: ignore 113
local t_insert = table.insert;
function import(module, ...)
local m = package.loaded[module] or require(module);
local it = {};
local t_insert = table.insert;
-local select, unpack, next = select, unpack, next;
-local function pack(...) return { n = select("#", ...), ... }; end
+local select, next = select, next;
+local unpack = table.unpack or unpack; --luacheck: ignore 113
+local pack = table.pack or function (...) return { n = select("#", ...), ... }; end
-- Reverse an iterator
function it.reverse(f, s, var)
local select = select;
local t_insert = table.insert;
-local unpack, pairs, next, type = unpack, pairs, next, type;
+local pairs, next, type = pairs, next, type;
+local unpack = table.unpack or unpack; --luacheck: ignore 113
local _ENV = nil;
-- COPYING file in the source package for more information.
--
+local ok, crand = pcall(require, "util.crand");
+if ok then return crand; end
+
local urandom, urandom_err = io.open("/dev/urandom", "r");
local function seed()
end
local function set_id(session)
- local id = typ .. tostring(session):match("%x+$"):lower();
+ local id = session.type .. tostring(session):match("%x+$"):lower();
session.id = id;
return session;
end
local function set_logger(session)
- local log = logger.init(id);
+ local log = logger.init(session.id);
session.log = log;
return session;
end
local conn = session.conn;
if not conn then
function session.send(data)
- log("debug", "Discarding data sent to unconnected session: %s", tostring(data));
+ session.log("debug", "Discarding data sent to unconnected session: %s", tostring(data));
return false;
end
return session;
local setmetatable, getmetatable = setmetatable, getmetatable;
-local ipairs, unpack, select = ipairs, unpack, select;
+local ipairs, unpack, select = ipairs, table.unpack or unpack, select; --luacheck: ignore 113
local tonumber, tostring = tonumber, tostring;
local assert, xpcall, debug_traceback = assert, xpcall, debug.traceback;
local t_concat = table.concat;
projects / prosody.git / commitdiff