int MaClient::createSecret() { char *hex = "0123456789abcdef"; uchar bytes[MPR_HTTP_MAX_SECRET]; char ascii[MPR_HTTP_MAX_SECRET * 2 + 1], *ap; int i; // // Create a random secret for use in authentication. Don't block // waiting for entropy, just take what we can get. Weaker // cryptographically, but otherwise users who create lots of clients // can block. // if (mprGetRandomBytes(bytes, sizeof(bytes), 0) < 0) { mprAssert(0); return MPR_ERR_CANT_INITIALIZE; } ap = ascii; for (i = 0; i < (int) sizeof(bytes); i++) { *ap++ = hex[bytes[i] >> 4]; *ap++ = hex[bytes[i] & 0xf]; } *ap = '\0'; secret = mprStrdup(ascii); return 0; }
static int getRandomBytes(MaHost *host, char *buf, int bufsize) { MprTime now; char *hex = "0123456789abcdef"; char *ap, *cp; uchar bytes[MA_MAX_SECRET], *bp; int i, pid; mprLog(host, 7, "Get random bytes"); memset(bytes, 0, sizeof(bytes)); /* * Create a random secret for use in authentication. Don't block. TODO -- conditional on Auth */ if (mprGetRandomBytes(host, bytes, sizeof(bytes), 0) < 0) { mprError(host, "Can't get sufficient random data for secure SSL operation. If SSL is used, it will not be secure."); now = mprGetTime(host); pid = (int) getpid(); cp = (char*) &now; bp = bytes; for (i = 0; i < sizeof(now) && bp < &bytes[MA_MAX_SECRET]; i++) { *bp++= *cp++; } cp = (char*) &now; for (i = 0; i < sizeof(pid) && bp < &bytes[MA_MAX_SECRET]; i++) { *bp++ = *cp++; } } for (i = 0, ap = buf; ap < &buf[bufsize - 1] && i < sizeof(bytes); i++) { *ap++ = hex[(bytes[i] >> 4) & 0xf]; *ap++ = hex[bytes[i] & 0xf]; } *ap = '\0'; mprLog(host, 7, "Got %d random bytes", (int) sizeof(bytes)); return 0; }
/* function random(value: Number): Number */ static EjsNumber *math_random(Ejs *ejs, EjsObj *unused, int argc, EjsObj **argv) { MprNumber value; uint uvalue; static int initialized = 0; if (!initialized) { #if WINDOWS uint seed = (uint) time(0); srand(seed); #elif !MACOSX && !VXWORKS srandom(time(0)); #endif initialized = 1; } #if WINDOWS { errno_t rand_s(uint *value); rand_s(&uvalue); } #elif LINUX uvalue = random(); #elif MACOSX uvalue = arc4random(); #else { int64 data[16]; int i; mprGetRandomBytes((char*) data, sizeof(data), 0); uvalue = 0; for (i = 0; i < sizeof(data) / sizeof(int64); i++) { uvalue += data[i]; } } #endif value = ((MprNumber) (uvalue & 0x7FFFFFFF)) / MAXINT; return ejsCreateNumber(ejs, value); }
int MaHost::start() { char *hex = "0123456789abcdef"; uchar bytes[MPR_HTTP_MAX_SECRET]; char ascii[MPR_HTTP_MAX_SECRET * 2 + 1], *ap; int i; // // Create a random secret for use in authentication. Don't block. // FUTURE -- conditional on Auth // mprLog(7, "Get random bytes\n"); if (mprGetRandomBytes(bytes, sizeof(bytes), 0) < 0) { mprError(MPR_L, MPR_LOG, "Can't generate local secret"); return MPR_ERR_CANT_INITIALIZE; } ap = ascii; for (i = 0; i < (int) sizeof(bytes); i++) { *ap++ = hex[bytes[i] >> 4]; *ap++ = hex[bytes[i] & 0xf]; } *ap = '\0'; secret = mprStrdup(ascii); mprLog(7, "Got %d random bytes\n", sizeof(bytes)); #if BLD_FEATURE_ACCESS_LOG && !BLD_FEATURE_ROMFS if (logPath) { logFd = open(logPath, O_CREAT | O_APPEND | O_WRONLY | O_TEXT, 0664); if (logFd < 0) { mprError(MPR_L, MPR_LOG, "Can't open log file %s", logPath); } #if FUTURE rotateLog(); #endif } #endif return 0; }