int MaClient::createSecret()
{
char *hex = "0123456789abcdef";
uchar bytes[MPR_HTTP_MAX_SECRET];
char ascii[MPR_HTTP_MAX_SECRET * 2 + 1], *ap;
int i;
//
// Create a random secret for use in authentication. Don't block
// waiting for entropy, just take what we can get. Weaker
// cryptographically, but otherwise users who create lots of clients
// can block.
//
if (mprGetRandomBytes(bytes, sizeof(bytes), 0) < 0) {
mprAssert(0);
return MPR_ERR_CANT_INITIALIZE;
}
ap = ascii;
for (i = 0; i < (int) sizeof(bytes); i++) {
*ap++ = hex[bytes[i] >> 4];
*ap++ = hex[bytes[i] & 0xf];
}
*ap = '\0';
secret = mprStrdup(ascii);
return 0;
}
static int getRandomBytes(MaHost *host, char *buf, int bufsize)
{
MprTime now;
char *hex = "0123456789abcdef";
char *ap, *cp;
uchar bytes[MA_MAX_SECRET], *bp;
int i, pid;
mprLog(host, 7, "Get random bytes");
memset(bytes, 0, sizeof(bytes));
/*
* Create a random secret for use in authentication. Don't block. TODO -- conditional on Auth
*/
if (mprGetRandomBytes(host, bytes, sizeof(bytes), 0) < 0) {
mprError(host, "Can't get sufficient random data for secure SSL operation. If SSL is used, it will not be secure.");
now = mprGetTime(host);
pid = (int) getpid();
cp = (char*) &now;
bp = bytes;
for (i = 0; i < sizeof(now) && bp < &bytes[MA_MAX_SECRET]; i++) {
*bp++= *cp++;
}
cp = (char*) &now;
for (i = 0; i < sizeof(pid) && bp < &bytes[MA_MAX_SECRET]; i++) {
*bp++ = *cp++;
}
}
for (i = 0, ap = buf; ap < &buf[bufsize - 1] && i < sizeof(bytes); i++) {
*ap++ = hex[(bytes[i] >> 4) & 0xf];
*ap++ = hex[bytes[i] & 0xf];
}
*ap = '\0';
mprLog(host, 7, "Got %d random bytes", (int) sizeof(bytes));
return 0;
}
/*
function random(value: Number): Number
*/
static EjsNumber *math_random(Ejs *ejs, EjsObj *unused, int argc, EjsObj **argv)
{
MprNumber value;
uint uvalue;
static int initialized = 0;
if (!initialized) {
#if WINDOWS
uint seed = (uint) time(0);
srand(seed);
#elif !MACOSX && !VXWORKS
srandom(time(0));
#endif
initialized = 1;
}
#if WINDOWS
{
errno_t rand_s(uint *value);
rand_s(&uvalue);
}
#elif LINUX
uvalue = random();
#elif MACOSX
uvalue = arc4random();
#else
{
int64 data[16];
int i;
mprGetRandomBytes((char*) data, sizeof(data), 0);
uvalue = 0;
for (i = 0; i < sizeof(data) / sizeof(int64); i++) {
uvalue += data[i];
}
}
#endif
value = ((MprNumber) (uvalue & 0x7FFFFFFF)) / MAXINT;
return ejsCreateNumber(ejs, value);
}
int MaHost::start()
{
char *hex = "0123456789abcdef";
uchar bytes[MPR_HTTP_MAX_SECRET];
char ascii[MPR_HTTP_MAX_SECRET * 2 + 1], *ap;
int i;
//
// Create a random secret for use in authentication. Don't block.
// FUTURE -- conditional on Auth
//
mprLog(7, "Get random bytes\n");
if (mprGetRandomBytes(bytes, sizeof(bytes), 0) < 0) {
mprError(MPR_L, MPR_LOG, "Can't generate local secret");
return MPR_ERR_CANT_INITIALIZE;
}
ap = ascii;
for (i = 0; i < (int) sizeof(bytes); i++) {
*ap++ = hex[bytes[i] >> 4];
*ap++ = hex[bytes[i] & 0xf];
}
*ap = '\0';
secret = mprStrdup(ascii);
mprLog(7, "Got %d random bytes\n", sizeof(bytes));
#if BLD_FEATURE_ACCESS_LOG && !BLD_FEATURE_ROMFS
if (logPath) {
logFd = open(logPath, O_CREAT | O_APPEND | O_WRONLY | O_TEXT, 0664);
if (logFd < 0) {
mprError(MPR_L, MPR_LOG, "Can't open log file %s", logPath);
}
#if FUTURE
rotateLog();
#endif
}
#endif
return 0;
}
