You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Henning Brauer <hb...@bsws.de> on 2002/07/19 19:34:03 UTC
[PATCH] mod_auth_digest should use arc4random on OpenBSD
(against apache 1.3.26)
might have some lines offset, we have some other changes for our secure mode
in.
--- mod_auth_digest.c.orig Tue Jun 18 02:59:59 2002
+++ mod_auth_digest.c Fri Jul 19 19:28:34 2002
@@ -291,6 +291,24 @@
}
#endif /* HAVE_SHMEM_MM */
+#ifdef __OpenBSD__
+static void initialize_secret(server_rec *s)
+{
+ u_int32_t rnd = 0, i;
+
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s,
+ "Digest: generating secret for digest authentication ...");
+
+ for (i = 0; i < sizeof(secret); i++) {
+ if (i % 4 == 0)
+ rnd = arc4random();
+ secret[i] = rnd;
+ rnd >>= 8;
+ }
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s,
+ "Digest: done");
+}
+#else
#ifdef WIN32
/* TODO: abstract out the random number generation. APR? */
static void initialize_secret(server_rec *s)
@@ -358,6 +376,7 @@
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s, "Digest: done");
}
#endif
+#endif
#ifdef HAVE_SHMEM_MM
static void initialize_tables(server_rec *s)