6 files changed, 102 insertions, 23 deletions
diff --git a/Makefile b/Makefile
index 01dab0d..4570785 100644
--- a/Makefile
+++ b/Makefile
@@ -37,19 +37,20 @@ activitypub.o: activitypub.c xs.h xs_json.h xs_curl.h xs_mime.h \
 xs_openssl.h xs_regex.h xs_time.h xs_set.h snac.h
 data.o: data.c xs.h xs_io.h xs_json.h xs_openssl.h xs_glob.h xs_set.h \
 xs_time.h snac.h
-format.o: format.c xs.h xs_regex.h snac.h
+format.o: format.c xs.h xs_regex.h xs_mime.h snac.h
 html.o: html.c xs.h xs_io.h xs_json.h xs_regex.h xs_set.h xs_openssl.h \
 xs_time.h xs_mime.h snac.h
 http.o: http.c xs.h xs_io.h xs_openssl.h xs_curl.h xs_time.h xs_json.h \
 snac.h
 httpd.o: httpd.c xs.h xs_io.h xs_json.h xs_socket.h xs_httpd.h xs_mime.h \
- xs_time.h snac.h
+ xs_time.h xs_openssl.h snac.h
 main.o: main.c xs.h xs_io.h xs_json.h snac.h
 mastoapi.o: mastoapi.c xs.h xs_openssl.h xs_json.h xs_io.h xs_time.h \
- xs_glob.h xs_set.h snac.h
+ xs_glob.h xs_set.h xs_random.h snac.h
 snac.o: snac.c xs.h xs_io.h xs_unicode.h xs_json.h xs_curl.h xs_openssl.h \
 xs_socket.h xs_httpd.h xs_mime.h xs_regex.h xs_set.h xs_time.h xs_glob.h \
- snac.h
+ xs_random.h snac.h
 upgrade.o: upgrade.c xs.h xs_io.h xs_json.h xs_glob.h snac.h
-utils.o: utils.c xs.h xs_io.h xs_json.h xs_time.h xs_openssl.h snac.h
+utils.o: utils.c xs.h xs_io.h xs_json.h xs_time.h xs_openssl.h \
+ xs_random.h snac.h
 webfinger.o: webfinger.c xs.h xs_json.h xs_curl.h snac.h
diff --git a/mastoapi.c b/mastoapi.c
index f30971e..a76a6ab 100644
--- a/mastoapi.c
+++ b/mastoapi.c
@@ -10,6 +10,7 @@
 #include "xs_time.h"
 #include "xs_glob.h"
 #include "xs_set.h"
+#include "xs_random.h"
 #include "snac.h"
@@ -17,19 +18,8 @@ static xs_str *random_str(void)
 /* just what is says in the tin */
 {
    unsigned int data[4] = {0};
-    FILE *f;
-    if ((f = fopen("/dev/random", "r")) != NULL) {
-        fread(data, sizeof(data), 1, f);
-        fclose(f);
-    }
-    else {
-        data[0] = random() % 0xffffffff;
-        data[1] = random() % 0xffffffff;
-        data[2] = random() % 0xffffffff;
-        data[3] = random() % 0xffffffff;
-    }
+    xs_rnd_buf(data, sizeof(data));
    return xs_hex_enc((char *)data, sizeof(data));
 }
diff --git a/snac.c b/snac.c
index 722af62..691c2e2 100644
--- a/snac.c
+++ b/snac.c
@@ -16,6 +16,7 @@
 #include "xs_set.h"
 #include "xs_time.h"
 #include "xs_glob.h"
+#include "xs_random.h"
 #include "snac.h"
@@ -122,7 +123,9 @@ xs_str *hash_password(const char *uid, const char *passwd, const char *nonce)
    xs *hash;
    if (nonce == NULL) {
-        d_nonce = xs_fmt("%08x", random());
+        unsigned int r;
+        xs_rnd_buf(&r, sizeof(r));
+        d_nonce = xs_fmt("%08x", r);
        nonce = d_nonce;
    }
diff --git a/utils.c b/utils.c
index 1c03fee..f5b02ae 100644
--- a/utils.c
+++ b/utils.c
@@ -6,6 +6,7 @@
 #include "xs_json.h"
 #include "xs_time.h"
 #include "xs_openssl.h"
+#include "xs_random.h"
 #include "snac.h"
@@ -204,10 +205,7 @@ void new_password(const char *uid, d_char **clear_pwd, d_char **hashed_pwd)
 {
    int rndbuf[3];
-    srandom(time(NULL) ^ getpid());
+    xs_rnd_buf(rndbuf, sizeof(rndbuf));
-    rndbuf[0] = random() & 0xffffffff;
-    rndbuf[1] = random() & 0xffffffff;
-    rndbuf[2] = random() & 0xffffffff;
    *clear_pwd  = xs_base64_enc((char *)rndbuf, sizeof(rndbuf));
    *hashed_pwd = hash_password(uid, *clear_pwd, NULL);
diff --git a/xs_random.h b/xs_random.h
new file mode 100644
index 0000000..3566827
--- /dev/null
+++ b/xs_random.h
@@ -0,0 +1,87 @@
+/* copyright (c) 2022 - 2023 grunfink / MIT license */
+#ifndef _XS_RANDOM_H
+#define _XS_RANDOM_H
+unsigned int xs_rnd_int32_d(unsigned int *seed);
+void *xs_rnd_buf(void *buf, int size);
+#ifdef XS_IMPLEMENTATION
+#include <stdio.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <stdlib.h>
+unsigned int xs_rnd_int32_d(unsigned int *seed)
+/* returns a deterministic random integer. If seed is NULL, uses a static one */
+{
+    static unsigned int s = 0;
+    if (seed == NULL)
+        seed = &s;
+    if (*seed == 0) {
+        struct timeval tv;
+        gettimeofday(&tv, NULL);
+        *seed = tv.tv_sec ^ tv.tv_usec ^ getpid();
+    }
+    /* Linear congruential generator by Numerical Recipes */
+    *seed = (*seed * 1664525) + 1013904223;
+    return *seed;
+}
+void *xs_rnd_buf(void *buf, int size)
+/* fills buf with random data */
+{
+#ifdef __OpenBSD__
+    /* available since OpenBSD 2.2 */
+    arc4random_buf(buf, size);
+#else
+    FILE *f;
+    int done = 0;
+    if ((f = fopen("/dev/urandom", "r")) != NULL) {
+        /* fill with great random data from the system */
+        if (fread(buf, size, 1, f) == 1)
+            done = 1;
+        fclose(f);
+    }
+    if (!done) {
+        /* fill the buffer with poor quality, deterministic data */
+        unsigned int s   = 0;
+        unsigned char *p = (unsigned char *)buf;
+        int n            = size / sizeof(s);
+        /* fill with full integers */
+        while (n--) {
+            xs_rnd_int32_d(&s);
+            p = memcpy(p, &s, sizeof(s)) + sizeof(s);
+        }
+        if ((n = size % sizeof(s))) {
+            /* fill the remaining */
+            xs_rnd_int32_d(&s);
+            memcpy(p, &s, n);
+        }
+    }
+#endif /* __OpenBSD__ */
+    return buf;
+}
+#endif /* XS_IMPLEMENTATION */
+#endif /* XS_RANDOM_H */
diff --git a/xs_version.h b/xs_version.h
index 7a793d1..b589fed 100644
--- a/xs_version.h
+++ b/xs_version.h
@@ -1 +1 @@
-/* 3588cbb7859917f1c5965254f8a53c3349c773ea */
+/* 5c255b45c8cd5d6c01c983b03e635936db12da03 */

diff --git a/Makefile b/Makefile index 01dab0d..4570785 100644 --- a/Makefile +++ b/Makefile
@@ -37,19 +37,20 @@ activitypub.o: activitypub.c xs.h xs_json.h xs_curl.h xs_mime.h \
37	xs_openssl.h xs_regex.h xs_time.h xs_set.h snac.h	37	xs_openssl.h xs_regex.h xs_time.h xs_set.h snac.h
38	data.o: data.c xs.h xs_io.h xs_json.h xs_openssl.h xs_glob.h xs_set.h \	38	data.o: data.c xs.h xs_io.h xs_json.h xs_openssl.h xs_glob.h xs_set.h \
39	xs_time.h snac.h	39	xs_time.h snac.h
40	format.o: format.c xs.h xs_regex.h snac.h	40	format.o: format.c xs.h xs_regex.h xs_mime.h snac.h
41	html.o: html.c xs.h xs_io.h xs_json.h xs_regex.h xs_set.h xs_openssl.h \	41	html.o: html.c xs.h xs_io.h xs_json.h xs_regex.h xs_set.h xs_openssl.h \
42	xs_time.h xs_mime.h snac.h	42	xs_time.h xs_mime.h snac.h
43	http.o: http.c xs.h xs_io.h xs_openssl.h xs_curl.h xs_time.h xs_json.h \	43	http.o: http.c xs.h xs_io.h xs_openssl.h xs_curl.h xs_time.h xs_json.h \
44	snac.h	44	snac.h
45	httpd.o: httpd.c xs.h xs_io.h xs_json.h xs_socket.h xs_httpd.h xs_mime.h \	45	httpd.o: httpd.c xs.h xs_io.h xs_json.h xs_socket.h xs_httpd.h xs_mime.h \
46	xs_time.h snac.h	46	xs_time.h xs_openssl.h snac.h
47	main.o: main.c xs.h xs_io.h xs_json.h snac.h	47	main.o: main.c xs.h xs_io.h xs_json.h snac.h
48	mastoapi.o: mastoapi.c xs.h xs_openssl.h xs_json.h xs_io.h xs_time.h \	48	mastoapi.o: mastoapi.c xs.h xs_openssl.h xs_json.h xs_io.h xs_time.h \
49	xs_glob.h xs_set.h snac.h	49	xs_glob.h xs_set.h xs_random.h snac.h
50	snac.o: snac.c xs.h xs_io.h xs_unicode.h xs_json.h xs_curl.h xs_openssl.h \	50	snac.o: snac.c xs.h xs_io.h xs_unicode.h xs_json.h xs_curl.h xs_openssl.h \
51	xs_socket.h xs_httpd.h xs_mime.h xs_regex.h xs_set.h xs_time.h xs_glob.h \	51	xs_socket.h xs_httpd.h xs_mime.h xs_regex.h xs_set.h xs_time.h xs_glob.h \
52	snac.h	52	xs_random.h snac.h
53	upgrade.o: upgrade.c xs.h xs_io.h xs_json.h xs_glob.h snac.h	53	upgrade.o: upgrade.c xs.h xs_io.h xs_json.h xs_glob.h snac.h
54	utils.o: utils.c xs.h xs_io.h xs_json.h xs_time.h xs_openssl.h snac.h	54	utils.o: utils.c xs.h xs_io.h xs_json.h xs_time.h xs_openssl.h \
		55	xs_random.h snac.h
55	webfinger.o: webfinger.c xs.h xs_json.h xs_curl.h snac.h	56	webfinger.o: webfinger.c xs.h xs_json.h xs_curl.h snac.h


diff --git a/mastoapi.c b/mastoapi.c index f30971e..a76a6ab 100644 --- a/mastoapi.c +++ b/mastoapi.c
@@ -10,6 +10,7 @@
10	#include "xs_time.h"	10	#include "xs_time.h"
11	#include "xs_glob.h"	11	#include "xs_glob.h"
12	#include "xs_set.h"	12	#include "xs_set.h"
		13	#include "xs_random.h"
13		14
14	#include "snac.h"	15	#include "snac.h"
15		16
@@ -17,19 +18,8 @@ static xs_str *random_str(void)
17	/* just what is says in the tin */	18	/* just what is says in the tin */
18	{	19	{
19	unsigned int data[4] = {0};	20	unsigned int data[4] = {0};
20	FILE *f;
21
22	if ((f = fopen("/dev/random", "r")) != NULL) {
23	fread(data, sizeof(data), 1, f);
24	fclose(f);
25	}
26	else {
27	data[0] = random() % 0xffffffff;
28	data[1] = random() % 0xffffffff;
29	data[2] = random() % 0xffffffff;
30	data[3] = random() % 0xffffffff;
31	}
32		21
		22	xs_rnd_buf(data, sizeof(data));
33	return xs_hex_enc((char *)data, sizeof(data));	23	return xs_hex_enc((char *)data, sizeof(data));
34	}	24	}
35		25


diff --git a/snac.c b/snac.c index 722af62..691c2e2 100644 --- a/snac.c +++ b/snac.c
@@ -16,6 +16,7 @@
16	#include "xs_set.h"	16	#include "xs_set.h"
17	#include "xs_time.h"	17	#include "xs_time.h"
18	#include "xs_glob.h"	18	#include "xs_glob.h"
		19	#include "xs_random.h"
19		20
20	#include "snac.h"	21	#include "snac.h"
21		22
@@ -122,7 +123,9 @@ xs_str hash_password(const char uid, const char passwd, const char nonce)
122	xs *hash;	123	xs *hash;
123		124
124	if (nonce == NULL) {	125	if (nonce == NULL) {
125	d_nonce = xs_fmt("%08x", random());	126	unsigned int r;
		127	xs_rnd_buf(&r, sizeof(r));
		128	d_nonce = xs_fmt("%08x", r);
126	nonce = d_nonce;	129	nonce = d_nonce;
127	}	130	}
128		131


diff --git a/utils.c b/utils.c index 1c03fee..f5b02ae 100644 --- a/utils.c +++ b/utils.c
@@ -6,6 +6,7 @@
6	#include "xs_json.h"	6	#include "xs_json.h"
7	#include "xs_time.h"	7	#include "xs_time.h"
8	#include "xs_openssl.h"	8	#include "xs_openssl.h"
		9	#include "xs_random.h"
9		10
10	#include "snac.h"	11	#include "snac.h"
11		12
@@ -204,10 +205,7 @@ void new_password(const char uid, d_char clear_pwd, d_char *hashed_pwd)
204	{	205	{
205	int rndbuf[3];	206	int rndbuf[3];
206		207
207	srandom(time(NULL) ^ getpid());	208	xs_rnd_buf(rndbuf, sizeof(rndbuf));
208	rndbuf[0] = random() & 0xffffffff;
209	rndbuf[1] = random() & 0xffffffff;
210	rndbuf[2] = random() & 0xffffffff;
211		209
212	clear_pwd = xs_base64_enc((char )rndbuf, sizeof(rndbuf));	210	clear_pwd = xs_base64_enc((char )rndbuf, sizeof(rndbuf));
213	hashed_pwd = hash_password(uid, clear_pwd, NULL);	211	hashed_pwd = hash_password(uid, clear_pwd, NULL);


diff --git a/xs_random.h b/xs_random.h new file mode 100644 index 0000000..3566827 --- /dev/null +++ b/xs_random.h
@@ -0,0 +1,87 @@
		1	/* copyright (c) 2022 - 2023 grunfink / MIT license */
		2
		3	#ifndef _XS_RANDOM_H
		4
		5	#define _XS_RANDOM_H
		6
		7	unsigned int xs_rnd_int32_d(unsigned int *seed);
		8	void xs_rnd_buf(void buf, int size);
		9
		10	#ifdef XS_IMPLEMENTATION
		11
		12	#include <stdio.h>
		13	#include <sys/time.h>
		14	#include <unistd.h>
		15	#include <stdlib.h>
		16
		17	unsigned int xs_rnd_int32_d(unsigned int *seed)
		18	/* returns a deterministic random integer. If seed is NULL, uses a static one */
		19	{
		20	static unsigned int s = 0;
		21
		22	if (seed == NULL)
		23	seed = &s;
		24
		25	if (*seed == 0) {
		26	struct timeval tv;
		27
		28	gettimeofday(&tv, NULL);
		29	*seed = tv.tv_sec ^ tv.tv_usec ^ getpid();
		30	}
		31
		32	/* Linear congruential generator by Numerical Recipes */
		33	seed = (seed * 1664525) + 1013904223;
		34
		35	return *seed;
		36	}
		37
		38
		39	void xs_rnd_buf(void buf, int size)
		40	/* fills buf with random data */
		41	{
		42	#ifdef __OpenBSD__
		43
		44	/* available since OpenBSD 2.2 */
		45	arc4random_buf(buf, size);
		46
		47	#else
		48
		49	FILE *f;
		50	int done = 0;
		51
		52	if ((f = fopen("/dev/urandom", "r")) != NULL) {
		53	/* fill with great random data from the system */
		54	if (fread(buf, size, 1, f) == 1)
		55	done = 1;
		56
		57	fclose(f);
		58	}
		59
		60	if (!done) {
		61	/* fill the buffer with poor quality, deterministic data */
		62	unsigned int s = 0;
		63	unsigned char p = (unsigned char )buf;
		64	int n = size / sizeof(s);
		65
		66	/* fill with full integers */
		67	while (n--) {
		68	xs_rnd_int32_d(&s);
		69	p = memcpy(p, &s, sizeof(s)) + sizeof(s);
		70	}
		71
		72	if ((n = size % sizeof(s))) {
		73	/* fill the remaining */
		74	xs_rnd_int32_d(&s);
		75	memcpy(p, &s, n);
		76	}
		77	}
		78
		79	#endif /* __OpenBSD__ */
		80
		81	return buf;
		82	}
		83
		84
		85	#endif /* XS_IMPLEMENTATION */
		86
		87	#endif /* XS_RANDOM_H */


diff --git a/xs_version.h b/xs_version.h index 7a793d1..b589fed 100644 --- a/xs_version.h +++ b/xs_version.h
@@ -1 +1 @@
	/* 3588cbb7859917f1c5965254f8a53c3349c773ea */		/* 5c255b45c8cd5d6c01c983b03e635936db12da03 */