I understand that apr does not offer true randomness, but the only place in
the code requiring a call to apr_generate_random_bytes() was in htpasswd.c -
the rest compiled fine, and it seems to run.
The function calling apr_generate_random_bytes() is a static routine called
seed_rand(), apparantly to set a random seed for the srand() routine.
I do not know the history, however, I would like to note that htdigest (in
utilties) does not need apr_generate_random_bytes (while the disabled mod
mod_digest_auth does, and I can understand the desire to be resetting the
srand key with true randomness when using it).
As it is "only" htpasswd I modified htpasswd as follows:
======
static apr_status_t seed_rand(void)
{
int seed = 0;
apr_status_t rv;
#ifdef _AIX
#include <time.h>
struct timespec tp;
#ifdef CLOCK_MONOTONIC
clock_gettime(CLOCK_MONOTONIC,&tp);
#else
clock_gettime(CLOCK_REALTIME,&tp);
#endif
seed = tp.tv_nsec % 10000;
#else
rv = apr_generate_random_bytes((unsigned char*) &seed, sizeof(seed));
if (rv) {
apr_file_printf(errfile, "Unable to generate random bytes: %pm" NL,
&rv);
return rv;
}
#endif
srand(seed);
return rv;
}
======
Note, AIX 4.3.3 does not know about CLOCK_MONOTONIC (which is relate to boot
and cannot be modified by any normal means, whereas CLOCK_REALTIME is
effected by calls to setclock() etc.)
Not that I expect you to adopt this l...@me, but I did want to inform you of
what I see as a idiosyncrancy in the why configure works with the main
package, but not with the utilities.
regards,
Michael
On Tue, Oct 12, 2010 at 6:15 PM, William A. Rowe Jr. <wr...@rowe-clan.net>wrote:
> On 10/12/2010 10:47 AM, Michael Felt wrote:
> >
> > I have the disable of auth_digest because configue complained that it
> could not complete
> > without /dev/random or egb installed. I prefer not to install egb.
> >
> > Suggestions for how I can 'neatly' satisfy htpasswd need for
> apr_generate_random_bytes()
> > are appreciated!
>
> You can't, you need entropy, and apr does not offer a pseudo-random
> generator of its own.
>
>
