lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Thu, Jan 26, 2012 at 05:17:38PM -0200, Roberto Ierusalimschy wrote:
> > It just requires that LUA_RANDOM be defined to one of the
> > identifiers `time', `arc4random', or `RAND_bytes'.
> 
> That is part of the problem. We would like something that Lua could
> detect testing some predefined macros.
> 

There are two problems, really: 1) making it easy to select sources, and 2)
getting the default right.

The solution I posted earlier addressed #1. The second is, obviously,
harder. For arc4random I test for __NetBSD__, __FreeBSD__, __OpenBSD__, and
__APPLE__. I also set _BSD_SOURCE and _DARWIN_C_SOURCE, similar to
_GNU_SOURCE.

As has been pointed out, Arch Linux has arc4random(), but I'd be wary of
degenerating to checking for every Linux distribution out there, which is
why I think solving problem #1 is important; perhaps more important than
#2.

For the Linux sysctl hack you can just check for __linux since it's a kernel
interface. Unfortunately the RANDOM_UUID identifier for the sysctl mib is an
enum.

Like some others, I'd prefer an extension to lua_newstate, but I realize
that doesn't solve the lua command-line utility issue.

For OpenSSL I don't know of any way to check other than relying on the
preprocessor to continue even for a failed #include. Also, the location of
openssl header files used to be unreliable, though I think
<openssl/crypto.h> is most common. But then there's the linking issue, so
maybe a run-time approach of trying to dlopen() libcrypto.so would work
better.

/dev/urandom is fairly common (*BSDs, Linux, Apple, and Solaris), and at
least for the command-line utility won't have the chroot() issues.

I guess the 4 good bets are 1) arc4random, 2) sysctl({RANDOM_UUID}), 3)
Windows Crypto API, and 4) /dev/urandom. After that just fallback to time(),
etc.