From: Nigel Metheringham <nigel@exim.org>
Date: Mon, 16 Nov 2009 19:15:36 +0000 (+0000)
Subject: Documentation for randint.  Better randomness defaults.  Fixes: #722
X-Git-Tag: exim-4_71~13
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/0eb8eedd73556dbf5bb59ee7ebaed5fee282afc1

Documentation for randint.  Better randomness defaults.  Fixes: #722
---

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index b640daec6..bf7a987b9 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.68 2009/11/16 19:10:45 nm4 Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.69 2009/11/16 19:15:36 nm4 Exp $
 .
 . /////////////////////////////////////////////////////////////////////////////
 . This is the primary source of the Exim Manual. It is an xfpt document that is
@@ -9589,6 +9589,17 @@ For single-key lookup types, no quoting is ever necessary and this operator
 yields an unchanged string.
 
 
+.vitem &*${randint:*&<&'n'&>&*}*&
+.cindex "random number"
+This operator returns a somewhat random number which is less than the
+supplied number and is at least 0.  The quality of this randomness depends
+on how Exim was built; the values are not suitable for keying material.
+If Exim is linked against OpenSSL then RAND_pseudo_bytes() is used.
+Otherwise, the implementation may be arc4random(), random() seeded by
+srandomdev() or srandom(), or a custom implementation even weaker than
+random().
+
+
 .vitem &*${rfc2047:*&<&'string'&>&*}*&
 .cindex "expansion" "RFC 2047"
 .cindex "RFC 2047" "expansion operator"
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index f823ee064..5d2f51e69 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.595 2009/11/16 19:10:45 nm4 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.596 2009/11/16 19:15:36 nm4 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -10,6 +10,8 @@ TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body
 
 NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
 
+NM/02 Bugzilla 722: Documentation for randint.  Better randomness defaults.
+
 
 Exim version 4.70
 -----------------
diff --git a/src/OS/os.h-FreeBSD b/src/OS/os.h-FreeBSD
index 915f3b121..118d2508f 100644
--- a/src/OS/os.h-FreeBSD
+++ b/src/OS/os.h-FreeBSD
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/OS/os.h-FreeBSD,v 1.3 2006/03/16 12:25:24 ph10 Exp $ */
+/* $Cambridge: exim/src/OS/os.h-FreeBSD,v 1.4 2009/11/16 19:15:36 nm4 Exp $ */
 
 /* Exim: OS-specific C header file for FreeBSD */
 
@@ -7,6 +7,8 @@
 #define HAVE_MMAP
 #define HAVE_SYS_MOUNT_H
 #define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_SRANDOMDEV
+#define HAVE_ARC4RANDOM
 
 typedef struct flock flock_t;
 
diff --git a/src/OS/os.h-NetBSD b/src/OS/os.h-NetBSD
index 234f51c18..27e09e348 100644
--- a/src/OS/os.h-NetBSD
+++ b/src/OS/os.h-NetBSD
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/OS/os.h-NetBSD,v 1.5 2009/10/20 12:39:47 nm4 Exp $ */
+/* $Cambridge: exim/src/OS/os.h-NetBSD,v 1.6 2009/11/16 19:15:36 nm4 Exp $ */
 
 /* Exim: OS-specific C header file for NetBSD */
 
@@ -7,6 +7,7 @@
 #define HAVE_MMAP
 #define HAVE_SYS_MOUNT_H
 #define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_ARC4RANDOM
 
 typedef struct flock flock_t;
 
diff --git a/src/OS/os.h-OpenBSD b/src/OS/os.h-OpenBSD
index 60eceb285..dda851350 100644
--- a/src/OS/os.h-OpenBSD
+++ b/src/OS/os.h-OpenBSD
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/OS/os.h-OpenBSD,v 1.1 2004/10/06 15:07:39 ph10 Exp $ */
+/* $Cambridge: exim/src/OS/os.h-OpenBSD,v 1.2 2009/11/16 19:15:36 nm4 Exp $ */
 
 /* Exim: OS-specific C header file for OpenBSD */
 
@@ -6,6 +6,7 @@
 #define HAVE_MMAP
 #define HAVE_SYS_MOUNT_H
 #define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_ARC4RANDOM
 
 typedef struct flock flock_t;
 
diff --git a/src/src/exim.h b/src/src/exim.h
index 34fb118e0..61a7f25ab 100644
--- a/src/src/exim.h
+++ b/src/src/exim.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/exim.h,v 1.25 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/exim.h,v 1.26 2009/11/16 19:15:36 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -17,6 +17,11 @@ most of these includes. */
 
 #define HAVE_STATFS
 
+/* Similarly, assume most systems have srandom() unless os.h undefines it.
+This call dates back at least as far as SUSv2. */
+
+#define HAVE_SRANDOM
+
 /* First of all include the os-specific header, which might set things that
 are needed by any of the other headers, including system headers. */