Mercurial > dovecot > original-hg > dovecot-1.2
changeset 7077:aa9a4d419905 HEAD
If OpenSSL's random number generator can't initialize itself, fail instead
of initializing it with weak entropy. If this happens (i.e. no /dev/urandom
or /dev/random), the user can install egd on /var/run/egd-pool or some other
location that OpenSSL internally checks.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 30 Dec 2007 17:07:00 +0200 |
parents | 3cb00348ed06 |
children | 4e3c7037c2ca |
files | src/lib/randgen.c |
diffstat | 1 files changed, 4 insertions(+), 37 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib/randgen.c Sun Dec 30 00:27:44 2007 +0200 +++ b/src/lib/randgen.c Sun Dec 30 17:07:00 2007 +0200 @@ -65,11 +65,6 @@ #include <openssl/rand.h> #include <openssl/err.h> -#include <sys/time.h> -#ifdef HAVE_SYS_RESOURCE_H -# include <sys/resource.h> -#endif - static const char *ssl_last_error(void) { unsigned long err; @@ -86,37 +81,6 @@ return buf; } -static void random_init_rng(void) -{ - unsigned int counter = 0; - struct timeval tv; -#ifdef HAVE_GETRUSAGE - struct rusage ru; -#endif - - /* If the RNG is already seeded, we can return immediately. */ - if (RAND_status() == 1) - return; - - /* Else, try to seed it. Unfortunately we don't have - /dev/urandom, so we can only use weak random sources. */ - while (RAND_status() != 1) { - if (gettimeofday(&tv, NULL) < 0) - i_fatal("gettimeofday() failed: %m"); - RAND_add(&tv, sizeof(tv), sizeof(tv) / 2); -#ifdef HAVE_GETRUSAGE - if (getrusage(RUSAGE_SELF, &ru) < 0) - i_fatal("getrusage() failed: %m"); - RAND_add(&ru, sizeof(ru), sizeof(ru) / 2); -#endif - - if (counter++ > 100) { - i_fatal("Random generator initialization failed: " - "Couldn't get enough entropy"); - } - } -} - void random_fill(void *buf, size_t size) { if (RAND_bytes(buf, size) != 1) @@ -127,7 +91,10 @@ { unsigned int seed; - random_init_rng(); + if (RAND_status() == 0) { + i_fatal("Random generator not initialized: " + "Install egd on /var/run/egd-pool"); + } random_fill(&seed, sizeof(seed)); srand(seed);