dovecot: If OpenSSL's random number generator can't initialize i...
dovecot at dovecot.org
dovecot at dovecot.org
Sun Dec 30 17:07:04 EET 2007
details: http://hg.dovecot.org/dovecot/rev/aa9a4d419905
changeset: 7077:aa9a4d419905
user: Timo Sirainen <tss at iki.fi>
date: Sun Dec 30 17:07:00 2007 +0200
description:
If OpenSSL's random number generator can't initialize itself, fail instead
of initializing it with weak entropy. If this happens (i.e. no /dev/urandom
or /dev/random), the user can install egd on /var/run/egd-pool or some other
location that OpenSSL internally checks.
diffstat:
1 file changed, 4 insertions(+), 37 deletions(-)
src/lib/randgen.c | 41 ++++-------------------------------------
diffs (65 lines):
diff -r 3cb00348ed06 -r aa9a4d419905 src/lib/randgen.c
--- a/src/lib/randgen.c Sun Dec 30 00:27:44 2007 +0200
+++ b/src/lib/randgen.c Sun Dec 30 17:07:00 2007 +0200
@@ -65,11 +65,6 @@ void random_deinit(void)
#include <openssl/rand.h>
#include <openssl/err.h>
-#include <sys/time.h>
-#ifdef HAVE_SYS_RESOURCE_H
-# include <sys/resource.h>
-#endif
-
static const char *ssl_last_error(void)
{
unsigned long err;
@@ -86,37 +81,6 @@ static const char *ssl_last_error(void)
return buf;
}
-static void random_init_rng(void)
-{
- unsigned int counter = 0;
- struct timeval tv;
-#ifdef HAVE_GETRUSAGE
- struct rusage ru;
-#endif
-
- /* If the RNG is already seeded, we can return immediately. */
- if (RAND_status() == 1)
- return;
-
- /* Else, try to seed it. Unfortunately we don't have
- /dev/urandom, so we can only use weak random sources. */
- while (RAND_status() != 1) {
- if (gettimeofday(&tv, NULL) < 0)
- i_fatal("gettimeofday() failed: %m");
- RAND_add(&tv, sizeof(tv), sizeof(tv) / 2);
-#ifdef HAVE_GETRUSAGE
- if (getrusage(RUSAGE_SELF, &ru) < 0)
- i_fatal("getrusage() failed: %m");
- RAND_add(&ru, sizeof(ru), sizeof(ru) / 2);
-#endif
-
- if (counter++ > 100) {
- i_fatal("Random generator initialization failed: "
- "Couldn't get enough entropy");
- }
- }
-}
-
void random_fill(void *buf, size_t size)
{
if (RAND_bytes(buf, size) != 1)
@@ -127,7 +91,10 @@ void random_init(void)
{
unsigned int seed;
- random_init_rng();
+ if (RAND_status() == 0) {
+ i_fatal("Random generator not initialized: "
+ "Install egd on /var/run/egd-pool");
+ }
random_fill(&seed, sizeof(seed));
srand(seed);
More information about the dovecot-cvs
mailing list