diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2000-02-24 20:10:00 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2000-02-24 20:10:00 +0000 |
commit | 54c6e6cbc69ef01a49fe5ca8610d09bf962b3310 (patch) | |
tree | 397e604e32cb2c5811bf2c7f9b9681d42e99c3a8 /lib/libcrypto/rand/md_rand.c | |
parent | 7fe26a0f7688de4e714c778fd6451a8b872424d8 (diff) |
fread() of /dev/random reads an entire huge stdio buffer, instead of the 32
bytes that we actually need, thus wasting a lot of system entropy. found by
alecm@coyote.uk.sun.com, passed on by Pete.Zaytsev@EBay.Sun.COM
Diffstat (limited to 'lib/libcrypto/rand/md_rand.c')
-rw-r--r-- | lib/libcrypto/rand/md_rand.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index 6bd1960e1de..c9a071bd22e 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -58,6 +58,7 @@ #include <stdio.h> #include <sys/types.h> +#include <fcntl.h> #include <time.h> #include <string.h> @@ -226,7 +227,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) static int init=1; unsigned long l; #ifdef DEVRANDOM - FILE *fh; + int fd; #endif #ifdef PREDICT @@ -259,20 +260,23 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) /* #ifdef DEVRANDOM */ /* * Use a random entropy pool device. - * Linux 1.3.x and FreeBSD-Current has + * Linux 1.3.x, OpenBSD, and FreeBSD have * this. Use /dev/urandom if you can * as /dev/random will block if it runs out * of random entries. */ - if ((fh = fopen(DEVRANDOM, "r")) != NULL) + if ((fd = open(DEVRANDOM, O_RDONLY)) != NULL) { unsigned char tmpbuf[32]; - fread((unsigned char *)tmpbuf,1,32,fh); + read(fd, tmpbuf, sizeof(tmpbuf)); /* we don't care how many bytes we read, * we will just copy the 'stack' if there is * nothing else :-) */ - fclose(fh); + /* the above comment is EVIL. Security software + * RELIES ON THESE PRIMITIVES HAVING MORE SECURE + * BEHAVIOUR! Secure entropy is required in + * many cases! */ RAND_seed(tmpbuf,32); memset(tmpbuf,0,32); } |