summaryrefslogtreecommitdiff
path: root/lib/libcrypto/rand/md_rand.c
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2000-02-24 20:10:00 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2000-02-24 20:10:00 +0000
commit54c6e6cbc69ef01a49fe5ca8610d09bf962b3310 (patch)
tree397e604e32cb2c5811bf2c7f9b9681d42e99c3a8 /lib/libcrypto/rand/md_rand.c
parent7fe26a0f7688de4e714c778fd6451a8b872424d8 (diff)
fread() of /dev/random reads an entire huge stdio buffer, instead of the 32
bytes that we actually need, thus wasting a lot of system entropy. found by alecm@coyote.uk.sun.com, passed on by Pete.Zaytsev@EBay.Sun.COM
Diffstat (limited to 'lib/libcrypto/rand/md_rand.c')
-rw-r--r--lib/libcrypto/rand/md_rand.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c
index 6bd1960e1de..c9a071bd22e 100644
--- a/lib/libcrypto/rand/md_rand.c
+++ b/lib/libcrypto/rand/md_rand.c
@@ -58,6 +58,7 @@
#include <stdio.h>
#include <sys/types.h>
+#include <fcntl.h>
#include <time.h>
#include <string.h>
@@ -226,7 +227,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num)
static int init=1;
unsigned long l;
#ifdef DEVRANDOM
- FILE *fh;
+ int fd;
#endif
#ifdef PREDICT
@@ -259,20 +260,23 @@ static void ssleay_rand_bytes(unsigned char *buf, int num)
/* #ifdef DEVRANDOM */
/*
* Use a random entropy pool device.
- * Linux 1.3.x and FreeBSD-Current has
+ * Linux 1.3.x, OpenBSD, and FreeBSD have
* this. Use /dev/urandom if you can
* as /dev/random will block if it runs out
* of random entries.
*/
- if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+ if ((fd = open(DEVRANDOM, O_RDONLY)) != NULL)
{
unsigned char tmpbuf[32];
- fread((unsigned char *)tmpbuf,1,32,fh);
+ read(fd, tmpbuf, sizeof(tmpbuf));
/* we don't care how many bytes we read,
* we will just copy the 'stack' if there is
* nothing else :-) */
- fclose(fh);
+ /* the above comment is EVIL. Security software
+ * RELIES ON THESE PRIMITIVES HAVING MORE SECURE
+ * BEHAVIOUR! Secure entropy is required in
+ * many cases! */
RAND_seed(tmpbuf,32);
memset(tmpbuf,0,32);
}