From 54c6e6cbc69ef01a49fe5ca8610d09bf962b3310 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Thu, 24 Feb 2000 20:10:00 +0000 Subject: fread() of /dev/random reads an entire huge stdio buffer, instead of the 32 bytes that we actually need, thus wasting a lot of system entropy. found by alecm@coyote.uk.sun.com, passed on by Pete.Zaytsev@EBay.Sun.COM --- lib/libcrypto/rand/md_rand.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index 6bd1960e1de..c9a071bd22e 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -58,6 +58,7 @@ #include #include +#include #include #include @@ -226,7 +227,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) static int init=1; unsigned long l; #ifdef DEVRANDOM - FILE *fh; + int fd; #endif #ifdef PREDICT @@ -259,20 +260,23 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) /* #ifdef DEVRANDOM */ /* * Use a random entropy pool device. - * Linux 1.3.x and FreeBSD-Current has + * Linux 1.3.x, OpenBSD, and FreeBSD have * this. Use /dev/urandom if you can * as /dev/random will block if it runs out * of random entries. */ - if ((fh = fopen(DEVRANDOM, "r")) != NULL) + if ((fd = open(DEVRANDOM, O_RDONLY)) != NULL) { unsigned char tmpbuf[32]; - fread((unsigned char *)tmpbuf,1,32,fh); + read(fd, tmpbuf, sizeof(tmpbuf)); /* we don't care how many bytes we read, * we will just copy the 'stack' if there is * nothing else :-) */ - fclose(fh); + /* the above comment is EVIL. Security software + * RELIES ON THESE PRIMITIVES HAVING MORE SECURE + * BEHAVIOUR! Secure entropy is required in + * many cases! */ RAND_seed(tmpbuf,32); memset(tmpbuf,0,32); } -- cgit v1.2.3