mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
Add half our entropy from RAND_poll in OpenSSL. These know how to use egd (if present) openbsd weirdness (if present), vms/os2 weirdness (if we ever port there), and more in the future.
svn:r5215
This commit is contained in:
parent
46af2d26d0
commit
a53ecc94f9
@ -1575,42 +1575,63 @@ crypto_dh_free(crypto_dh_env_t *dh)
|
|||||||
|
|
||||||
/* random numbers */
|
/* random numbers */
|
||||||
|
|
||||||
|
/* This is how much entropy OpenSSL likes to add right now, so maybe it will
|
||||||
|
* work for us too. */
|
||||||
|
#define ADD_ENTROPY 32
|
||||||
|
|
||||||
|
/* Use RAND_poll if openssl is 0.9.6 release or later. (The "f" means
|
||||||
|
"release".) */
|
||||||
|
#define USE_RAND_POLL (OPENSSL_VERSION_NUMBER >= 0x0090600fl)
|
||||||
|
|
||||||
/** Seed OpenSSL's random number generator with bytes from the
|
/** Seed OpenSSL's random number generator with bytes from the
|
||||||
* operating system. Return 0 on success, -1 on failure.
|
* operating system. Return 0 on success, -1 on failure.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
crypto_seed_rng(void)
|
crypto_seed_rng(void)
|
||||||
{
|
{
|
||||||
char buf[64];
|
char buf[ADD_ENTROPY];
|
||||||
|
int rand_poll_status;
|
||||||
|
|
||||||
|
/* local variables */
|
||||||
#ifdef MS_WINDOWS
|
#ifdef MS_WINDOWS
|
||||||
static int provider_set = 0;
|
static int provider_set = 0;
|
||||||
static HCRYPTPROV provider;
|
static HCRYPTPROV provider;
|
||||||
|
|
||||||
if (!provider_set) {
|
|
||||||
if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
|
|
||||||
if (GetLastError() != NTE_BAD_KEYSET) {
|
|
||||||
log_fn(LOG_ERR,"Can't get CryptoAPI provider [1]");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
provider_set = 1;
|
|
||||||
}
|
|
||||||
if (!CryptGenRandom(provider, sizeof(buf), buf)) {
|
|
||||||
log_fn(LOG_ERR,"Can't get entropy from CryptoAPI.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
RAND_seed(buf, sizeof(buf));
|
|
||||||
/* And add the current screen state to the entropy pool for
|
|
||||||
* good measure. */
|
|
||||||
RAND_screen();
|
|
||||||
return 0;
|
|
||||||
#else
|
#else
|
||||||
static const char *filenames[] = {
|
static const char *filenames[] = {
|
||||||
"/dev/srandom", "/dev/urandom", "/dev/random", NULL
|
"/dev/srandom", "/dev/urandom", "/dev/random", NULL
|
||||||
};
|
};
|
||||||
int fd;
|
int fd;
|
||||||
int i, n;
|
int i, n;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if USE_RAND_POLL
|
||||||
|
/* OpenSSL 0.9.6 adds a RAND_poll function that knows about more kinds of
|
||||||
|
* entropy than we do. We'll try calling that, *and* calling our own entropy
|
||||||
|
* functions. If one succeeds, we'll accept the RNG as seeded. */
|
||||||
|
rand_poll_status = RAND_poll();
|
||||||
|
if (rand_poll_status == 0)
|
||||||
|
log_fn(LOG_WARN, "RAND_poll() failed.");
|
||||||
|
#else
|
||||||
|
rand_poll_status = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef MS_WINDOWS
|
||||||
|
if (!provider_set) {
|
||||||
|
if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
|
||||||
|
if (GetLastError() != NTE_BAD_KEYSET) {
|
||||||
|
log_fn(LOG_ERR,"Can't get CryptoAPI provider [1]");
|
||||||
|
return rand_poll_status ? 0 : -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
provider_set = 1;
|
||||||
|
}
|
||||||
|
if (!CryptGenRandom(provider, sizeof(buf), buf)) {
|
||||||
|
log_fn(LOG_ERR,"Can't get entropy from CryptoAPI.");
|
||||||
|
return rand_poll_status ? 0 : -1;
|
||||||
|
}
|
||||||
|
RAND_seed(buf, sizeof(buf));
|
||||||
|
return 0;
|
||||||
|
#else
|
||||||
for (i = 0; filenames[i]; ++i) {
|
for (i = 0; filenames[i]; ++i) {
|
||||||
fd = open(filenames[i], O_RDONLY, 0);
|
fd = open(filenames[i], O_RDONLY, 0);
|
||||||
if (fd<0) continue;
|
if (fd<0) continue;
|
||||||
@ -1626,7 +1647,7 @@ crypto_seed_rng(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
log_fn(LOG_WARN, "Cannot seed RNG -- no entropy source found.");
|
log_fn(LOG_WARN, "Cannot seed RNG -- no entropy source found.");
|
||||||
return -1;
|
return rand_poll_status ? 0 : -1;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user