Created
December 12, 2014 16:34
-
-
Save worr/db56f9f28c24d7841238 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
static void RandomSeed(void) | |
{ | |
/* 1. Seed the weak C PRNGs. */ | |
/* Mix various stuff. */ | |
pid_t pid = getpid(); | |
size_t fqdn_len = strlen(VFQNAME) > 0 ? strlen(VFQNAME) : 1; | |
time_t start_time = CFSTARTTIME; | |
time_t now = time(NULL); | |
srand((unsigned) pid * start_time ^ | |
(unsigned) fqdn_len * now); | |
srand48((long) pid * start_time ^ | |
(long) fqdn_len * now); | |
/* 2. Seed the strong OpenSSL PRNG. */ | |
/* randseed file is written by cf-key. */ | |
char randfile[CF_BUFSIZE]; | |
snprintf(randfile, CF_BUFSIZE, "%s%crandseed", | |
CFWORKDIR, FILE_SEPARATOR); | |
Log(LOG_LEVEL_VERBOSE, "Looking for a source of entropy in '%s'", | |
randfile); | |
if (!RAND_load_file(randfile, -1)) | |
{ | |
Log(LOG_LEVEL_VERBOSE, | |
"Could not read sufficient randomness from '%s'", randfile); | |
} | |
#ifndef __MINGW32__ /* windows may hang */ | |
RAND_poll(); | |
#else | |
RAND_screen(); | |
#endif | |
/* We should have had enough entropy by now. Else we print a message and | |
* use non-crypto-safe random data. */ | |
if (RAND_status() != 1) | |
{ | |
/* TODO raise to LOG_LEVEL_WARNING? */ | |
Log(LOG_LEVEL_INFO, | |
"PRNG hasn't been seeded enough, using some pseudo-random bytes for seed!"); | |
Log(LOG_LEVEL_INFO, | |
"A workaround is to copy 1KB of random bytes to '%s'", | |
randfile); | |
unsigned char rand_buf[128]; | |
for (size_t i = 0; i < sizeof(rand_buf); i++) | |
{ | |
rand_buf[i] = rand() % 256; | |
} | |
RAND_seed(rand_buf, sizeof(rand_buf)); | |
/* If we *still* do not have enough entropy, then things will be | |
* failing all over the place. Should never happen because of the | |
* rand() buffer above which should be enough for all cases. */ | |
if (RAND_status() != 1) | |
{ | |
UnexpectedError("Low entropy, crypto operations will fail! " | |
"See verbose log and report which platform you are using."); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment