worr/RandomSeed.c

## RandomSeed.c
static void RandomSeed(void)
{
    /* 1. Seed the weak C PRNGs. */

    /* Mix various stuff. */
    pid_t pid = getpid();
    size_t fqdn_len = strlen(VFQNAME) > 0 ? strlen(VFQNAME) : 1;
    time_t start_time = CFSTARTTIME;
    time_t now = time(NULL);

    srand((unsigned) pid      * start_time ^
          (unsigned) fqdn_len * now);
    srand48((long)  pid      * start_time ^
            (long)  fqdn_len * now);

    /* 2. Seed the strong OpenSSL PRNG. */

    /* randseed file is written by cf-key. */
    char randfile[CF_BUFSIZE];
    snprintf(randfile, CF_BUFSIZE, "%s%crandseed",
             CFWORKDIR, FILE_SEPARATOR);
    Log(LOG_LEVEL_VERBOSE, "Looking for a source of entropy in '%s'",
        randfile);

    if (!RAND_load_file(randfile, -1))
    {
        Log(LOG_LEVEL_VERBOSE,
            "Could not read sufficient randomness from '%s'", randfile);
    }

#ifndef __MINGW32__                                     /* windows may hang */
    RAND_poll();
#else
    RAND_screen();
#endif

    /* We should have had enough entropy by now. Else we print a message and
     * use non-crypto-safe random data. */
    if (RAND_status() != 1)
    {
        /* TODO raise to LOG_LEVEL_WARNING? */
        Log(LOG_LEVEL_INFO,
            "PRNG hasn't been seeded enough, using some pseudo-random bytes for seed!");
        Log(LOG_LEVEL_INFO,
            "A workaround is to copy 1KB of random bytes to '%s'",
            randfile);

        unsigned char rand_buf[128];
        for (size_t i = 0; i < sizeof(rand_buf); i++)
        {
            rand_buf[i] = rand() % 256;
        }
        RAND_seed(rand_buf, sizeof(rand_buf));

        /* If we *still* do not have enough entropy, then things will be
         * failing all over the place. Should never happen because of the
         * rand() buffer above which should be enough for all cases. */
        if (RAND_status() != 1)
        {
            UnexpectedError("Low entropy, crypto operations will fail! "
                            "See verbose log and report which platform you are using.");
        }
    }
}
	static void RandomSeed(void)
	{
	/* 1. Seed the weak C PRNGs. */

	/* Mix various stuff. */
	pid_t pid = getpid();
	size_t fqdn_len = strlen(VFQNAME) > 0 ? strlen(VFQNAME) : 1;
	time_t start_time = CFSTARTTIME;
	time_t now = time(NULL);

	srand((unsigned) pid * start_time ^
	(unsigned) fqdn_len * now);
	srand48((long) pid * start_time ^
	(long) fqdn_len * now);

	/* 2. Seed the strong OpenSSL PRNG. */

	/* randseed file is written by cf-key. */
	char randfile[CF_BUFSIZE];
	snprintf(randfile, CF_BUFSIZE, "%s%crandseed",
	CFWORKDIR, FILE_SEPARATOR);
	Log(LOG_LEVEL_VERBOSE, "Looking for a source of entropy in '%s'",
	randfile);

	if (!RAND_load_file(randfile, -1))
	{
	Log(LOG_LEVEL_VERBOSE,
	"Could not read sufficient randomness from '%s'", randfile);
	}

	#ifndef __MINGW32__ /* windows may hang */
	RAND_poll();
	#else
	RAND_screen();
	#endif

	/* We should have had enough entropy by now. Else we print a message and
	* use non-crypto-safe random data. */
	if (RAND_status() != 1)
	{
	/* TODO raise to LOG_LEVEL_WARNING? */
	Log(LOG_LEVEL_INFO,
	"PRNG hasn't been seeded enough, using some pseudo-random bytes for seed!");
	Log(LOG_LEVEL_INFO,
	"A workaround is to copy 1KB of random bytes to '%s'",
	randfile);

	unsigned char rand_buf[128];
	for (size_t i = 0; i < sizeof(rand_buf); i++)
	{
	rand_buf[i] = rand() % 256;
	}
	RAND_seed(rand_buf, sizeof(rand_buf));

	/* If we still do not have enough entropy, then things will be
	* failing all over the place. Should never happen because of the
	* rand() buffer above which should be enough for all cases. */
	if (RAND_status() != 1)
	{
	UnexpectedError("Low entropy, crypto operations will fail! "
	"See verbose log and report which platform you are using.");
	}
	}
	}