tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RAND_file fallback to /dev/urandom
I liked the fact that /dev/urandom was used as random seed file
if ~/.rnd is not present. This got lost when OpenSSL 0.9.7d
was imported.
The appended patch restores this behaviour.
It is OK to commit, or are there general concerns about
such a fallback?
best regards
Matthias
--- randfile.c.~1.9.~ Mon Mar 22 16:08:26 2004
+++ randfile.c Wed Jun 16 16:42:18 2004
@@ -227,7 +227,7 @@ const char *RAND_file_name(char *buf, si
{
char *s=NULL;
int ok = 0;
-#ifdef __OpenBSD__
+#if defined(__OpenBSD__) || defined(__NetBSD__)
struct stat sb;
#endif
@@ -261,20 +261,25 @@ const char *RAND_file_name(char *buf, si
buf[0] = '\0'; /* no file name */
}
+#if defined(__OpenBSD__) || defined(__NetBSD__)
#ifdef __OpenBSD__
+#define FALLBACK "/dev/arandom"
+#else
+#define FALLBACK "/dev/urandom"
+#endif
/* given that all random loads just fail if the file can't be
* seen on a stat, we stat the file we're returning, if it
- * fails, use /dev/arandom instead. this allows the user to
+ * fails, use FALLBACK instead. this allows the user to
* use their own source for good random data, but defaults
* to something hopefully decent if that isn't available.
*/
if (!ok)
- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+ if (BUF_strlcpy(buf,FALLBACK,size) >= size) {
return(NULL);
}
if (stat(buf,&sb) == -1)
- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+ if (BUF_strlcpy(buf,FALLBACK,size) >= size) {
return(NULL);
}
Home |
Main Index |
Thread Index |
Old Index