tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RAND_file fallback to /dev/urandom



I liked the fact that /dev/urandom was used as random seed file
if ~/.rnd is not present. This got lost when OpenSSL 0.9.7d
was imported.
The appended patch restores this behaviour.
It is OK to commit, or are there general concerns about
such a fallback?

best regards
Matthias


--- randfile.c.~1.9.~   Mon Mar 22 16:08:26 2004
+++ randfile.c  Wed Jun 16 16:42:18 2004
@@ -227,7 +227,7 @@ const char *RAND_file_name(char *buf, si
        {
        char *s=NULL;
        int ok = 0;
-#ifdef __OpenBSD__
+#if defined(__OpenBSD__) || defined(__NetBSD__)
        struct stat sb;
 #endif
 
@@ -261,20 +261,25 @@ const char *RAND_file_name(char *buf, si
                        buf[0] = '\0'; /* no file name */
                }
 
+#if defined(__OpenBSD__) || defined(__NetBSD__)
 #ifdef __OpenBSD__
+#define FALLBACK "/dev/arandom"
+#else
+#define FALLBACK "/dev/urandom"
+#endif
        /* given that all random loads just fail if the file can't be 
         * seen on a stat, we stat the file we're returning, if it
-        * fails, use /dev/arandom instead. this allows the user to 
+        * fails, use FALLBACK instead. this allows the user to 
         * use their own source for good random data, but defaults
         * to something hopefully decent if that isn't available. 
         */
 
        if (!ok)
-               if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+               if (BUF_strlcpy(buf,FALLBACK,size) >= size) {
                        return(NULL);
                }       
        if (stat(buf,&sb) == -1)
-               if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+               if (BUF_strlcpy(buf,FALLBACK,size) >= size) {
                        return(NULL);
                }       
 


Home | Main Index | Thread Index | Old Index