diff options
| author |   deraadt <deraadt@openbsd.org> | 2000-02-24 20:09:59 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2000-02-24 20:09:59 +0000 |
| commit | d323cf717bc300094ffdeaf67d10034b94fd459e (patch) | |
| tree | 8f72a25d52290dbcea4a746a3abaf92369c842cc | |
| parent | sync with sshd_config (diff) | |
| download | wireguard-openbsd-d323cf717bc300094ffdeaf67d10034b94fd459e.tar.xz wireguard-openbsd-d323cf717bc300094ffdeaf67d10034b94fd459e.zip | |
fread() of /dev/random reads an entire huge stdio buffer, instead of the 32
bytes that we actually need, thus wasting a lot of system entropy. found by
alecm@coyote.uk.sun.com, passed on by Pete.Zaytsev@EBay.Sun.COM
| -rw-r--r-- | lib/libcrypto/rand/md_rand.c | 14 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/rand/md_rand.c | 14 |
2 files changed, 18 insertions, 10 deletions
diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index 6bd1960e1de..c9a071bd22e 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -58,6 +58,7 @@ #include <stdio.h> #include <sys/types.h> +#include <fcntl.h> #include <time.h> #include <string.h> @@ -226,7 +227,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) static int init=1; unsigned long l; #ifdef DEVRANDOM - FILE *fh; + int fd; #endif #ifdef PREDICT @@ -259,20 +260,23 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) /* #ifdef DEVRANDOM */ /* * Use a random entropy pool device. - * Linux 1.3.x and FreeBSD-Current has + * Linux 1.3.x, OpenBSD, and FreeBSD have * this. Use /dev/urandom if you can * as /dev/random will block if it runs out * of random entries. */ - if ((fh = fopen(DEVRANDOM, "r")) != NULL) + if ((fd = open(DEVRANDOM, O_RDONLY)) != NULL) { unsigned char tmpbuf[32]; - fread((unsigned char *)tmpbuf,1,32,fh); + read(fd, tmpbuf, sizeof(tmpbuf)); /* we don't care how many bytes we read, * we will just copy the 'stack' if there is * nothing else :-) */ - fclose(fh); + /* the above comment is EVIL. Security software + * RELIES ON THESE PRIMITIVES HAVING MORE SECURE + * BEHAVIOUR! Secure entropy is required in + * many cases! */ RAND_seed(tmpbuf,32); memset(tmpbuf,0,32); } diff --git a/lib/libssl/src/crypto/rand/md_rand.c b/lib/libssl/src/crypto/rand/md_rand.c index 6bd1960e1de..c9a071bd22e 100644 --- a/lib/libssl/src/crypto/rand/md_rand.c +++ b/lib/libssl/src/crypto/rand/md_rand.c @@ -58,6 +58,7 @@ #include <stdio.h> #include <sys/types.h> +#include <fcntl.h> #include <time.h> #include <string.h> @@ -226,7 +227,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) static int init=1; unsigned long l; #ifdef DEVRANDOM - FILE *fh; + int fd; #endif #ifdef PREDICT @@ -259,20 +260,23 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) /* #ifdef DEVRANDOM */ /* * Use a random entropy pool device. - * Linux 1.3.x and FreeBSD-Current has + * Linux 1.3.x, OpenBSD, and FreeBSD have * this. Use /dev/urandom if you can * as /dev/random will block if it runs out * of random entries. */ - if ((fh = fopen(DEVRANDOM, "r")) != NULL) + if ((fd = open(DEVRANDOM, O_RDONLY)) != NULL) { unsigned char tmpbuf[32]; - fread((unsigned char *)tmpbuf,1,32,fh); + read(fd, tmpbuf, sizeof(tmpbuf)); /* we don't care how many bytes we read, * we will just copy the 'stack' if there is * nothing else :-) */ - fclose(fh); + /* the above comment is EVIL. Security software + * RELIES ON THESE PRIMITIVES HAVING MORE SECURE + * BEHAVIOUR! Secure entropy is required in + * many cases! */ RAND_seed(tmpbuf,32); memset(tmpbuf,0,32); } |