if a filesystem node exists at /var/run/egd-pool, try to connect to it as

the EGD (Entropy Gathering Daemon) or PRNGD (pseudorandom number
generator daemon) socket and seed OpenSSL's RNG.

this is necessary on solaris and other systems which lack /dev/urandom.

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index fbd8eedeee6d06d0a473a997aba9bc747bff7cde..baa76db741d435d9d1bbb63fbdb46f556e410a6a 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,11 @@
  $Log$
+ Revision 590.144  2002/03/12 04:30:52  nbryant
+ if a filesystem node exists at /var/run/egd-pool, try to connect to it as
+ the EGD (Entropy Gathering Daemon) or PRNGD (pseudorandom number
+ generator daemon) socket and seed OpenSSL's RNG.
+
+ this is necessary on solaris and other systems which lack /dev/urandom.
+
  Revision 590.143  2002/03/12 03:43:26  nbryant
  squished the last remaining calls to sprintf
 
@@ -3450,3 +3457,4 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
        * Initial CVS import 
+

diff --git a/citadel/client_crypto.c b/citadel/client_crypto.c
index 94daf2fbfcc0e4ddcc3368d32048d47223eb54d9..fa007d2a81477ace3979566fc1cae5ee2f16c814 100644 (file)
--- a/citadel/client_crypto.c
+++ b/citadel/client_crypto.c
@@ -237,6 +237,10 @@ int starttls(void)
 #if SSLEAY_VERSION_NUMBER >= 0x0922
        SSL_set_session_id_context(ssl, "Citadel/UX SID", 14);
 #endif
+
+       if (!access("/var/run/egd-pool", F_OK))
+               RAND_egd("/var/run/egd-pool");
+
        if (!RAND_status()) {
                err_printf("PRNG not properly seeded\n");
                return 0;

diff --git a/citadel/serv_crypto.c b/citadel/serv_crypto.c
index 05f84dba260c787acd40853a1272255ed64a0c8b..cda02a57067fccd82adc9089bbf676c38f3fbddc 100644 (file)
--- a/citadel/serv_crypto.c
+++ b/citadel/serv_crypto.c
@@ -49,6 +49,9 @@ void init_ssl(void)
 {
        SSL_METHOD *ssl_method;
        DH *dh;
+
+       if (!access("/var/run/egd-pool", F_OK))
+               RAND_egd("/var/run/egd-pool");
        
        if (!RAND_status()) {
                lprintf(2, "PRNG not adequately seeded, won't do SSL/TLS\n");