Commit 0423f812 authored by Benjamin Kaduk's avatar Benjamin Kaduk Committed by Rich Salz
Browse files

Add a no-egd option to disable EGD-related code 



The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: default avatarDr. Stephen Henson <steve@openssl.org>
parent 47153c72

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -4,6 +4,10 @@ 


 Changes between 1.0.2e and 1.1.0  [xx XXX xxxx]



  *) EGD is no longer supported by default; use enable-egd when

     configuring.

     [Ben Kaduv and Rich Salz]



  *) The distribution now has Makefile.in files, which are used to

     create Makefile's when Configure is run.  *Configure must be run

     before trying to build now.*

Configure

+3 −1
Original line number Diff line number Diff line
@@ -14,7 +14,7 @@ use File::Spec::Functions; 


# see INSTALL for instructions.



my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";

my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";



# Options:

#
@@ -50,6 +50,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta 
# no-asm        do not use assembler

# no-dso        do not compile in any native shared-library methods. This

#               will ensure that all methods just return NULL.

# no-egd        do not compile support for the entropy-gathering daemon APIs

# [no-]zlib     [don't] compile support for zlib compression.

# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared

#		library and will be loaded in run-time by the OpenSSL library.
@@ -905,6 +906,7 @@ my @disablables = ( 


my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]

		 "ec_nistp_64_gcc_128" => "default",

		 "egd"            => "default",

		 "jpake"          => "experimental",

		 "md2"            => "default",

		 "rc5"            => "default",

apps/app_rand.c

+6 −0
Original line number Diff line number Diff line
@@ -126,6 +126,7 @@ int app_RAND_load_file(const char *file, int dont_warn) 


    if (file == NULL)

        file = RAND_file_name(buffer, sizeof buffer);

#ifndef OPENSSL_NO_EGD

    else if (RAND_egd(file) > 0) {

        /*

         * we try if the given filename is an EGD socket. if it is, we don't
@@ -134,6 +135,7 @@ int app_RAND_load_file(const char *file, int dont_warn) 
        egdsocket = 1;

        return 1;

    }

#endif

    if (file == NULL || !RAND_load_file(file, -1)) {

        if (RAND_status() == 0) {

            if (!dont_warn) {
@@ -161,7 +163,9 @@ long app_RAND_load_files(char *name) 
    char *p, *n;

    int last;

    long tot = 0;

#ifndef OPENSSL_NO_EGD

    int egd;

#endif



    for (;;) {

        last = 0;
@@ -174,10 +178,12 @@ long app_RAND_load_files(char *name) 
        if (*n == '\0')

            break;



#ifndef OPENSSL_NO_EGD

        egd = RAND_egd(n);

        if (egd > 0)

            tot += egd;

        else

#endif

            tot += RAND_load_file(n, -1);

        if (last)

            break;

crypto/rand/rand_egd.c

+46 −38
Original line number Diff line number Diff line
@@ -95,6 +95,8 @@ 
 *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.

 */



#ifndef OPENSSL_NO_EGD



# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)

int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)

{
@@ -286,3 +288,9 @@ int RAND_egd(const char *path) 
}



# endif



#else /* OPENSSL_NO_EGD */

# if PEDANTIC

static void *dummy = &dummy;

# endif

#endif

crypto/rand/rand_unix.c

+5 −5
Original line number Diff line number Diff line
@@ -244,7 +244,7 @@ int RAND_poll(void) 
{

    unsigned long l;

    pid_t curr_pid = getpid();

#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

#  if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))

    unsigned char tmpbuf[ENTROPY_NEEDED];

    int n = 0;

#  endif
@@ -254,7 +254,7 @@ int RAND_poll(void) 
    int fd;

    unsigned int i;

#  endif

#  ifdef DEVRANDOM_EGD

#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)

    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };

    const char **egdsocket = NULL;

#  endif
@@ -371,7 +371,7 @@ int RAND_poll(void) 
    }

#  endif                        /* defined(DEVRANDOM) */



#  ifdef DEVRANDOM_EGD

#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)

    /*

     * Use an EGD socket to read entropy from an EGD or PRNGD entropy

     * collecting daemon.
@@ -388,7 +388,7 @@ int RAND_poll(void) 
    }

#  endif                        /* defined(DEVRANDOM_EGD) */



#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))

    if (n > 0) {

        RAND_add(tmpbuf, sizeof tmpbuf, (double)n);

        OPENSSL_cleanse(tmpbuf, n);
@@ -404,7 +404,7 @@ int RAND_poll(void) 
    l = time(NULL);

    RAND_add(&l, sizeof(l), 0.0);



#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))

    return 1;

#  else

    return 0;