On Mon, May 24, 2004 at 07:50:54PM +0300, Timo Sirainen wrote:
This could also be fixed by patching OpenSSL (I think). Patch in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=115284
That looks similar to a private patch I created some time back when openssl changed its RAND_bytes logic . I've moved it forward to successive openssl releases as I've installed them. This is pretty specific to the environment here though-- particularly where you know that you have a /dev/urandom. That openssl change (the one that necessitated this patch) also broke systems where the /dev/urandom was implemented via a pipe to a command.
Anyway, just for grins.. here's that local patch as carried forward to 0.9.7d
*** rand_unix.c.orig Sat Dec 27 11:01:52 2003 --- rand_unix.c Wed Mar 17 23:13:25 2004
*** 167,182 **** --- 167,203 ----
for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++)
{- #ifndef MV_COMM if ((fd = open(*randomfile, O_RDONLY|O_NONBLOCK
- #else /* mem 20030409 -- yes, let's block */
if ((fd = open(*randomfile, O_RDONLY- #endif /* MV_COMM */
- #ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it our controlling tty */ |O_NOCTTY #endif
- #ifndef MV_COMM /* mem 20030409 -- we don't have O_NOFOLLOW
- #ifdef O_NOFOLLOW /* Fail if the file is a symbolic link */ |O_NOFOLLOW #endif
- #endif /* MV_COMM */ )) >= 0) {
- #ifndef MV_COMM /* mem 20030409 -- don't do this idiotic timeout
struct timeval t = { 0, 10*1000 }; /* Spend 10ms on each file. */ int r;
*** 208,213 **** --- 229,251 ---- } while ((r > 0 || (errno == EINTR || errno == EAGAIN)) && t.tv_usec != 0 && n < ENTROPY_NEEDED); +
#else /* MV_COMM */
#endif /* MV_COMM */
close(fd); }