diff options
| author | Nick Mathewson <nickm@torproject.org> | 2005-10-06 22:22:22 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2005-10-06 22:22:22 +0000 |
| commit | a89daaeca90b84bed9ab802965c13705a18ed1a9 (patch) | |
| tree | 610e421147c221337d95dd2fa44625acc8812546 | |
| parent | cc35e1720f7dde775e2c8246c2f9b542954e401f (diff) | |
| download | tor-a89daaeca90b84bed9ab802965c13705a18ed1a9.tar.gz tor-a89daaeca90b84bed9ab802965c13705a18ed1a9.zip | |
Once an hour (not just on startup) give OpenSSL some more entropy.
Add entropy in 512-bit chunks, not 160-bit chunks. (This latter
change is voodoo.)
svn:r5211
| -rw-r--r-- | src/common/crypto.c | 5 | ||||
| -rw-r--r-- | src/or/main.c | 10 |
2 files changed, 12 insertions, 3 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 16d1734ac4..2c5b96f371 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1575,16 +1575,16 @@ crypto_dh_free(crypto_dh_env_t *dh) /* random numbers */ -/** Seed OpenSSL's random number generator with DIGEST_LEN bytes from the +/** Seed OpenSSL's random number generator with bytes from the * operating system. Return 0 on success, -1 on failure. */ int crypto_seed_rng(void) { + char buf[64]; #ifdef MS_WINDOWS static int provider_set = 0; static HCRYPTPROV provider; - char buf[DIGEST_LEN+1]; if (!provider_set) { if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { @@ -1610,7 +1610,6 @@ crypto_seed_rng(void) }; int fd; int i, n; - char buf[DIGEST_LEN+1]; for (i = 0; filenames[i]; ++i) { fd = open(filenames[i], O_RDONLY, 0); diff --git a/src/or/main.c b/src/or/main.c index d05a5b828d..28913e11b5 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -98,6 +98,7 @@ static char* nt_strerror(uint32_t errnum); #define DESCRIPTOR_RETRY_INTERVAL 10 #define DESCRIPTOR_FAILURE_RESET_INTERVAL 60*60 #define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60) /* 20 minutes */ +#define ENTROPY_INTERVAL 60*60 /********* END VARIABLES ************/ @@ -639,6 +640,7 @@ run_scheduled_events(time_t now) static time_t time_to_shrink_buffers = 0; static time_t time_to_try_getting_descriptors = 0; static time_t time_to_reset_descriptor_failures = 0; + static time_t time_to_add_entropy = 0; or_options_t *options = get_options(); int i; @@ -689,6 +691,14 @@ run_scheduled_events(time_t now) * them at all. */ } + if (time_to_add_entropy == 0) + time_to_add_entropy = now + ENTROPY_INTERVAL; + if (time_to_add_entropy < now) { + /* We already seeded once, so don't die on failure. */ + crypto_seed_rng(); + time_to_add_entropy = now + ENTROPY_INTERVAL; + } + /** 1c. If we have to change the accounting interval or record * bandwidth used in this accounting interval, do so. */ if (accounting_is_enabled(options)) |