diff options
| -rw-r--r-- | src/common/crypto.c | 42 | ||||
| -rw-r--r-- | src/common/crypto.h | 1 | ||||
| -rw-r--r-- | src/or/main.c | 1 |
3 files changed, 43 insertions, 1 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index c0e7c6657f..70754abf85 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -39,8 +39,16 @@ #define RETURN_SSL_OUTCOME(exp) return !(exp) #endif +static inline const EVP_CIPHER * +crypto_cipher_evp_cipher(int type, int enc); + + static inline int crypto_cipher_iv_length(int type) { + /* + printf("%d -> %d IV\n",type, EVP_CIPHER_iv_length( + crypto_cipher_evp_cipher(type,0))); + */ switch(type) { case CRYPTO_CIPHER_IDENTITY: return 0; @@ -53,6 +61,10 @@ crypto_cipher_iv_length(int type) { static inline int crypto_cipher_key_length(int type) { + /* + printf("%d -> %d\n",type, EVP_CIPHER_key_length( + crypto_cipher_evp_cipher(type,0))); + */ switch(type) { case CRYPTO_CIPHER_IDENTITY: return 0; @@ -774,8 +786,36 @@ void crypto_dh_free(crypto_dh_env_t *dh) free(dh); } - /* random numbers */ +int crypto_seed_rng() +{ + static char *filenames[] = { + "/dev/srandom", "/dev/urandom", "/dev/random", NULL + }; + int i; + char buf[21]; + char *cp; + FILE *f; + + for (i = 0; filenames[i]; ++i) { + f = fopen(filenames[i], "rb"); + if (!f) continue; + log(LOG_INFO, "Seeding RNG from %s", filenames[i]); + buf[20]='\xff'; + cp = fgets(buf, 20, f); + fclose(f); + if (!cp || buf[20]) { + log(LOG_INFO, "Error reading from entropy source"); + return -1; + } + RAND_seed(buf, 20); + return 0; + } + + log(LOG_INFO, "Cannot seed RNG -- no entropy source found."); + return -1; +} + int crypto_rand(unsigned int n, unsigned char *to) { assert(to); diff --git a/src/common/crypto.h b/src/common/crypto.h index 38b280d7f2..b71ed902fa 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -100,6 +100,7 @@ crypto_cipher_env_t *crypto_create_init_cipher(int cipher_type, char *key, char int crypto_SHA_digest(unsigned char *m, int len, unsigned char *digest); /* random numbers */ +int crypto_seed_rng(); int crypto_rand(unsigned int n, unsigned char *to); int crypto_pseudo_rand(unsigned int n, unsigned char *to); diff --git a/src/or/main.c b/src/or/main.c index 4171186e3b..99d827675e 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -799,6 +799,7 @@ int tor_main(int argc, char *argv[]) { signal (SIGHUP, catch); /* to reload directory */ crypto_global_init(); + crypto_seed_rng(); retval = do_main_loop(); crypto_global_cleanup(); |