You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2021/12/07 16:02:21 UTC
svn commit: r1895659 - /httpd/httpd/trunk/support/ab.c
Author: jorton
Date: Tue Dec 7 16:02:21 2021
New Revision: 1895659
URL: http://svn.apache.org/viewvc?rev=1895659&view=rev
Log:
As in r1877467 for mod_ssl, for OpenSSL 1.1.1+ require that OpenSSL is
configured with a suitable entropy source and don't try to seed it
from getpid etc.
* support/ab.c (main): Check RAND_status().
(ssl_rand_seed, ssl_rand_choosenum): Drop for OpenSSL 1.1.1+.
Modified:
httpd/httpd/trunk/support/ab.c
Modified: httpd/httpd/trunk/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=1895659&r1=1895658&r2=1895659&view=diff
==============================================================================
--- httpd/httpd/trunk/support/ab.c (original)
+++ httpd/httpd/trunk/support/ab.c Tue Dec 7 16:02:21 2021
@@ -582,6 +582,8 @@ static void ssl_state_cb(const SSL *s, i
}
}
+#if OPENSSL_VERSION_NUMBER < 0x10101000
+
#ifndef RAND_MAX
#define RAND_MAX INT_MAX
#endif
@@ -627,6 +629,9 @@ static void ssl_rand_seed(void)
n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
RAND_seed(stackdata+n, 128);
}
+#else
+#define ssl_rand_seed() /* noop */
+#endif
static int ssl_print_connection_info(BIO *bio, SSL *ssl)
{
@@ -2640,6 +2645,16 @@ int main(int argc, const char * const ar
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+#if OPENSSL_VERSION_NUMBER >= 0x10101000
+ if (RAND_status() == 0) {
+ fprintf(stderr, "%s: Error: Crypto library PRNG does not contain "
+ "sufficient randomness.\n"
+ "%s: Build the library with a suitable entropy source configured.\n",
+ argv[0], argv[0]);
+ exit(1);
+ }
+#endif
+
if (!(ssl_ctx = SSL_CTX_new(meth))) {
BIO_printf(bio_err, "Could not initialize SSL Context.\n");
ERR_print_errors(bio_err);