diff options
| author | Joe Orton <jorton@apache.org> | 2020-05-07 12:34:12 +0200 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2020-05-07 12:34:12 +0200 |
| commit | c2321e5b8fa6792662deaaeb05f1c24bd71503eb (patch) | |
| tree | 06e7a8d645cef674661d88e8df38ebd4a90a34cb /modules/ssl/ssl_engine_rand.c | |
| parent | ap_core_input_filter(): axe unnecessary AP_MODE_SPECULATIVE test. (diff) | |
| download | apache2-c2321e5b8fa6792662deaaeb05f1c24bd71503eb.tar.xz apache2-c2321e5b8fa6792662deaaeb05f1c24bd71503eb.zip | |
mod_ssl: Drop SSLRandomSeed implementation with OpenSSL 1.1.1.
Require that OpenSSL is configured with a suitable entropy source,
or fail startup otherwise.
* modules/ssl/ssl_private.h:
Define MODSSL_USE_SSLRAND for OpenSSL < 1.1.1.
(SSLModConfigRec): Only define pid, aRandSeed for <1.1.1.
(ssl_rand_seed): Define as noop if !MODSSL_USE_SSLRAND.
* modules/ssl/ssl_engine_init.c (ssl_init_Module):
Only initialize mc->pid for MODSSL_USE_SSLRAND.
Fail if RAND_status() returns zero.
(ssl_init_Child): Drop getpid and srand for !MODSSL_USE_SSLRAND.
* modules/ssl/ssl_engine_rand.c: ifdef-out for !MODSSL_USE_SSLRAND.
(ssl_rand_seed): Drop warning if PRNG not seeded (now a startup
error as above).
* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Drop
aRandSeed initialization. (ssl_cmd_SSLRandomSeed): Log a warning if
used w/!MODSSL_USE_SSLRAND.
Github: closes #123
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877467 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl/ssl_engine_rand.c')
| -rw-r--r-- | modules/ssl/ssl_engine_rand.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/modules/ssl/ssl_engine_rand.c b/modules/ssl/ssl_engine_rand.c index 3b6bf07613..b9445268eb 100644 --- a/modules/ssl/ssl_engine_rand.c +++ b/modules/ssl/ssl_engine_rand.c @@ -29,6 +29,8 @@ #include "ssl_private.h" +#ifdef MODSSL_USE_SSLRAND + #if HAVE_VALGRIND #include <valgrind.h> #include <memcheck.h> @@ -43,7 +45,7 @@ static int ssl_rand_choosenum(int, int); static int ssl_rand_feedfp(apr_pool_t *, apr_file_t *, int); -int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix) +void ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix) { SSLModConfigRec *mc; apr_array_header_t *apRandSeed; @@ -134,12 +136,6 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix) } ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s, "%sSeeding PRNG with %d bytes of entropy", prefix, nDone); - - if (RAND_status() == 0) - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01990) - "%sPRNG still contains insufficient entropy!", prefix); - - return nDone; } #define BUFSIZE 8192 @@ -185,3 +181,4 @@ static int ssl_rand_choosenum(int l, int h) return i; } +#endif /* MODSSL_USE_SSLRAND */ |