diff options
| author |   Benoît Ganne <bganne@cisco.com> | 2022-03-29 17:29:49 +0200 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2022-04-05 11:37:22 +0000 |
| commit | fd78a1f65b3e698b0e99f29584b060750b89bdab (patch) | |
| tree | 80e4fd54f7f3f372461b050efe953de45f985c3d /src/plugins/crypto_openssl | |
| parent | 024a21d9200050fa4a998d870648001ddf796011 (diff) | |
crypto-openssl: use getrandom to reseed openssl
Type: improvement
Change-Id: I84d594d8baaf18056580455f3b2790d0f31b7b0f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/plugins/crypto_openssl')
| -rw-r--r-- | src/plugins/crypto_openssl/main.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index 38da2766e13..6843880eed0 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -15,6 +15,8 @@ *------------------------------------------------------------------ */ +#include <sys/random.h> + #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/rand.h> @@ -474,9 +476,12 @@ crypto_openssl_init (vlib_main_t * vm) { vlib_thread_main_t *tm = vlib_get_thread_main (); openssl_per_thread_data_t *ptd; - u8 *seed_data = 0; - time_t t; - pid_t pid; + u8 seed[32]; + + if (getrandom (&seed, sizeof (seed), 0) != sizeof (seed)) + return clib_error_return_unix (0, "getrandom() failed"); + + RAND_seed (seed, sizeof (seed)); u32 eidx = vnet_crypto_register_engine (vm, "openssl", 50, "OpenSSL"); @@ -522,16 +527,6 @@ crypto_openssl_init (vlib_main_t * vm) #endif } - t = time (NULL); - pid = getpid (); - vec_add (seed_data, &t, sizeof (t)); - vec_add (seed_data, &pid, sizeof (pid)); - vec_add (seed_data, &seed_data, sizeof (seed_data)); - - RAND_seed ((const void *) seed_data, vec_len (seed_data)); - - vec_free (seed_data); - return 0; } |