aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2022-03-29 17:29:49 +0200
committerDamjan Marion <dmarion@me.com>2022-04-05 11:37:22 +0000
commitfd78a1f65b3e698b0e99f29584b060750b89bdab (patch)
tree80e4fd54f7f3f372461b050efe953de45f985c3d /src
parent024a21d9200050fa4a998d870648001ddf796011 (diff)
crypto-openssl: use getrandom to reseed openssl
Type: improvement Change-Id: I84d594d8baaf18056580455f3b2790d0f31b7b0f Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src')
-rw-r--r--src/plugins/crypto_openssl/main.c21
1 files changed, 8 insertions, 13 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 38da2766e13..6843880eed0 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -15,6 +15,8 @@
*------------------------------------------------------------------
*/
+#include <sys/random.h>
+
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
@@ -474,9 +476,12 @@ crypto_openssl_init (vlib_main_t * vm)
{
vlib_thread_main_t *tm = vlib_get_thread_main ();
openssl_per_thread_data_t *ptd;
- u8 *seed_data = 0;
- time_t t;
- pid_t pid;
+ u8 seed[32];
+
+ if (getrandom (&seed, sizeof (seed), 0) != sizeof (seed))
+ return clib_error_return_unix (0, "getrandom() failed");
+
+ RAND_seed (seed, sizeof (seed));
u32 eidx = vnet_crypto_register_engine (vm, "openssl", 50, "OpenSSL");
@@ -522,16 +527,6 @@ crypto_openssl_init (vlib_main_t * vm)
#endif
}
- t = time (NULL);
- pid = getpid ();
- vec_add (seed_data, &t, sizeof (t));
- vec_add (seed_data, &pid, sizeof (pid));
- vec_add (seed_data, &seed_data, sizeof (seed_data));
-
- RAND_seed ((const void *) seed_data, vec_len (seed_data));
-
- vec_free (seed_data);
-
return 0;
}