[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
From: |
Andreas Metzler |
Subject: |
Re: Bug#448775: Uses too much entropy (Debian Bug #343085) |
Date: |
Wed, 30 Jan 2008 19:20:10 +0100 |
User-agent: |
Mutt/1.5.13 (2006-08-11) |
On 2008-01-08 Werner Koch <address@hidden> wrote:
> On Fri, 4 Jan 2008 17:01, address@hidden said:
> > Right. So what should applications like exim do exactly? Is there
> My suggestion is:
[...]
Hello,
which yields this stripped down version for exim:
------------------------------
diff -urNad exim4-4.68~/build-tree/src/tls-gnu.c
exim4-4.68/build-tree/src/tls-gnu.c
--- exim4-4.68~/build-tree/src/tls-gnu.c 2007-08-30 14:31:06.000000000
+0000
+++ exim4-4.68/build-tree/src/tls-gnu.c 2008-01-27 18:42:00.000000000 +0000
@@ -20,6 +20,7 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+#include <gcrypt.h>
#define UNKNOWN_NAME "unknown"
#define DH_BITS 1024
@@ -440,10 +441,32 @@
uschar *crl)
{
int rc;
+uschar filename[200];
uschar *cert_expanded, *key_expanded, *cas_expanded, *crl_expanded;
+gcry_error_t gcr_rc;
initialized = (host == NULL)? INITIALIZED_SERVER : INITIALIZED_CLIENT;
+/* Use a random_seed file for gcrypt's RNG */
+if (host_number_string != NULL)
+ {
+ if (!string_format(filename, sizeof(filename), "%s/random.seed%s",
+ spool_directory, host_number_string))
+ return tls_error(US"overlong filename
spool_directory/random.seedlocalhost_number", host, 0);
+ }
+else
+ {
+ if (!string_format(filename, sizeof(filename), "%s/random.seed",
+ spool_directory))
+ return tls_error(US"overlong filename spool_directory/random.seed", host, 0);
+ }
+
+gcr_rc = gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE,filename);
+if (gcr_rc)
+ return tls_error(US"Failure to set random_seed file", host, gcr_rc);
+
+gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
rc = gnutls_global_init();
if (rc < 0) return tls_error(US"tls-init", host, rc);
@@ -1303,8 +1326,19 @@
void
tls_close(BOOL shutdown)
{
+gcry_error_t gcr_rc;
+
if (tls_active < 0) return; /* TLS was not active */
+gcr_rc = gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
+
+if (gcr_rc)
+ {
+ DEBUG(D_tls) debug_printf(
+ "GCRYCTL_UPDATE_RANDOM_SEED_FILE failed: (%d): (%s)\n",
+ gcr_rc,gcry_strerror(gcr_rc));
+ }
+
if (shutdown)
{
DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS\n");
------------------------------
Any obvious breakage? Exim does not use any threading. I have not
included an gcry_check_version(NULL) since I thought gcry_control()
would fail as reliably as gcry_check_version() would, if gcrypt was
not available.
thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), (continued)
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Florian Weimer, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Florian Weimer, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085),
Andreas Metzler <=
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/31
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Ian Goldberg, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Marcus Brinkmann, 2008/01/09
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Guus Sliepen, 2008/01/05
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/08