crypto_openssl: remove OpensslSeedPrng() and OpensslSavePrng()

See the RAND(7) manpage: The default random generator will initialize automatically on first use and will be fully functional without having to be initialized ('seeded') explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system.
bareos · Sep 4, 2020 · 16b67f3 · 16b67f3
1 parent 1462bb2
commit 16b67f3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 48 deletions.
diff --git a/core/src/lib/crypto_openssl.cc b/core/src/lib/crypto_openssl.cc
@@ -2,7 +2,7 @@
    BAREOS® - Backup Archiving REcovery Open Sourced
 
    Copyright (C) 2005-2011 Free Software Foundation Europe e.V.
-   Copyright (C) 2013-2019 Bareos GmbH & Co. KG
+   Copyright (C) 2013-2020 Bareos GmbH & Co. KG
 
    This program is Free Software; you can redistribute it and/or
    modify it under the terms of version three of the GNU Affero General Public
@@ -1506,10 +1506,6 @@ int InitCrypto(void)
   /* Register OpenSSL ciphers and digests */
   OpenSSL_add_all_algorithms();
 
-  if (!OpensslSeedPrng()) {
-    Jmsg0(NULL, M_ERROR_TERM, 0, _("Failed to seed OpenSSL PRNG\n"));
-  }
-
 #ifdef HAVE_ENGINE_LOAD_PK11
   ENGINE_load_pk11();
 #else
@@ -1547,10 +1543,6 @@ int CleanupCrypto(void)
   ENGINE_cleanup();
 #endif
 
-  if (!OpensslSavePrng()) {
-    Jmsg0(NULL, M_ERROR, 0, _("Failed to save OpenSSL PRNG\n"));
-  }
-
   OpensslCleanupThreads();
 
   /* Free libssl and libcrypto error strings */
@@ -1767,40 +1759,4 @@ void OpensslCleanupThreads(void)
   CRYPTO_set_dynlock_destroy_callback(NULL);
 }
 
-/*
- * Seed OpenSSL PRNG
- *  Returns: 1 on success
- *           0 on failure
- */
-int OpensslSeedPrng(void)
-{
-  const char* names[] = {"/dev/urandom", "/dev/random", NULL};
-  int i;
-
-  // ***FIXME***
-  // Win32 Support
-  // Read saved entropy?
-
-  for (i = 0; names[i]; i++) {
-    if (RAND_load_file(names[i], 1024) != -1) {
-      /* Success */
-      return 1;
-    }
-  }
-
-  /* Fail */
-  return 0;
-}
-
-/*
- * Save OpenSSL Entropy
- *  Returns: 1 on success
- *           0 on failure
- */
-int OpensslSavePrng(void)
-{
-  // ***FIXME***
-  // Implement PRNG state save
-  return 1;
-}
 #endif /* HAVE_OPENSSL */
diff --git a/core/src/lib/crypto_openssl.h b/core/src/lib/crypto_openssl.h
@@ -1,7 +1,7 @@
 /*
    BAREOS® - Backup Archiving REcovery Open Sourced
 
-   Copyright (C) 2018-2018 Bareos GmbH & Co. KG
+   Copyright (C) 2018-2020 Bareos GmbH & Co. KG
 
    This program is Free Software; you can redistribute it and/or
    modify it under the terms of version three of the GNU Affero General Public
@@ -26,8 +26,6 @@ void OpensslPostErrors(int type, const char* errstring);
 void OpensslPostErrors(JobControlRecord* jcr, int type, const char* errstring);
 int OpensslInitThreads(void);
 void OpensslCleanupThreads(void);
-int OpensslSeedPrng(void);
-int OpensslSavePrng(void);
 #endif /* HAVE_OPENSSL */
 
 #endif  // BAREOS_LIB_CRYPTO_OPENSSL_H_