From 16b67f32a1af797d92c3cd2911e4db4798fb7f4b Mon Sep 17 00:00:00 2001 From: Philipp Storz Date: Fri, 4 Sep 2020 17:05:47 +0200 Subject: [PATCH] crypto_openssl: remove OpensslSeedPrng() and OpensslSavePrng() See the RAND(7) manpage: The default random generator will initialize automatically on first use and will be fully functional without having to be initialized ('seeded') explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system. --- core/src/lib/crypto_openssl.cc | 46 +--------------------------------- core/src/lib/crypto_openssl.h | 4 +-- 2 files changed, 2 insertions(+), 48 deletions(-) diff --git a/core/src/lib/crypto_openssl.cc b/core/src/lib/crypto_openssl.cc index 59f674b9462..ab626d507f3 100644 --- a/core/src/lib/crypto_openssl.cc +++ b/core/src/lib/crypto_openssl.cc @@ -2,7 +2,7 @@ BAREOSĀ® - Backup Archiving REcovery Open Sourced Copyright (C) 2005-2011 Free Software Foundation Europe e.V. - Copyright (C) 2013-2019 Bareos GmbH & Co. KG + Copyright (C) 2013-2020 Bareos GmbH & Co. KG This program is Free Software; you can redistribute it and/or modify it under the terms of version three of the GNU Affero General Public @@ -1506,10 +1506,6 @@ int InitCrypto(void) /* Register OpenSSL ciphers and digests */ OpenSSL_add_all_algorithms(); - if (!OpensslSeedPrng()) { - Jmsg0(NULL, M_ERROR_TERM, 0, _("Failed to seed OpenSSL PRNG\n")); - } - #ifdef HAVE_ENGINE_LOAD_PK11 ENGINE_load_pk11(); #else @@ -1547,10 +1543,6 @@ int CleanupCrypto(void) ENGINE_cleanup(); #endif - if (!OpensslSavePrng()) { - Jmsg0(NULL, M_ERROR, 0, _("Failed to save OpenSSL PRNG\n")); - } - OpensslCleanupThreads(); /* Free libssl and libcrypto error strings */ @@ -1767,40 +1759,4 @@ void OpensslCleanupThreads(void) CRYPTO_set_dynlock_destroy_callback(NULL); } -/* - * Seed OpenSSL PRNG - * Returns: 1 on success - * 0 on failure - */ -int OpensslSeedPrng(void) -{ - const char* names[] = {"/dev/urandom", "/dev/random", NULL}; - int i; - - // ***FIXME*** - // Win32 Support - // Read saved entropy? - - for (i = 0; names[i]; i++) { - if (RAND_load_file(names[i], 1024) != -1) { - /* Success */ - return 1; - } - } - - /* Fail */ - return 0; -} - -/* - * Save OpenSSL Entropy - * Returns: 1 on success - * 0 on failure - */ -int OpensslSavePrng(void) -{ - // ***FIXME*** - // Implement PRNG state save - return 1; -} #endif /* HAVE_OPENSSL */ diff --git a/core/src/lib/crypto_openssl.h b/core/src/lib/crypto_openssl.h index c3fc297dafd..e4927bd9cfc 100644 --- a/core/src/lib/crypto_openssl.h +++ b/core/src/lib/crypto_openssl.h @@ -1,7 +1,7 @@ /* BAREOSĀ® - Backup Archiving REcovery Open Sourced - Copyright (C) 2018-2018 Bareos GmbH & Co. KG + Copyright (C) 2018-2020 Bareos GmbH & Co. KG This program is Free Software; you can redistribute it and/or modify it under the terms of version three of the GNU Affero General Public @@ -26,8 +26,6 @@ void OpensslPostErrors(int type, const char* errstring); void OpensslPostErrors(JobControlRecord* jcr, int type, const char* errstring); int OpensslInitThreads(void); void OpensslCleanupThreads(void); -int OpensslSeedPrng(void); -int OpensslSavePrng(void); #endif /* HAVE_OPENSSL */ #endif // BAREOS_LIB_CRYPTO_OPENSSL_H_