lib: Do not use OpenSSL to read random bytes

dovecot · May 9, 2016 · 0bd1883 · 0bd1883
1 parent d72603a
commit 0bd1883
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 53 deletions.
diff --git a/configure.ac b/configure.ac
@@ -442,13 +442,19 @@ fi
 AC_DEFINE_UNQUOTED(MEM_ALIGN_SIZE, $mem_align, [Required memory alignment])
 
 dnl * find random source
-AC_MSG_CHECKING([for /dev/urandom])
-if test -c /dev/urandom || test -s /dev/urandom; then
+
+AC_ARG_WITH(random-source,
+AS_HELP_STRING([--with-random-source=file], [Device file to use as random source (default=/dev/urandom)]),
+        random_source=$withval,
+        random_source=/dev/urandom)
+
+AC_MSG_CHECKING([for $random_source])
+if test -c $random_source || test -s $random_source; then
   AC_MSG_RESULT(yes)
-  AC_DEFINE(DEV_URANDOM_PATH, "/dev/urandom", [Path to /dev/urandom])
+  AC_DEFINE_UNQUOTED(DEV_URANDOM_PATH, ["$random_source"], [Path to random source])
   have_random_source=yes
 else
-  AC_MSG_RESULT(no)
+  AC_MSG_ERROR([$random_source not found or is not character device - please provide path for random source device])
 fi
 
 if test "$have_random_source" != "yes"; then

diff --git a/src/lib/randgen.c b/src/lib/randgen.c
@@ -2,10 +2,6 @@
 
 #include "lib.h"
 #include "randgen.h"
-
-
-#ifdef DEV_URANDOM_PATH
-
 #include "fd-close-on-exec.h"
 #include <unistd.h>
 #include <fcntl.h>
@@ -65,51 +61,6 @@ void random_deinit(void)
 	i_close_fd(&urandom_fd);
 }
 
-#elif defined(HAVE_OPENSSL_RAND_H)
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-static const char *ssl_last_error(void)
-{
-	unsigned long err;
-	char *buf;
-	size_t err_size = 256;
-
-	err = ERR_get_error();
-	if (err == 0)
-		return strerror(errno);
-
-	buf = t_malloc(err_size);
-	buf[err_size-1] = '\0';
-	ERR_error_string_n(err, buf, err_size-1);
-	return buf;
-}
-
-void random_fill(void *buf, size_t size)
-{
-	if (RAND_bytes(buf, size) != 1)
-		i_fatal("RAND_pseudo_bytes() failed: %s", ssl_last_error());
-}
-
-void random_init(void)
-{
-	unsigned int seed;
-
-	if (RAND_status() == 0) {
-		i_fatal("Random generator not initialized: "
-			"Install egd on /var/run/egd-pool");
-	}
-
-	random_fill(&seed, sizeof(seed));
-	rand_set_seed(seed);
-}
-
-void random_deinit(void) {}
-
-#else
-#  error No random number generator, use eg. OpenSSL.
-#endif
-
 void random_fill_weak(void *buf, size_t size)
 {
 	unsigned char *cbuf = buf;