Ana Sayfa Keşfet Yardım
Giriş Yap
sengler
/
tor-parallel-relay-conn
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

Once an hour (not just on startup) give OpenSSL some more entropy.
Add entropy in 512-bit chunks, not 160-bit chunks. (This latter
change is voodoo.)


svn:r5211

Nick Mathewson 20 yıl önce
ebeveyn
cc35e1720f
işleme
a89daaeca9
2 değiştirilmiş dosya ile 12 ekleme ve 3 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 2 3
      src/common/crypto.c
  2. 10 0
      src/or/main.c

+ 2 - 3
src/common/crypto.c
Dosyayı Görüntüle 

@@ -1575,16 +1575,16 @@ crypto_dh_free(crypto_dh_env_t *dh)
 
 
 /* random numbers */
 
 
-/** Seed OpenSSL's random number generator with DIGEST_LEN bytes from the
 
+/** Seed OpenSSL's random number generator with bytes from the
 
  * operating system.  Return 0 on success, -1 on failure.
 
  */
 
 int
 
 crypto_seed_rng(void)
 
 {
 
+  char buf[64];
 
 #ifdef MS_WINDOWS
 
   static int provider_set = 0;
 
   static HCRYPTPROV provider;
 
-  char buf[DIGEST_LEN+1];
 
 
   if (!provider_set) {
 
     if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
 
@@ -1610,7 +1610,6 @@ crypto_seed_rng(void)
 
   };
 
   int fd;
 
   int i, n;
 
-  char buf[DIGEST_LEN+1];
 
 
   for (i = 0; filenames[i]; ++i) {
 
     fd = open(filenames[i], O_RDONLY, 0);

+ 10 - 0
src/or/main.c
Dosyayı Görüntüle 

@@ -98,6 +98,7 @@ static char* nt_strerror(uint32_t errnum);
 
 #define DESCRIPTOR_RETRY_INTERVAL 10
 
 #define DESCRIPTOR_FAILURE_RESET_INTERVAL 60*60
 
 #define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60) /* 20 minutes */
 
+#define ENTROPY_INTERVAL 60*60
 
 
 /********* END VARIABLES ************/
 
 
@@ -639,6 +640,7 @@ run_scheduled_events(time_t now)
 
   static time_t time_to_shrink_buffers = 0;
 
   static time_t time_to_try_getting_descriptors = 0;
 
   static time_t time_to_reset_descriptor_failures = 0;
 
+  static time_t time_to_add_entropy = 0;
 
   or_options_t *options = get_options();
 
   int i;
 
 
@@ -689,6 +691,14 @@ run_scheduled_events(time_t now)
 
      *      them at all. */
 
   }
 
 
+  if (time_to_add_entropy == 0)
 
+    time_to_add_entropy = now + ENTROPY_INTERVAL;
 
+  if (time_to_add_entropy < now) {
 
+    /* We already seeded once, so don't die on failure. */
 
+    crypto_seed_rng();
 
+    time_to_add_entropy = now + ENTROPY_INTERVAL;
 
+  }
 
+
 
   /** 1c. If we have to change the accounting interval or record
 
    * bandwidth used in this accounting interval, do so. */
 
   if (accounting_is_enabled(options))