From cabbb4908741a4504b0a41b0e90f0cfccf0a1e81 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Thu, 24 Feb 2000 20:09:59 +0000
Subject: fread() of /dev/random reads an entire huge stdio buffer, instead of
 the 32 bytes that we actually need, thus wasting a lot of system entropy.
 found by alecm@coyote.uk.sun.com, passed on by Pete.Zaytsev@EBay.Sun.COM

---
 src/lib/libcrypto/rand/md_rand.c         | 14 +++++++++-----
 src/lib/libssl/src/crypto/rand/md_rand.c | 14 +++++++++-----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index 6bd1960e1d..c9a071bd22 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include <sys/types.h>
+#include <fcntl.h>
 #include <time.h>
 #include <string.h>
 
@@ -226,7 +227,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num)
 	static int init=1;
 	unsigned long l;
 #ifdef DEVRANDOM
-	FILE *fh;
+	int fd;
 #endif
 
 #ifdef PREDICT
@@ -259,20 +260,23 @@ static void ssleay_rand_bytes(unsigned char *buf, int num)
 /* #ifdef DEVRANDOM */
 		/* 
 		 * Use a random entropy pool device.
-		 * Linux 1.3.x and FreeBSD-Current has 
+		 * Linux 1.3.x, OpenBSD, and FreeBSD have
 		 * this. Use /dev/urandom if you can
 		 * as /dev/random will block if it runs out
 		 * of random entries.
 		 */
-		if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+		if ((fd = open(DEVRANDOM, O_RDONLY)) != NULL)
 			{
 			unsigned char tmpbuf[32];
 
-			fread((unsigned char *)tmpbuf,1,32,fh);
+			read(fd, tmpbuf, sizeof(tmpbuf));
 			/* we don't care how many bytes we read,
 			 * we will just copy the 'stack' if there is
 			 * nothing else :-) */
-			fclose(fh);
+			/* the above comment is EVIL.  Security software
+			 * RELIES ON THESE PRIMITIVES HAVING MORE SECURE
+			 * BEHAVIOUR! Secure entropy is required in
+			 * many cases! */
 			RAND_seed(tmpbuf,32);
 			memset(tmpbuf,0,32);
 			}
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c
index 6bd1960e1d..c9a071bd22 100644
--- a/src/lib/libssl/src/crypto/rand/md_rand.c
+++ b/src/lib/libssl/src/crypto/rand/md_rand.c
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include <sys/types.h>
+#include <fcntl.h>
 #include <time.h>
 #include <string.h>
 
@@ -226,7 +227,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num)
 	static int init=1;
 	unsigned long l;
 #ifdef DEVRANDOM
-	FILE *fh;
+	int fd;
 #endif
 
 #ifdef PREDICT
@@ -259,20 +260,23 @@ static void ssleay_rand_bytes(unsigned char *buf, int num)
 /* #ifdef DEVRANDOM */
 		/* 
 		 * Use a random entropy pool device.
-		 * Linux 1.3.x and FreeBSD-Current has 
+		 * Linux 1.3.x, OpenBSD, and FreeBSD have
 		 * this. Use /dev/urandom if you can
 		 * as /dev/random will block if it runs out
 		 * of random entries.
 		 */
-		if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+		if ((fd = open(DEVRANDOM, O_RDONLY)) != NULL)
 			{
 			unsigned char tmpbuf[32];
 
-			fread((unsigned char *)tmpbuf,1,32,fh);
+			read(fd, tmpbuf, sizeof(tmpbuf));
 			/* we don't care how many bytes we read,
 			 * we will just copy the 'stack' if there is
 			 * nothing else :-) */
-			fclose(fh);
+			/* the above comment is EVIL.  Security software
+			 * RELIES ON THESE PRIMITIVES HAVING MORE SECURE
+			 * BEHAVIOUR! Secure entropy is required in
+			 * many cases! */
 			RAND_seed(tmpbuf,32);
 			memset(tmpbuf,0,32);
 			}
-- 
cgit v1.2.3-55-g6feb