prng_init failure

14 Oct 2015

prng_init() is failing in 5.24 when cross-compiling with openssl due to
a combination of two reasons:
1. The --with-random configure option is not supported when cross
compiling.
2. The hardcoded /dev/urandom is no longer used if OPENSSL_NO_EGD is not
defined.

The following patch reverts the behaviour to how it was in 5.23, but
probably the --with-random configure option should be supported too.

--- stunnel-5.25.orig/src/ssl.c
+++ stunnel-5.25/src/ssl.c
@@ -207,7 +207,8 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g
         return 0; /* success */
     }
     s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
-#elif !defined(OPENSSL_NO_EGD)
+#else
+#ifndef OPENSSL_NO_EGD
     if(global->egd_sock) {
         if((bytes=RAND_egd(global->egd_sock))==-1) {
             s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock);
@@ -220,7 +221,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g
                          so no need to check if seeded sufficiently */
         }
     }
-#else
+#endif
     /* try the good-old default /dev/urandom, if available  */
     totbytes+=add_rand_file(global, "/dev/urandom");
     if(RAND_status())

    

Philip Craig

Michal Trojnara

tags

participants (2)