Full_Name: Philipp Hullmann
Version: 2.8.10
OS: AIX 4.3.3
Submission from: (NULL) (130.75.48.131)
When using EGD to seed the random number generator, mod_ssl always
reads 255 bytes of entropy instead of the number given in the
configuration file.
Patch (the SSL_LIBRARY_VERSION parameter should probably be checked -
I am using OpenSSL 0.9.6c, and RAND_egd_bytes is said to be
available since version 0.9.6, but I haven't actually tested this with
earlier incarnations of OpenSSL):
diff -c mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_rand.c
mod_ssl-patched/pkg.sslmod
/ssl_engine_rand.c
*** mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_rand.c Sun Jun 23 11:51:02
2002
--- mod_ssl-patched/pkg.sslmod/ssl_engine_rand.c Thu Jul 4 11:34:51
2002
***************
*** 126,132 ****
--- 126,138 ----
* seed in contents provided by the external
* Entropy Gathering Daemon (EGD)
*/
+ #if SSL_LIBRARY_VERSION >= 0x00906000
+ if ((n = RAND_egd_bytes(pRandSeed->cpPath,
+ pRandSeed->nBytes))
+ == -1)
+ #else
if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
+ #endif
continue;
nDone += n;
}
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
