oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Completely remove RAND_egd support

Browse Source 
The EGD daemon is completely unmaintained and has not seen a release
since 13 years which is not an acceptable timeframe for cryptographic
software. It is not packaged in any linux distribution I know of
and definitely not in *BSD.

LibreSSL has already dropped support for RAND_egd.
This commit is contained in:
hasufell
2015-10-06 15:44:47 +02:00
parent 434020567a
commit 427a60057c
10 changed files with 1 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/krb5/crypto-rand.c
View File

@@ -67,22 +67,8 @@ seed_something(void)
/* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */
if (RAND_status() != 1) {
#if defined(HAVE_RAND_EGD)
krb5_context context;
const char *p;
/* Try using egd */
if (!krb5_init_context(&context)) {
p = krb5_config_get_string(context, NULL, "libdefaults",
"egd_socket", NULL);
if (p != NULL)
RAND_egd_bytes(p, ENTROPY_NEEDED);
krb5_free_context(context);
}
#else
/* TODO: Once a Windows CryptoAPI RAND method is defined, we
can use that and failover to another method. */
#endif
}
if (RAND_status() == 1) {