Use entropy from OpenSSL if possible.

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2013-09-17 23:34:15 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2013-09-17 23:34:15 +0100
commit: 55aa9f063dfd50d5714f52a550d0b39cd6079fee (patch)
tree: 3b2c19e03e14d87dbd07c1ad642fd984f2911d13 /src/dns.c
parent: 85a1704ee40b0518c5e4d4eabccc6b4a387e2480 (diff)
download: rspamd-55aa9f063dfd50d5714f52a550d0b39cd6079fee.tar.gz
rspamd-55aa9f063dfd50d5714f52a550d0b39cd6079fee.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/src/dns.c b/src/dns.c
index 99e0d7c58..bc5229532 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -33,6 +33,9 @@
 #include "config.h"
 #include "dns.h"
 #include "main.h"
+#ifdef HAVE_OPENSSL
+#include <openssl/rand.h>
+#endif
 
 /* Upstream timeouts */
 #define DEFAULT_UPSTREAM_ERROR_TIME 10
@@ -288,10 +291,17 @@ dns_k_permutor_init (struct dns_k_permutor *p, guint low, guint high)
 	p->mask		= (1U << p->shift) - 1;
 	p->rounds	= DNS_K_PERMUTOR_ROUNDS;
 
+#ifndef HAVE_OPENSSL
 	for (i = 0; i < G_N_ELEMENTS (key); i++) {
 		key[i]	= DNS_RANDOM ();
 	}
-
+#else
+	if (RAND_bytes ((unsigned char *)key, sizeof (key)) != 1) {
+		for (i = 0; i < G_N_ELEMENTS (key); i++) {
+			key[i]	= DNS_RANDOM ();
+		}
+	}
+#endif
 	dns_k_tea_init (&p->tea, key, 0);
 
 } /* dns_k_permutor_init() */
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2013-09-17 23:34:15 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2013-09-17 23:34:15 +0100
commit	55aa9f063dfd50d5714f52a550d0b39cd6079fee (patch)
tree	3b2c19e03e14d87dbd07c1ad642fd984f2911d13 /src/dns.c
parent	85a1704ee40b0518c5e4d4eabccc6b4a387e2480 (diff)
download	rspamd-55aa9f063dfd50d5714f52a550d0b39cd6079fee.tar.gz rspamd-55aa9f063dfd50d5714f52a550d0b39cd6079fee.zip