From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 16 Aug 2022 20:41:02 +0000 (-0400)
Subject: just use a different method of initialization.  Helps with #4674
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c3cb994b41a613d1ef1d2cb6d346c4e24a47583;p=thirdparty%2Ffreeradius-server.git

just use a different method of initialization.  Helps with #4674

In all honesty, if there's no /dev/random on the system, we should
probably just call _exit(1).
---

diff --git a/src/lib/util/rand.c b/src/lib/util/rand.c
index 032e35f32d1..37293d429ea 100644
--- a/src/lib/util/rand.c
+++ b/src/lib/util/rand.c
@@ -61,9 +61,18 @@ void fr_rand_seed(void const *data, size_t size)
 			}
 			close(fd);
 		} else {
-			fr_rand_pool.randrsl[0] = fd;
-			fr_rand_pool.randrsl[1] = time(NULL);
-			fr_rand_pool.randrsl[2] = errno;
+			/*
+			 *	We use unix_time, because fr_time() is
+			 *	nanoseconds since the server started.
+			 *	Which is likely a very small number.
+			 *	Whereas unix time is somewhat more
+			 *	unknown.  If we're not seeding off of
+			 *	/dev/urandom, then any randomness we
+			 *	get here is terrible.
+			 */
+			int64_t when = fr_unix_time_unwrap(fr_time_to_unix_time(fr_time()));
+
+			memcpy((void *) &fr_rand_pool.randrsl[0], &when, sizeof(when));
 		}
 
 		fr_rand_init(&fr_rand_pool, 1);