From: Joe Orton <jorton@apache.org>
Date: Tue, 7 Dec 2021 16:02:21 +0000 (+0000)
Subject: As in r1877467 for mod_ssl, for OpenSSL 1.1.1+ require that OpenSSL is
X-Git-Tag: 2.5.0-alpha2-ci-test-only~660
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5be0a5fe0ad85448bf7c4ed3c88cd84ba57534d9;p=thirdparty%2Fapache%2Fhttpd.git

As in r1877467 for mod_ssl, for OpenSSL 1.1.1+ require that OpenSSL is
configured with a suitable entropy source and don't try to seed it
from getpid etc.

* support/ab.c (main): Check RAND_status().
  (ssl_rand_seed, ssl_rand_choosenum): Drop for OpenSSL 1.1.1+.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895659 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/support/ab.c b/support/ab.c
index 55d1e4bb88a..13a453f3185 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -582,6 +582,8 @@ static void ssl_state_cb(const SSL *s, int w, int r)
     }
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10101000
+
 #ifndef RAND_MAX
 #define RAND_MAX INT_MAX
 #endif
@@ -627,6 +629,9 @@ static void ssl_rand_seed(void)
     n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
     RAND_seed(stackdata+n, 128);
 }
+#else
+#define ssl_rand_seed() /* noop */
+#endif
 
 static int ssl_print_connection_info(BIO *bio, SSL *ssl)
 {
@@ -2640,6 +2645,16 @@ int main(int argc, const char * const argv[])
     bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
     bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10101000
+    if (RAND_status() == 0) {
+        fprintf(stderr, "%s: Error: Crypto library PRNG does not contain "
+                "sufficient randomness.\n"
+                "%s: Build the library with a suitable entropy source configured.\n",
+                argv[0], argv[0]);
+        exit(1);
+    }
+#endif
+    
     if (!(ssl_ctx = SSL_CTX_new(meth))) {
         BIO_printf(bio_err, "Could not initialize SSL Context.\n");
         ERR_print_errors(bio_err);