From 5be0a5fe0ad85448bf7c4ed3c88cd84ba57534d9 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Tue, 7 Dec 2021 16:02:21 +0000
Subject: As in r1877467 for mod_ssl, for OpenSSL 1.1.1+ require that OpenSSL
 is configured with a suitable entropy source and don't try to seed it from
 getpid etc.

* support/ab.c (main): Check RAND_status().
  (ssl_rand_seed, ssl_rand_choosenum): Drop for OpenSSL 1.1.1+.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895659 13f79535-47bb-0310-9956-ffa450edef68
---
 support/ab.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'support')

diff --git a/support/ab.c b/support/ab.c
index 55d1e4bb88..13a453f318 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -582,6 +582,8 @@ static void ssl_state_cb(const SSL *s, int w, int r)
     }
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10101000
+
 #ifndef RAND_MAX
 #define RAND_MAX INT_MAX
 #endif
@@ -627,6 +629,9 @@ static void ssl_rand_seed(void)
     n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
     RAND_seed(stackdata+n, 128);
 }
+#else
+#define ssl_rand_seed() /* noop */
+#endif
 
 static int ssl_print_connection_info(BIO *bio, SSL *ssl)
 {
@@ -2640,6 +2645,16 @@ int main(int argc, const char * const argv[])
     bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
     bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10101000
+    if (RAND_status() == 0) {
+        fprintf(stderr, "%s: Error: Crypto library PRNG does not contain "
+                "sufficient randomness.\n"
+                "%s: Build the library with a suitable entropy source configured.\n",
+                argv[0], argv[0]);
+        exit(1);
+    }
+#endif
+    
     if (!(ssl_ctx = SSL_CTX_new(meth))) {
         BIO_printf(bio_err, "Could not initialize SSL Context.\n");
         ERR_print_errors(bio_err);
-- 
cgit v1.2.3