richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

On Linux, warn when we are running low on entropy 

Based on a255d29083

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
pull/1381/head
Syrone Wong 7 years ago
committed by Max Lv
parent
b74108db09
commit
1e91b6a1f6
2 changed files with 28 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      configure.ac
  2. 27
      src/crypto.c

2
configure.ac
View File

@ -138,7 +138,7 @@ AM_CONDITIONAL(BUILD_REDIRECTOR, test "$os_support" = "linux")
AM_CONDITIONAL(BUILD_WINCOMPAT, test "$os_support" = "mingw") AM_CONDITIONAL(BUILD_WINCOMPAT, test "$os_support" = "mingw")
dnl Checks for header files. dnl Checks for header files.
AC_CHECK_HEADERS([limits.h stdint.h inttypes.h arpa/inet.h fcntl.h langinfo.h locale.h netdb.h netinet/in.h stdlib.h string.h strings.h unistd.h sys/ioctl.h])
AC_CHECK_HEADERS([limits.h stdint.h inttypes.h arpa/inet.h fcntl.h langinfo.h locale.h netdb.h netinet/in.h stdlib.h string.h strings.h unistd.h sys/ioctl.h linux/random.h])
dnl A special check required for <net/if.h> on Darwin. See dnl A special check required for <net/if.h> on Darwin. See
dnl http://www.gnu.org/software/autoconf/manual/html_node/Header-Portability.html. dnl http://www.gnu.org/software/autoconf/manual/html_node/Header-Portability.html.

27
src/crypto.c
View File

@ -24,6 +24,13 @@
#include "config.h" #include "config.h"
#endif #endif
#if defined(__linux__) && defined(HAVE_LINUX_RANDOM_H)
# include <sys/ioctl.h>
# include <sys/stat.h>
# include <fcntl.h>
# include <linux/random.h>
#endif
#include <stdint.h> #include <stdint.h>
#include <sodium.h> #include <sodium.h>
#include <mbedtls/md5.h> #include <mbedtls/md5.h>
@ -99,11 +106,31 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
return md; return md;
} }
static void
entropy_check(void)
{
#if defined(__linux__) && defined(HAVE_LINUX_RANDOM_H) && defined(RNDGETENTCNT)
int fd;
int c;
if ((fd = open("/dev/random", O_RDONLY)) != -1) {
if (ioctl(fd, RNDGETENTCNT, &c) == 0 && c < 160) {
LOGE("This system doesn't provide enough entropy to quickly generate high-quality random numbers\n"
"Installing the rng-utils/rng-tools or haveged packages may help.\n"
"On virtualized Linux environments, also consider using virtio-rng.\n"
"The service will not start until enough entropy has been collected.");
}
close(fd);
}
#endif
}
crypto_t * crypto_t *
crypto_init(const char *password, const char *key, const char *method) crypto_init(const char *password, const char *key, const char *method)
{ {
int i, m = -1; int i, m = -1;
entropy_check();
// Initialize sodium for random generator // Initialize sodium for random generator
if (sodium_init() == -1) { if (sodium_init() == -1) {
FATAL("Failed to initialize sodium"); FATAL("Failed to initialize sodium");

Write Preview
Loading…
Cancel
Save