diff options
-rw-r--r-- | ustream-mbedtls.c | 25 |
1 files changed, 6 insertions, 19 deletions
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c index e79e37b..7fc7874 100644 --- a/ustream-mbedtls.c +++ b/ustream-mbedtls.c @@ -17,6 +17,7 @@ */ #include <sys/types.h> +#include <sys/random.h> #include <fcntl.h> #include <unistd.h> #include <stdlib.h> @@ -25,8 +26,6 @@ #include "ustream-ssl.h" #include "ustream-internal.h" -static int urandom_fd = -1; - static int s_ustream_read(void *ctx, unsigned char *buf, size_t len) { struct ustream *s = ctx; @@ -66,21 +65,12 @@ __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustr mbedtls_ssl_set_bio(ssl, conn, s_ustream_write, s_ustream_read, NULL); } -static bool urandom_init(void) +static int _random(void *ctx, unsigned char *out, size_t len) { - if (urandom_fd > -1) - return true; + ssize_t ret; - urandom_fd = open("/dev/urandom", O_RDONLY); - if (urandom_fd < 0) - return false; - - return true; -} - -static int _urandom(void *ctx, unsigned char *out, size_t len) -{ - if (read(urandom_fd, out, len) < 0) + ret = getrandom(out, len, 0); + if (ret < 0 || (size_t)ret != len) return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; return 0; @@ -134,9 +124,6 @@ __ustream_ssl_context_new(bool server) mbedtls_ssl_config *conf; int ep; - if (!urandom_init()) - return NULL; - ctx = calloc(1, sizeof(*ctx)); if (!ctx) return NULL; @@ -159,7 +146,7 @@ __ustream_ssl_context_new(bool server) mbedtls_ssl_config_defaults(conf, ep, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); - mbedtls_ssl_conf_rng(conf, _urandom, NULL); + mbedtls_ssl_conf_rng(conf, _random, NULL); if (server) { mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE); |