From 8d0a4f99e154c3cbee914f66a7a2ef20ebc837f5 Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Tue, 24 Nov 2009 15:55:03 +0100
Subject: [PATCH] Add check for OpenSSL entropy status
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

By checking for this explicitly, the errors (SSLEAY_RAND_BYTES, β€œPRNG
not seeded”) will happen in the start-up phase of the daemon and not
only when executing remote procedure calls.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
---
 lib/http/__init__.py | 13 +++++++++++++
 lib/rpc.py           |  2 ++
 2 files changed, 15 insertions(+)

diff --git a/lib/http/__init__.py b/lib/http/__init__.py
index c98fa586d..a1f5e86ed 100644
--- a/lib/http/__init__.py
+++ b/lib/http/__init__.py
@@ -545,6 +545,19 @@ def Handshake(sock, write_timeout):
     raise HttpError("Error in SSL handshake: %s" % err)
 
 
+def InitSsl():
+  """Initializes the SSL infrastructure.
+
+  This function is idempotent.
+
+  """
+  if not OpenSSL.rand.status():
+    raise EnvironmentError("OpenSSL could not collect enough entropy"
+                           " for the PRNG")
+
+  # TODO: Maybe add some additional seeding for OpenSSL's PRNG
+
+
 class HttpSslParams(object):
   """Data class for SSL key and certificate.
 
diff --git a/lib/rpc.py b/lib/rpc.py
index edcb9d7e7..f354a418c 100644
--- a/lib/rpc.py
+++ b/lib/rpc.py
@@ -59,6 +59,8 @@ def Init():
 
   assert not _http_manager, "RPC module initialized more than once"
 
+  http.InitSsl()
+
   _http_manager = http.client.HttpClientManager()
 
 
-- 
GitLab