Add a no-egd option to disable EGD-related code

The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

1 files changed, 5 insertions, 5 deletions

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index bb70a5b3fe..38f157b674 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -244,7 +244,7 @@ int RAND_poll(void)
 {
     unsigned long l;
     pid_t curr_pid = getpid();
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+#  if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
     unsigned char tmpbuf[ENTROPY_NEEDED];
     int n = 0;
 #  endif
@@ -254,7 +254,7 @@ int RAND_poll(void)
     int fd;
     unsigned int i;
 #  endif
-#  ifdef DEVRANDOM_EGD
+#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
     static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
     const char **egdsocket = NULL;
 #  endif
@@ -371,7 +371,7 @@ int RAND_poll(void)
     }
 #  endif                        /* defined(DEVRANDOM) */
 
-#  ifdef DEVRANDOM_EGD
+#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
     /*
      * Use an EGD socket to read entropy from an EGD or PRNGD entropy
      * collecting daemon.
@@ -388,7 +388,7 @@ int RAND_poll(void)
     }
 #  endif                        /* defined(DEVRANDOM_EGD) */
 
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
     if (n > 0) {
         RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
         OPENSSL_cleanse(tmpbuf, n);
@@ -404,7 +404,7 @@ int RAND_poll(void)
     l = time(NULL);
     RAND_add(&l, sizeof(l), 0.0);
 
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
     return 1;
 #  else
     return 0;