------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=654
Summary: [GnuTLS] [patch] Use a random seed file to limit entropy
usage
Product: Exim
Version: 4.68
Platform: x86
OS/Version: Linux
Status: NEW
Severity: wishlist
Priority: medium
Component: TLS
AssignedTo: nigel@???
ReportedBy: eximusers@???
CC: exim-dev@???
Created an attachment (id=220)
--> (
http://bugs.exim.org/attachment.cgi?id=220)
Initial patch for saving a gcrypt random seed file in spooldir/random_seed
Exim linked against GnuTLS is very resource intensive with respect to entropy,
a single TLS connection will pull > 3000 bits from /dev/urandom just to
initialize Gcrypt's RNG. Gcrypt upstream has suggested to save a seed file.
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2476
The discussion starts on gnutls-devel in
http://news.gmane.org/find-root.php?message_id=%3c20080103003214.GB14155%40torres.zugschlus.de%3e
Following Simon Joseffson' skeleton patch I have come up with the attached
version. It works for me and gets down entropy usage from >3000 to <300 bits.
Please check the patch and if acceptable apply it. Thanks.
Exim's build-system already seems to be seem smart enough to automatically link
against gcrypt, too.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
