diff --git a/src/node.cc b/src/node.cc index b4ce91f437..0f630c5552 100644 --- a/src/node.cc +++ b/src/node.cc @@ -3224,6 +3224,12 @@ int Start(int argc, char** argv) { Init(&argc, const_cast(argv), &exec_argc, &exec_argv); V8::Initialize(); +#if HAVE_OPENSSL + // V8 on Windows doesn't have a good source of entropy. Seed it from + // OpenSSL's pool. + V8::SetEntropySource(crypto::EntropySource); +#endif + { Locker locker(node_isolate); Environment* env = diff --git a/src/node_crypto.cc b/src/node_crypto.cc index e4b983b4c9..ee1b7db149 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -185,6 +185,14 @@ void ThrowCryptoTypeError(unsigned long err) { } +bool EntropySource(unsigned char* buffer, size_t length) { + // RAND_bytes() can return 0 to indicate that the entropy data is not truly + // random. That's okay, it's still better than V8's stock source of entropy, + // which is /dev/urandom on UNIX platforms and the current time on Windows. + return RAND_bytes(buffer, length) != -1; +} + + void SecureContext::Initialize(Environment* env, Handle target) { Local t = FunctionTemplate::New(SecureContext::New); t->InstanceTemplate()->SetInternalFieldCount(1); diff --git a/src/node_crypto.h b/src/node_crypto.h index c37285ba8d..b6eb88291b 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -509,6 +509,7 @@ class DiffieHellman : public ObjectWrap { DH* dh; }; +bool EntropySource(unsigned char* buffer, size_t length); void InitCrypto(v8::Handle target); } // namespace crypto