diff options
author | Daniel Stenberg <daniel@haxx.se> | 2003-03-11 18:55:34 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2003-03-11 18:55:34 +0000 |
commit | 8755a6d1ace9d5afce49f281da1f55809b0198d7 (patch) | |
tree | a9774800df3c3580e0942c9343739f19863e9dba | |
parent | 9f723061cb810737b99b5cd0e0944a0b72de36b3 (diff) |
Richard Gorton improved the random_the_seed() function for systems where
we don't find/know of a good random source. This way, we get a better
randomness which in turn should make SSL connections more secure.
-rw-r--r-- | lib/ssluse.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index 4f51e31db..64465deb1 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -144,7 +144,8 @@ int random_the_seed(struct SessionHandle *data) { /* If there's an option and a define, the option overrides the define */ - int ret = RAND_egd(data->set.ssl.egdsocket?data->set.ssl.egdsocket:EGD_SOCKET); + int ret = RAND_egd(data->set.ssl.egdsocket? + data->set.ssl.egdsocket:EGD_SOCKET); if(-1 != ret) { nread += ret; if(seed_enough(nread)) @@ -162,14 +163,24 @@ int random_the_seed(struct SessionHandle *data) #else { int len; - char *area = Curl_FormBoundary(); - if(!area) - return 3; /* out of memory */ + char *area; + + /* Changed call to RAND_seed to use the underlying RAND_add implementation + * directly. Do this in a loop, with the amount of additional entropy + * being dependent upon the algorithm used by Curl_FormBoundary(): N bytes + * of a 7-bit ascii set. -- Richard Gorton, March 11 2003. + */ + + do { + area = Curl_FormBoundary(); + if(!area) + return 3; /* out of memory */ - len = strlen(area); - RAND_seed(area, len); + len = strlen(area); + RAND_add(area, len, (len >> 1)); - free(area); /* now remove the random junk */ + free(area); /* now remove the random junk */ + } while (!RAND_status()); } #endif |