aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2003-03-11 18:55:34 +0000
committerDaniel Stenberg <daniel@haxx.se>2003-03-11 18:55:34 +0000
commit8755a6d1ace9d5afce49f281da1f55809b0198d7 (patch)
treea9774800df3c3580e0942c9343739f19863e9dba
parent9f723061cb810737b99b5cd0e0944a0b72de36b3 (diff)
Richard Gorton improved the random_the_seed() function for systems where
we don't find/know of a good random source. This way, we get a better randomness which in turn should make SSL connections more secure.
-rw-r--r--lib/ssluse.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 4f51e31db..64465deb1 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -144,7 +144,8 @@ int random_the_seed(struct SessionHandle *data)
{
/* If there's an option and a define, the option overrides the
define */
- int ret = RAND_egd(data->set.ssl.egdsocket?data->set.ssl.egdsocket:EGD_SOCKET);
+ int ret = RAND_egd(data->set.ssl.egdsocket?
+ data->set.ssl.egdsocket:EGD_SOCKET);
if(-1 != ret) {
nread += ret;
if(seed_enough(nread))
@@ -162,14 +163,24 @@ int random_the_seed(struct SessionHandle *data)
#else
{
int len;
- char *area = Curl_FormBoundary();
- if(!area)
- return 3; /* out of memory */
+ char *area;
+
+ /* Changed call to RAND_seed to use the underlying RAND_add implementation
+ * directly. Do this in a loop, with the amount of additional entropy
+ * being dependent upon the algorithm used by Curl_FormBoundary(): N bytes
+ * of a 7-bit ascii set. -- Richard Gorton, March 11 2003.
+ */
+
+ do {
+ area = Curl_FormBoundary();
+ if(!area)
+ return 3; /* out of memory */
- len = strlen(area);
- RAND_seed(area, len);
+ len = strlen(area);
+ RAND_add(area, len, (len >> 1));
- free(area); /* now remove the random junk */
+ free(area); /* now remove the random junk */
+ } while (!RAND_status());
}
#endif