diff options
author | Dan Fandrich <dan@coneharvesters.com> | 2005-03-04 22:36:56 +0000 |
---|---|---|
committer | Dan Fandrich <dan@coneharvesters.com> | 2005-03-04 22:36:56 +0000 |
commit | b01151e81cfcd9f21f54e616e1872d570bc634e2 (patch) | |
tree | 79311e17f2714b045078e09ab764f349c9d1fcc2 | |
parent | 67bd6f9ccd53630fd22fde32b8d6ad2186f38d99 (diff) |
Reduced the length of data read from the random entropy file.
-rw-r--r-- | lib/ssluse.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index ed4ecf205..817c0c7e4 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -103,6 +103,13 @@ #define HAVE_ERR_ERROR_STRING_N 1 #endif +/* + * Number of bytes to read from the random number seed file. This must be + * a finite value (because some entropy "files" like /dev/urandom have + * an infinite length), but must be large enough to provide enough + * entopy to properly seed OpenSSL's PRNG. + */ +#define RAND_LOAD_LENGTH 1024 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK static char global_passwd[64]; @@ -169,7 +176,7 @@ int random_the_seed(struct SessionHandle *data) /* let the option override the define */ nread += RAND_load_file((data->set.ssl.random_file? data->set.ssl.random_file:RANDOM_FILE), - 16384); /* bounded size in case it's /dev/urandom */ + RAND_LOAD_LENGTH); if(seed_enough(nread)) return nread; } @@ -231,7 +238,7 @@ int random_the_seed(struct SessionHandle *data) RAND_file_name(buf, BUFSIZE); if(buf[0]) { /* we got a file name to try */ - nread += RAND_load_file(buf, 16384); + nread += RAND_load_file(buf, RAND_LOAD_LENGTH); if(seed_enough(nread)) return nread; } |