cyassl: use RNG_GenerateBlock to generate a good random number

2 files changed, 18 insertions, 3 deletions

diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 56e56e45e..0de589e16 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -54,6 +54,7 @@
 #else
 #include <cyassl/error.h>
 #endif
+#include <cyassl/ctaocrypt/random.h>
 
 /* The last #include file should be: */
 #include "memdebug.h"
@@ -638,4 +639,17 @@ Curl_cyassl_connect(struct connectdata *conn,
   return CURLE_OK;
 }
 
+int Curl_cyassl_random(struct SessionHandle *data,
+                       unsigned char *entropy,
+                       size_t length)
+{
+  RNG rng;
+  (void)data;
+  if(InitRng(&rng))
+    return 1;
+  if(RNG_GenerateBlock(&rng, entropy, length))
+    return 1;
+  return 0;
+}
+
 #endif
diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h
index eb6145905..78cba2ff8 100644
--- a/lib/vtls/cyassl.h
+++ b/lib/vtls/cyassl.h
@@ -43,6 +43,9 @@ int Curl_cyassl_init(void);
 CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
                                          int sockindex,
                                          bool *done);
+int Curl_cyassl_random(struct SessionHandle *data,
+                       unsigned char *entropy,
+                       size_t length);
 
 /* API setup for CyaSSL */
 #define curlssl_init Curl_cyassl_init
@@ -59,9 +62,7 @@ CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
 #define curlssl_version Curl_cyassl_version
 #define curlssl_check_cxn(x) (x=x, -1)
 #define curlssl_data_pending(x,y) Curl_cyassl_data_pending(x,y)
-
-/* this might cause libcurl to use a weeker random! */
-#define curlssl_random(x,y,z) (x=x, y=y, z=z, CURLE_NOT_BUILT_IN)
+#define curlssl_random(x,y,z) Curl_cyassl_random(x,y,z)
 
 #endif /* USE_CYASSL */
 #endif /* HEADER_CURL_CYASSL_H */