Reduced the length of data read from the random entropy file.

author: Dan Fandrich <dan@coneharvesters.com> 2005-03-04 22:36:56 +0000
committer: Dan Fandrich <dan@coneharvesters.com> 2005-03-04 22:36:56 +0000
commit: b01151e81cfcd9f21f54e616e1872d570bc634e2 (patch)
tree: 79311e17f2714b045078e09ab764f349c9d1fcc2 /lib
parent: 67bd6f9ccd53630fd22fde32b8d6ad2186f38d99 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index ed4ecf205..817c0c7e4 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -103,6 +103,13 @@
 #define HAVE_ERR_ERROR_STRING_N 1
 #endif
 
+/*
+ * Number of bytes to read from the random number seed file. This must be
+ * a finite value (because some entropy "files" like /dev/urandom have
+ * an infinite length), but must be large enough to provide enough
+ * entopy to properly seed OpenSSL's PRNG.
+ */
+#define RAND_LOAD_LENGTH 1024
 
 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
 static char global_passwd[64];
@@ -169,7 +176,7 @@ int random_the_seed(struct SessionHandle *data)
     /* let the option override the define */
     nread += RAND_load_file((data->set.ssl.random_file?
                              data->set.ssl.random_file:RANDOM_FILE),
-                            16384); /* bounded size in case it's /dev/urandom */
+                            RAND_LOAD_LENGTH);
     if(seed_enough(nread))
       return nread;
   }
@@ -231,7 +238,7 @@ int random_the_seed(struct SessionHandle *data)
   RAND_file_name(buf, BUFSIZE);
   if(buf[0]) {
     /* we got a file name to try */
-    nread += RAND_load_file(buf, 16384);
+    nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
     if(seed_enough(nread))
       return nread;
   }
author	Dan Fandrich <dan@coneharvesters.com>	2005-03-04 22:36:56 +0000
committer	Dan Fandrich <dan@coneharvesters.com>	2005-03-04 22:36:56 +0000
commit	b01151e81cfcd9f21f54e616e1872d570bc634e2 (patch)
tree	79311e17f2714b045078e09ab764f349c9d1fcc2 /lib
parent	67bd6f9ccd53630fd22fde32b8d6ad2186f38d99 (diff)