diff options
| -rw-r--r-- | lib/ssluse.c | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index ccd7bd925..d1cc63ec8 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -80,10 +80,8 @@ static int passwd_callback(char *buf, int num, int verify } static -bool seed_enough(struct connectdata *conn, /* unused for now */ - int nread) +bool seed_enough(int nread) { - conn = NULL; /* to prevent compiler warnings */ #ifdef HAVE_RAND_STATUS nread = 0; /* to prevent compiler warnings */ @@ -99,11 +97,10 @@ bool seed_enough(struct connectdata *conn, /* unused for now */ } static -int random_the_seed(struct connectdata *conn) +int random_the_seed(struct SessionHandle *data) { - char *buf = conn->data->state.buffer; /* point to the big buffer */ + char *buf = data->state.buffer; /* point to the big buffer */ int nread=0; - struct SessionHandle *data=conn->data; /* Q: should we add support for a random file name as a libcurl option? A: Yes, it is here */ @@ -119,7 +116,7 @@ int random_the_seed(struct connectdata *conn) nread += RAND_load_file((data->set.ssl.random_file? data->set.ssl.random_file:RANDOM_FILE), 16384); - if(seed_enough(conn, nread)) + if(seed_enough(nread)) return nread; } @@ -138,7 +135,7 @@ int random_the_seed(struct connectdata *conn) int ret = RAND_egd(data->set.ssl.egdsocket?data->set.ssl.egdsocket:EGD_SOCKET); if(-1 != ret) { nread += ret; - if(seed_enough(conn, nread)) + if(seed_enough(nread)) return nread; } } @@ -170,11 +167,11 @@ int random_the_seed(struct connectdata *conn) if ( buf[0] ) { /* we got a file name to try */ nread += RAND_load_file(buf, 16384); - if(seed_enough(conn, nread)) + if(seed_enough(nread)) return nread; } - infof(conn->data, "Your connection is using a weak random seed!\n"); + infof(data, "libcurl is now using a weak random seed!\n"); return nread; } @@ -363,6 +360,10 @@ int cert_verify_callback(int ok, X509_STORE_CTX *ctx) #ifdef USE_SSLEAY /* "global" init done? */ static int init_ssl=0; + +/* we have the "SSL is seeded" boolean global for the application to + prevent multiple time-consuming seedings in vain */ +static bool ssl_seeded = FALSE; #endif /* Global init */ @@ -677,8 +678,12 @@ Curl_SSLConnect(struct connectdata *conn) /* mark this is being ssl enabled from here on out. */ conn->ssl.use = TRUE; - /* Make funny stuff to get random input */ - random_the_seed(conn); + if(!ssl_seeded) { + /* Make funny stuff to get random input */ + random_the_seed(data); + + ssl_seeded = TRUE; + } /* check to see if we've been told to use an explicit SSL/TLS version */ switch(data->set.ssl.version) { |