mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Richard Gorton improved the random_the_seed() function for systems where
we don't find/know of a good random source. This way, we get a better randomness which in turn should make SSL connections more secure.
This commit is contained in:
parent
9f723061cb
commit
8755a6d1ac
27
lib/ssluse.c
27
lib/ssluse.c
@ -144,7 +144,8 @@ int random_the_seed(struct SessionHandle *data)
|
||||
{
|
||||
/* If there's an option and a define, the option overrides the
|
||||
define */
|
||||
int ret = RAND_egd(data->set.ssl.egdsocket?data->set.ssl.egdsocket:EGD_SOCKET);
|
||||
int ret = RAND_egd(data->set.ssl.egdsocket?
|
||||
data->set.ssl.egdsocket:EGD_SOCKET);
|
||||
if(-1 != ret) {
|
||||
nread += ret;
|
||||
if(seed_enough(nread))
|
||||
@ -162,14 +163,24 @@ int random_the_seed(struct SessionHandle *data)
|
||||
#else
|
||||
{
|
||||
int len;
|
||||
char *area = Curl_FormBoundary();
|
||||
if(!area)
|
||||
return 3; /* out of memory */
|
||||
|
||||
len = strlen(area);
|
||||
RAND_seed(area, len);
|
||||
char *area;
|
||||
|
||||
free(area); /* now remove the random junk */
|
||||
/* Changed call to RAND_seed to use the underlying RAND_add implementation
|
||||
* directly. Do this in a loop, with the amount of additional entropy
|
||||
* being dependent upon the algorithm used by Curl_FormBoundary(): N bytes
|
||||
* of a 7-bit ascii set. -- Richard Gorton, March 11 2003.
|
||||
*/
|
||||
|
||||
do {
|
||||
area = Curl_FormBoundary();
|
||||
if(!area)
|
||||
return 3; /* out of memory */
|
||||
|
||||
len = strlen(area);
|
||||
RAND_add(area, len, (len >> 1));
|
||||
|
||||
free(area); /* now remove the random junk */
|
||||
} while (!RAND_status());
|
||||
}
|
||||
#endif
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user