From 8755a6d1ace9d5afce49f281da1f55809b0198d7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Mar 2003 18:55:34 +0000 Subject: [PATCH] Richard Gorton improved the random_the_seed() function for systems where we don't find/know of a good random source. This way, we get a better randomness which in turn should make SSL connections more secure. --- lib/ssluse.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/lib/ssluse.c b/lib/ssluse.c index 4f51e31db..64465deb1 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -144,7 +144,8 @@ int random_the_seed(struct SessionHandle *data) { /* If there's an option and a define, the option overrides the define */ - int ret = RAND_egd(data->set.ssl.egdsocket?data->set.ssl.egdsocket:EGD_SOCKET); + int ret = RAND_egd(data->set.ssl.egdsocket? + data->set.ssl.egdsocket:EGD_SOCKET); if(-1 != ret) { nread += ret; if(seed_enough(nread)) @@ -162,14 +163,24 @@ int random_the_seed(struct SessionHandle *data) #else { int len; - char *area = Curl_FormBoundary(); - if(!area) - return 3; /* out of memory */ - - len = strlen(area); - RAND_seed(area, len); + char *area; - free(area); /* now remove the random junk */ + /* Changed call to RAND_seed to use the underlying RAND_add implementation + * directly. Do this in a loop, with the amount of additional entropy + * being dependent upon the algorithm used by Curl_FormBoundary(): N bytes + * of a 7-bit ascii set. -- Richard Gorton, March 11 2003. + */ + + do { + area = Curl_FormBoundary(); + if(!area) + return 3; /* out of memory */ + + len = strlen(area); + RAND_add(area, len, (len >> 1)); + + free(area); /* now remove the random junk */ + } while (!RAND_status()); } #endif