moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Code Issues Releases Wiki Activity

ossl_seed: fix the last resort PRNG seeding

Browse Source 
Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(),
this now uses Curl_ossl_random() to get entropy.
This commit is contained in:
Daniel Stenberg 2013-02-14 00:06:19 +01:00
parent d09d08dc1f
commit ad7291c1a9
1 changed files with 6 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/ssluse.c
View File

@ -236,27 +236,14 @@ static int ossl_seed(struct SessionHandle *data)
/* If we get here, it means we need to seed the PRNG using a "silly" /* If we get here, it means we need to seed the PRNG using a "silly"
approach! */ approach! */
{
int len;
char *area;
/* Changed call to RAND_seed to use the underlying RAND_add implementation
* directly. Do this in a loop, with the amount of additional entropy
* being dependent upon the algorithm used by Curl_FormBoundary(): N bytes
* of a 7-bit ascii set. -- Richard Gorton, March 11 2003.
*/
do { do {
area = Curl_FormBoundary(); int len;
if(!area) unsigned char randb[64];
return 3; /* out of memory */ Curl_ossl_random(data, randb, sizeof(randb));
len = curlx_uztosi(strlen(area)); len = sizeof(randb);
RAND_add(area, len, (len >> 1)); RAND_add(randb, len, (len >> 1));
free(area); /* now remove the random junk */
} while(!RAND_status()); } while(!RAND_status());
}
/* generates a default path for the random seed file */ /* generates a default path for the random seed file */
buf[0]=0; /* blank it first */ buf[0]=0; /* blank it first */