moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

- T. Bharath pointed out that we seed SSL on every connect, which is a time- 

consuming operation that should only be needed to do once. We patched
  libcurl to now only seed on the first connect when unseeded. The seeded
  status is global so it'll now only happen once during a program's life time.
This commit is contained in:
Daniel Stenberg 2002-01-29 14:11:38 +00:00
parent 9468c9c796
commit f114caca90
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/ssluse.c
View File

@ -80,10 +80,8 @@ static int passwd_callback(char *buf, int num, int verify
}
static
bool seed_enough(struct connectdata *conn, /* unused for now */
int nread)
bool seed_enough(int nread)
{
conn = NULL; /* to prevent compiler warnings */
#ifdef HAVE_RAND_STATUS
nread = 0; /* to prevent compiler warnings */
@ -99,11 +97,10 @@ bool seed_enough(struct connectdata *conn, /* unused for now */
}
static
int random_the_seed(struct connectdata *conn)
int random_the_seed(struct SessionHandle *data)
{
char *buf = conn->data->state.buffer; /* point to the big buffer */
char *buf = data->state.buffer; /* point to the big buffer */
int nread=0;
struct SessionHandle *data=conn->data;
/* Q: should we add support for a random file name as a libcurl option?
A: Yes, it is here */
@ -119,7 +116,7 @@ int random_the_seed(struct connectdata *conn)
nread += RAND_load_file((data->set.ssl.random_file?
data->set.ssl.random_file:RANDOM_FILE),
16384);
if(seed_enough(conn, nread))
if(seed_enough(nread))
return nread;
}
@ -138,7 +135,7 @@ int random_the_seed(struct connectdata *conn)
int ret = RAND_egd(data->set.ssl.egdsocket?data->set.ssl.egdsocket:EGD_SOCKET);
if(-1 != ret) {
nread += ret;
if(seed_enough(conn, nread))
if(seed_enough(nread))
return nread;
}
}
@ -170,11 +167,11 @@ int random_the_seed(struct connectdata *conn)
if ( buf[0] ) {
/* we got a file name to try */
nread += RAND_load_file(buf, 16384);
if(seed_enough(conn, nread))
if(seed_enough(nread))
return nread;
}
infof(conn->data, "Your connection is using a weak random seed!\n");
infof(data, "libcurl is now using a weak random seed!\n");
return nread;
}
@ -363,6 +360,10 @@ int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
#ifdef USE_SSLEAY
/* "global" init done? */
static int init_ssl=0;
/* we have the "SSL is seeded" boolean global for the application to
prevent multiple time-consuming seedings in vain */
static bool ssl_seeded = FALSE;
#endif
/* Global init */
@ -677,8 +678,12 @@ Curl_SSLConnect(struct connectdata *conn)
/* mark this is being ssl enabled from here on out. */
conn->ssl.use = TRUE;
/* Make funny stuff to get random input */
random_the_seed(conn);
if(!ssl_seeded) {
/* Make funny stuff to get random input */
random_the_seed(data);
ssl_seeded = TRUE;
}
/* check to see if we've been told to use an explicit SSL/TLS version */
switch(data->set.ssl.version) {