Richard Gorton improved the random_the_seed() function for systems where

we don't find/know of a good random source. This way, we get a better randomness which in turn should make SSL connections more secure.
2024-11-21 01:16:58 +08:00 · 2003-03-11 18:55:34 +00:00 · 2003-03-11 18:55:34 +00:00 · 8755a6d1ac
commit 8755a6d1ac
parent 9f723061cb
1 changed files with 19 additions and 8 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -144,7 +144,8 @@ int random_the_seed(struct SessionHandle *data)
  {
    /* If there's an option and a define, the option overrides the
       define */
-    int ret = RAND_egd(data->set.ssl.egdsocket?data->set.ssl.egdsocket:EGD_SOCKET);
+    int ret = RAND_egd(data->set.ssl.egdsocket?
+                       data->set.ssl.egdsocket:EGD_SOCKET);
    if(-1 != ret) {
      nread += ret;
      if(seed_enough(nread))
@ -162,14 +163,24 @@ int random_the_seed(struct SessionHandle *data)
 #else
  {
    int len;
-    char *area = Curl_FormBoundary();
-    if(!area)
-      return 3; /* out of memory */
-	
-    len = strlen(area);
-    RAND_seed(area, len);
+    char *area;

-    free(area); /* now remove the random junk */
+    /* Changed call to RAND_seed to use the underlying RAND_add implementation
+     * directly.  Do this in a loop, with the amount of additional entropy
+     * being dependent upon the algorithm used by Curl_FormBoundary(): N bytes
+     * of a 7-bit ascii set. -- Richard Gorton, March 11 2003.
+     */
+	
+    do {
+      area = Curl_FormBoundary();
+      if(!area)
+        return 3; /* out of memory */
+	
+      len = strlen(area);
+      RAND_add(area, len, (len >> 1));
+
+      free(area); /* now remove the random junk */
+    } while (!RAND_status());
  }
 #endif