-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl: fix Curl_ossl_seed()'s fallback to a custom seeding of PRNG #1620
Conversation
openssl: fix return value of Curl_ossl_seed() by returning CURLE_OK on success instead of nread bytes because function wants to return CURLcode and not bytes openssl: fix Curl_ossl_seed() returning error if RAND_file_name() is not supported by platform, instead check rand_enough() and succeed with CURLE_OK if PRNG is happy with a generated randomness
|
openssl: modified seed algorithm to change all bits of the timeval structure
Corrected, moved declaration outside the for(). Additionally changed seed generating algorithm in order to mix all available bits of timeval to avoid constant holes with 0s. |
I recommend trying
|
I suppose you add this extra time-based scrambling because |
openssl: remove redundant RAND_bytes/RAND_add_bytes (add more random bytes instead if engine is still unsatisfied with accumulated randomness)
Cleaned source according
Agree, removed that redundant part. In case engine is not satisfied with randomness ( |
Thanks! You'll notice that I squashed, edited the commit message and edited the code ever so slightly. |
Fix Curl_ossl_seed fallback to a custom seeding of PRNG that may happen for example on Windows platform.
The correction includes numerous fixes:
As a result of these changes CURL is now able to connect to https server when compiled with < OpenSSL 1.1.0+.