Permalink
Browse files

introducing TAESPRNG class

as a cryptographic pseudorandom number generators (CSPRNG)
based on AES-256 and OS returned entropy
  • Loading branch information...
Arnaud Bouchez
Arnaud Bouchez committed Apr 8, 2016
1 parent 60566e8 commit 92135fcdf7503bb54479643e926668532ca357d3
Showing with 329 additions and 48 deletions.
  1. +1 −1 SynBidirSock.pas
  2. +2 −0 SynCommons.pas
  3. +292 −45 SynCrypto.pas
  4. +1 −1 SynMongoDB.pas
  5. +32 −0 SynSelfTests.pas
  6. +1 −1 SynopseCommit.inc
View
@@ -2173,7 +2173,7 @@ function THttpClientWebSockets.WebSocketsUpgrade(const aWebSocketsURI,
aWebSocketsURI,aWebSocketsEncryptionKey,aWebSocketsCompression);
try
RequestSendHeader(aWebSocketsURI,'GET');
- FillRandom(key);
+ TAESPRNG.Main.FillRandom(key);
bin1 := BinToBase64(@key,sizeof(key));
SockSend(['Content-Length: 0'#13#10'Connection: Upgrade'#13#10+
'Upgrade: websocket'#13#10'Sec-WebSocket-Key: ',bin1,#13#10+
View
@@ -5700,6 +5700,8 @@ function GUIDToString(const guid: TGUID): string;
/// fill some memory buffer with random values
// - the destination buffer is expected to be allocated as 32 bit items
+// - consider using instead the much safer TAESPRNG.Main.FillRandom() method
+// from the SynCrypto unit
procedure FillRandom(Dest: PCardinalArray; CardinalCount: integer);
/// compute a random GUID value
Oops, something went wrong.

0 comments on commit 92135fc

Please sign in to comment.