| commit | 93a4e38a3433b40978bcdeb226bb96dc364a6fb7 | |
| author | Steffen (Daode) Nurpmeso <steffen@sdaoden.eu> | |
| Tue, 22 Aug 2017 14:03:21 +0000 (22 16:03 +0200) | ||
| committer | Steffen (Daode) Nurpmeso <steffen@sdaoden.eu> | |
| Sun, 10 Sep 2017 00:07:24 +0000 (10 02:07 +0200) | ||
| tree | 36f2d8c991f76a6a56dba7a711b8f60ccf349119 | treesnapshot (tar.gz zip) |
| parent | c5a223d8a8ac9554e739f55157b803a49dc43b07 | commitdiff |
Rework (usage of) *SSL random handling (Rich Salz)..
Add config.h:n_RANDOM_USE_XSSL and ssl_rand_bytes() and use the
*SSL RAND_* machinery if possible for our random numbers.
Do not skip loading of the *SSL entropy file if the PRNG claims to
have successfully initialized itself.
Do not use RAND_seed() but only RAND_add() to feed entropy in the
PRNG, use an entropy value that is a little bit more realistic
than what we have used before, though likely still too high.
Alway feed in.
Always try to write the updated entropy to the *SSL entropy file
if the PRNG claims to have enough entropy.
Introduce n_random_create_buf() and make n_random_create_cp()
a simple wrapper of that.
Add config.h:n_RANDOM_USE_XSSL and ssl_rand_bytes() and use the
*SSL RAND_* machinery if possible for our random numbers.
Do not skip loading of the *SSL entropy file if the PRNG claims to
have successfully initialized itself.
Do not use RAND_seed() but only RAND_add() to feed entropy in the
PRNG, use an entropy value that is a little bit more realistic
than what we have used before, though likely still too high.
Alway feed in.
Always try to write the updated entropy to the *SSL entropy file
if the PRNG claims to have enough entropy.
Introduce n_random_create_buf() and make n_random_create_cp()
a simple wrapper of that.
| auxlily.c | diffblobblamehistory | |
| cc-test.sh | diffblobblamehistory | |
| config.h | diffblobblamehistory | |
| nail.h | diffblobblamehistory | |
| nailfuns.h | diffblobblamehistory | |
| xssl.c | diffblobblamehistory |