Module Name: src
Committed By: tls
Date: Sun Jul 28 14:13:29 UTC 2013
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c
Log Message:
Re-check the entropy level after we call RAND_poll(), so that we do
not continuously suck data out of /dev/urandom if we receive a stream
of requests larger than the initial-entropy threshold (hi Roland!).
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.4 src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.4 Tue Feb 5 21:31:25 2013
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c Sun Jul 28 14:13:29 2013
@@ -397,6 +397,11 @@ static int ssleay_rand_bytes(unsigned ch
RAND_poll();
ok = (entropy >= ENTROPY_NEEDED);
+ }
+
+ if (!ok)
+ {
+
/* If the PRNG state is not yet unpredictable, then seeing
* the PRNG output may help attackers to determine the new
* state; thus we have to decrease the entropy estimate.
