Precautions against using the PRNG uninitialized: RAND_bytes() now

returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument.
2000-01-13 20:59:17 +00:00
parent 22e219d90f
commit eb952088f0
29 changed files with 196 additions and 38 deletions
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -101,7 +101,7 @@ int ssl23_accept(SSL *s)
 	int ret= -1;
 	int new_state,state;

-	RAND_seed(&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();