httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jerenkra...@ebuilt.com>
Subject Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_dh.c ssl_engine_init.c ssl_engine_kernel.c ssl_engine_rand.c ssl_scache_dbm.c ssl_scache_shmcb.c ssl_scache_shmht.c
Date Mon, 25 Feb 2002 19:55:40 GMT
On Mon, Feb 25, 2002 at 04:23:04AM -0000, jwoolley@apache.org wrote:
>   @@ -154,18 +155,21 @@
>                    RAND_seed(stackdata+n, 128);
>                    nDone += 128;
>    
>   -#if XXX_SBENTROPY_SOLVED
>                    /*
>   -                 * XXX: This is entirely borked, sizeof(scoreboard) < 1024
>   +                 * seed in data extracted from the current scoreboard
>                     *
>   -                 * seed in an 1KB extract of the current scoreboard
>   +                 * XXX: this assumes that the entire scoreboard is
>   +                 * allocated in one big block of memory that begins at
>   +                 * the location pointed to by ap_scoreboard_image->global
>                     */
>   -                if (ap_scoreboard_image != NULL) {
>   -                    n = ssl_rand_choosenum(0,ap_calc_scoreboard_size()-1024-1);
>   -                    RAND_seed(((unsigned char *)ap_scoreboard_image)+n, 1024);
>   -                    nDone += 1024;
>   +                if (ap_scoreboard_image != NULL && mc->nScoreboardSize
> 16)
>   +                {
>   +                    m = ((mc->nScoreboardSize / 2) - 1);
>   +                    n = ssl_rand_choosenum(0, m);
>   +                    RAND_seed(
>   +                        ((unsigned char *)ap_scoreboard_image->global)+n, m);
>   +                    nDone += m;
>                    }
>   -#endif
>                }
>            }
>        }
>   
>   
>   

Why was the XXX_SBENTROPY_SOLVED define removed?  I believe we wanted
to avoid using scoreboard as an entropy source because it isn't very
random.  Therefore, I think we should just remove this code
altogether.  Or, am I missing something?  -- justin


Mime
View raw message