From 5d1b6fe008d8cb54a1d874d7a4f43aae1039cc8f Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Fri, 10 Oct 2003 09:39:56 +0000
Subject: Merge in various small fixes, including two remote DOS

svn path=/trunk/; revision=3838
---
 socket.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index cc3c679e..389d861d 100644
--- a/socket.c
+++ b/socket.c
@@ -901,10 +901,31 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
     char *fingerprint, char *servercname, char *label)
 {
 	SSL *ssl;
+        struct stat randstat;
+        int i;
 	
 	SSL_load_error_strings();
 	SSLeay_add_ssl_algorithms();
 	
+#ifdef SSL_ENABLE
+        if (stat("/dev/random", &randstat)  &&
+            stat("/dev/urandom", &randstat)) {
+          /* Neither /dev/random nor /dev/urandom are present, so add
+             entropy to the SSL PRNG a hard way. */
+          for (i = 0; i < 10000  &&  ! RAND_status (); ++i) {
+            char buf[4];
+            struct timeval tv;
+            gettimeofday (&tv, 0);
+            buf[0] = tv.tv_usec & 0xF;
+            buf[2] = (tv.tv_usec & 0xF0) >> 4;
+            buf[3] = (tv.tv_usec & 0xF00) >> 8;
+            buf[1] = (tv.tv_usec & 0xF000) >> 12;
+            RAND_add (buf, sizeof buf, 0.1);
+          }
+        }
+#endif /* SSL_ENABLE */
+
+
 	if( sock < 0 || sock > FD_SETSIZE ) {
 		report(stderr, GT_("File descriptor out of range for SSL") );
 		return( -1 );
-- 
cgit v1.2.3