SSL (patch 6)

[Russ Allbery]

Bear Giles <bear at coyotesong.com> writes:

> This patch adds some initialization with random data, to make it
> harder for an attacker to predict the output of the OpenSSL PRNG.
> This should support reading a file (traditionally called .rand0,
> and updating that file as each session terminates), but for now
> it just reads some data from /dev/urandom if it exists.  This is
> better than nothing, but won't tie up the system like reading from
> /dev/random would.

> This patch also fixes an earlier oversight - SSL_shutdown() is
> followed by SSL_free().

Thanks, this has been applied to CURRENT.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>