cURL / Mailing Lists / curl-library / Single Mail

curl-library

weak randomness with some TLS backends

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 3 Jun 2014 18:24:07 +0200 (CEST)

Friends!

I just noticed that we only provide a strong random function for four of our
ten TLS backends:

$ grep "define have_curlssl_random" vtls/*.h
vtls/curl_darwinssl.h:#define have_curlssl_random 1
vtls/gtls.h:#define have_curlssl_random 1
vtls/nssg.h:#define have_curlssl_random 1
vtls/openssl.h:#define have_curlssl_random 1

In other words, only libcurl built to use one of DarwinSSL, GnuTLS, NSS or
OpenSSL get really strong random for SASL/Digest/forms etc that want good
randomness.

I think this is mostly an oversight with the other backends and I'm leaning
towards making this cause a build failure until we fix it for all backends to
make it really notable.

Please check out if you can help us make your favorite backend do the right
thing!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-06-03