- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present (0dce2ff8) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+5 −0

Original line number	Original line	Diff line number	Diff line
	@@ -7,6 +7,11 @@
	Changelog		Changelog

	Daniel Stenberg (1 Aug 2009)		Daniel Stenberg (1 Aug 2009)
			- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
			only in some OpenSSL installs - like on Windows) isn't thread-safe and we
			agreed that moving it to the global_init() function is a decent way to deal
			with this situation.

	- Alexander Beedie provided the patch for a noproxy problem: If I have set		- Alexander Beedie provided the patch for a noproxy problem: If I have set
	CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually		CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
	could still end up using a proxy if a proxy environment variable was set.		could still end up using a proxy if a proxy environment variable was set.

+3 −1

Original line number	Original line	Diff line number	Diff line
	@@ -39,6 +39,7 @@ This release includes the following bugfixes:
	o fix leak in gtls code		o fix leak in gtls code
	o missing algorithms in libcurl+OpenSSL		o missing algorithms in libcurl+OpenSSL
	o with noproxy set you could still get a proxy if a proxy env was set		o with noproxy set you could still get a proxy if a proxy env was set
			o rand seeding on libcurl on windows built with OpenSSL was not thread-safe

	This release includes the following known bugs:		This release includes the following known bugs:

	@@ -51,6 +52,7 @@ advice from friends like these:
	Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg,		Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg,
	Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg,		Aaron Oneal, Igor Novoseltsev, Eric Wong, Bill Hoffman, Daniel Steinberg,
	Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter,		Fabian Keil, Michal Marek, Reuven Wachtfogel, Markus Koetter,
	Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie		Constantine Sapuntzakis, David Binderman, Johan van Selst, Alexander Beedie,
			Tanguy Fautre

	Thanks! (and sorry if I forgot to mention someone)		Thanks! (and sorry if I forgot to mention someone)

+0 −2

Original line number	Original line	Diff line number	Diff line
	@@ -5,8 +5,6 @@ To be addressed in 7.19.6 (planned release: August 2009)

	249 - Wildcard cert name checking and null termination		249 - Wildcard cert name checking and null termination

	250 - RAND_screen() fix

	251 - TFTP block size		251 - TFTP block size

	252 - disable SNI for SSLv2 and SSLv3		252 - disable SNI for SSLv2 and SSLv3

+8 −2

Original line number	Original line	Diff line number	Diff line
	@@ -225,8 +225,7 @@ static int ossl_seed(struct SessionHandle *data)
	/* If we get here, it means we need to seed the PRNG using a "silly"		/* If we get here, it means we need to seed the PRNG using a "silly"
	approach! */		approach! */
	#ifdef HAVE_RAND_SCREEN		#ifdef HAVE_RAND_SCREEN
	/* This one gets a random value by reading the currently shown screen */		/* if RAND_screen() is present, it was called during global init */
	RAND_screen();
	nread = 100; /* just a value */		nread = 100; /* just a value */
	#else		#else
	{		{
	@@ -642,6 +641,13 @@ int Curl_ossl_init(void)

	OpenSSL_add_all_algorithms();		OpenSSL_add_all_algorithms();

			#ifdef HAVE_RAND_SCREEN
			/* This one gets a random value by reading the currently shown screen.
			RAND_screen() is not thread-safe according to OpenSSL devs - although not
			mentioned in documentation. */
			RAND_screen();
			#endif

	return 1;		return 1;
	}		}