Full_Name: EKR
Version: 2.8.8-1.3.24
OS: NT 4.0
Submission from: (NULL) (198.144.203.242)
ssl_engine_rand.c:ssl_rand_seed() fopens the random file in text mode. On Unix
this is fine but on Windows this means that it will stop as soon as it sees an
EOD in the file. Since the random file is often random binary data, this means
that with high probability the entire file will not be read. This can lead to
insufficient amounts of entropy being delivered to OpenSSL. The fix is to
change:
if ((fp = ap_pfopen(p, pRandSeed->cpPath, "r")) == NULL)
continue;
to:
if ((fp = ap_pfopen(p, pRandSeed->cpPath, "rb")) == NULL)
continue;
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
