Use OpenSSL to generate a random number, it is probobly better at it.

author John Törnblom <john.tornblom@gmail.com>

Wed, 2 Feb 2011 18:11:37 +0000 (19:11 +0100)

committer John Törnblom <john.tornblom@gmail.com>

Fri, 4 Feb 2011 15:01:39 +0000 (16:01 +0100)
author John Törnblom <john.tornblom@gmail.com>
Wed, 2 Feb 2011 18:11:37 +0000 (19:11 +0100)
committer John Törnblom <john.tornblom@gmail.com>
Fri, 4 Feb 2011 15:01:39 +0000 (16:01 +0100)
diff --git a/src/access.c b/src/access.c

index 6307196c46efe196489a474869cb0853a6d1a5fe..080d6d8485281f6a5f0aa465c88abe53b963960d 100644 (file)
--- a/src/access.c
+++ b/src/access.c
@@ -30,6 +30,7 @@
  #include <arpa/inet.h>
  
  #include <openssl/sha.h>
+#include <openssl/rand.h>
  
  #include "tvheadend.h"
  #include "access.h"
@@ -90,23 +91,13 @@ access_ticket_create(const char *resource)
  {
    uint8_t buf[20];
    char id[41];
-  unsigned int i, rnd;
+  unsigned int i;
    access_ticket_t *at;
-  SHA_CTX shactx;
-  
    static const char hex_string[16] = "0123456789ABCDEF";
-  
  
    at = calloc(1, sizeof(access_ticket_t));
-  rnd = time(NULL);
-  
-  //Generate a pseudo-random ticket id
-  SHA_Init(&shactx);
-  for(i=0; i<5; i++) {
-    SHA_Update(&shactx, (const uint8_t *)&rnd, sizeof(int));
-    rnd = rand_r(&rnd);
-  }
-  SHA_Final(buf, &shactx);
+
+  RAND_bytes(buf, 20);
  
    //convert to hexstring
    for(i=0; i<sizeof(buf); i++){
@@ -539,6 +530,15 @@ access_init(int createdefault)
    access_entry_t *ae;
    const char *s;
  
+  static struct {
+    pid_t pid;
+    struct timeval tv;
+  } randseed;
+
+  randseed.pid = getpid();
+  gettimeofday(&randseed.tv, NULL);
+  RAND_seed(&randseed, sizeof(randseed));
+
    TAILQ_INIT(&access_entries);
    TAILQ_INIT(&access_tickets);
author	John Törnblom <john.tornblom@gmail.com>
	Wed, 2 Feb 2011 18:11:37 +0000 (19:11 +0100)
committer	John Törnblom <john.tornblom@gmail.com>
	Fri, 4 Feb 2011 15:01:39 +0000 (16:01 +0100)