add OpenSSL RAND_cleanup() on OpenSSL shutdown

- to securely erase the memory used by the PNRG
- also rework 2 comments in OpenSSL init
This commit is contained in:
Philip Kaufmann 2014-06-24 14:41:26 +02:00
parent 343feecf56
commit cf04d83624

View file

@ -121,15 +121,17 @@ public:
CRYPTO_set_locking_callback(locking_callback); CRYPTO_set_locking_callback(locking_callback);
#ifdef WIN32 #ifdef WIN32
// Seed random number generator with screen scrape and other hardware sources // Seed OpenSSL PRNG with current contents of the screen
RAND_screen(); RAND_screen();
#endif #endif
// Seed random number generator with performance counter // Seed OpenSSL PRNG with performance counter
RandAddSeed(); RandAddSeed();
} }
~CInit() ~CInit()
{ {
// Securely erase the memory used by the PRNG
RAND_cleanup();
// Shutdown OpenSSL library multithreading support // Shutdown OpenSSL library multithreading support
CRYPTO_set_locking_callback(NULL); CRYPTO_set_locking_callback(NULL);
for (int i = 0; i < CRYPTO_num_locks(); i++) for (int i = 0; i < CRYPTO_num_locks(); i++)