[core] remove srv->entropy[]

unlikely to provide any real additional benefit as long as PRNG has been appropriately initialized with random data
author: Glenn Strauss <gstrauss@gluelogic.com> 2016-12-09 01:37:43 -0500
committer: Glenn Strauss <gstrauss@gluelogic.com> 2016-12-09 01:40:46 -0500
commit: 544ccee5e1ccd235f392c72129fd21938a9aa706 (patch)
tree: 85ad00a6d618323b3ef45e916720f267efd12c89 /src/mod_auth.c
parent: 83ec97a05414c07d64c4baee4879bbaa343eb65e (diff)
download: lighttpd-git-544ccee5e1ccd235f392c72129fd21938a9aa706.tar.gz
1 files changed, 0 insertions, 7 deletions
diff --git a/src/mod_auth.c b/src/mod_auth.c
index fd8189c5..27158e5a 100644
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@@ -809,18 +809,11 @@ static handler_t mod_auth_send_401_unauthorized_digest(server *srv, connection *
 
 	/* generate nonce */
 
-	/* using unknown contents of srv->tmp_buf (modified elsewhere)
-	 * adds dubious amount of randomness.  Remove use of srv->tmp_buf in nonce? */
-
 	/* generate shared-secret */
 	li_MD5_Init(&Md5Ctx);
-	li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(srv->tmp_buf)); /*(dubious randomness)*/
-	li_MD5_Update(&Md5Ctx, CONST_STR_LEN("+"));
 
-	/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
 	li_itostrn(hh, sizeof(hh), srv->cur_ts);
 	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
-	li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
 	li_itostrn(hh, sizeof(hh), li_rand_pseudo_bytes());
 	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
author	Glenn Strauss <gstrauss@gluelogic.com>	2016-12-09 01:37:43 -0500
committer	Glenn Strauss <gstrauss@gluelogic.com>	2016-12-09 01:40:46 -0500
commit	544ccee5e1ccd235f392c72129fd21938a9aa706 (patch)
tree	85ad00a6d618323b3ef45e916720f267efd12c89 /src/mod_auth.c
parent	83ec97a05414c07d64c4baee4879bbaa343eb65e (diff)
download	lighttpd-git-544ccee5e1ccd235f392c72129fd21938a9aa706.tar.gz