two new random seed options: CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET

2001-03-12 15:47:17 +00:00 · 2001-03-12 15:47:17 +00:00 · f2fd1b8856
commit f2fd1b8856
parent cb4efcf275
3 changed files with 54 additions and 19 deletions
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@ -418,6 +418,13 @@ typedef enum {
     makes the operation slower and is less friendly for the network. */
  CINIT(FORBID_REUSE, LONG, 75),

+  /* Set to a file name that contains random data for libcurl to use to
+     seed the random engine when doing SSL connects. */
+  CINIT(RANDOM_FILE, OBJECTPOINT, 76),
+
+  /* Set to the Entropy Gathering Daemon socket pathname */
+  CINIT(EGDSOCKET, OBJECTPOINT, 77),
+
  CURLOPT_LASTENTRY /* the last unusued */
 } CURLoption;

--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -80,34 +80,39 @@ int random_the_seed(struct connectdata *conn)
 {
  char *buf = conn->data->buffer; /* point to the big buffer */
  int nread=0;
+  struct UrlData *data=conn->data;

  /* Q: should we add support for a random file name as a libcurl option?
-     A: Yes */
-#if 0
-  /* something like this */
-  nread += RAND_load_file(filename, number_of_bytes);
+     A: Yes, it is here */
+
+#ifndef RANDOM_FILE
+  /* if RANDOM_FILE isn't defined, we only perform this if an option tells
+     us to! */
+  if(data->ssl.random_file)
+#define RANDOM_FILE "" /* doesn't matter won't be used */
 #endif
-  /* generates a default path for the random seed file */
-  buf[0]=0; /* blank it first */
-  RAND_file_name(buf, BUFSIZE);
-  if ( buf[0] ) {
-    /* we got a file name to try */
-    nread += RAND_load_file(buf, 16384);
+  {
+    /* let the option override the define */
+    nread += RAND_load_file((data->ssl.random_file?
+                             data->ssl.random_file:RANDOM_FILE),
+                            16384);
    if(seed_enough(conn, nread))
      return nread;
  }

-#ifdef RANDOM_FILE
-  nread += RAND_load_file(RANDOM_FILE, 16384);
-  if(seed_enough(conn, nread))
-    return nread;
-#endif
-
-#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET)
+#if defined(HAVE_RAND_EGD)
  /* only available in OpenSSL 0.9.5 and later */
-  /* EGD_SOCKET is set at configure time */
+  /* EGD_SOCKET is set at configure time or not at all */
+#ifndef EGD_SOCKET
+  /* If we don't have the define set, we only do this if the egd-option
+     is set */
+  if(data->ssl.egdsocket)
+#define EGD_SOCKET "" /* doesn't matter won't be used */
+#endif
  {
-    int ret = RAND_egd(EGD_SOCKET);
+    /* If there's an option and a define, the option overrides the
+       define */
+    int ret = RAND_egd(data->ssl.egdsocket?data->ssl.egdsocket:EGD_SOCKET);
    if(-1 != ret) {
      nread += ret;
      if(seed_enough(conn, nread))
@ -136,6 +141,16 @@ int random_the_seed(struct connectdata *conn)
 #endif
  }

+  /* generates a default path for the random seed file */
+  buf[0]=0; /* blank it first */
+  RAND_file_name(buf, BUFSIZE);
+  if ( buf[0] ) {
+    /* we got a file name to try */
+    nread += RAND_load_file(buf, 16384);
+    if(seed_enough(conn, nread))
+      return nread;
+  }
+
  infof(conn->data, "Your connection is using a weak random seed!\n");
  return nread;
 }
--- a/lib/url.c
+++ b/lib/url.c
@ -250,6 +250,19 @@ CURLcode Curl_setopt(CURL *curl, CURLoption option, ...)
  va_start(param, option);

  switch(option) {
+  case CURLOPT_RANDOM_FILE:
+    /*
+     * This is the path name to a file that contains random data to seed
+     * the random SSL stuff with. The file is only used for reading.
+     */
+    data->ssl.random_file = va_arg(param, char *);
+    break;
+  case CURLOPT_EGDSOCKET:
+    /*
+     * The Entropy Gathering Daemon socket pathname
+     */
+    data->ssl.egdsocket = va_arg(param, char *);
+    break;
  case CURLOPT_MAXCONNECTS:
    /*
     * Set the absolute number of maximum simultaneous alive connection that