two new random seed options: CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET

include/curl/curl.h

@@ -418,6 +418,13 @@ typedef enum {
      makes the operation slower and is less friendly for the network. */
   CINIT(FORBID_REUSE, LONG, 75),
 
+  /* Set to a file name that contains random data for libcurl to use to
+     seed the random engine when doing SSL connects. */
+  CINIT(RANDOM_FILE, OBJECTPOINT, 76),
+
+  /* Set to the Entropy Gathering Daemon socket pathname */
+  CINIT(EGDSOCKET, OBJECTPOINT, 77),
+
   CURLOPT_LASTENTRY /* the last unusued */
 } CURLoption;
 

lib/ssluse.c

@@ -80,34 +80,39 @@ int random_the_seed(struct connectdata *conn)
 {
   char *buf = conn->data->buffer; /* point to the big buffer */
   int nread=0;
+  struct UrlData *data=conn->data;
 
   /* Q: should we add support for a random file name as a libcurl option?
-     A: Yes */
+     A: Yes, it is here */
-#if 0
+
-  /* something like this */
+#ifndef RANDOM_FILE
-  nread += RAND_load_file(filename, number_of_bytes);
+  /* if RANDOM_FILE isn't defined, we only perform this if an option tells
+     us to! */
+  if(data->ssl.random_file)
+#define RANDOM_FILE "" /* doesn't matter won't be used */
 #endif
-  /* generates a default path for the random seed file */
+  {
-  buf[0]=0; /* blank it first */
+    /* let the option override the define */
-  RAND_file_name(buf, BUFSIZE);
+    nread += RAND_load_file((data->ssl.random_file?
-  if ( buf[0] ) {
+                             data->ssl.random_file:RANDOM_FILE),
-    /* we got a file name to try */
+                            16384);
-    nread += RAND_load_file(buf, 16384);
     if(seed_enough(conn, nread))
       return nread;
   }
 
-#ifdef RANDOM_FILE
+#if defined(HAVE_RAND_EGD)
-  nread += RAND_load_file(RANDOM_FILE, 16384);
-  if(seed_enough(conn, nread))
-    return nread;
-#endif
-
-#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET)
   /* only available in OpenSSL 0.9.5 and later */
-  /* EGD_SOCKET is set at configure time */
+  /* EGD_SOCKET is set at configure time or not at all */
+#ifndef EGD_SOCKET
+  /* If we don't have the define set, we only do this if the egd-option
+     is set */
+  if(data->ssl.egdsocket)
+#define EGD_SOCKET "" /* doesn't matter won't be used */
+#endif
   {
-    int ret = RAND_egd(EGD_SOCKET);
+    /* If there's an option and a define, the option overrides the
+       define */
+    int ret = RAND_egd(data->ssl.egdsocket?data->ssl.egdsocket:EGD_SOCKET);
     if(-1 != ret) {
       nread += ret;
       if(seed_enough(conn, nread))
@@ -136,6 +141,16 @@ int random_the_seed(struct connectdata *conn)
 #endif
   }
 
+  /* generates a default path for the random seed file */
+  buf[0]=0; /* blank it first */
+  RAND_file_name(buf, BUFSIZE);
+  if ( buf[0] ) {
+    /* we got a file name to try */
+    nread += RAND_load_file(buf, 16384);
+    if(seed_enough(conn, nread))
+      return nread;
+  }
+
   infof(conn->data, "Your connection is using a weak random seed!\n");
   return nread;
 }

lib/url.c

@@ -250,6 +250,19 @@ CURLcode Curl_setopt(CURL *curl, CURLoption option, ...)
   va_start(param, option);
 
   switch(option) {
+  case CURLOPT_RANDOM_FILE:
+    /*
+     * This is the path name to a file that contains random data to seed
+     * the random SSL stuff with. The file is only used for reading.
+     */
+    data->ssl.random_file = va_arg(param, char *);
+    break;
+  case CURLOPT_EGDSOCKET:
+    /*
+     * The Entropy Gathering Daemon socket pathname
+     */
+    data->ssl.egdsocket = va_arg(param, char *);
+    break;
   case CURLOPT_MAXCONNECTS:
     /*
      * Set the absolute number of maximum simultaneous alive connection that