aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2001-03-12 15:47:17 +0000
committerDaniel Stenberg <daniel@haxx.se>2001-03-12 15:47:17 +0000
commitf2fd1b8856559ef9a8dfb2d996fa452e4ee6f41a (patch)
treed30a9a957a81b43916444134af99d7de9b5a07db
parentcb4efcf275fd2acb60fbd0978a3322c65c536704 (diff)
two new random seed options: CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET
-rw-r--r--include/curl/curl.h7
-rw-r--r--lib/ssluse.c53
-rw-r--r--lib/url.c13
3 files changed, 54 insertions, 19 deletions
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 4d5e4a0ec..27a889c64 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -418,6 +418,13 @@ typedef enum {
makes the operation slower and is less friendly for the network. */
CINIT(FORBID_REUSE, LONG, 75),
+ /* Set to a file name that contains random data for libcurl to use to
+ seed the random engine when doing SSL connects. */
+ CINIT(RANDOM_FILE, OBJECTPOINT, 76),
+
+ /* Set to the Entropy Gathering Daemon socket pathname */
+ CINIT(EGDSOCKET, OBJECTPOINT, 77),
+
CURLOPT_LASTENTRY /* the last unusued */
} CURLoption;
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 9823e6f84..526cca8ea 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -80,34 +80,39 @@ int random_the_seed(struct connectdata *conn)
{
char *buf = conn->data->buffer; /* point to the big buffer */
int nread=0;
+ struct UrlData *data=conn->data;
/* Q: should we add support for a random file name as a libcurl option?
- A: Yes */
-#if 0
- /* something like this */
- nread += RAND_load_file(filename, number_of_bytes);
+ A: Yes, it is here */
+
+#ifndef RANDOM_FILE
+ /* if RANDOM_FILE isn't defined, we only perform this if an option tells
+ us to! */
+ if(data->ssl.random_file)
+#define RANDOM_FILE "" /* doesn't matter won't be used */
#endif
- /* generates a default path for the random seed file */
- buf[0]=0; /* blank it first */
- RAND_file_name(buf, BUFSIZE);
- if ( buf[0] ) {
- /* we got a file name to try */
- nread += RAND_load_file(buf, 16384);
+ {
+ /* let the option override the define */
+ nread += RAND_load_file((data->ssl.random_file?
+ data->ssl.random_file:RANDOM_FILE),
+ 16384);
if(seed_enough(conn, nread))
return nread;
}
-#ifdef RANDOM_FILE
- nread += RAND_load_file(RANDOM_FILE, 16384);
- if(seed_enough(conn, nread))
- return nread;
-#endif
-
-#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET)
+#if defined(HAVE_RAND_EGD)
/* only available in OpenSSL 0.9.5 and later */
- /* EGD_SOCKET is set at configure time */
+ /* EGD_SOCKET is set at configure time or not at all */
+#ifndef EGD_SOCKET
+ /* If we don't have the define set, we only do this if the egd-option
+ is set */
+ if(data->ssl.egdsocket)
+#define EGD_SOCKET "" /* doesn't matter won't be used */
+#endif
{
- int ret = RAND_egd(EGD_SOCKET);
+ /* If there's an option and a define, the option overrides the
+ define */
+ int ret = RAND_egd(data->ssl.egdsocket?data->ssl.egdsocket:EGD_SOCKET);
if(-1 != ret) {
nread += ret;
if(seed_enough(conn, nread))
@@ -136,6 +141,16 @@ int random_the_seed(struct connectdata *conn)
#endif
}
+ /* generates a default path for the random seed file */
+ buf[0]=0; /* blank it first */
+ RAND_file_name(buf, BUFSIZE);
+ if ( buf[0] ) {
+ /* we got a file name to try */
+ nread += RAND_load_file(buf, 16384);
+ if(seed_enough(conn, nread))
+ return nread;
+ }
+
infof(conn->data, "Your connection is using a weak random seed!\n");
return nread;
}
diff --git a/lib/url.c b/lib/url.c
index 802a5d2d4..3194cbe20 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -250,6 +250,19 @@ CURLcode Curl_setopt(CURL *curl, CURLoption option, ...)
va_start(param, option);
switch(option) {
+ case CURLOPT_RANDOM_FILE:
+ /*
+ * This is the path name to a file that contains random data to seed
+ * the random SSL stuff with. The file is only used for reading.
+ */
+ data->ssl.random_file = va_arg(param, char *);
+ break;
+ case CURLOPT_EGDSOCKET:
+ /*
+ * The Entropy Gathering Daemon socket pathname
+ */
+ data->ssl.egdsocket = va_arg(param, char *);
+ break;
case CURLOPT_MAXCONNECTS:
/*
* Set the absolute number of maximum simultaneous alive connection that