diff options
| -rw-r--r-- | include/curl/curl.h | 7 | ||||
| -rw-r--r-- | lib/ssluse.c | 53 | ||||
| -rw-r--r-- | lib/url.c | 13 |
3 files changed, 54 insertions, 19 deletions
diff --git a/include/curl/curl.h b/include/curl/curl.h index 4d5e4a0ec..27a889c64 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -418,6 +418,13 @@ typedef enum { makes the operation slower and is less friendly for the network. */ CINIT(FORBID_REUSE, LONG, 75), + /* Set to a file name that contains random data for libcurl to use to + seed the random engine when doing SSL connects. */ + CINIT(RANDOM_FILE, OBJECTPOINT, 76), + + /* Set to the Entropy Gathering Daemon socket pathname */ + CINIT(EGDSOCKET, OBJECTPOINT, 77), + CURLOPT_LASTENTRY /* the last unusued */ } CURLoption; diff --git a/lib/ssluse.c b/lib/ssluse.c index 9823e6f84..526cca8ea 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -80,34 +80,39 @@ int random_the_seed(struct connectdata *conn) { char *buf = conn->data->buffer; /* point to the big buffer */ int nread=0; + struct UrlData *data=conn->data; /* Q: should we add support for a random file name as a libcurl option? - A: Yes */ -#if 0 - /* something like this */ - nread += RAND_load_file(filename, number_of_bytes); + A: Yes, it is here */ + +#ifndef RANDOM_FILE + /* if RANDOM_FILE isn't defined, we only perform this if an option tells + us to! */ + if(data->ssl.random_file) +#define RANDOM_FILE "" /* doesn't matter won't be used */ #endif - /* generates a default path for the random seed file */ - buf[0]=0; /* blank it first */ - RAND_file_name(buf, BUFSIZE); - if ( buf[0] ) { - /* we got a file name to try */ - nread += RAND_load_file(buf, 16384); + { + /* let the option override the define */ + nread += RAND_load_file((data->ssl.random_file? + data->ssl.random_file:RANDOM_FILE), + 16384); if(seed_enough(conn, nread)) return nread; } -#ifdef RANDOM_FILE - nread += RAND_load_file(RANDOM_FILE, 16384); - if(seed_enough(conn, nread)) - return nread; -#endif - -#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET) +#if defined(HAVE_RAND_EGD) /* only available in OpenSSL 0.9.5 and later */ - /* EGD_SOCKET is set at configure time */ + /* EGD_SOCKET is set at configure time or not at all */ +#ifndef EGD_SOCKET + /* If we don't have the define set, we only do this if the egd-option + is set */ + if(data->ssl.egdsocket) +#define EGD_SOCKET "" /* doesn't matter won't be used */ +#endif { - int ret = RAND_egd(EGD_SOCKET); + /* If there's an option and a define, the option overrides the + define */ + int ret = RAND_egd(data->ssl.egdsocket?data->ssl.egdsocket:EGD_SOCKET); if(-1 != ret) { nread += ret; if(seed_enough(conn, nread)) @@ -136,6 +141,16 @@ int random_the_seed(struct connectdata *conn) #endif } + /* generates a default path for the random seed file */ + buf[0]=0; /* blank it first */ + RAND_file_name(buf, BUFSIZE); + if ( buf[0] ) { + /* we got a file name to try */ + nread += RAND_load_file(buf, 16384); + if(seed_enough(conn, nread)) + return nread; + } + infof(conn->data, "Your connection is using a weak random seed!\n"); return nread; } @@ -250,6 +250,19 @@ CURLcode Curl_setopt(CURL *curl, CURLoption option, ...) va_start(param, option); switch(option) { + case CURLOPT_RANDOM_FILE: + /* + * This is the path name to a file that contains random data to seed + * the random SSL stuff with. The file is only used for reading. + */ + data->ssl.random_file = va_arg(param, char *); + break; + case CURLOPT_EGDSOCKET: + /* + * The Entropy Gathering Daemon socket pathname + */ + data->ssl.egdsocket = va_arg(param, char *); + break; case CURLOPT_MAXCONNECTS: /* * Set the absolute number of maximum simultaneous alive connection that |