X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fgen_sslfunc.c;h=98e75a1dba6258d77b840a1b05b093aae79b3010;hb=d9fea91a0a319e348adb504bd3edff148ff3d8a0;hp=8f6058a6cc50a2c1acd5a09490cdbda1cd041fa9;hpb=ac1d8e507892b43da73416c170ef6d382163ef16;p=wget diff --git a/src/gen_sslfunc.c b/src/gen_sslfunc.c index 8f6058a6..98e75a1d 100644 --- a/src/gen_sslfunc.c +++ b/src/gen_sslfunc.c @@ -98,12 +98,14 @@ ssl_init_prng (void) return; #endif - /* Still not enough randomness, presumably because neither random - file nor EGD have been available. Use the stupidest possible - method -- seed OpenSSL's PRNG with the system's PRNG. This is - insecure in the cryptographic sense, but people who care about - security will use /dev/random or their own source of randomness - anyway. */ + /* Still not enough randomness, most likely because neither + /dev/random nor EGD were available. Resort to a simple and + stupid method -- seed OpenSSL's PRNG with libc PRNG. This is + cryptographically weak, but people who care about strong + cryptography should install /dev/random (default on Linux) or + specify their own source of randomness anyway. */ + + logprintf (LOG_VERBOSE, _("Warning: using a weak random seed.\n")); while (RAND_status () == 0 && maxrand-- > 0) { @@ -298,6 +300,19 @@ ssl_poll (int fd, double timeout, int wait_for, void *ctx) return select_fd (fd, timeout, wait_for); } +static int +ssl_peek (int fd, char *buf, int bufsize, void *ctx) +{ + int ret; + SSL *ssl = (SSL *) ctx; + do + ret = SSL_peek (ssl, buf, bufsize); + while (ret == -1 + && SSL_get_error (ssl, ret) == SSL_ERROR_SYSCALL + && errno == EINTR); + return ret; +} + static void ssl_close (int fd, void *ctx) { @@ -335,7 +350,8 @@ ssl_connect (int fd) SSL-enabled functions are used for reading, writing, and polling. That way the rest of Wget can keep using xread, xwrite, and friends and not care what happens underneath. */ - register_transport (fd, ssl_read, ssl_write, ssl_poll, ssl_close, ssl); + fd_register_transport (fd, ssl_read, ssl_write, ssl_poll, ssl_peek, + ssl_close, ssl); DEBUGP (("Connected %d to SSL 0x%0lx\n", fd, (unsigned long) ssl)); return ssl;