[svn] Implement EGD support.

Submitted by Christian Fraenkel in <005501c17920$1312d440$4a05a8c0@isn>.

diff --git a/src/ChangeLog b/src/ChangeLog
index defa970ec02b0d36455ab66ca8c181f0e16e7e90..5f4b2fd32e60527d71def9efb4585c7c430e19f1 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,11 @@
+2001-11-30  Christian Fraenkel  <c.fraenkel@gmx.net>
+
+       * init.c: New command `ssl_egd_sock'.
+
+       * main.c (main): New option `--sslegdsock'.
+
+       * gen_sslfunc.c (ssl_init_prng): Seed the RNG using EGD.
+
 2001-11-29  Hrvoje Niksic  <hniksic@arsdigita.com>
 
        * cmpt.c (memmove): Include a simple memmove implementation.

diff --git a/src/gen_sslfunc.c b/src/gen_sslfunc.c
index 20fd53d71b22adb7b913a93628219f01c3db68d2..5ef5105063fc3e6f59581b98eb76c6f0df3cac9a 100644 (file)
--- a/src/gen_sslfunc.c
+++ b/src/gen_sslfunc.c
@@ -53,11 +53,13 @@ ssl_init_prng (void)
     {
       char rand_file[256];
       time_t t;
-      pid_t pid;
       long l,seed;
 
       t = time(NULL);
-      pid = getpid();
+      /* gets random data from egd if opt.sslegdsock was set */
+      if (opt.sslegdsock != NULL)
+       RAND_egd(opt.sslegdsock);
+      /* gets the file ~/.rnd or $RANDFILE if set */
       RAND_file_name(rand_file, 256);
       if (rand_file != NULL)
        {
@@ -66,8 +68,6 @@ ssl_init_prng (void)
        }
       /* Seed in time (mod_ssl does this) */
       RAND_seed((unsigned char *)&t, sizeof(time_t));
-      /* Seed in pid (mod_ssl does this) */
-      RAND_seed((unsigned char *)&pid, sizeof(pid_t));
       /* Initialize system's random number generator */
       RAND_bytes((unsigned char *)&seed, sizeof(long));
       srand48(seed);

diff --git a/src/init.c b/src/init.c
index 8a76c17a30d1536bf1b52b0aca48107d79e85e9e..4d82e0958e6323e4fff572ec7b1e8ded3f025756 100644 (file)
--- a/src/init.c
+++ b/src/init.c
@@ -179,6 +179,7 @@ static struct {
 #ifdef HAVE_SSL
   { "sslcertfile",     &opt.sslcertfile,       cmd_file },
   { "sslcertkey",      &opt.sslcertkey,        cmd_file },
+  { "sslegdsock",      &opt.sslegdsock,        cmd_file },
 #endif /* HAVE_SSL */
   { "timeout",         &opt.timeout,           cmd_time },
   { "timestamping",    &opt.timestamping,      cmd_boolean },

diff --git a/src/main.c b/src/main.c
index 5dc9bb0332da9dd9533606769ca4029e5078e29e..ee9bc7af9e381177f064c73759420e9a8a85a448 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -146,6 +146,7 @@ Logging and input file:\n\
   -B,  --base=URL             prepends URL to relative links in -F -i file.\n\
        --sslcertfile=FILE     optional client certificate.\n\
        --sslcertkey=KEYFILE   optional keyfile for this certificate.\n\
+       --sslegdsock=FILE      socket to the egd daemon(random data source).\n\
 \n"), stdout);
   fputs (_("\
 Download:\n\
@@ -320,6 +321,7 @@ main (int argc, char *const *argv)
 #ifdef HAVE_SSL
     { "sslcertfile", required_argument, NULL, 158 },
     { "sslcertkey", required_argument, NULL, 159 },
+    { "sslegdsock", required_argument, NULL, 166 },
 #endif /* HAVE_SSL */
     { "wait", required_argument, NULL, 'w' },
     { "waitretry", required_argument, NULL, 152 },
@@ -540,6 +542,9 @@ GNU General Public License for more details.\n"));
        case 159:
          setval ("sslcertkey", optarg);
          break;
+       case 166:
+         setval ("sslegdsock", optarg);
+         break;
 #endif /* HAVE_SSL */
        case 'A':
          setval ("accept", optarg);

diff --git a/src/options.h b/src/options.h
index fcbee7045dc79e41666dbefc6d3d367d4f08fecc..e8cd8fb2122340cdd8136737eae3adf68b2077ae 100644 (file)
--- a/src/options.h
+++ b/src/options.h
@@ -160,6 +160,7 @@ struct options
   char *sslcertkey;            /* the keyfile for this certificate
                                   (if not internal) included in the
                                   certfile. */
+  char *sslegdsock;             /* optional socket of the egd daemon */
 #endif /* HAVE_SSL */
 
   int   cookies;