Wget & OpenSSL+PRNG

Christopher Barton Sun, 22 Jul 2001 13:28:31 -0700
Hello!

First off, I love wget!  Thanks for all of your great work on the project.
We really appreciate the effort.

I've found a bug.  Wget 1.7 & 1.7.1-pre1 fail to properly initialize
OpenSSL's random number generator.  This is probably not a problem in
GNU/Linux, but OS's like Solaris can't seem to take advantage of HTTPS
support at all (well, not with recent OpenSSL versions, anyway).  Here's
some information from openssl.org:

     http://www.openssl.org/support/faq.html#USER1

Here's a (bad) patch taken from Lynx (GPL) to get you started, I hope you
find it helpful.  Note: I'm not on the mailing list.

--
  Christopher Barton    Sr Network Analyst, AITS    (217) 333-0320

--- src/gen_sslfunc.c.orig      Sun May 27 14:34:59 2001
+++ src/gen_sslfunc.c   Sun Jul 22 15:39:24 2001
@@ -31,6 +31,7 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>

 #include "wget.h"
 #include "connect.h"
@@ -41,6 +42,43 @@

 static int verify_callback PARAMS ((int, X509_STORE_CTX *));

+void SSLInitPRNG()
+{
+#if SSLEAY_VERSION_NUMBER >= 0x00905100
+    if (RAND_status() == 0) {
+        char rand_file[256];
+        time_t t;
+        pid_t pid;
+        long l,seed;
+
+        t = time(NULL);
+        pid = getpid();
+        RAND_file_name(rand_file, 256);
+        if(rand_file != NULL) {
+            /* Seed as much as 1024 bytes from RAND_file_name */
+            RAND_load_file(rand_file, 1024);
+        }
+        /* Seed in time (mod_ssl does this) */
+        RAND_seed((unsigned char *)&t, sizeof(time_t));
+        /* Seed in pid (mod_ssl does this) */
+        RAND_seed((unsigned char *)&pid, sizeof(pid_t));
+        /* Initialize system's random number generator */
+        RAND_bytes((unsigned char *)&seed, sizeof(long));
+        srand48(seed);
+        while (RAND_status() == 0) {
+            /* Repeatedly seed the PRNG using the system's random number generator 
+until it has been seeded with enough data */
+            l = lrand48();
+            RAND_seed((unsigned char *)&l, sizeof(long));
+        }
+        if (rand_file != NULL) {
+            /* Write a rand_file */
+            RAND_write_file(rand_file);
+        }
+    }
+#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
+    return;
+}
+
 /* Creates a SSL Context and sets some defaults for it */
 uerr_t
 init_ssl (SSL_CTX **ctx)
@@ -66,6 +104,7 @@
                                       SSL_FILETYPE_PEM) <= 0)
        return SSLERRCERTKEY;
   }
+  SSLInitPRNG();
   return 0; /* Succeded */
 }

@@ -82,6 +121,10 @@
   SSL_connect (*con);
   if ((*con)->state != SSL_ST_OK)
     return 1;
+
+  /*while((SSLerror=ERR_get_error())!=0)
+    printf("%s\n", ERR_error_string(SSLerror,NULL));*/
+
   return 0;
 }
Wget & OpenSSL+PRNG

Reply via email to
