allow setting of egd socket path

Peter O'Gorman gcrypt-devel at mlists.thewrittenword.com
Fri Apr 27 22:24:35 CEST 2007


Hi,

Some systems do not have a good entropy source, so we use PRNGD to
provide it. When we build libgcrypt we use the --with-egd-socket
configure flag to tell libgcrypt where to expect to find the socket.
So all is good, as long as PRNGD is running with the socket in the
right location. If not, and the user does not have rights to start it
with the socket at that path, they can not use libgcrypt. 

We'd like the user to be able to set a different entropy source, for
example using curl's --egd-file flag, and have libgcrypt respect that.
I thought the new GCRYCTL_SET_RANDOM_DAEMON_SOCKET stuff in trunk
would be what we wanted, but it's not.

I notice in the NEWS file of the svn version "Changed the way the RNG
gets initialized." - does this mean that we will be able to run `curl
--verion' and not have it die complaining about being unable to find a
valid entropy source? I realize that this was discussed previously,
but I am not convinced that a library calling exit(2) on the
appliction is a good idea. In the case above, curl inits everything at
the beginning of its main() function, including gnutls, gnutls then
proceeds to init libgcrypt, which calls exit(2) because PRNGD is not
running. It is pretty doubtful that curl wants to encrypt its version
output though :). Is this a misuse of the API by curl/gnutls? 

Anyway, please consider the attached patch for inclusion.

Thanks,
Peter

-------------- next part --------------
Index: src/global.c
===================================================================
--- src/global.c	(revision 1234)
+++ src/global.c	(working copy)
@@ -354,6 +354,10 @@
       _gcry_use_random_daemon (!! va_arg (arg_ptr, int));
       break;
 
+    case GCRYCTL_SET_EGD_SOCKET_PATH:
+      err = _gcry_set_egd_socket_path(va_arg (arg_ptr, const char *));
+      break;
+
     default:
       err = GPG_ERR_INV_OP;
     }
Index: src/gcrypt.h.in
===================================================================
--- src/gcrypt.h.in	(revision 1234)
+++ src/gcrypt.h.in	(working copy)
@@ -355,7 +355,8 @@
     GCRYCTL_FAST_POLL = 48,
     GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49,
     GCRYCTL_USE_RANDOM_DAEMON = 50,
-    GCRYCTL_FAKED_RANDOM_P = 51
+    GCRYCTL_FAKED_RANDOM_P = 51,
+    GCRYCTL_SET_EGD_SOCKET_PATH = 52
   };
 
 /* Perform various operations defined by CMD. */
Index: cipher/rndegd.c
===================================================================
--- cipher/rndegd.c	(revision 1234)
+++ cipher/rndegd.c	(working copy)
@@ -39,7 +39,20 @@
 #endif
 
 static int egd_socket = -1;
+static char * user_egd_socket_path = NULL;
 
+int
+_gcry_set_egd_socket_path(const char * path)
+{
+  if ((NULL == user_egd_socket_path) && (egd_socket == -1))
+    {
+    user_egd_socket_path = gcry_xstrdup (path);
+    return 0;
+    }
+  return 1;
+}
+
+
 /* Allocate a new filename from FIRST_PART and SECOND_PART and to
    tilde expansion for first_part.  SECOND_PART might be NULL.
  */
@@ -141,6 +154,9 @@
   else
     name = my_make_filename (bname, NULL);
 
+  if (user_egd_socket_path)
+    name = user_egd_socket_path;
+
   if (strlen(name)+1 >= sizeof addr.sun_path)
     log_fatal ("EGD socketname is too long\n");
   
Index: cipher/random.h
===================================================================
--- cipher/random.h	(revision 1234)
+++ cipher/random.h	(working copy)
@@ -47,6 +47,8 @@
                                void *buffer, size_t length);
 #endif /*USE_RANDOM_DAEMON*/
 
+int _gcry_set_egd_socket_path(const char * path);
+
 #endif /*G10_RANDOM_H*/
 
 


More information about the Gcrypt-devel mailing list