From: Daniel Stenberg Date: Tue, 17 May 2022 09:05:53 +0000 (+0200) Subject: opts: deprecate RANDOM_FILE and EGDSOCKET X-Git-Tag: curl-7_84_0~182 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d86718f3f6f1ee2b14ba311051404b97e948fbf;p=thirdparty%2Fcurl.git opts: deprecate RANDOM_FILE and EGDSOCKET These two options were only ever used for the OpenSSL backend for versions before 1.1.0. They were never used for other backends and they are not used with recent OpenSSL versions. They were never used much by applications. The defines RANDOM_FILE and EGD_SOCKET can still be set at build-time for ancient EOL OpenSSL versions. Closes #8670 --- diff --git a/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 b/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 index 0b5089e90c..565bb7c511 100644 --- a/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 +++ b/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -30,6 +30,8 @@ CURLOPT_EGDSOCKET \- EGD socket path CURLcode curl_easy_setopt(CURL *handle, CURLOPT_EGDSOCKET, char *path); .fi .SH DESCRIPTION +Deprecated option. It serves no purpose anymore. + Pass a char * to the null-terminated path name to the Entropy Gathering Daemon socket. It will be used to seed the random engine for TLS. @@ -50,7 +52,10 @@ if(curl) { } .fi .SH AVAILABILITY -If built with TLS enabled. Only the OpenSSL backend will use this. +If built with TLS enabled. Only the OpenSSL backend will use this, and only +with OpenSSL versions before 1.1.0. + +This option was deprecated in 7.84.0. .SH RETURN VALUE Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 index de322fc971..b76e6327c1 100644 --- a/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 +++ b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -30,6 +30,8 @@ CURLOPT_RANDOM_FILE \- file to read random data from CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RANDOM_FILE, char *path); .fi .SH DESCRIPTION +Deprecated option. It serves no purpose anymore. + Pass a char * to a null-terminated file name. The file might be used to read from to seed the random engine for SSL and more. @@ -50,7 +52,10 @@ if(curl) { } .fi .SH AVAILABILITY -Always +If built with TLS enabled. Only the OpenSSL backend will use this, and only +with OpenSSL versions before 1.1.0. + +This option was deprecated in 7.84.0. .SH RETURN VALUE Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/lib/doh.c b/lib/doh.c index 4aef8b266a..c124f64317 100644 --- a/lib/doh.c +++ b/lib/doh.c @@ -306,14 +306,6 @@ static CURLcode dohprobe(struct Curl_easy *data, } if(data->set.ssl.certinfo) ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L); - if(data->set.str[STRING_SSL_RANDOM_FILE]) { - ERROR_CHECK_SETOPT(CURLOPT_RANDOM_FILE, - data->set.str[STRING_SSL_RANDOM_FILE]); - } - if(data->set.str[STRING_SSL_EGDSOCKET]) { - ERROR_CHECK_SETOPT(CURLOPT_EGDSOCKET, - data->set.str[STRING_SSL_EGDSOCKET]); - } if(data->set.ssl.fsslctx) ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx); if(data->set.ssl.fsslctxp) diff --git a/lib/setopt.c b/lib/setopt.c index 05e1a544df..3dfb845ec7 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -203,19 +203,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; #endif case CURLOPT_RANDOM_FILE: - /* - * This is the path name to a file that contains random data to seed - * the random SSL stuff with. The file is only used for reading. - */ - result = Curl_setstropt(&data->set.str[STRING_SSL_RANDOM_FILE], - va_arg(param, char *)); break; case CURLOPT_EGDSOCKET: - /* - * The Entropy Gathering Daemon socket pathname - */ - result = Curl_setstropt(&data->set.str[STRING_SSL_EGDSOCKET], - va_arg(param, char *)); break; case CURLOPT_MAXCONNECTS: /* diff --git a/lib/url.c b/lib/url.c index c2d9e78f47..faf4b4278d 100644 --- a/lib/url.c +++ b/lib/url.c @@ -3808,8 +3808,6 @@ static CURLcode create_conn(struct Curl_easy *data, data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE]; data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; - data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; - data->set.ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; data->set.ssl.primary.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST]; data->set.ssl.primary.cipher_list13 = @@ -3823,9 +3821,6 @@ static CURLcode create_conn(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY]; data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY]; - data->set.proxy_ssl.primary.random_file = - data->set.str[STRING_SSL_RANDOM_FILE]; - data->set.proxy_ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; data->set.proxy_ssl.primary.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST_PROXY]; data->set.proxy_ssl.primary.cipher_list13 = diff --git a/lib/urldata.h b/lib/urldata.h index 584434d774..14770574d8 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -248,8 +248,6 @@ struct ssl_primary_config { char *CAfile; /* certificate to verify peer against */ char *issuercert; /* optional issuer certificate filename */ char *clientcert; - char *random_file; /* path to file containing "random" data */ - char *egdsocket; /* path to file containing the EGD daemon socket */ char *cipher_list; /* list of ciphers to use */ char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ char *pinned_key; @@ -1548,8 +1546,6 @@ enum dupstring { STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */ STRING_SSL_CIPHER13_LIST, /* list of TLS 1.3 ciphers to use */ STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */ - STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */ - STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */ STRING_USERAGENT, /* User-Agent string */ STRING_SSL_CRLFILE, /* crl file to check certificate */ STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */ diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 635e9c15e7..95a18a6d0b 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -484,36 +484,19 @@ static CURLcode ossl_seed(struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; #else -#ifndef RANDOM_FILE - /* if RANDOM_FILE isn't defined, we only perform this if an option tells - us to! */ - if(data->set.str[STRING_SSL_RANDOM_FILE]) -#define RANDOM_FILE "" /* doesn't matter won't be used */ +#ifdef RANDOM_FILE + RAND_load_file(RANDOM_FILE, RAND_LOAD_LENGTH); + if(rand_enough()) + return CURLE_OK; #endif - { - /* let the option override the define */ - RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]? - data->set.str[STRING_SSL_RANDOM_FILE]: - RANDOM_FILE), - RAND_LOAD_LENGTH); - if(rand_enough()) - return CURLE_OK; - } -#if defined(HAVE_RAND_EGD) - /* only available in OpenSSL 0.9.5 and later */ +#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET) + /* available in OpenSSL 0.9.5 and later */ /* EGD_SOCKET is set at configure time or not at all */ -#ifndef EGD_SOCKET - /* If we don't have the define set, we only do this if the egd-option - is set */ - if(data->set.str[STRING_SSL_EGDSOCKET]) -#define EGD_SOCKET "" /* doesn't matter won't be used */ -#endif { /* If there's an option and a define, the option overrides the define */ - int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]? - data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET); + int ret = RAND_egd(EGD_SOCKET); if(-1 != ret) { if(rand_enough()) return CURLE_OK; diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index e2d34388cc..a692d5e7cd 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -143,8 +143,6 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, Curl_safecmp(data->CAfile, needle->CAfile) && Curl_safecmp(data->issuercert, needle->issuercert) && Curl_safecmp(data->clientcert, needle->clientcert) && - Curl_safecmp(data->random_file, needle->random_file) && - Curl_safecmp(data->egdsocket, needle->egdsocket) && #ifdef USE_TLS_SRP Curl_safecmp(data->username, needle->username) && Curl_safecmp(data->password, needle->password) && @@ -182,8 +180,6 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, CLONE_STRING(CAfile); CLONE_STRING(issuercert); CLONE_STRING(clientcert); - CLONE_STRING(random_file); - CLONE_STRING(egdsocket); CLONE_STRING(cipher_list); CLONE_STRING(cipher_list13); CLONE_STRING(pinned_key); @@ -203,8 +199,6 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) Curl_safefree(sslc->CAfile); Curl_safefree(sslc->issuercert); Curl_safefree(sslc->clientcert); - Curl_safefree(sslc->random_file); - Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->cipher_list); Curl_safefree(sslc->cipher_list13); Curl_safefree(sslc->pinned_key); diff --git a/tests/libtest/lib1911.c b/tests/libtest/lib1911.c index 09757fba89..5ddc2112d7 100644 --- a/tests/libtest/lib1911.c +++ b/tests/libtest/lib1911.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,6 +62,8 @@ int test(char *URL) switch(o->id) { case CURLOPT_PROXY_TLSAUTH_TYPE: case CURLOPT_TLSAUTH_TYPE: + case CURLOPT_RANDOM_FILE: + case CURLOPT_EGDSOCKET: continue; default: /* check this */