| 1 | // -------------------------------------------------------------------------- |
|---|
| 2 | // |
|---|
| 3 | // File |
|---|
| 4 | // Name: SSLLib.cpp |
|---|
| 5 | // Purpose: Utility functions for dealing with the OpenSSL library |
|---|
| 6 | // Created: 2003/08/06 |
|---|
| 7 | // |
|---|
| 8 | // -------------------------------------------------------------------------- |
|---|
| 9 | |
|---|
| 10 | #include "Box.h" |
|---|
| 11 | |
|---|
| 12 | #define TLS_CLASS_IMPLEMENTATION_CPP |
|---|
| 13 | #include <openssl/ssl.h> |
|---|
| 14 | #include <openssl/err.h> |
|---|
| 15 | #include <openssl/rand.h> |
|---|
| 16 | |
|---|
| 17 | #ifdef WIN32 |
|---|
| 18 | #include <wincrypt.h> |
|---|
| 19 | #endif |
|---|
| 20 | |
|---|
| 21 | #include "CryptoUtils.h" |
|---|
| 22 | #include "SSLLib.h" |
|---|
| 23 | #include "ServerException.h" |
|---|
| 24 | |
|---|
| 25 | #include "MemLeakFindOn.h" |
|---|
| 26 | |
|---|
| 27 | #ifndef BOX_RELEASE_BUILD |
|---|
| 28 | bool SSLLib__TraceErrors = false; |
|---|
| 29 | #endif |
|---|
| 30 | |
|---|
| 31 | // -------------------------------------------------------------------------- |
|---|
| 32 | // |
|---|
| 33 | // Function |
|---|
| 34 | // Name: SSLLib::Initialise() |
|---|
| 35 | // Purpose: Initialise SSL library |
|---|
| 36 | // Created: 2003/08/06 |
|---|
| 37 | // |
|---|
| 38 | // -------------------------------------------------------------------------- |
|---|
| 39 | void SSLLib::Initialise() |
|---|
| 40 | { |
|---|
| 41 | if(!::SSL_library_init()) |
|---|
| 42 | { |
|---|
| 43 | THROW_EXCEPTION_MESSAGE(ServerException, |
|---|
| 44 | SSLLibraryInitialisationError, |
|---|
| 45 | CryptoUtils::LogError("initialising OpenSSL")); |
|---|
| 46 | } |
|---|
| 47 | |
|---|
| 48 | // More helpful error messages |
|---|
| 49 | ::SSL_load_error_strings(); |
|---|
| 50 | |
|---|
| 51 | // Extra seeding over and above what's already done by the library |
|---|
| 52 | #ifdef WIN32 |
|---|
| 53 | HCRYPTPROV provider; |
|---|
| 54 | if(!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, |
|---|
| 55 | CRYPT_VERIFYCONTEXT)) |
|---|
| 56 | { |
|---|
| 57 | BOX_LOG_WIN_ERROR("Failed to acquire crypto context"); |
|---|
| 58 | BOX_WARNING("No random device -- additional seeding of " |
|---|
| 59 | "random number generator not performed."); |
|---|
| 60 | } |
|---|
| 61 | else |
|---|
| 62 | { |
|---|
| 63 | // must free provider |
|---|
| 64 | BYTE buf[1024]; |
|---|
| 65 | |
|---|
| 66 | if(!CryptGenRandom(provider, sizeof(buf), buf)) |
|---|
| 67 | { |
|---|
| 68 | BOX_LOG_WIN_ERROR("Failed to get random data"); |
|---|
| 69 | BOX_WARNING("No random device -- additional seeding of " |
|---|
| 70 | "random number generator not performed."); |
|---|
| 71 | } |
|---|
| 72 | else |
|---|
| 73 | { |
|---|
| 74 | RAND_seed(buf, sizeof(buf)); |
|---|
| 75 | } |
|---|
| 76 | |
|---|
| 77 | if(!CryptReleaseContext(provider, 0)) |
|---|
| 78 | { |
|---|
| 79 | BOX_LOG_WIN_ERROR("Failed to release crypto context"); |
|---|
| 80 | } |
|---|
| 81 | } |
|---|
| 82 | #elif HAVE_RANDOM_DEVICE |
|---|
| 83 | if(::RAND_load_file(RANDOM_DEVICE, 1024) != 1024) |
|---|
| 84 | { |
|---|
| 85 | THROW_EXCEPTION(ServerException, SSLRandomInitFailed) |
|---|
| 86 | } |
|---|
| 87 | #else |
|---|
| 88 | BOX_WARNING("No random device -- additional seeding of " |
|---|
| 89 | "random number generator not performed."); |
|---|
| 90 | #endif |
|---|
| 91 | } |
|---|
| 92 | |
|---|
| 93 | |
|---|
