1 files changed, 39 insertions, 5 deletions

diff --git a/lib/server/SSLLib.cpp b/lib/server/SSLLib.cpp
index e9c990b9..de7a941b 100644
--- a/lib/server/SSLLib.cpp
+++ b/lib/server/SSLLib.cpp
@@ -14,12 +14,16 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
+#ifdef WIN32
+	#include <wincrypt.h>
+#endif
+
 #include "SSLLib.h"
 #include "ServerException.h"
 
 #include "MemLeakFindOn.h"
 
-#ifndef NDEBUG
+#ifndef BOX_RELEASE_BUILD
 	bool SSLLib__TraceErrors = false;
 #endif
 
@@ -35,7 +39,7 @@ void SSLLib::Initialise()
 {
 	if(!::SSL_library_init())
 	{
-		LogError("Initialisation");
+		LogError("initialising OpenSSL");
 		THROW_EXCEPTION(ServerException, SSLLibraryInitialisationError)
 	}
 	
@@ -43,7 +47,37 @@ void SSLLib::Initialise()
 	::SSL_load_error_strings();
 
 	// Extra seeding over and above what's already done by the library
-#ifdef HAVE_RANDOM_DEVICE
+#ifdef WIN32
+	HCRYPTPROV provider;
+	if(!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+		CRYPT_VERIFYCONTEXT))
+	{
+		BOX_LOG_WIN_ERROR("Failed to acquire crypto context");
+		BOX_WARNING("No random device -- additional seeding of "
+			"random number generator not performed.");
+	}
+	else
+	{
+		// must free provider
+		BYTE buf[1024];
+
+		if(!CryptGenRandom(provider, sizeof(buf), buf))
+		{
+			BOX_LOG_WIN_ERROR("Failed to get random data");
+			BOX_WARNING("No random device -- additional seeding of "
+				"random number generator not performed.");
+		}
+		else
+		{
+			RAND_seed(buf, sizeof(buf));
+		}
+		
+		if(!CryptReleaseContext(provider, 0))
+		{
+			BOX_LOG_WIN_ERROR("Failed to release crypto context");
+		}
+	}
+#elif HAVE_RANDOM_DEVICE
 	if(::RAND_load_file(RANDOM_DEVICE, 1024) != 1024)
 	{
 		THROW_EXCEPTION(ServerException, SSLRandomInitFailed)
@@ -63,14 +97,14 @@ void SSLLib::Initialise()
 //		Created: 2003/08/06
 //
 // --------------------------------------------------------------------------
-void SSLLib::LogError(const char *ErrorDuringAction)
+void SSLLib::LogError(const std::string& rErrorDuringAction)
 {
 	unsigned long errcode;
 	char errname[256];		// SSL docs say at least 120 bytes
 	while((errcode = ERR_get_error()) != 0)
 	{
 		::ERR_error_string_n(errcode, errname, sizeof(errname));
-		BOX_ERROR("SSL error during " << ErrorDuringAction << ": " <<
+		BOX_ERROR("SSL error while " << rErrorDuringAction << ": " <<
 			errname);
 	}
 }