diff options
Diffstat (limited to 'lib/server/SSLLib.cpp')
-rw-r--r-- | lib/server/SSLLib.cpp | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/lib/server/SSLLib.cpp b/lib/server/SSLLib.cpp index e9c990b9..de7a941b 100644 --- a/lib/server/SSLLib.cpp +++ b/lib/server/SSLLib.cpp @@ -14,12 +14,16 @@ #include <openssl/err.h> #include <openssl/rand.h> +#ifdef WIN32 + #include <wincrypt.h> +#endif + #include "SSLLib.h" #include "ServerException.h" #include "MemLeakFindOn.h" -#ifndef NDEBUG +#ifndef BOX_RELEASE_BUILD bool SSLLib__TraceErrors = false; #endif @@ -35,7 +39,7 @@ void SSLLib::Initialise() { if(!::SSL_library_init()) { - LogError("Initialisation"); + LogError("initialising OpenSSL"); THROW_EXCEPTION(ServerException, SSLLibraryInitialisationError) } @@ -43,7 +47,37 @@ void SSLLib::Initialise() ::SSL_load_error_strings(); // Extra seeding over and above what's already done by the library -#ifdef HAVE_RANDOM_DEVICE +#ifdef WIN32 + HCRYPTPROV provider; + if(!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) + { + BOX_LOG_WIN_ERROR("Failed to acquire crypto context"); + BOX_WARNING("No random device -- additional seeding of " + "random number generator not performed."); + } + else + { + // must free provider + BYTE buf[1024]; + + if(!CryptGenRandom(provider, sizeof(buf), buf)) + { + BOX_LOG_WIN_ERROR("Failed to get random data"); + BOX_WARNING("No random device -- additional seeding of " + "random number generator not performed."); + } + else + { + RAND_seed(buf, sizeof(buf)); + } + + if(!CryptReleaseContext(provider, 0)) + { + BOX_LOG_WIN_ERROR("Failed to release crypto context"); + } + } +#elif HAVE_RANDOM_DEVICE if(::RAND_load_file(RANDOM_DEVICE, 1024) != 1024) { THROW_EXCEPTION(ServerException, SSLRandomInitFailed) @@ -63,14 +97,14 @@ void SSLLib::Initialise() // Created: 2003/08/06 // // -------------------------------------------------------------------------- -void SSLLib::LogError(const char *ErrorDuringAction) +void SSLLib::LogError(const std::string& rErrorDuringAction) { unsigned long errcode; char errname[256]; // SSL docs say at least 120 bytes while((errcode = ERR_get_error()) != 0) { ::ERR_error_string_n(errcode, errname, sizeof(errname)); - BOX_ERROR("SSL error during " << ErrorDuringAction << ": " << + BOX_ERROR("SSL error while " << rErrorDuringAction << ": " << errname); } } |