1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
// --------------------------------------------------------------------------
//
// File
// Name: SSLLib.cpp
// Purpose: Utility functions for dealing with the OpenSSL library
// Created: 2003/08/06
//
// --------------------------------------------------------------------------
#include "Box.h"
#define TLS_CLASS_IMPLEMENTATION_CPP
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#ifdef WIN32
#include <wincrypt.h>
#endif
#include "SSLLib.h"
#include "ServerException.h"
#include "MemLeakFindOn.h"
#ifndef NDEBUG
bool SSLLib__TraceErrors = false;
#endif
// --------------------------------------------------------------------------
//
// Function
// Name: SSLLib::Initialise()
// Purpose: Initialise SSL library
// Created: 2003/08/06
//
// --------------------------------------------------------------------------
void SSLLib::Initialise()
{
if(!::SSL_library_init())
{
LogError("Initialisation");
THROW_EXCEPTION(ServerException, SSLLibraryInitialisationError)
}
// More helpful error messages
::SSL_load_error_strings();
// Extra seeding over and above what's already done by the library
#ifdef WIN32
HCRYPTPROV provider;
if(!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
BOX_LOG_WIN_ERROR("Failed to acquire crypto context");
BOX_WARNING("No random device -- additional seeding of "
"random number generator not performed.");
}
else
{
// must free provider
BYTE buf[1024];
if(!CryptGenRandom(provider, sizeof(buf), buf))
{
BOX_LOG_WIN_ERROR("Failed to get random data");
BOX_WARNING("No random device -- additional seeding of "
"random number generator not performed.");
}
else
{
RAND_seed(buf, sizeof(buf));
}
if(!CryptReleaseContext(provider, 0))
{
BOX_LOG_WIN_ERROR("Failed to release crypto context");
}
}
#elif HAVE_RANDOM_DEVICE
if(::RAND_load_file(RANDOM_DEVICE, 1024) != 1024)
{
THROW_EXCEPTION(ServerException, SSLRandomInitFailed)
}
#else
BOX_WARNING("No random device -- additional seeding of "
"random number generator not performed.");
#endif
}
// --------------------------------------------------------------------------
//
// Function
// Name: SSLLib::LogError(const char *)
// Purpose: Logs an error
// Created: 2003/08/06
//
// --------------------------------------------------------------------------
void SSLLib::LogError(const std::string& rErrorDuringAction)
{
unsigned long errcode;
char errname[256]; // SSL docs say at least 120 bytes
while((errcode = ERR_get_error()) != 0)
{
::ERR_error_string_n(errcode, errname, sizeof(errname));
BOX_ERROR("SSL error while " << rErrorDuringAction << ": " <<
errname);
}
}
|