File: SSLLib.cpp

package info (click to toggle)
boxbackup 0.13~~git20221201.g166b3fa-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 13,172 kB
  • sloc: xml: 70,723; cpp: 55,456; ansic: 24,659; perl: 4,844; sh: 4,294; makefile: 588; python: 311
file content (111 lines) | stat: -rw-r--r-- 2,877 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
// --------------------------------------------------------------------------
//
// File
//		Name:    SSLLib.cpp
//		Purpose: Utility functions for dealing with the OpenSSL library
//		Created: 2003/08/06
//
// --------------------------------------------------------------------------

#include "Box.h"

#define TLS_CLASS_IMPLEMENTATION_CPP
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#ifdef HAVE_OPENSSL_PROVIDER_H
#include <openssl/provider.h>
#endif

#ifdef WIN32
	#include <wincrypt.h>
#endif

#include "autogen_ConnectionException.h"
#include "autogen_ServerException.h"
#include "CryptoUtils.h"
#include "SSLLib.h"

#include "MemLeakFindOn.h"

#ifndef BOX_RELEASE_BUILD
	bool SSLLib__TraceErrors = false;
#endif

// --------------------------------------------------------------------------
//
// Function
//		Name:    SSLLib::Initialise()
//		Purpose: Initialise SSL library
//		Created: 2003/08/06
//
// --------------------------------------------------------------------------
void SSLLib::Initialise()
{
	if(!::SSL_library_init())
	{
		THROW_EXCEPTION_MESSAGE(ServerException,
			SSLLibraryInitialisationError,
			CryptoUtils::LogError("initialising OpenSSL"));
	}
	
	// More helpful error messages
	::SSL_load_error_strings();

#ifdef HAVE_OPENSSL_PROVIDER_H
	// We use Blowfish, so in OpenSSL 3.x we need to explicitly load
	// the legacy provider.  Then if you explicitly load any provider
	// the default provider is no longer loaded implicitly, so load
	// that as well.
	OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
	OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default");
	if (legacy == NULL || deflt == NULL) {
		THROW_EXCEPTION_MESSAGE(ServerException,
			SSLLibraryInitialisationError,
			CryptoUtils::LogError("loading OpenSSL providers"));
	}
#endif

	// Extra seeding over and above what's already done by the library
#ifdef WIN32
	HCRYPTPROV provider;
	if(!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
		CRYPT_VERIFYCONTEXT))
	{
		BOX_LOG_WIN_ERROR("Failed to acquire crypto context");
		BOX_WARNING("No random device -- additional seeding of "
			"random number generator not performed.");
	}
	else
	{
		// must free provider
		BYTE buf[1024];

		if(!CryptGenRandom(provider, sizeof(buf), buf))
		{
			BOX_LOG_WIN_ERROR("Failed to get random data");
			BOX_WARNING("No random device -- additional seeding of "
				"random number generator not performed.");
		}
		else
		{
			RAND_seed(buf, sizeof(buf));
		}
		
		if(!CryptReleaseContext(provider, 0))
		{
			BOX_LOG_WIN_ERROR("Failed to release crypto context");
		}
	}
#elif defined HAVE_RANDOM_DEVICE
	if(::RAND_load_file(RANDOM_DEVICE, 1024) != 1024)
	{
		THROW_EXCEPTION(ServerException, SSLRandomInitFailed)
	}
#else
	BOX_WARNING("No random device -- additional seeding of "
		"random number generator not performed.");
#endif
}