void SSLConnection::init () { did_init = false; buffer_t path; buffer_init(&path); buffer_grow(&path,_POSIX_PATH_MAX+1); if (!HAVE_ENTROPY ()) { /* load entropy from files */ if (SSLEntropyFile) add_entropy (SSLEntropyFile); add_entropy (RAND_file_name (path.str,path.size)); /* load entropy from egd sockets */ #ifdef HAVE_RAND_EGD add_entropy (getenv ("EGDSOCKET")); buffer_shrink(&path,0); buffer_add_str(&path,NONULL(Homedir),-1); buffer_add_str(&path,"/.entropy",9); add_entropy (path.str); add_entropy ("/tmp/entropy"); #endif /* shuffle $RANDFILE (or ~/.rnd if unset) */ RAND_write_file (RAND_file_name (path.str,path.size)); if (!HAVE_ENTROPY ()) { buffer_t msg; buffer_init(&msg); buffer_add_str(&msg,_("Failed to find enough entropy on your system"),-1); displayError.emit(&msg); buffer_free(&msg); buffer_free(&path); return; } } /* * I don't think you can do this just before reading the error. * The call itself might clobber the last SSL error. */ SSL_load_error_strings (); SSL_library_init (); did_init = true; buffer_free(&path); }
/** * ssl_init - Initialise the SSL library * @retval 0 Success * @retval -1 Error * * OpenSSL library needs to be fed with sufficient entropy. On systems with * /dev/urandom, this is done transparently by the library itself, on other * systems we need to fill the entropy pool ourselves. * * Even though only OpenSSL 0.9.5 and later will complain about the lack of * entropy, we try to our best and fill the pool with older versions also. * (That's the reason for the ugly ifdefs and macros, otherwise I could have * simply ifdef'd the whole ssl_init function) */ static int ssl_init(void) { static bool init_complete = false; if (init_complete) return 0; if (!HAVE_ENTROPY()) { /* load entropy from files */ char path[PATH_MAX]; add_entropy(C_EntropyFile); add_entropy(RAND_file_name(path, sizeof(path))); /* load entropy from egd sockets */ #ifdef HAVE_RAND_EGD add_entropy(mutt_str_getenv("EGDSOCKET")); snprintf(path, sizeof(path), "%s/.entropy", NONULL(HomeDir)); add_entropy(path); add_entropy("/tmp/entropy"); #endif /* shuffle $RANDFILE (or ~/.rnd if unset) */ RAND_write_file(RAND_file_name(path, sizeof(path))); mutt_clear_error(); if (!HAVE_ENTROPY()) { mutt_error(_("Failed to find enough entropy on your system")); return -1; } } /* OpenSSL performs automatic initialization as of 1.1. * However LibreSSL does not (as of 2.8.3). */ #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ (defined(LIBRESSL_VERSION_NUMBER)) /* I don't think you can do this just before reading the error. The call * itself might clobber the last SSL error. */ SSL_load_error_strings(); SSL_library_init(); #endif init_complete = true; return 0; }
/* * OpenSSL library needs to be fed with sufficient entropy. On systems * with /dev/urandom, this is done transparently by the library itself, * on other systems we need to fill the entropy pool ourselves. * * Even though only OpenSSL 0.9.5 and later will complain about the * lack of entropy, we try to our best and fill the pool with older * versions also. (That's the reason for the ugly #ifdefs and macros, * otherwise I could have simply #ifdef'd the whole ssl_init funcion) */ static int ssl_init (void) { char path[_POSIX_PATH_MAX]; static unsigned char init_complete = 0; if (init_complete) return 0; if (! HAVE_ENTROPY()) { /* load entropy from files */ add_entropy (SslEntropyFile); add_entropy (RAND_file_name (path, sizeof (path))); /* load entropy from egd sockets */ #ifdef HAVE_RAND_EGD add_entropy (getenv ("EGDSOCKET")); snprintf (path, sizeof(path), "%s/.entropy", NONULL(Homedir)); add_entropy (path); add_entropy ("/tmp/entropy"); #endif /* shuffle $RANDFILE (or ~/.rnd if unset) */ RAND_write_file (RAND_file_name (path, sizeof (path))); mutt_clear_error (); if (! HAVE_ENTROPY()) { mutt_error (_("Failed to find enough entropy on your system")); mutt_sleep (2); return -1; } } /* I don't think you can do this just before reading the error. The call * itself might clobber the last SSL error. */ SSL_load_error_strings(); SSL_library_init(); init_complete = 1; return 0; }