void SSLConnection::init () {
did_init = false;
buffer_t path;
buffer_init(&path);
buffer_grow(&path,_POSIX_PATH_MAX+1);
if (!HAVE_ENTROPY ()) {
/* load entropy from files */
if (SSLEntropyFile)
add_entropy (SSLEntropyFile);
add_entropy (RAND_file_name (path.str,path.size));
/* load entropy from egd sockets */
#ifdef HAVE_RAND_EGD
add_entropy (getenv ("EGDSOCKET"));
buffer_shrink(&path,0);
buffer_add_str(&path,NONULL(Homedir),-1);
buffer_add_str(&path,"/.entropy",9);
add_entropy (path.str);
add_entropy ("/tmp/entropy");
#endif
/* shuffle $RANDFILE (or ~/.rnd if unset) */
RAND_write_file (RAND_file_name (path.str,path.size));
if (!HAVE_ENTROPY ()) {
buffer_t msg; buffer_init(&msg);
buffer_add_str(&msg,_("Failed to find enough entropy on your system"),-1);
displayError.emit(&msg);
buffer_free(&msg);
buffer_free(&path);
return;
}
}
/*
* I don't think you can do this just before reading the error.
* The call itself might clobber the last SSL error.
*/
SSL_load_error_strings ();
SSL_library_init ();
did_init = true;
buffer_free(&path);
}
/**
* ssl_init - Initialise the SSL library
* @retval 0 Success
* @retval -1 Error
*
* OpenSSL library needs to be fed with sufficient entropy. On systems with
* /dev/urandom, this is done transparently by the library itself, on other
* systems we need to fill the entropy pool ourselves.
*
* Even though only OpenSSL 0.9.5 and later will complain about the lack of
* entropy, we try to our best and fill the pool with older versions also.
* (That's the reason for the ugly ifdefs and macros, otherwise I could have
* simply ifdef'd the whole ssl_init function)
*/
static int ssl_init(void)
{
static bool init_complete = false;
if (init_complete)
return 0;
if (!HAVE_ENTROPY())
{
/* load entropy from files */
char path[PATH_MAX];
add_entropy(C_EntropyFile);
add_entropy(RAND_file_name(path, sizeof(path)));
/* load entropy from egd sockets */
#ifdef HAVE_RAND_EGD
add_entropy(mutt_str_getenv("EGDSOCKET"));
snprintf(path, sizeof(path), "%s/.entropy", NONULL(HomeDir));
add_entropy(path);
add_entropy("/tmp/entropy");
#endif
/* shuffle $RANDFILE (or ~/.rnd if unset) */
RAND_write_file(RAND_file_name(path, sizeof(path)));
mutt_clear_error();
if (!HAVE_ENTROPY())
{
mutt_error(_("Failed to find enough entropy on your system"));
return -1;
}
}
/* OpenSSL performs automatic initialization as of 1.1.
* However LibreSSL does not (as of 2.8.3). */
#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
(defined(LIBRESSL_VERSION_NUMBER))
/* I don't think you can do this just before reading the error. The call
* itself might clobber the last SSL error. */
SSL_load_error_strings();
SSL_library_init();
#endif
init_complete = true;
return 0;
}
/*
* OpenSSL library needs to be fed with sufficient entropy. On systems
* with /dev/urandom, this is done transparently by the library itself,
* on other systems we need to fill the entropy pool ourselves.
*
* Even though only OpenSSL 0.9.5 and later will complain about the
* lack of entropy, we try to our best and fill the pool with older
* versions also. (That's the reason for the ugly #ifdefs and macros,
* otherwise I could have simply #ifdef'd the whole ssl_init funcion)
*/
static int ssl_init (void)
{
char path[_POSIX_PATH_MAX];
static unsigned char init_complete = 0;
if (init_complete)
return 0;
if (! HAVE_ENTROPY())
{
/* load entropy from files */
add_entropy (SslEntropyFile);
add_entropy (RAND_file_name (path, sizeof (path)));
/* load entropy from egd sockets */
#ifdef HAVE_RAND_EGD
add_entropy (getenv ("EGDSOCKET"));
snprintf (path, sizeof(path), "%s/.entropy", NONULL(Homedir));
add_entropy (path);
add_entropy ("/tmp/entropy");
#endif
/* shuffle $RANDFILE (or ~/.rnd if unset) */
RAND_write_file (RAND_file_name (path, sizeof (path)));
mutt_clear_error ();
if (! HAVE_ENTROPY())
{
mutt_error (_("Failed to find enough entropy on your system"));
mutt_sleep (2);
return -1;
}
}
/* I don't think you can do this just before reading the error. The call
* itself might clobber the last SSL error. */
SSL_load_error_strings();
SSL_library_init();
init_complete = 1;
return 0;
}
