static int prng_init(void)
{
int totbytes = 0;
#if SSLEAY_VERSION_NUMBER >= 0x0090581fL
#ifdef EGD_SOCKET
int bytes = 0;
if((bytes = RAND_egd(EGD_SOCKET)) == -1) {
Debug((DEBUG_ERROR, "EGD Socket %s failed", EGD_SOCKET));
bytes = 0;
} else {
totbytes += bytes;
Debug((DEBUG_DEBUG, "Got %d random bytes from EGD Socket %s",
bytes, EGD_SOCKET));
return 0;
}
#endif /* EGD_SOCKET */
#endif /* OpenSSL-0.9.5a */
#ifdef RANDOM_FILE
/* Try RANDOM_FILE if available */
totbytes += add_rand_file(RANDOM_FILE);
if(prng_seeded(totbytes))
return 0;
#endif
Debug((DEBUG_NOTICE, "PRNG seeded with %d bytes total", totbytes));
Debug((DEBUG_ERROR,
"PRNG may not have been seeded with enough random bytes"));
return -1; /* FAILED but we will deal with it*/
}
static int init_prng(void) {
int totbytes=0;
char filename[STRLEN];
int bytes;
bytes=0; /* avoid warning if #ifdef'd out for windows */
filename[0]='\0';
/* If they specify a rand file on the command line we
assume that they really do want it, so try it first */
if(options.rand_file) {
totbytes+=add_rand_file(options.rand_file);
if(prng_seeded(totbytes))
return 0;
}
/* try the $RANDFILE or $HOME/.rnd files */
RAND_file_name(filename, STRLEN);
if(filename[0]) {
filename[STRLEN-1]='\0'; /* just in case */
totbytes+=add_rand_file(filename);
if(prng_seeded(totbytes))
return 0;
}
#ifdef RANDOM_FILE
totbytes += add_rand_file( RANDOM_FILE );
if(prng_seeded(totbytes))
return 0;
#endif
#ifdef USE_WIN32
RAND_screen();
if(prng_seeded(totbytes)) {
log(LOG_DEBUG, "Seeded PRNG with RAND_screen");
return 0;
}
log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
#else
#if SSLEAY_VERSION_NUMBER >= 0x0090581fL
if(options.egd_sock) {
if((bytes=RAND_egd(options.egd_sock))==-1) {
log(LOG_WARNING, "EGD Socket %s failed", options.egd_sock);
bytes=0;
} else {
totbytes += bytes;
log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s",
bytes, options.egd_sock);
return 0; /* OpenSSL always gets what it needs or fails,
so no need to check if seeded sufficiently */
}
}
#ifdef EGD_SOCKET
if((bytes=RAND_egd(EGD_SOCKET))==-1) {
log(LOG_WARNING, "EGD Socket %s failed", EGD_SOCKET);
} else {
totbytes += bytes;
log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s",
bytes, EGD_SOCKET);
return 0;
}
#endif /* EGD_SOCKET */
#endif /* OpenSSL-0.9.5a */
#endif /* USE_WIN32 */
/* Try the good-old default /dev/urandom, if available */
totbytes+=add_rand_file( "/dev/urandom" );
if(prng_seeded(totbytes))
return 0;
/* Random file specified during configure */
log(LOG_INFO, "PRNG seeded with %d bytes total", totbytes);
log(LOG_WARNING, "PRNG may not have been seeded with enough random bytes");
return -1; /* FAILED */
}
NOEXPORT int compression_init(GLOBAL_OPTIONS *global) {
STACK_OF(SSL_COMP) *methods;
methods=SSL_COMP_get_compression_methods();
if(!methods) {
if(global->compression==COMP_NONE) {
s_log(LOG_NOTICE, "Failed to get compression methods");
return 0; /* ignore */
} else {
s_log(LOG_ERR, "Failed to get compression methods");
return 1;
}
}
if(global->compression==COMP_NONE ||
SSLeay()<0x00908051L /* 0.9.8e-beta1 */) {
/* delete OpenSSL defaults (empty the SSL_COMP stack) */
/* cannot use sk_SSL_COMP_pop_free,
* as it also destroys the stack itself */
/* only leave the standard RFC 1951 (DEFLATE) algorithm,
* if any of the private algorithms is enabled */
/* only allow DEFLATE with OpenSSL 0.9.8 or later
* with OpenSSL #1468 zlib memory leak fixed */
while(sk_SSL_COMP_num(methods))
#if OPENSSL_VERSION_NUMBER>=0x10100000L
/* FIXME: remove when sk_SSL_COMP_pop() works again */
OPENSSL_free(sk_pop((void *)methods));
#else
OPENSSL_free(sk_SSL_COMP_pop(methods));
#endif
}
if(global->compression==COMP_NONE) {
s_log(LOG_DEBUG, "Compression disabled");
return 0; /* success */
}
/* also insert the obsolete ZLIB algorithm */
if(global->compression==COMP_ZLIB) {
/* 224 - within the private range (193 to 255) */
COMP_METHOD *meth=COMP_zlib();
#if OPENSSL_VERSION_NUMBER>=0x10100000L
if(!meth || COMP_get_type(meth)==NID_undef) {
#else
if(!meth || meth->type==NID_undef) {
#endif
s_log(LOG_ERR, "ZLIB compression is not supported");
return 1;
}
SSL_COMP_add_compression_method(0xe0, meth);
}
s_log(LOG_INFO, "Compression enabled: %d method(s)",
sk_SSL_COMP_num(methods));
return 0; /* success */
}
#endif /* OPENSSL_NO_COMP */
NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
int totbytes=0;
char filename[256];
#ifndef USE_WIN32
int bytes;
#endif
filename[0]='\0';
/* if they specify a rand file on the command line we
assume that they really do want it, so try it first */
if(global->rand_file) {
totbytes+=add_rand_file(global, global->rand_file);
if(RAND_status())
return 0; /* success */
}
/* try the $RANDFILE or $HOME/.rnd files */
RAND_file_name(filename, 256);
if(filename[0]) {
totbytes+=add_rand_file(global, filename);
if(RAND_status())
return 0; /* success */
}
#ifdef RANDOM_FILE
totbytes+=add_rand_file(global, RANDOM_FILE);
if(RAND_status())
return 0; /* success */
#endif
#ifdef USE_WIN32
RAND_screen();
if(RAND_status()) {
s_log(LOG_DEBUG, "Seeded PRNG with RAND_screen");
return 0; /* success */
}
s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
#else
if(global->egd_sock) {
if((bytes=RAND_egd(global->egd_sock))==-1) {
s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock);
bytes=0;
} else {
totbytes+=bytes;
s_log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s",
bytes, global->egd_sock);
return 0; /* OpenSSL always gets what it needs or fails,
so no need to check if seeded sufficiently */
}
}
/* try the good-old default /dev/urandom, if available */
totbytes+=add_rand_file(global, "/dev/urandom");
if(RAND_status())
return 0; /* success */
#endif /* USE_WIN32 */
/* random file specified during configure */
s_log(LOG_ERR, "PRNG seeded with %d bytes total", totbytes);
s_log(LOG_ERR, "PRNG was not seeded with enough random bytes");
return 1; /* FAILED */
}
