static int prng_init(void) { int totbytes = 0; #if SSLEAY_VERSION_NUMBER >= 0x0090581fL #ifdef EGD_SOCKET int bytes = 0; if((bytes = RAND_egd(EGD_SOCKET)) == -1) { Debug((DEBUG_ERROR, "EGD Socket %s failed", EGD_SOCKET)); bytes = 0; } else { totbytes += bytes; Debug((DEBUG_DEBUG, "Got %d random bytes from EGD Socket %s", bytes, EGD_SOCKET)); return 0; } #endif /* EGD_SOCKET */ #endif /* OpenSSL-0.9.5a */ #ifdef RANDOM_FILE /* Try RANDOM_FILE if available */ totbytes += add_rand_file(RANDOM_FILE); if(prng_seeded(totbytes)) return 0; #endif Debug((DEBUG_NOTICE, "PRNG seeded with %d bytes total", totbytes)); Debug((DEBUG_ERROR, "PRNG may not have been seeded with enough random bytes")); return -1; /* FAILED but we will deal with it*/ }
static int init_prng(void) { int totbytes=0; char filename[STRLEN]; int bytes; bytes=0; /* avoid warning if #ifdef'd out for windows */ filename[0]='\0'; /* If they specify a rand file on the command line we assume that they really do want it, so try it first */ if(options.rand_file) { totbytes+=add_rand_file(options.rand_file); if(prng_seeded(totbytes)) return 0; } /* try the $RANDFILE or $HOME/.rnd files */ RAND_file_name(filename, STRLEN); if(filename[0]) { filename[STRLEN-1]='\0'; /* just in case */ totbytes+=add_rand_file(filename); if(prng_seeded(totbytes)) return 0; } #ifdef RANDOM_FILE totbytes += add_rand_file( RANDOM_FILE ); if(prng_seeded(totbytes)) return 0; #endif #ifdef USE_WIN32 RAND_screen(); if(prng_seeded(totbytes)) { log(LOG_DEBUG, "Seeded PRNG with RAND_screen"); return 0; } log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG"); #else #if SSLEAY_VERSION_NUMBER >= 0x0090581fL if(options.egd_sock) { if((bytes=RAND_egd(options.egd_sock))==-1) { log(LOG_WARNING, "EGD Socket %s failed", options.egd_sock); bytes=0; } else { totbytes += bytes; log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s", bytes, options.egd_sock); return 0; /* OpenSSL always gets what it needs or fails, so no need to check if seeded sufficiently */ } } #ifdef EGD_SOCKET if((bytes=RAND_egd(EGD_SOCKET))==-1) { log(LOG_WARNING, "EGD Socket %s failed", EGD_SOCKET); } else { totbytes += bytes; log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s", bytes, EGD_SOCKET); return 0; } #endif /* EGD_SOCKET */ #endif /* OpenSSL-0.9.5a */ #endif /* USE_WIN32 */ /* Try the good-old default /dev/urandom, if available */ totbytes+=add_rand_file( "/dev/urandom" ); if(prng_seeded(totbytes)) return 0; /* Random file specified during configure */ log(LOG_INFO, "PRNG seeded with %d bytes total", totbytes); log(LOG_WARNING, "PRNG may not have been seeded with enough random bytes"); return -1; /* FAILED */ }
NOEXPORT int compression_init(GLOBAL_OPTIONS *global) { STACK_OF(SSL_COMP) *methods; methods=SSL_COMP_get_compression_methods(); if(!methods) { if(global->compression==COMP_NONE) { s_log(LOG_NOTICE, "Failed to get compression methods"); return 0; /* ignore */ } else { s_log(LOG_ERR, "Failed to get compression methods"); return 1; } } if(global->compression==COMP_NONE || SSLeay()<0x00908051L /* 0.9.8e-beta1 */) { /* delete OpenSSL defaults (empty the SSL_COMP stack) */ /* cannot use sk_SSL_COMP_pop_free, * as it also destroys the stack itself */ /* only leave the standard RFC 1951 (DEFLATE) algorithm, * if any of the private algorithms is enabled */ /* only allow DEFLATE with OpenSSL 0.9.8 or later * with OpenSSL #1468 zlib memory leak fixed */ while(sk_SSL_COMP_num(methods)) #if OPENSSL_VERSION_NUMBER>=0x10100000L /* FIXME: remove when sk_SSL_COMP_pop() works again */ OPENSSL_free(sk_pop((void *)methods)); #else OPENSSL_free(sk_SSL_COMP_pop(methods)); #endif } if(global->compression==COMP_NONE) { s_log(LOG_DEBUG, "Compression disabled"); return 0; /* success */ } /* also insert the obsolete ZLIB algorithm */ if(global->compression==COMP_ZLIB) { /* 224 - within the private range (193 to 255) */ COMP_METHOD *meth=COMP_zlib(); #if OPENSSL_VERSION_NUMBER>=0x10100000L if(!meth || COMP_get_type(meth)==NID_undef) { #else if(!meth || meth->type==NID_undef) { #endif s_log(LOG_ERR, "ZLIB compression is not supported"); return 1; } SSL_COMP_add_compression_method(0xe0, meth); } s_log(LOG_INFO, "Compression enabled: %d method(s)", sk_SSL_COMP_num(methods)); return 0; /* success */ } #endif /* OPENSSL_NO_COMP */ NOEXPORT int prng_init(GLOBAL_OPTIONS *global) { int totbytes=0; char filename[256]; #ifndef USE_WIN32 int bytes; #endif filename[0]='\0'; /* if they specify a rand file on the command line we assume that they really do want it, so try it first */ if(global->rand_file) { totbytes+=add_rand_file(global, global->rand_file); if(RAND_status()) return 0; /* success */ } /* try the $RANDFILE or $HOME/.rnd files */ RAND_file_name(filename, 256); if(filename[0]) { totbytes+=add_rand_file(global, filename); if(RAND_status()) return 0; /* success */ } #ifdef RANDOM_FILE totbytes+=add_rand_file(global, RANDOM_FILE); if(RAND_status()) return 0; /* success */ #endif #ifdef USE_WIN32 RAND_screen(); if(RAND_status()) { s_log(LOG_DEBUG, "Seeded PRNG with RAND_screen"); return 0; /* success */ } s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG"); #else if(global->egd_sock) { if((bytes=RAND_egd(global->egd_sock))==-1) { s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock); bytes=0; } else { totbytes+=bytes; s_log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s", bytes, global->egd_sock); return 0; /* OpenSSL always gets what it needs or fails, so no need to check if seeded sufficiently */ } } /* try the good-old default /dev/urandom, if available */ totbytes+=add_rand_file(global, "/dev/urandom"); if(RAND_status()) return 0; /* success */ #endif /* USE_WIN32 */ /* random file specified during configure */ s_log(LOG_ERR, "PRNG seeded with %d bytes total", totbytes); s_log(LOG_ERR, "PRNG was not seeded with enough random bytes"); return 1; /* FAILED */ }