moves openssl init and prng seeding to main.c

2024-12-18 20:31:40 +03:00 · 2018-03-12 12:16:44 -04:00 · 2018-03-12 12:16:44 -04:00 · 01bedc86f5
commit 01bedc86f5
parent 27da6091ea
3 changed files with 20 additions and 25 deletions
--- a/vere/cttp.c
+++ b/vere/cttp.c
@ -20,7 +20,6 @@

 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>

 #include "../outside/jhttp/http_parser.h"   // Joyent HTTP
 #include "all.h"
@ -1612,14 +1611,8 @@ u3_cttp_ef_thus(c3_l    num_l,
 void
 u3_cttp_io_init()
 {
-  c3_i rad;
-  c3_y buf[4096];
-
  u3_Host.ctp_u.coc_u = 0;

-  SSL_library_init();
-  SSL_load_error_strings();
-
  u3_Host.ssl_u = SSL_CTX_new(TLSv1_client_method());
  SSL_CTX_set_options(u3S, SSL_OP_NO_SSLv2);
  SSL_CTX_set_verify(u3S, SSL_VERIFY_PEER, NULL);
@ -1635,16 +1628,6 @@ u3_cttp_io_init()
  SSL_CTX_set_cipher_list(u3S, "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:"
                          "ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:"
                          "RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS");
-
-  // RAND_status, at least on OS X, never returns true.
-  // 4096 bytes should be enough entropy for anyone, right?
-  rad = open("/dev/urandom", O_RDONLY);
-  if ( 4096 != read(rad, &buf, 4096) ) {
-    perror("rand-seed");
-    exit(1);
-  }
-  RAND_seed(buf, 4096);
-  close(rad);
 }

 /* u3_cttp_io_poll(): poll kernel for cttp I/O.
--- a/vere/http.c
+++ b/vere/http.c
@ -20,7 +20,6 @@

 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>

 // XX rename
 typedef struct _h2hed {
@ -637,13 +636,7 @@ _http_serv_start(u3_http* htp_u)
 static SSL_CTX*
 _http_init_tls()
 {
-  SSL_CTX* tls_u;
-
-  // XX only call these once between here and cttp (maybe in loop.c or main.c?)
-  SSL_library_init();
-  SSL_load_error_strings();
-
-  tls_u = SSL_CTX_new(TLSv1_2_server_method());
+  SSL_CTX* tls_u = SSL_CTX_new(TLSv1_2_server_method());

  SSL_CTX_set_options(tls_u, SSL_OP_NO_SSLv2);
  // SSL_CTX_set_verify(tls_u, SSL_VERIFY_NONE, NULL);
--- a/vere/main.c
+++ b/vere/main.c
@ -18,6 +18,7 @@
 #include <term.h>
 #include <dirent.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>

 #include "h2o.h"

@ -613,6 +614,24 @@ main(c3_i   argc,
 #endif
  }

+  SSL_library_init();
+  SSL_load_error_strings();
+
+  {
+    c3_i rad;
+    c3_y buf[4096];
+
+    // RAND_status, at least on OS X, never returns true.
+    // 4096 bytes should be enough entropy for anyone, right?
+    rad = open("/dev/urandom", O_RDONLY);
+    if ( 4096 != read(rad, &buf, 4096) ) {
+      perror("rand-seed");
+      exit(1);
+    }
+    RAND_seed(buf, 4096);
+    close(rad);
+  }
+
  // u3e_grab("main", u3_none);
  //
  u3_lo_loop();