Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 25ccfff86a
Branches Tags
tor
/
src
/
lib
/
crypt_ops
/
crypto_openssl_mgt.c

crypto_openssl_mgt.c 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. /* Copyright (c) 2001, Matej Pfajfar.
    2. 

  2.  * Copyright (c) 2001-2004, Roger Dingledine.
    3. 

  3.  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
    4. 

  4.  * Copyright (c) 2007-2018, The Tor Project, Inc. */
    5. 

  5. /* See LICENSE for licensing information */
    6. 

  6. 

  7. /**
    8. 

  8.  * \file crypto_openssl.c
    9. 

  9.  *
    10. 

  10.  * \brief Block of functions related to operations from OpenSSL.
    11. 

  11.  **/
    12. 

  12. 

  13. #include "common/compat_openssl.h"
    14. 

  14. #include "common/crypto_openssl_mgt.h"
    15. 

  15. 

  16. DISABLE_GCC_WARNING(redundant-decls)
    17. 

  17. 

  18. #include <openssl/err.h>
    19. 

  19. #include <openssl/rsa.h>
    20. 

  20. #include <openssl/pem.h>
    21. 

  21. #include <openssl/evp.h>
    22. 

  22. #include <openssl/engine.h>
    23. 

  23. #include <openssl/rand.h>
    24. 

  24. #include <openssl/bn.h>
    25. 

  25. #include <openssl/dh.h>
    26. 

  26. #include <openssl/conf.h>
    27. 

  27. #include <openssl/hmac.h>
    28. 

  28. #include <openssl/crypto.h>
    29. 

  29. 

  30. ENABLE_GCC_WARNING(redundant-decls)
    31. 

  31. 

  32. #ifndef NEW_THREAD_API
    33. 

  33. /** A number of preallocated mutexes for use by OpenSSL. */
    34. 

  34. static tor_mutex_t **openssl_mutexes_ = NULL;
    35. 

  35. /** How many mutexes have we allocated for use by OpenSSL? */
    36. 

  36. static int n_openssl_mutexes_ = 0;
    37. 

  37. #endif /* !defined(NEW_THREAD_API) */
    38. 

  38. 

  39. /** Declare STATIC functions */
    40. 

  40. STATIC char * parse_openssl_version_str(const char *raw_version);
    41. 

  41. #ifndef NEW_THREAD_API
    42. 

  42. STATIC void openssl_locking_cb_(int mode, int n, const char *file, int line);
    43. 

  43. STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid);
    44. 

  44. #endif
    45. 

  45. 

  46. /* Returns a trimmed and human-readable version of an openssl version string
    47. 

  47. * <b>raw_version</b>. They are usually in the form of 'OpenSSL 1.0.0b 10
    48. 

  48. * May 2012' and this will parse them into a form similar to '1.0.0b' */
    49. 

  49. STATIC char *
    50. 

  50. parse_openssl_version_str(const char *raw_version)
    51. 

  51. {
    52. 

  52.   const char *end_of_version = NULL;
    53. 

  53.   /* The output should be something like "OpenSSL 1.0.0b 10 May 2012. Let's
    54. 

  54.      trim that down. */
    55. 

  55.   if (!strcmpstart(raw_version, "OpenSSL ")) {
    56. 

  56.     raw_version += strlen("OpenSSL ");
    57. 

  57.     end_of_version = strchr(raw_version, ' ');
    58. 

  58.   }
    59. 

  59. 

  60.   if (end_of_version)
    61. 

  61.     return tor_strndup(raw_version,
    62. 

  62.                       end_of_version-raw_version);
    63. 

  63.   else
    64. 

  64.     return tor_strdup(raw_version);
    65. 

  65. }
    66. 

  66. 

  67. static char *crypto_openssl_version_str = NULL;
    68. 

  68. /* Return a human-readable version of the run-time openssl version number. */
    69. 

  69. const char *
    70. 

  70. crypto_openssl_get_version_str(void)
    71. 

  71. {
    72. 

  72.   if (crypto_openssl_version_str == NULL) {
    73. 

  73.     const char *raw_version = OpenSSL_version(OPENSSL_VERSION);
    74. 

  74.     crypto_openssl_version_str = parse_openssl_version_str(raw_version);
    75. 

  75.   }
    76. 

  76.   return crypto_openssl_version_str;
    77. 

  77. }
    78. 

  78. 

  79. static char *crypto_openssl_header_version_str = NULL;
    80. 

  80. /* Return a human-readable version of the compile-time openssl version
    81. 

  81. * number. */
    82. 

  82. const char *
    83. 

  83. crypto_openssl_get_header_version_str(void)
    84. 

  84. {
    85. 

  85.   if (crypto_openssl_header_version_str == NULL) {
    86. 

  86.     crypto_openssl_header_version_str =
    87. 

  87.                         parse_openssl_version_str(OPENSSL_VERSION_TEXT);
    88. 

  88.   }
    89. 

  89.   return crypto_openssl_header_version_str;
    90. 

  90. }
    91. 

  91. 

  92. #ifndef OPENSSL_THREADS
    93. 

  93. #error OpenSSL has been built without thread support. Tor requires an \
    94. 

  94.  OpenSSL library with thread support enabled.
    95. 

  95. #endif
    96. 

  96. 

  97. #ifndef NEW_THREAD_API
    98. 

  98. /** Helper: OpenSSL uses this callback to manipulate mutexes. */
    99. 

  99. STATIC void
    100. 

  100. openssl_locking_cb_(int mode, int n, const char *file, int line)
    101. 

  101. {
    102. 

  102.   (void)file;
    103. 

  103.   (void)line;
    104. 

  104.   if (!openssl_mutexes_)
    105. 

  105.     /* This is not a really good fix for the
    106. 

  106.      * "release-freed-lock-from-separate-thread-on-shutdown" problem, but
    107. 

  107.      * it can't hurt. */
    108. 

  108.     return;
    109. 

  109.   if (mode & CRYPTO_LOCK)
    110. 

  110.     tor_mutex_acquire(openssl_mutexes_[n]);
    111. 

  111.   else
    112. 

  112.     tor_mutex_release(openssl_mutexes_[n]);
    113. 

  113. }
    114. 

  114. 

  115. STATIC void
    116. 

  116. tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
    117. 

  117. {
    118. 

  118.   CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
    119. 

  119. }
    120. 

  120. #endif /* !defined(NEW_THREAD_API) */
    121. 

  121. 

  122. /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
    123. 

  123.  * multithreaded. Returns 0. */
    124. 

  124. int
    125. 

  125. setup_openssl_threading(void)
    126. 

  126. {
    127. 

  127. #ifndef NEW_THREAD_API
    128. 

  128.   int i;
    129. 

  129.   int n = CRYPTO_num_locks();
    130. 

  130.   n_openssl_mutexes_ = n;
    131. 

  131.   openssl_mutexes_ = tor_calloc(n, sizeof(tor_mutex_t *));
    132. 

  132.   for (i=0; i < n; ++i)
    133. 

  133.     openssl_mutexes_[i] = tor_mutex_new();
    134. 

  134.   CRYPTO_set_locking_callback(openssl_locking_cb_);
    135. 

  135.   CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
    136. 

  136. #endif /* !defined(NEW_THREAD_API) */
    137. 

  137.   return 0;
    138. 

  138. }
    139. 

  139. 

  140. /** free OpenSSL variables */
    141. 

  141. void
    142. 

  142. crypto_openssl_free_all(void)
    143. 

  143. {
    144. 

  144.   tor_free(crypto_openssl_version_str);
    145. 

  145.   tor_free(crypto_openssl_header_version_str);
    146. 

  146. 

  147. #ifndef NEW_THREAD_API
    148. 

  148.   if (n_openssl_mutexes_) {
    149. 

  149.     int n = n_openssl_mutexes_;
    150. 

  150.     tor_mutex_t **ms = openssl_mutexes_;
    151. 

  151.     int i;
    152. 

  152.     openssl_mutexes_ = NULL;
    153. 

  153.     n_openssl_mutexes_ = 0;
    154. 

  154.     for (i=0;i<n;++i) {
    155. 

  155.       tor_mutex_free(ms[i]);
    156. 

  156.     }
    157. 

  157.     tor_free(ms);
    158. 

  158.   }
    159. 

  159. #endif /* !defined(NEW_THREAD_API) */
    160. 

  160. }
    161. 

  161.