crypto_openssl_mgt.c 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. /* Copyright (c) 2001, Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2017, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file crypto_openssl.c
  8. *
  9. * \brief Block of functions related to operations from OpenSSL.
  10. **/
  11. #include "compat_openssl.h"
  12. #include "crypto_openssl_mgt.h"
  13. DISABLE_GCC_WARNING(redundant-decls)
  14. #include <openssl/err.h>
  15. #include <openssl/rsa.h>
  16. #include <openssl/pem.h>
  17. #include <openssl/evp.h>
  18. #include <openssl/engine.h>
  19. #include <openssl/rand.h>
  20. #include <openssl/bn.h>
  21. #include <openssl/dh.h>
  22. #include <openssl/conf.h>
  23. #include <openssl/hmac.h>
  24. #include <openssl/crypto.h>
  25. ENABLE_GCC_WARNING(redundant-decls)
  26. #ifndef NEW_THREAD_API
  27. /** A number of preallocated mutexes for use by OpenSSL. */
  28. static tor_mutex_t **openssl_mutexes_ = NULL;
  29. /** How many mutexes have we allocated for use by OpenSSL? */
  30. static int n_openssl_mutexes_ = 0;
  31. #endif /* !defined(NEW_THREAD_API) */
  32. /** Declare STATIC functions */
  33. STATIC char * parse_openssl_version_str(const char *raw_version);
  34. #ifndef NEW_THREAD_API
  35. STATIC void openssl_locking_cb_(int mode, int n, const char *file, int line);
  36. STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid);
  37. #endif
  38. /* Returns a trimmed and human-readable version of an openssl version string
  39. * <b>raw_version</b>. They are usually in the form of 'OpenSSL 1.0.0b 10
  40. * May 2012' and this will parse them into a form similar to '1.0.0b' */
  41. STATIC char *
  42. parse_openssl_version_str(const char *raw_version)
  43. {
  44. const char *end_of_version = NULL;
  45. /* The output should be something like "OpenSSL 1.0.0b 10 May 2012. Let's
  46. trim that down. */
  47. if (!strcmpstart(raw_version, "OpenSSL ")) {
  48. raw_version += strlen("OpenSSL ");
  49. end_of_version = strchr(raw_version, ' ');
  50. }
  51. if (end_of_version)
  52. return tor_strndup(raw_version,
  53. end_of_version-raw_version);
  54. else
  55. return tor_strdup(raw_version);
  56. }
  57. static char *crypto_openssl_version_str = NULL;
  58. /* Return a human-readable version of the run-time openssl version number. */
  59. const char *
  60. crypto_openssl_get_version_str(void)
  61. {
  62. if (crypto_openssl_version_str == NULL) {
  63. const char *raw_version = OpenSSL_version(OPENSSL_VERSION);
  64. crypto_openssl_version_str = parse_openssl_version_str(raw_version);
  65. }
  66. return crypto_openssl_version_str;
  67. }
  68. static char *crypto_openssl_header_version_str = NULL;
  69. /* Return a human-readable version of the compile-time openssl version
  70. * number. */
  71. const char *
  72. crypto_openssl_get_header_version_str(void)
  73. {
  74. if (crypto_openssl_header_version_str == NULL) {
  75. crypto_openssl_header_version_str =
  76. parse_openssl_version_str(OPENSSL_VERSION_TEXT);
  77. }
  78. return crypto_openssl_header_version_str;
  79. }
  80. #ifndef OPENSSL_THREADS
  81. #error OpenSSL has been built without thread support. Tor requires an \
  82. OpenSSL library with thread support enabled.
  83. #endif
  84. #ifndef NEW_THREAD_API
  85. /** Helper: OpenSSL uses this callback to manipulate mutexes. */
  86. STATIC void
  87. openssl_locking_cb_(int mode, int n, const char *file, int line)
  88. {
  89. (void)file;
  90. (void)line;
  91. if (!openssl_mutexes_)
  92. /* This is not a really good fix for the
  93. * "release-freed-lock-from-separate-thread-on-shutdown" problem, but
  94. * it can't hurt. */
  95. return;
  96. if (mode & CRYPTO_LOCK)
  97. tor_mutex_acquire(openssl_mutexes_[n]);
  98. else
  99. tor_mutex_release(openssl_mutexes_[n]);
  100. }
  101. STATIC void
  102. tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
  103. {
  104. CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
  105. }
  106. #endif /* !defined(NEW_THREAD_API) */
  107. /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
  108. * multithreaded. Returns 0. */
  109. int
  110. setup_openssl_threading(void)
  111. {
  112. #ifndef NEW_THREAD_API
  113. int i;
  114. int n = CRYPTO_num_locks();
  115. n_openssl_mutexes_ = n;
  116. openssl_mutexes_ = tor_calloc(n, sizeof(tor_mutex_t *));
  117. for (i=0; i < n; ++i)
  118. openssl_mutexes_[i] = tor_mutex_new();
  119. CRYPTO_set_locking_callback(openssl_locking_cb_);
  120. CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
  121. #endif /* !defined(NEW_THREAD_API) */
  122. return 0;
  123. }
  124. /** free OpenSSL variables */
  125. void
  126. crypto_openssl_free_all(void)
  127. {
  128. tor_free(crypto_openssl_version_str);
  129. tor_free(crypto_openssl_header_version_str);
  130. #ifndef NEW_THREAD_API
  131. if (n_openssl_mutexes_) {
  132. int n = n_openssl_mutexes_;
  133. tor_mutex_t **ms = openssl_mutexes_;
  134. int i;
  135. openssl_mutexes_ = NULL;
  136. n_openssl_mutexes_ = 0;
  137. for (i=0;i<n;++i) {
  138. tor_mutex_free(ms[i]);
  139. }
  140. tor_free(ms);
  141. }
  142. #endif /* !defined(NEW_THREAD_API) */
  143. }