static void init_openssl(void)
{
atexit(fini_openssl);
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
void
tor_init (void)
{
if (initialized) {
return;
}
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
// enable proper threading
locks.length = CRYPTO_num_locks();
locks.item = malloc(locks.length * sizeof(uv_mutex_t));
for (size_t i = 0; i < locks.length; i++) {
uv_mutex_init(&locks.item[i]);
}
CRYPTO_set_locking_callback(_locking_callback);
CRYPTO_set_id_callback(uv_thread_self);
CRYPTO_set_dynlock_create_callback(_dynlock_create_callback);
CRYPTO_set_dynlock_lock_callback(_dynlock_lock_callback);
CRYPTO_set_dynlock_destroy_callback(_dynlock_destroy_callback);
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
initialized = true;
}
void ENGINE_load_builtin_engines(void)
{
/* Some ENGINEs need this */
OPENSSL_cpuid_setup();
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
* accessed (ie. it would be possible to statically link binaries with
* *no* builtin implementations). */
ENGINE_load_openssl();
#endif
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
ENGINE_load_cryptodev();
#endif
#ifndef OPENSSL_NO_RDRAND
ENGINE_load_rdrand();
#endif
ENGINE_load_dynamic();
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_4758_CCA
ENGINE_load_4758cca();
#endif
#ifndef OPENSSL_NO_HW_AEP
ENGINE_load_aep();
#endif
#ifndef OPENSSL_NO_HW_ATALLA
ENGINE_load_atalla();
#endif
#ifndef OPENSSL_NO_HW_CSWIFT
ENGINE_load_cswift();
#endif
#ifndef OPENSSL_NO_HW_NCIPHER
ENGINE_load_chil();
#endif
#ifndef OPENSSL_NO_HW_NURON
ENGINE_load_nuron();
#endif
#ifndef OPENSSL_NO_HW_SUREWARE
ENGINE_load_sureware();
#endif
#ifndef OPENSSL_NO_HW_UBSEC
ENGINE_load_ubsec();
#endif
#ifndef OPENSSL_NO_HW_PADLOCK
ENGINE_load_padlock();
#endif
#endif
#ifndef OPENSSL_NO_GOST
ENGINE_load_gost();
#endif
#ifndef OPENSSL_NO_GMP
ENGINE_load_gmp();
#endif
#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
ENGINE_load_capi();
#endif
#endif
ENGINE_register_all_complete();
}
void BTCTrader::signRequest ( QString* header, QNetworkRequest* newRequest )
{
nonce += 1;
*header = ( header->length() == 0 ) ? "nonce=" + QString::number( nonce ) : "nonce=" + QString::number( nonce ) + "&" + *header;
QByteArray key = QByteArray::fromBase64( restSign.toStdString().c_str() );
unsigned char* result;
unsigned int result_len = 512;
HMAC_CTX ctx;
result = (unsigned char*) malloc(sizeof(unsigned char) * result_len);
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key.constData(), key.length(), EVP_sha512(), NULL);
HMAC_Update(&ctx, (unsigned char*)header->toAscii().constData(), header->length());
HMAC_Final(&ctx, result, &result_len);
HMAC_CTX_cleanup(&ctx);
newRequest->setRawHeader( "Rest-Key", restKey.toStdString().c_str() );
newRequest->setRawHeader( "Rest-Sign", QByteArray::fromRawData( (char*)result, result_len ).toBase64() );
newRequest->setRawHeader( "content-type","application/x-www-form-urlencoded" );
free ( result );
}
static ENGINE *
setup_engine (const char *engine)
{
ENGINE *e = NULL;
ENGINE_load_builtin_engines ();
if (engine)
{
if (strcmp (engine, "auto") == 0)
{
msg (M_INFO, "Initializing OpenSSL auto engine support");
ENGINE_register_all_complete ();
return NULL;
}
if ((e = ENGINE_by_id (engine)) == NULL
&& (e = try_load_engine (engine)) == NULL)
{
msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", engine);
}
if (!ENGINE_set_default (e, ENGINE_METHOD_ALL))
{
msg (M_FATAL, "OpenSSL error: ENGINE_set_default failed on engine '%s'",
engine);
}
msg (M_INFO, "Initializing OpenSSL support for engine '%s'",
ENGINE_get_id (e));
}
return e;
}
void ENGINE_load_builtin_engines(void)
{
/* Some ENGINEs need this */
OPENSSL_cpuid_setup();
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
# ifdef ENGINE_load_cryptodev
ENGINE_load_cryptodev();
# endif
#endif
#ifndef OPENSSL_NO_RDRAND
# ifdef ENGINE_load_rdrand
ENGINE_load_rdrand();
# endif
#endif
# ifdef ENGINE_load_dynamic
ENGINE_load_dynamic();
# endif
#ifndef OPENSSL_NO_STATIC_ENGINE
# ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_PADLOCK
# ifdef ENGINE_load_padlock
ENGINE_load_padlock();
# endif
# endif
# endif
# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
# ifdef ENGINE_load_capi
ENGINE_load_capi();
# endif
# endif
#endif
ENGINE_register_all_complete();
}
void openssl_init(bool threaded)
{
// initialize the SSL library
SSL_load_error_strings();
SSL_library_init();
unsigned int randSeed = 0;
RAND_bytes( (unsigned char*)&randSeed, sizeof(randSeed) );
srand( randSeed );
#ifndef OPENSSL_NO_ENGINE
/* Load all bundled ENGINEs into memory and make them visible */
ENGINE_load_builtin_engines();
/* Register all of them for every algorithm they collectively implement */
ENGINE_register_all_complete();
#endif // NO_ENGINE
if(threaded)
{
// provide locking functions to OpenSSL since we'll be running with
// threads accessing openssl in parallel.
CRYPTO_set_id_callback( threads_thread_id );
CRYPTO_set_locking_callback( threads_locking_callback );
}
}
void ENGINE_load_builtin_engines(void)
{
/* Some ENGINEs need this */
OPENSSL_cpuid_setup();
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
* accessed (ie. it would be possible to statically link binaries with
* *no* builtin implementations). */
ENGINE_load_openssl();
#endif
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
ENGINE_load_cryptodev();
#endif
#ifndef OPENSSL_NO_RSAX
ENGINE_load_rsax();
#endif
#ifndef OPENSSL_NO_RDRAND
ENGINE_load_rdrand();
#endif
ENGINE_load_dynamic();
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_PADLOCK
ENGINE_load_padlock();
#endif
#endif
#ifndef OPENSSL_NO_GOST
ENGINE_load_gost();
#endif
#endif
ENGINE_register_all_complete();
}
char* QBox_MakeUpToken(const QBox_AuthPolicy* auth)
{
char* uptoken;
char* policy_str;
char* encoded_digest;
char* encoded_policy_str;
char digest[EVP_MAX_MD_SIZE + 1];
unsigned int dgtlen = sizeof(digest);
HMAC_CTX ctx;
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
policy_str = QBox_AuthPolicy_json(auth);
encoded_policy_str = QBox_String_Encode(policy_str);
free(policy_str);
bzero(digest, sizeof(digest));
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, QBOX_SECRET_KEY, strlen(QBOX_SECRET_KEY), EVP_sha1(), NULL);
HMAC_Update(&ctx, encoded_policy_str, strlen(encoded_policy_str));
HMAC_Final(&ctx, digest, &dgtlen);
HMAC_CTX_cleanup(&ctx);
encoded_digest = QBox_Memory_Encode(digest, dgtlen);
uptoken = QBox_String_Concat(QBOX_ACCESS_KEY, ":", encoded_digest, ":", encoded_policy_str, NULL);
free(encoded_policy_str);
free(encoded_digest);
return uptoken;
}
void ENGINE_setup_bsd_cryptodev(void) {
static int bsd_cryptodev_default_loaded = 0;
if (!bsd_cryptodev_default_loaded) {
ENGINE_load_cryptodev();
ENGINE_register_all_complete();
}
bsd_cryptodev_default_loaded=1;
}
void _libssh2_openssl_crypto_init(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
#else
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
#endif
#ifndef HAVE_EVP_AES_128_CTR
_libssh2_EVP_aes_128_ctr();
_libssh2_EVP_aes_192_ctr();
_libssh2_EVP_aes_256_ctr();
#endif
}
void ENGINE_setup_openbsd(void) {
static int openbsd_default_loaded = 0;
if (!openbsd_default_loaded) {
ENGINE_load_cryptodev();
ENGINE_register_all_complete();
}
openbsd_default_loaded=1;
}
void
ssh_SSLeay_add_all_algorithms(void)
{
SSLeay_add_all_algorithms();
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
void ENGINE_load_builtin_engines(void)
{
/* Some ENGINEs need this */
OPENSSL_cpuid_setup();
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
ENGINE_load_cryptodev();
#endif
#ifndef OPENSSL_NO_RDRAND
ENGINE_load_rdrand();
#endif
ENGINE_load_dynamic();
#ifndef OPENSSL_NO_STATIC_ENGINE
# ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_4758_CCA
ENGINE_load_4758cca();
# endif
/*-
* These engines have been disabled as they do not currently build
#ifndef OPENSSL_NO_HW_AEP
ENGINE_load_aep();
#endif
#ifndef OPENSSL_NO_HW_ATALLA
ENGINE_load_atalla();
#endif
#ifndef OPENSSL_NO_HW_CSWIFT
ENGINE_load_cswift();
#endif
#ifndef OPENSSL_NO_HW_NCIPHER
ENGINE_load_chil();
#endif
#ifndef OPENSSL_NO_HW_NURON
ENGINE_load_nuron();
#endif
#ifndef OPENSSL_NO_HW_SUREWARE
ENGINE_load_sureware();
#endif
#ifndef OPENSSL_NO_HW_UBSEC
ENGINE_load_ubsec();
#endif
*/
# ifndef OPENSSL_NO_HW_PADLOCK
ENGINE_load_padlock();
# endif
# endif
# ifndef OPENSSL_NO_GOST
ENGINE_load_gost();
# endif
# ifndef OPENSSL_NO_GMP
ENGINE_load_gmp();
# endif
# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
ENGINE_load_capi();
# endif
#endif
ENGINE_register_all_complete();
}
void
ca_sslinit(void)
{
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Init hardware crypto engines. */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
void
ssh_OpenSSL_add_all_algorithms(void)
{
OpenSSL_add_all_algorithms();
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
OPENSSL_config(NULL);
}
static void SMSSLInit(void)
{
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
//ERR_load_crypto_strings();
/* Init available hardware crypto engines. */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
int get_aes_sha1_threshold()
{
AES_KEY key;
uint8_t ukey[16];
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
memset(ukey, 0xaf, sizeof(ukey));
AES_set_encrypt_key(ukey, 16*8, &key);
return aead_test(CRYPTO_AES_CBC, CRYPTO_SHA1, ukey, 16, &key, aes_sha_combo);
}
static QBox_Error QBox_DigestAuth_Auth(void* self, QBox_Header** header, const char* url, const char* addition, size_t addlen)
{
QBox_Error err;
char const* path = NULL;
char* auth = NULL;
char digest[EVP_MAX_MD_SIZE + 1];
unsigned int dgtlen = sizeof(digest);
char* enc_digest = NULL;
HMAC_CTX ctx;
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
path = strstr(url, "://");
if (path != NULL) {
path = strchr(path + 3, '/');
}
if (path == NULL) {
err.code = 400;
err.message = "Invalid URL";
return err;
}
/* Do digest calculation */
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, QBOX_SECRET_KEY, strlen(QBOX_SECRET_KEY), EVP_sha1(), NULL);
HMAC_Update(&ctx, path, strlen(path));
HMAC_Update(&ctx, "\n", 1);
if (addlen > 0) {
HMAC_Update(&ctx, addition, addlen);
}
HMAC_Final(&ctx, digest, &dgtlen);
HMAC_CTX_cleanup(&ctx);
digest[dgtlen] = '\0';
enc_digest = QBox_String_Encode(digest);
/* Set appopriate HTTP header */
auth = QBox_String_Concat("Authorization: QBox ", QBOX_ACCESS_KEY, ":", enc_digest, NULL);
free(enc_digest);
*header = curl_slist_append(*header, auth);
free(auth);
err.code = 200;
err.message = "OK";
return err;
}
/**
* Initialise the crypto library and perform one time initialisation.
*/
static apr_status_t crypto_init(apr_pool_t *pool, const char *params, int *rc)
{
CRYPTO_malloc_init();
ERR_load_crypto_strings();
/* SSL_load_error_strings(); */
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
apr_pool_cleanup_register(pool, pool, crypto_shutdown_helper,
apr_pool_cleanup_null);
return APR_SUCCESS;
}
void
ENGINE_load_builtin_engines(void)
{
/* Some ENGINEs need this */
OPENSSL_cpuid_setup();
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_PADLOCK
ENGINE_load_padlock();
#endif
#endif
#endif
ENGINE_register_all_complete();
}
void
ssl_init(struct relayd *env)
{
static int initialized = 0;
if (initialized)
return;
SSL_library_init();
SSL_load_error_strings();
/* Init hardware crypto engines. */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
initialized = 1;
}
static SSL_CTX * ssl_server_init(const char *keypath, const char *certpath)
{
SSL_CTX *ctx;
ENGINE *e;
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
e = ENGINE_by_id("padlock");
if (e) {
fprintf(stderr, "[*] Using padlock engine for default ciphers\n");
ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
use_padlock_engine = 1;
} else {
fprintf(stderr, "[*] Padlock engine not available\n");
use_padlock_engine = 0;
}
SSL_load_error_strings();
SSL_library_init();
if (!RAND_poll())
return NULL;
ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_chain_file(ctx, certpath) ||
!SSL_CTX_use_PrivateKey_file(ctx, keypath, SSL_FILETYPE_PEM)) {
fprintf(stderr, "Could not read %s or %s file\n", keypath, certpath);
fprintf(stderr, "To generate a key and self-signed certificate, run:\n");
fprintf(stderr, "\topenssl genrsa -out key.pem 2048\n");
fprintf(stderr, "\topenssl req -new -key key.pem -out cert.req\n");
fprintf(stderr, "\topenssl x509 -req -days 365 -in cert.req -signkey key.pem -out cert.pem\n");
return NULL;
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
if (use_padlock_engine == 1) {
if (SSL_CTX_set_cipher_list(ctx, "AES+SHA") != 1) {
fprintf(stderr, "Error setting client cipher list\n");
return NULL;
}
}
return ctx;
}
void
ssl_init(void)
{
static int inited = 0;
if (inited)
return;
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
/* Init hardware crypto engines. */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
inited = 1;
}
/**
* Initialise the crypto library and perform one time initialisation.
*/
static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
const apu_err_t **result)
{
#if APR_USE_OPENSSL_PRE_1_1_API
(void)CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
#endif
ERR_load_crypto_strings();
/* SSL_load_error_strings(); */
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
apr_pool_cleanup_register(pool, pool, crypto_shutdown_helper,
apr_pool_cleanup_null);
return APR_SUCCESS;
}
char* CryptoHandler::hmac_sha512(char* datain, char* keyin, const bool& base64)
{
unsigned char* key = (unsigned char*) keyin;
unsigned char* data = (unsigned char*) datain;
unsigned char* result;
unsigned int result_len = 64;
HMAC_CTX ctx;
result = (unsigned char*) malloc(sizeof(char) * result_len);
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key, strlen(keyin), EVP_sha512(), NULL);
HMAC_Update(&ctx, data, strlen(datain));
HMAC_Final(&ctx, result, &result_len);
HMAC_CTX_cleanup(&ctx);
if(base64)
return base64encode(result,result_len);
return (char*)result;
}
/*
* If this function is called with a non NULL settings value then it must be
* called prior to any threads making calls to any OpenSSL functions,
* i.e. passing a non-null settings value is assumed to be single-threaded.
*/
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
{
static int stoperrset = 0;
if (stopped) {
if (!stoperrset) {
/*
* We only ever set this once to avoid getting into an infinite
* loop where the error system keeps trying to init and fails so
* sets an error etc
*/
stoperrset = 1;
CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
}
return 0;
}
if (!base_inited && !RUN_ONCE(&base, ossl_init_base))
return 0;
if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
&& !RUN_ONCE(&load_crypto_strings,
ossl_init_no_load_crypto_strings))
return 0;
if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
&& !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
return 0;
if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
&& !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
return 0;
if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
&& !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
return 0;
if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
&& !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
return 0;
if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
&& !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
return 0;
if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
&& !RUN_ONCE(&config, ossl_init_no_config))
return 0;
if (opts & OPENSSL_INIT_LOAD_CONFIG) {
int ret;
CRYPTO_THREAD_write_lock(init_lock);
appname = (settings == NULL) ? NULL : settings->appname;
ret = RUN_ONCE(&config, ossl_init_config);
CRYPTO_THREAD_unlock(init_lock);
if (!ret)
return 0;
}
if ((opts & OPENSSL_INIT_ASYNC)
&& !RUN_ONCE(&async, ossl_init_async))
return 0;
#ifndef OPENSSL_NO_ENGINE
if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
&& !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
return 0;
# if !defined(OPENSSL_NO_HW) && \
(defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
&& !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev))
return 0;
# endif
# ifndef OPENSSL_NO_RDRAND
if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
&& !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
return 0;
# endif
if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
&& !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
return 0;
# ifndef OPENSSL_NO_STATIC_ENGINE
# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
&& !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
return 0;
# endif
# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
if ((opts & OPENSSL_INIT_ENGINE_CAPI)
&& !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
return 0;
# endif
# if !defined(OPENSSL_NO_AFALGENG)
if ((opts & OPENSSL_INIT_ENGINE_AFALG)
&& !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
return 0;
# endif
# endif
if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_ENGINE_OPENSSL
| OPENSSL_INIT_ENGINE_AFALG)) {
ENGINE_register_all_complete();
}
#endif
#ifndef OPENSSL_NO_COMP
if ((opts & OPENSSL_INIT_ZLIB)
&& !RUN_ONCE(&zlib, ossl_init_zlib))
return 0;
#endif
return 1;
}
int main(int argc, char **argv) {
program_name = argv[0];
if(!parse_options(argc, argv))
return 1;
make_names();
if(show_version) {
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
VERSION, __DATE__, __TIME__, PROT_CURRENT);
printf("Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n"
"see the file COPYING for details.\n");
return 0;
}
if(show_help) {
usage(false);
return 0;
}
if(kill_tincd)
return !kill_other(kill_tincd);
openlogger("tinc", use_logfile?LOGMODE_FILE:LOGMODE_STDERR);
g_argv = argv;
init_configuration(&config_tree);
/* Slllluuuuuuurrrrp! */
RAND_load_file("/dev/urandom", 1024);
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
OpenSSL_add_all_algorithms();
if(generate_keys) {
read_server_config();
return !keygen(generate_keys);
}
if(!read_server_config())
return 1;
#ifdef HAVE_LZO
if(lzo_init() != LZO_E_OK) {
logger(LOG_ERR, "Error initializing LZO compressor!");
return 1;
}
#endif
#ifdef HAVE_MINGW
if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) {
logger(LOG_ERR, "System call `%s' failed: %s", "WSAStartup", winerror(GetLastError()));
return 1;
}
if(!do_detach || !init_service())
return main2(argc, argv);
else
return 1;
}
int main (int argc, char *argv[])
{
gchar *in_dir;
GList *tmp;
struct evhttp_uri *uri;
struct timeval tv;
log_level = LOG_debug;
event_set_mem_functions (g_malloc, g_realloc, g_free);
// init SSL libraries
CRYPTO_set_mem_functions (g_malloc0, g_realloc, g_free);
ENGINE_load_builtin_engines ();
ENGINE_register_all_complete ();
ERR_load_crypto_strings ();
OpenSSL_add_all_algorithms ();
SSL_load_error_strings ();
SSL_library_init ();
if (!RAND_poll ()) {
fprintf(stderr, "RAND_poll() failed.\n");
return 1;
}
g_random_set_seed (time (NULL));
in_dir = g_dir_make_tmp (NULL, NULL);
g_assert (in_dir);
app = g_new0 (Application, 1);
app->files_count = 10;
app->evbase = event_base_new ();
app->dns_base = evdns_base_new (app->evbase, 1);
app->conf = conf_create ();
conf_add_boolean (app->conf, "log.use_syslog", TRUE);
conf_add_uint (app->conf, "auth.ttl", 85800);
conf_add_int (app->conf, "pool.writers", 2);
conf_add_int (app->conf, "pool.readers", 2);
conf_add_int (app->conf, "pool.operations", 4);
conf_add_uint (app->conf, "pool.max_requests_per_pool", 100);
conf_add_int (app->conf, "connection.timeout", 20);
conf_add_int (app->conf, "connection.retries", -1);
conf_add_uint (app->conf, "filesystem.dir_cache_max_time", 5);
conf_add_boolean (app->conf, "filesystem.cache_enabled", TRUE);
conf_add_string (app->conf, "filesystem.cache_dir", "/tmp/hydrafs");
conf_add_string (app->conf, "filesystem.cache_dir_max_size", "1Gb");
conf_add_boolean (app->conf, "statistics.enabled", TRUE);
conf_add_int (app->conf, "statistics.port", 8011);
conf_add_string (app->conf, "auth.user", "test:tester");
conf_add_string (app->conf, "auth.key", "testing");
uri = evhttp_uri_parse ("https://10.0.0.104:8080/auth/v1.0");
app->ssl_ctx = SSL_CTX_new (TLSv1_client_method ());
app->stats = hfs_stats_srv_create (app);
app->auth_client = auth_client_create (app, uri);
app->http = http_client_create (app);
// start server
start_srv (app->evbase, in_dir);
app->timeout = evtimer_new (app->evbase, on_output_timer, NULL);
evutil_timerclear(&tv);
tv.tv_sec = 0;
tv.tv_usec = 500;
event_add (app->timeout, &tv);
event_base_dispatch (app->evbase);
evhttp_uri_free (uri);
event_del (app->timeout);
event_free (app->timeout);
evhttp_free (app->http_srv);
auth_client_destroy (app->auth_client);
evdns_base_free (app->dns_base, 0);
event_base_free (app->evbase);
conf_destroy (app->conf);
g_free (app);
return 0;
}
void context_init(void) { /* init SSL */
int i;
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
/* Load all bundled ENGINEs into memory and make them visible */
ENGINE_load_builtin_engines();
/* Register all of them for every algorithm they collectively implement */
ENGINE_register_all_complete();
#endif
if(!init_prng())
log(LOG_INFO, "PRNG seeded successfully");
SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
if(options.option.client) {
ctx=SSL_CTX_new(SSLv3_client_method());
} else { /* Server mode */
ctx=SSL_CTX_new(SSLv23_server_method());
#ifndef NO_RSA
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
#endif /* NO_RSA */
if(init_dh())
log(LOG_WARNING, "Diffie-Hellman initialization failed");
}
if(options.ssl_options) {
log(LOG_DEBUG, "Configuration SSL options: 0x%08lX",
options.ssl_options);
log(LOG_DEBUG, "SSL options set: 0x%08lX",
SSL_CTX_set_options(ctx, options.ssl_options));
}
#if SSLEAY_VERSION_NUMBER >= 0x00906000L
SSL_CTX_set_mode(ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif /* OpenSSL-0.9.6 */
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_timeout(ctx, options.session_timeout);
if(options.option.cert) {
if(!SSL_CTX_use_certificate_chain_file(ctx, options.cert)) {
log(LOG_ERR, "Error reading certificate file: %s", options.cert);
sslerror("SSL_CTX_use_certificate_chain_file");
exit(1);
}
log(LOG_DEBUG, "Certificate: %s", options.cert);
log(LOG_DEBUG, "Key file: %s", options.key);
#ifdef USE_WIN32
SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb);
#endif
for(i=0; i<3; i++) {
#ifdef NO_RSA
if(SSL_CTX_use_PrivateKey_file(ctx, options.key,
SSL_FILETYPE_PEM))
#else /* NO_RSA */
if(SSL_CTX_use_RSAPrivateKey_file(ctx, options.key,
SSL_FILETYPE_PEM))
#endif /* NO_RSA */
break;
if(i<2 && ERR_GET_REASON(ERR_peek_error())==EVP_R_BAD_DECRYPT) {
sslerror_stack(); /* dump the error stack */
log(LOG_ERR, "Wrong pass phrase: retrying");
continue;
}
#ifdef NO_RSA
sslerror("SSL_CTX_use_PrivateKey_file");
#else /* NO_RSA */
sslerror("SSL_CTX_use_RSAPrivateKey_file");
#endif /* NO_RSA */
exit(1);
}
if(!SSL_CTX_check_private_key(ctx)) {
sslerror("Private key does not match the certificate");
exit(1);
}
}
verify_init(); /* Initialize certificate verification */
SSL_CTX_set_info_callback(ctx, info_callback);
if(options.cipher_list) {
if (!SSL_CTX_set_cipher_list(ctx, options.cipher_list)) {
sslerror("SSL_CTX_set_cipher_list");
exit(1);
}
}
}