EXPORT UNSIGNED32 STDCALL TaggantInitializeLibrary(__in_opt TAGGANTFUNCTIONS *pFuncs, __out UNSIGNED64 *puVersion) { /* Get the pointer to callbacks structure */ TAGGANTFUNCTIONS* callbacks = get_callbacks(); /* Initialize structure */ memset(callbacks, 0, sizeof(TAGGANTFUNCTIONS)); if (pFuncs != NULL) { memcpy((char*)callbacks, (char*)pFuncs, get_min((unsigned long)pFuncs->size, sizeof(TAGGANTFUNCTIONS))); } callbacks->size = sizeof(TAGGANTFUNCTIONS); /* If any of memory callbacks are NULL then redirect them to internal callbacks */ if (callbacks->MemoryAllocCallBack == NULL || callbacks->MemoryFreeCallBack == NULL || callbacks->MemoryReallocCallBack == NULL) { callbacks->MemoryAllocCallBack = (void* (__DECLARATION*)(size_t))&internal_alloc; callbacks->MemoryFreeCallBack = (void (__DECLARATION*)(void*))&internal_free; callbacks->MemoryReallocCallBack = (void* (__DECLARATION*)(void*, size_t))&internal_realloc; } CRYPTO_set_mem_functions(memory_alloc, memory_realloc, memory_free); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); /* Return the maximim version number supported by the library */ *puVersion = TAGGANT_LIBRARY_CURRENTVERSION; lib_initialized = 1; return TNOERR; }
SSLInitCls::SSLInitCls() { Socket::Init(); MemoryIgnoreLeaksBlock __; CRYPTO_set_mem_functions(SSLAlloc, SSLRealloc, SSLFree); SSL_load_error_strings(); SSL_library_init(); AddThread(); }
isc_result_t dst__openssl_init() { isc_result_t result; #ifdef DNS_CRYPTO_LEAKS CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); nlocks = CRYPTO_num_locks(); locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); if (locks == NULL) return (ISC_R_NOMEMORY); result = isc_mutexblock_init(locks, nlocks); if (result != ISC_R_SUCCESS) goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); CRYPTO_set_id_callback(id_callback); rm = mem_alloc(sizeof(RAND_METHOD)); if (rm == NULL) { result = ISC_R_NOMEMORY; goto cleanup_mutexinit; } rm->seed = NULL; rm->bytes = entropy_get; rm->cleanup = NULL; rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; rm->status = entropy_status; #ifdef USE_ENGINE e = ENGINE_new(); if (e == NULL) { result = ISC_R_NOMEMORY; goto cleanup_rm; } ENGINE_set_RAND(e, rm); RAND_set_rand_method(rm); #else RAND_set_rand_method(rm); #endif /* USE_ENGINE */ return (ISC_R_SUCCESS); #ifdef USE_ENGINE cleanup_rm: mem_free(rm); #endif cleanup_mutexinit: CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); cleanup_mutexalloc: mem_free(locks); return (result); }
/* this has to be the first function called from ui_*.c */ void tls_init() { tls_platform_init(); tls_initialized=1; ui_tls=tls_alloc(NULL, NULL, "ui"); #if OPENSSL_VERSION_NUMBER>=0x10100000L CRYPTO_set_mem_functions(str_alloc_detached_debug, str_realloc_detached_debug, str_free_debug); #else CRYPTO_set_mem_ex_functions(str_alloc_detached_debug, str_realloc_detached_debug, free_function); #endif }
RSA_DSA_Factory::RSA_DSA_Factory(Allocator *normAlloc, Allocator *privAlloc) { setNormAllocator(normAlloc); setPrivAllocator(privAlloc); /* once-per-address space */ CRYPTO_set_mem_functions(osMalloc, osRealloc, osFree); CRYPTO_set_locked_mem_functions(osMalloc, osFree); /* these should go in a lib somewhere */ ERR_load_RSA_strings(); ERR_load_BN_strings(); ERR_load_DSA_strings(); }
void _ws_set_memory_functions(ws_malloc_replacement_f malloc_replace, ws_free_replacement_f free_replace, ws_realloc_replacement_f realloc_replace) { replaced_ws_malloc = malloc_replace; replaced_ws_free = free_replace; replaced_ws_realloc = realloc_replace; event_set_mem_functions(malloc_replace, realloc_replace, free_replace); #ifdef LIBWS_WITH_OPENSSL CRYPTO_set_mem_functions(malloc_replace, realloc_replace, free_replace); #endif }
CRYPTO_API void xr_crypto_init () { string256 random_string; sprintf_s (random_string, "%I64d_%s", CPU::QPC(), rnd_seed); //sprintf_s (random_string, "%s", rnd_seed); CRYPTO_set_mem_functions (xr_malloc, xr_realloc, unsafe_xr_free); RAND_seed (random_string, xr_strlen(random_string)); //unsigned int siglen; //tmp_dsa_params->flags |= DSA_FLAG_NO_EXP_CONSTTIME; //ZeroMemory(sig, sizeof(sig)); //DSA_sign(0, digest, sizeof(digest), sig, &siglen, tmp_dsa_params); //DSA_verify(0, digest, sizeof(digest), sig, siglen, tmp_dsa_params); /*#ifdef DEBUG CRYPTO_dbg_set_options (V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl (CRYPTO_MEM_CHECK_ON); #endif*/ }
SSL_CTX *SSLCommon::initialize_ctx(const bool& isServer) { SSL_METHOD *meth; SSL_CTX *ctx; CRYPTO_set_mem_functions (zeroingMalloc, realloc, free); SSL_library_init (); OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */ SSL_load_error_strings(); /* load all error messages */ printf ("Using OpenSSL version \"%s\"\n", SSLeay_version (SSLEAY_VERSION)); /* Set up a SIGPIPE handler */ signal (SIGPIPE, SIG_IGN); /* Create our context*/ if(isServer) { meth = (SSL_METHOD*)SSLv23_server_method(); /* create new server-method instance */ } else { meth = (SSL_METHOD*)SSLv23_client_method(); /* create new client-method instance */ } ctx = SSL_CTX_new(meth); /* create new context from method */ if (ctx == NULL) { cout << "Could not create context" << endl; ERR_print_errors_fp(stderr); exitSSL ("SSL_CTX_new"); } return ctx; }
/* * called once from main.c (main process) */ int init_tls(void) { int i; #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) STACK_OF(SSL_COMP)* comp_methods; #endif LM_DBG("entered\n"); #if OPENSSL_VERSION_NUMBER < 0x00907000L LM_WARN("using an old version of OpenSSL (< 0.9.7). Upgrade!\n"); #endif /* * this has to be called before any function calling CRYPTO_malloc, * CRYPTO_malloc will set allow_customize in openssl to 0 */ if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) { LM_ERR("unable to set the memory allocation functions\n"); return -1; } #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) /* disabling compression */ LM_WARN("disabling compression due ZLIB problems\n"); comp_methods = SSL_COMP_get_compression_methods(); if (comp_methods==0) { LM_INFO("openssl compression already disabled\n"); } else { sk_SSL_COMP_zero(comp_methods); } #endif if (tls_init_multithread() < 0) { LM_ERR("failed to init multi-threading support\n"); return -1; } SSL_library_init(); SSL_load_error_strings(); init_ssl_methods(); i = check_for_krb(); if (i==-1) { LM_ERR("kerberos check failed\n"); return -1; } if ( ( i ^ #ifndef OPENSSL_NO_KRB5 1 #else 0 #endif )!=0 ) { LM_ERR("compiled agaist an openssl with %s" "kerberos, but run with one with %skerberos\n", (i==1)?"":"no ",(i!=1)?"no ":""); return -1; } /* * now initialize tls default domains */ if ( (i=init_tls_domains(tls_default_server_domain)) ) { return i; } if ( (i=init_tls_domains(tls_default_client_domain)) ) { return i; } /* * now initialize tls virtual domains */ if ( (i=init_tls_domains(tls_server_domains)) ) { return i; } if ( (i=init_tls_domains(tls_client_domains)) ) { return i; } /* * we are all set */ return 0; }
int main (int argc, char *argv[]) { gchar *in_dir; GList *tmp; struct evhttp_uri *uri; struct timeval tv; log_level = LOG_debug; event_set_mem_functions (g_malloc, g_realloc, g_free); // init SSL libraries CRYPTO_set_mem_functions (g_malloc0, g_realloc, g_free); ENGINE_load_builtin_engines (); ENGINE_register_all_complete (); ERR_load_crypto_strings (); OpenSSL_add_all_algorithms (); SSL_load_error_strings (); SSL_library_init (); if (!RAND_poll ()) { fprintf(stderr, "RAND_poll() failed.\n"); return 1; } g_random_set_seed (time (NULL)); in_dir = g_dir_make_tmp (NULL, NULL); g_assert (in_dir); app = g_new0 (Application, 1); app->files_count = 10; app->evbase = event_base_new (); app->dns_base = evdns_base_new (app->evbase, 1); app->conf = conf_create (); conf_add_boolean (app->conf, "log.use_syslog", TRUE); conf_add_uint (app->conf, "auth.ttl", 85800); conf_add_int (app->conf, "pool.writers", 2); conf_add_int (app->conf, "pool.readers", 2); conf_add_int (app->conf, "pool.operations", 4); conf_add_uint (app->conf, "pool.max_requests_per_pool", 100); conf_add_int (app->conf, "connection.timeout", 20); conf_add_int (app->conf, "connection.retries", -1); conf_add_uint (app->conf, "filesystem.dir_cache_max_time", 5); conf_add_boolean (app->conf, "filesystem.cache_enabled", TRUE); conf_add_string (app->conf, "filesystem.cache_dir", "/tmp/hydrafs"); conf_add_string (app->conf, "filesystem.cache_dir_max_size", "1Gb"); conf_add_boolean (app->conf, "statistics.enabled", TRUE); conf_add_int (app->conf, "statistics.port", 8011); conf_add_string (app->conf, "auth.user", "test:tester"); conf_add_string (app->conf, "auth.key", "testing"); uri = evhttp_uri_parse ("https://10.0.0.104:8080/auth/v1.0"); app->ssl_ctx = SSL_CTX_new (TLSv1_client_method ()); app->stats = hfs_stats_srv_create (app); app->auth_client = auth_client_create (app, uri); app->http = http_client_create (app); // start server start_srv (app->evbase, in_dir); app->timeout = evtimer_new (app->evbase, on_output_timer, NULL); evutil_timerclear(&tv); tv.tv_sec = 0; tv.tv_usec = 500; event_add (app->timeout, &tv); event_base_dispatch (app->evbase); evhttp_uri_free (uri); event_del (app->timeout); event_free (app->timeout); evhttp_free (app->http_srv); auth_client_destroy (app->auth_client); evdns_base_free (app->dns_base, 0); event_base_free (app->evbase); conf_destroy (app->conf); g_free (app); return 0; }
/* * called once from main.c (main process) */ int init_tls(void) { struct tls_domain *d; DBG("init_tls: Entered\n"); #if OPENSSL_VERSION_NUMBER < 0x00907000L LOG(L_ERR, "WARNING! You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n"); #endif LOG(L_ALERT, "WARNING! TLS is considered as an EXPERIMENTAL module\n" ); /* * this has to be called before any function calling CRYPTO_malloc, * CRYPTO_malloc will set allow_customize in openssl to 0 */ if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) { LOG(L_ERR, "init_tls: Unable to set the memory allocation functions\n"); return -1; } SSL_library_init(); SSL_load_error_strings(); init_ssl_methods(); /* * initialize default context first */ default_ctx = SSL_CTX_new(ssl_methods[tls_method - 1]); if (default_ctx == NULL) { LOG(L_ERR, "init_tls: Cannot create default ssl context\n"); return -1; } init_ssl_ctx_behavior( default_ctx ); if (load_certificate(default_ctx, tls_cert_file) < 0) return -1; if (tls_ca_file && load_ca(default_ctx, tls_ca_file) < 0) return -1; if (load_private_key(default_ctx, tls_pkey_file) < 0) return -1; /* * now initialize tls virtual domains */ d = tls_domains; while (d) { DBG("init_tls: Processing TLS domain [%s:%d]\n", ip_addr2a(&d->addr), d->port); /* * create context */ if (d->method == TLS_METHOD_UNSPEC) { DBG("init_tls: No method for tls[%s:%d], using default\n", ip_addr2a(&d->addr), d->port); d->method = tls_method; } d->ctx = SSL_CTX_new(ssl_methods[d->method - 1]); if (d->ctx == NULL) { LOG(L_ERR, "init_tls: Cannot create ssl context for tls[%s:%d]\n", ip_addr2a(&d->addr), d->port); return -1; } init_ssl_ctx_behavior( d->ctx ); /* * load certificate */ if (!d->cert_file) { LOG(L_NOTICE, "init_tls: No certificate for tls[%s:%d] defined, using default '%s'\n", ip_addr2a(&d->addr), d->port, tls_cert_file); d->cert_file = tls_cert_file; } if (load_certificate(d->ctx, d->cert_file) < 0) return -1; /* * load ca */ if (!d->ca_file) { LOG(L_NOTICE, "init_tls: No CA for tls[%s:%d] defined, using default '%s'\n", ip_addr2a(&d->addr), d->port, tls_ca_file); d->ca_file = tls_ca_file; } if (d->ca_file && load_ca(d->ctx, d->ca_file) < 0) return -1; d = d->next; } /* * load all private keys as the last step (may prompt for password) */ d = tls_domains; while (d) { if (!d->pkey_file) { LOG(L_NOTICE, "init_tls: No private key for tls[%s:%d] defined, using default '%s'\n", ip_addr2a(&d->addr), d->port, tls_pkey_file); d->pkey_file = tls_pkey_file; } if (load_private_key(d->ctx, d->pkey_file) < 0) return -1; d = d->next; } /* * we are all set */ return 0; }
static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info) { #ifdef OPENSSL_THREADS ErlNifSysInfo sys_info; #endif get_crypto_callbacks_t* funcp; struct crypto_callbacks* ccb; int nlocks = 0; int tpl_arity; const ERL_NIF_TERM* tpl_array; int vernum; ErlNifBinary lib_bin; char lib_buf[1000]; #ifdef HAVE_DYNAMIC_CRYPTO_LIB void *handle; #endif if (!verify_lib_version()) return __LINE__; /* load_info: {302, <<"/full/path/of/this/library">>,true|false} */ if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array)) return __LINE__; if (tpl_arity != 3) return __LINE__; if (!enif_get_int(env, tpl_array[0], &vernum)) return __LINE__; if (vernum != 302) return __LINE__; if (!enif_inspect_binary(env, tpl_array[1], &lib_bin)) return __LINE__; if (!init_hmac_ctx(env)) { return __LINE__; } if (!init_hash_ctx(env)) { return __LINE__; } if (!init_cipher_ctx(env)) { return __LINE__; } if (!init_engine_ctx(env)) { return __LINE__; } if (library_initialized) { /* Repeated loading of this library (module upgrade). * Atoms and callbacks are already set, we are done. */ return 0; } if (!init_atoms(env, tpl_array[2], load_info)) { return __LINE__; } #ifdef HAVE_DYNAMIC_CRYPTO_LIB if (!change_basename(&lib_bin, lib_buf, sizeof(lib_buf), crypto_callback_name)) return __LINE__; if ((handle = enif_dlopen(lib_buf, &error_handler, NULL)) == NULL) return __LINE__; if ((funcp = (get_crypto_callbacks_t*) enif_dlsym(handle, "get_crypto_callbacks", &error_handler, NULL)) == NULL) return __LINE__; #else /* !HAVE_DYNAMIC_CRYPTO_LIB */ funcp = &get_crypto_callbacks; #endif #ifdef OPENSSL_THREADS enif_system_info(&sys_info, sizeof(sys_info)); if (sys_info.scheduler_threads > 1) { nlocks = CRYPTO_num_locks(); } /* else no need for locks */ #endif ccb = (*funcp)(nlocks); if (!ccb || ccb->sizeof_me != sizeof(*ccb)) { PRINTF_ERR0("Invalid 'crypto_callbacks'"); return __LINE__; } #ifdef HAS_CRYPTO_MEM_FUNCTIONS if (!CRYPTO_set_mem_functions(ccb->crypto_alloc, ccb->crypto_realloc, ccb->crypto_free)) return __LINE__; #endif #ifdef OPENSSL_THREADS if (nlocks > 0) { CRYPTO_set_locking_callback(ccb->locking_function); CRYPTO_set_id_callback(ccb->id_function); CRYPTO_set_dynlock_create_callback(ccb->dyn_create_function); CRYPTO_set_dynlock_lock_callback(ccb->dyn_lock_function); CRYPTO_set_dynlock_destroy_callback(ccb->dyn_destroy_function); } #endif /* OPENSSL_THREADS */ init_digest_types(env); init_cipher_types(env); init_algorithms_types(env); library_initialized = 1; return 0; }
/*{{{ main */ int main (int argc, char *argv[]) { Application *app; gboolean verbose = FALSE; gboolean version = FALSE; GError *error = NULL; GOptionContext *context; gchar **s_params = NULL; gchar **s_config = NULL; gboolean foreground = FALSE; gchar conf_str[1023]; struct stat st; gchar **cache_dir = NULL; gchar **s_fuse_opts = NULL; gchar **s_log_file = NULL; guint32 part_size = 0; gboolean disable_syslog = FALSE; gboolean disable_stats = FALSE; gboolean force_head_requests = FALSE; gint uid = -1; gint gid = -1; gint fmode = -1; gint dmode = -1; struct event_config *ev_config; srand (time (NULL)); app = g_new0 (Application, 1); app->conf_path = g_build_filename (SYSCONFDIR, "riofs.conf.xml", NULL); g_snprintf (conf_str, sizeof (conf_str), "Path to configuration file. Default: %s", app->conf_path); GOptionEntry entries[] = { { G_OPTION_REMAINING, 0, 0, G_OPTION_ARG_STRING_ARRAY, &s_params, NULL, NULL }, { "config", 'c', 0, G_OPTION_ARG_FILENAME_ARRAY, &s_config, conf_str, NULL}, { "uid", 0, 0, G_OPTION_ARG_INT, &uid, "Set UID of filesystem owner.", NULL }, { "gid", 0, 0, G_OPTION_ARG_INT, &gid, "Set GID of filesystem owner.", NULL }, { "fmode", 0, 0, G_OPTION_ARG_INT, &fmode, "Set mode for all files.", NULL }, { "dmode", 0, 0, G_OPTION_ARG_INT, &dmode, "Set mode for all directories.", NULL }, { "foreground", 'f', 0, G_OPTION_ARG_NONE, &foreground, "Flag. Do not daemonize process.", NULL }, { "cache-dir", 0, 0, G_OPTION_ARG_STRING_ARRAY, &cache_dir, "Set cache directory.", NULL }, { "fuse-options", 'o', 0, G_OPTION_ARG_STRING_ARRAY, &s_fuse_opts, "Fuse options.", "\"opt[,opt...]\"" }, { "disable-syslog", 0, 0, G_OPTION_ARG_NONE, &disable_syslog, "Flag. Disable logging to syslog.", NULL }, { "disable-stats", 0, 0, G_OPTION_ARG_NONE, &disable_stats, "Flag. Disable Statistics HTTP interface.", NULL }, { "part-size", 0, 0, G_OPTION_ARG_INT, &part_size, "Set file part size (in bytes).", NULL }, { "log-file", 'l', 0, G_OPTION_ARG_STRING_ARRAY, &s_log_file, "File to write output.", NULL }, { "force-head-requests", 0, 0, G_OPTION_ARG_NONE, &force_head_requests, "Flag. Send HEAD request for each file.", NULL }, { "verbose", 'v', 0, G_OPTION_ARG_NONE, &verbose, "Verbose output.", NULL }, { "version", 'V', 0, G_OPTION_ARG_NONE, &version, "Show application version and exit.", NULL }, { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL } }; // init libraries CRYPTO_set_mem_functions (g_malloc0, g_realloc, g_free); ENGINE_load_builtin_engines (); ENGINE_register_all_complete (); ERR_load_crypto_strings (); OpenSSL_add_all_algorithms (); #ifdef SSL_ENABLED SSL_load_error_strings (); SSL_library_init (); #endif g_random_set_seed (time (NULL)); // init main app structure ev_config = event_config_new (); #if defined(__APPLE__) // method select is the preferred method on OS X. kqueue and poll are not supported. event_config_avoid_method (ev_config, "kqueue"); event_config_avoid_method (ev_config, "poll"); #endif app->evbase = event_base_new_with_config (ev_config); event_config_free (ev_config); if (!app->evbase) { LOG_err (APP_LOG, "Failed to create event base !"); application_destroy (app); return -1; } app->dns_base = evdns_base_new (app->evbase, 1); if (!app->dns_base) { LOG_err (APP_LOG, "Failed to create DNS base !"); application_destroy (app); return -1; } app->f_log = NULL; app->log_file_name = NULL; /*{{{ cmd line args */ // parse command line options context = g_option_context_new ("[bucketname] [mountpoint]"); g_option_context_add_main_entries (context, entries, NULL); g_option_context_set_description (context, "Please set both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables!"); if (!g_option_context_parse (context, &argc, &argv, &error)) { g_fprintf (stderr, "Failed to parse command line options: %s\n", error->message); application_destroy (app); g_option_context_free (context); return -1; } g_option_context_free (context); // check if --version is specified if (version) { g_fprintf (stdout, "RioFS File System v%s\n", VERSION); g_fprintf (stdout, "Copyright (C) 2012-2014 Paul Ionkin <*****@*****.**>\n"); g_fprintf (stdout, "Copyright (C) 2012-2014 Skoobe GmbH. All rights reserved.\n"); g_fprintf (stdout, "Libraries:\n"); g_fprintf (stdout, " GLib: %d.%d.%d libevent: %s fuse: %d.%d", GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION, GLIB_MICRO_VERSION, LIBEVENT_VERSION, FUSE_MAJOR_VERSION, FUSE_MINOR_VERSION ); #if defined(__APPLE__) || defined(__FreeBSD__) || !defined(__GLIBC__) g_fprintf (stdout, "\n"); #else g_fprintf (stdout, " glibc: %s\n", gnu_get_libc_version ()); #endif g_fprintf (stdout, "Features:\n"); g_fprintf (stdout, " libevent backend method: %s\n", event_base_get_method(app->evbase)); #ifdef SSL_ENABLED g_fprintf (stdout, " SSL enabled\n"); #endif /* { int i; const char **methods = event_get_supported_methods (); g_fprintf (stdout, " Available libevent backend methods:\n"); for (i = 0; methods[i] != NULL; ++i) { g_fprintf (stdout, " %s\n", methods[i]); } } */ return 0; } if (!s_params || g_strv_length (s_params) != 2) { LOG_err (APP_LOG, "Wrong number of provided arguments!\nTry `%s --help' for more information.", argv[0]); application_destroy (app); return -1; } if (verbose) log_level = LOG_debug; else log_level = LOG_msg; /*}}}*/ /*{{{ parse config file */ // user provided alternative config path if (s_config && g_strv_length (s_config) > 0) { g_free (app->conf_path); app->conf_path = g_strdup (s_config[0]); g_strfreev (s_config); } app->conf = conf_create (); if (access (app->conf_path, R_OK) == 0) { LOG_debug (APP_LOG, "Using config file: %s", app->conf_path); if (!conf_parse_file (app->conf, app->conf_path)) { LOG_err (APP_LOG, "Failed to parse configuration file: %s", app->conf_path); application_destroy (app); return -1; } } else { LOG_err (APP_LOG, "Configuration file is not found !"); application_destroy (app); return -1; } if (!conf_check_keys (app->conf, conf_keys_str, conf_keys_len)) { LOG_err (APP_LOG, "Configuration file is missing keys, please re-check your configuration file: %s", app->conf_path); application_destroy (app); return -1; } if (disable_syslog) { conf_set_boolean (app->conf, "log.use_syslog", FALSE); } // update logging settings logger_set_syslog (conf_get_boolean (app->conf, "log.use_syslog")); logger_set_color (conf_get_boolean (app->conf, "log.use_color")); if (cache_dir && g_strv_length (cache_dir) > 0) { conf_set_string (app->conf, "filesystem.cache_dir", cache_dir[0]); g_strfreev (cache_dir); } if (!verbose) log_level = conf_get_int (app->conf, "log.level"); if (uid >= 0) conf_set_int (app->conf, "filesystem.uid", uid); if (gid >= 0) conf_set_int (app->conf, "filesystem.gid", gid); if (fmode >= 0) conf_set_int (app->conf, "filesystem.file_mode", fmode); if (dmode >= 0) conf_set_int (app->conf, "filesystem.dir_mode", dmode); /*}}}*/ // try to get access parameters from the environment if (getenv ("AWS_ACCESS_KEY_ID")) { conf_set_string (app->conf, "s3.access_key_id", getenv ("AWS_ACCESS_KEY_ID")); // else check if it's set it the config file } else { if (!conf_node_exists (app->conf, "s3.access_key_id")) { LOG_err (APP_LOG, "Environment variables are not set!\nTry `%s --help' for more information.", argv[0]); application_destroy (app); return -1; } } if (getenv ("AWS_SECRET_ACCESS_KEY")) { conf_set_string (app->conf, "s3.secret_access_key", getenv ("AWS_SECRET_ACCESS_KEY")); } else { if (!conf_node_exists (app->conf, "s3.secret_access_key")) { LOG_err (APP_LOG, "Environment variables are not set!\nTry `%s --help' for more information.", argv[0]); application_destroy (app); return -1; } } // check if both strings are set if (!conf_get_string (app->conf, "s3.access_key_id") || !conf_get_string (app->conf, "s3.secret_access_key")) { LOG_err (APP_LOG, "Environment variables are not set!\nTry `%s --help' for more information.", argv[0]); application_destroy (app); return -1; } // foreground is set if (foreground) conf_set_boolean (app->conf, "app.foreground", foreground); if (part_size) conf_set_uint (app->conf, "s3.part_size", part_size); if (disable_stats) conf_set_boolean (app->conf, "statistics.enabled", FALSE); if (force_head_requests) conf_set_boolean (app->conf, "s3.force_head_requests_on_lookup", TRUE); else conf_set_boolean (app->conf, "s3.force_head_requests_on_lookup", FALSE); conf_set_string (app->conf, "s3.bucket_name", s_params[0]); if (!application_set_url (app, conf_get_string (app->conf, "s3.endpoint"))) { application_destroy (app); return -1; } if (s_fuse_opts && g_strv_length (s_fuse_opts) > 0) { app->fuse_opts = g_strdup (s_fuse_opts[0]); g_strfreev (s_fuse_opts); } if (s_log_file && g_strv_length (s_log_file) > 0) { app->log_file_name = g_strdup (s_log_file[0]); app->f_log = fopen (s_log_file[0], "a+"); if (!app->f_log) { LOG_err (APP_LOG, "Failed to open log file: %s Error: %s", s_log_file[0], strerror (errno)); application_destroy (app); return -1; } LOG_debug (APP_LOG, "Using %s for storing application logs.", s_log_file[0]); logger_set_file (app->f_log); g_strfreev (s_log_file); } conf_set_string (app->conf, "app.mountpoint", s_params[1]); // check if directory exists if (stat (conf_get_string (app->conf, "app.mountpoint"), &st) == -1) { LOG_err (APP_LOG, "Mountpoint %s does not exist! Please check directory permissions!", conf_get_string (app->conf, "app.mountpoint")); application_destroy (app); return -1; } // check if it's a directory if (!S_ISDIR (st.st_mode)) { LOG_err (APP_LOG, "Mountpoint %s is not a directory!", conf_get_string (app->conf, "app.mountpoint")); application_destroy (app); return -1; } g_strfreev (s_params); #ifdef SSL_ENABLED app->ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); if (!app->ssl_ctx) { LOG_err (APP_LOG, "Failed to initialize SSL engine !"); application_exit (app); return -1; } SSL_CTX_set_options (app->ssl_ctx, SSL_OP_ALL); #endif #ifdef MAGIC_ENABLED app->magic_ctx = magic_open(MAGIC_MIME_TYPE); if (!app->magic_ctx) { LOG_err(APP_LOG, "Failed to initialize magic library\n"); return -1; } if (magic_load(app->magic_ctx, NULL)) { LOG_err(APP_LOG, "Failed to load magic database: %s\n", magic_error(app->magic_ctx)); magic_close(app->magic_ctx); return -1; } #endif app->stat_srv = stat_srv_create (app); if (!app->stat_srv) { application_exit (app); return -1; } // perform the initial request to get bucket ACL (handles redirect as well) app->service_con = http_connection_create (app); if (!app->service_con) { application_destroy (app); return -1; } bucket_client_get (app->service_con, "/?acl", application_on_bucket_acl_cb, app); // start the loop event_base_dispatch (app->evbase); application_destroy (app); return 0; }
isc_result_t dst__openssl_init() { isc_result_t result; #ifdef USE_ENGINE /* const char *name; */ ENGINE *re; #endif #ifdef DNS_CRYPTO_LEAKS CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); nlocks = CRYPTO_num_locks(); locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); if (locks == NULL) return (ISC_R_NOMEMORY); result = isc_mutexblock_init(locks, nlocks); if (result != ISC_R_SUCCESS) goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); CRYPTO_set_id_callback(id_callback); rm = mem_alloc(sizeof(RAND_METHOD)); if (rm == NULL) { result = ISC_R_NOMEMORY; goto cleanup_mutexinit; } rm->seed = NULL; rm->bytes = entropy_get; rm->cleanup = NULL; rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; rm->status = entropy_status; #ifdef USE_ENGINE OPENSSL_config(NULL); #ifdef USE_PKCS11 #ifndef PKCS11_SO_PATH #define PKCS11_SO_PATH "/usr/local/lib/engines/engine_pkcs11.so" #endif #ifndef PKCS11_MODULE_PATH #define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so" #endif { /* * to use this to config the PIN, add in openssl.cnf: * - at the beginning: "openssl_conf = openssl_def" * - at any place these sections: * [ openssl_def ] * engines = engine_section * [ engine_section ] * pkcs11 = pkcs11_section * [ pkcs11_section ] * PIN = my___pin */ const char *pre_cmds[] = { "SO_PATH", PKCS11_SO_PATH, "LOAD", NULL, "MODULE_PATH", PKCS11_MODULE_PATH }; const char *post_cmds[] = { /* "PIN", "my___pin" */ }; result = dst__openssl_load_engine("pkcs11", "pkcs11", pre_cmds, 0, post_cmds, /*1*/ 0); if (result != ISC_R_SUCCESS) goto cleanup_rm; } #endif /* USE_PKCS11 */ if (engine_id != NULL) { e = ENGINE_by_id(engine_id); if (e == NULL) { result = ISC_R_NOTFOUND; goto cleanup_rm; } if (!ENGINE_init(e)) { result = ISC_R_FAILURE; ENGINE_free(e); goto cleanup_rm; } ENGINE_set_default(e, ENGINE_METHOD_ALL); ENGINE_free(e); } else { ENGINE_register_all_complete(); for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { /* * Something weird here. If we call ENGINE_finish() * ENGINE_get_default_RAND() will fail. */ if (ENGINE_init(e)) { if (he == NULL) he = e; } } } re = ENGINE_get_default_RAND(); if (re == NULL) { re = ENGINE_new(); if (re == NULL) { result = ISC_R_NOMEMORY; goto cleanup_rm; } ENGINE_set_RAND(re, rm); ENGINE_set_default_RAND(re); ENGINE_free(re); } else ENGINE_finish(re); #else RAND_set_rand_method(rm); #endif /* USE_ENGINE */ return (ISC_R_SUCCESS); #ifdef USE_ENGINE cleanup_rm: mem_free(rm); #endif cleanup_mutexinit: CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); cleanup_mutexalloc: mem_free(locks); return (result); }
static int mod_init(void){ str s; int n; LM_INFO("initializing TLS protocol\n"); if (tls_db_enabled != 0 && tls_db_enabled != 1) { tls_db_enabled = 1; } if (tls_db_enabled) { /* create & init lock */ if ((dom_lock = lock_init_rw()) == NULL) { LM_CRIT("failed to init lock\n"); return -1; } init_db_url(tls_db_url, 0 /*cannot be null*/); tls_db_table.len = strlen(tls_db_table.s); if (tls_db_table.len == 0) { LM_ERR("db url not specified\n"); return -1; } id_col.len = strlen(id_col.s); address_col.len = strlen(address_col.s); type_col.len = strlen(type_col.s); method_col.len = strlen(method_col.s); verify_cert_col.len = strlen(verify_cert_col.s); require_cert_col.len = strlen(require_cert_col.s); certificate_col.len = strlen(certificate_col.s); pk_col.len = strlen(pk_col.s); crl_check_col.len = strlen(crl_check_col.s); calist_col.len = strlen(calist_col.s); cadir_col.len = strlen(cadir_col.s); cplist_col.len = strlen(cplist_col.s); dhparams_col.len = strlen(dhparams_col.s); eccurve_col.len = strlen(eccurve_col.s); if (db_bind_mod(&tls_db_url, &dr_dbf)) { LM_CRIT("cannot bind to database module! " "Did you forget to load a database module ?\n"); return -1; } /* init DB connection */ if ((db_hdl = dr_dbf.init(&tls_db_url)) == 0) { LM_CRIT("cannot initialize database connection\n"); return -1; } if (dr_dbf.use_table(db_hdl, &tls_db_table) < 0) { LM_ERR("cannot select table \"%.*s\"\n", tls_db_table.len, tls_db_table.s); return -1; } } if (tls_domain_avp) { s.s = tls_domain_avp; s.len = strlen(s.s); if (parse_avp_spec( &s, &tls_client_domain_avp)) { LM_ERR("cannot parse tls_client_avp"); return -1; } } /* * this has to be called before any function calling CRYPTO_malloc, * CRYPTO_malloc will set allow_customize in openssl to 0 */ if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { LM_ERR("unable to set the memory allocation functions\n"); LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this " "version is know to be broken; if so, you need to upgrade or " "downgrade to a differen openssl version !!\n"); return -1; } #if !defined(OPENSSL_NO_COMP) STACK_OF(SSL_COMP)* comp_methods; /* disabling compression */ LM_WARN("disabling compression due ZLIB problems\n"); comp_methods = SSL_COMP_get_compression_methods(); if (comp_methods==0) { LM_INFO("openssl compression already disabled\n"); } else { sk_SSL_COMP_zero(comp_methods); } #endif if (tls_init_multithread() < 0) { LM_ERR("failed to init multi-threading support\n"); return -1; } SSL_library_init(); SSL_load_error_strings(); init_ssl_methods(); n = check_for_krb(); if (n==-1) { LM_ERR("kerberos check failed\n"); return -1; } if ( ( n ^ #ifndef OPENSSL_NO_KRB5 1 #else 0 #endif )!=0 ) { LM_ERR("compiled agaist an openssl with %s" "kerberos, but run with one with %skerberos\n", (n==1)?"":"no ",(n!=1)?"no ":""); return -1; } /* * finish setting up the tls default domains */ tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ; tls_default_client_domain.addr.af = AF_INET; tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV; tls_default_server_domain.addr.af = AF_INET; /* * now initialize tls default domains */ if ( (n=init_tls_domains(&tls_default_server_domain)) ) { return n; } if ( (n=init_tls_domains(&tls_default_client_domain)) ) { return n; } /* * now initialize tls virtual domains */ if (tls_db_enabled && load_info(&dr_dbf, db_hdl, &tls_db_table, &tls_server_domains, &tls_client_domains)){ return -1; } if ( (n=init_tls_domains(tls_server_domains)) ) { return n; } if ( (n=init_tls_domains(tls_client_domains)) ) { return n; } /* * we are all set */ return 0; }
isc_result_t dst__openssl_init(const char *engine) { isc_result_t result; #ifdef USE_ENGINE ENGINE *re; #else UNUSED(engine); #endif #ifdef DNS_CRYPTO_LEAKS CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); nlocks = CRYPTO_num_locks(); locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); if (locks == NULL) return (ISC_R_NOMEMORY); result = isc_mutexblock_init(locks, nlocks); if (result != ISC_R_SUCCESS) goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); #if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_set_id_callback(id_callback); #endif ERR_load_crypto_strings(); rm = mem_alloc(sizeof(RAND_METHOD)); if (rm == NULL) { result = ISC_R_NOMEMORY; goto cleanup_mutexinit; } rm->seed = NULL; rm->bytes = entropy_get; rm->cleanup = NULL; rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; rm->status = entropy_status; #ifdef USE_ENGINE OPENSSL_config(NULL); if (engine != NULL && *engine == '\0') engine = NULL; if (engine != NULL) { e = ENGINE_by_id(engine); if (e == NULL) { result = DST_R_NOENGINE; goto cleanup_rm; } /* This will init the engine. */ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { result = DST_R_NOENGINE; goto cleanup_rm; } } re = ENGINE_get_default_RAND(); if (re == NULL) { re = ENGINE_new(); if (re == NULL) { result = ISC_R_NOMEMORY; goto cleanup_rm; } ENGINE_set_RAND(re, rm); ENGINE_set_default_RAND(re); ENGINE_free(re); } else ENGINE_finish(re); #else RAND_set_rand_method(rm); #endif /* USE_ENGINE */ return (ISC_R_SUCCESS); #ifdef USE_ENGINE cleanup_rm: if (e != NULL) ENGINE_free(e); e = NULL; mem_free(rm); rm = NULL; #endif cleanup_mutexinit: CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); cleanup_mutexalloc: mem_free(locks); locks = NULL; return (result); }
static int mod_init(void) { str s; int n; LM_INFO("initializing TLS protocol\n"); if (tls_domain_avp) { s.s = tls_domain_avp; s.len = strlen(s.s); if (parse_avp_spec( &s, &tls_client_domain_avp)) { LM_ERR("cannot parse tls_client_avp"); return -1; } } /* * this has to be called before any function calling CRYPTO_malloc, * CRYPTO_malloc will set allow_customize in openssl to 0 */ if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { LM_ERR("unable to set the memory allocation functions\n"); return -1; } #if !defined(OPENSSL_NO_COMP) STACK_OF(SSL_COMP)* comp_methods; /* disabling compression */ LM_WARN("disabling compression due ZLIB problems\n"); comp_methods = SSL_COMP_get_compression_methods(); if (comp_methods==0) { LM_INFO("openssl compression already disabled\n"); } else { sk_SSL_COMP_zero(comp_methods); } #endif if (tls_init_multithread() < 0) { LM_ERR("failed to init multi-threading support\n"); return -1; } SSL_library_init(); SSL_load_error_strings(); init_ssl_methods(); n = check_for_krb(); if (n==-1) { LM_ERR("kerberos check failed\n"); return -1; } if ( ( n ^ #ifndef OPENSSL_NO_KRB5 1 #else 0 #endif )!=0 ) { LM_ERR("compiled agaist an openssl with %s" "kerberos, but run with one with %skerberos\n", (n==1)?"":"no ",(n!=1)?"no ":""); return -1; } /* * finish setting up the tls default domains */ tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ; tls_default_client_domain.addr.af = AF_INET; tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV; tls_default_server_domain.addr.af = AF_INET; /* * now initialize tls default domains */ if ( (n=init_tls_domains(&tls_default_server_domain)) ) { return n; } if ( (n=init_tls_domains(&tls_default_client_domain)) ) { return n; } /* * now initialize tls virtual domains */ if ( (n=init_tls_domains(tls_server_domains)) ) { return n; } if ( (n=init_tls_domains(tls_client_domains)) ) { return n; } /* * we are all set */ return 0; }