/** * Module deactivation * */ static int globus_l_openssl_deactivate(void) { int i; OBJ_cleanup(); ERR_clear_error(); X509V3_EXT_cleanup(); if (CRYPTO_get_id_callback() == globus_l_openssl_thread_id) { CRYPTO_set_id_callback(NULL); } if (CRYPTO_get_locking_callback() == globus_l_openssl_locking_cb) { CRYPTO_set_locking_callback(NULL); } for (i=0; i<CRYPTO_num_locks(); i++) { globus_mutex_destroy(&(mutex_pool[i])); } free(mutex_pool); globus_module_deactivate(GLOBUS_GSI_OPENSSL_ERROR_MODULE); globus_module_deactivate(GLOBUS_COMMON_MODULE); return GLOBUS_SUCCESS; }
/* Initialize the MPR SSL layer */ PUBLIC int mprSslInit(void *unused, MprModule *module) { RandBuf randBuf; int i; randBuf.now = mprGetTime(); randBuf.pid = getpid(); RAND_seed((void*) &randBuf, sizeof(randBuf)); #if ME_UNIX_LIKE RAND_load_file("/dev/urandom", 256); #endif if ((openProvider = mprAllocObj(MprSocketProvider, manageOpenProvider)) == NULL) { return MPR_ERR_MEMORY; } openProvider->name = sclone("openssl"); openProvider->upgradeSocket = upgradeOss; openProvider->closeSocket = closeOss; openProvider->disconnectSocket = disconnectOss; openProvider->flushSocket = flushOss; openProvider->socketState = getOssState; openProvider->readSocket = readOss; openProvider->writeSocket = writeOss; mprSetSslProvider(openProvider); /* Configure the SSL library. Use the crypto ID as a one-time test. This allows users to configure the library and have their configuration used instead. */ mprGlobalLock(); if (CRYPTO_get_id_callback() == 0) { numLocks = CRYPTO_num_locks(); if ((olocks = mprAlloc(numLocks * sizeof(MprMutex*))) == 0) { return MPR_ERR_MEMORY; } for (i = 0; i < numLocks; i++) { olocks[i] = mprCreateLock(); } CRYPTO_set_id_callback(sslThreadId); CRYPTO_set_locking_callback(sslStaticLock); CRYPTO_set_dynlock_create_callback(sslCreateDynLock); CRYPTO_set_dynlock_destroy_callback(sslDestroyDynLock); CRYPTO_set_dynlock_lock_callback(sslDynLock); #if !ME_WIN_LIKE OpenSSL_add_all_algorithms(); #endif /* WARNING: SSL_library_init() is not reentrant. Caller must ensure safety. */ SSL_library_init(); SSL_load_error_strings(); } mprGlobalUnlock(); return 0; }
/* called after g_module_check_init(), after shadow searches for __shadow_plugin_init__ */ void __shadow_plugin_init__(ShadowFunctionTable* shadowlibFuncs) { /* save the shadow functions we will use */ scallion.shadowlibFuncs = shadowlibFuncs; /* tell shadow which functions it should call to manage nodes */ shadowlibFuncs->registerPlugin(&_scallion_new, &_scallion_free, &_scallion_notify); shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished registering scallion plug-in state"); /* setup openssl locks */ #define OPENSSL_THREAD_DEFINES #include <openssl/opensslconf.h> #if defined(OPENSSL_THREADS) /* thread support enabled */ /* make sure openssl uses Shadow's random sources and make crypto thread-safe */ const RAND_METHOD* shadowRandomMethod = NULL; CRYPTO_lock_func shadowLockFunc = NULL; CRYPTO_id_func shadowIdFunc = NULL; int nLocks = CRYPTO_num_locks(); gboolean success = shadowlibFuncs->cryptoSetup(nLocks, (gpointer*)&shadowLockFunc, (gpointer*)&shadowIdFunc, (gconstpointer*)&shadowRandomMethod); if(!success) { /* ok, lets see if we can get shadow function pointers through LD_PRELOAD */ shadowRandomMethod = RAND_get_rand_method(); shadowLockFunc = CRYPTO_get_locking_callback(); shadowIdFunc = CRYPTO_get_id_callback(); } CRYPTO_set_locking_callback(shadowLockFunc); CRYPTO_set_id_callback(shadowIdFunc); RAND_set_rand_method(shadowRandomMethod); shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished initializing crypto thread state"); #else /* no thread support */ shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild openssl with threading support. expect segfaults."); #endif /* setup libevent locks */ #ifdef EVTHREAD_USE_PTHREADS_IMPLEMENTED if(evthread_use_pthreads()) { shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "error in evthread_use_pthreads()"); } shadowlibFuncs->log(SHADOW_LOG_LEVEL_MESSAGE, __FUNCTION__, "finished initializing event thread state evthread_use_pthreads()"); #else shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild libevent with threading support, or link with event_pthread. expect segfaults."); #endif }
static BOOL _winpr_openssl_cleanup_locking(void) { /* undo our static locking modifications */ if (CRYPTO_get_locking_callback() == _winpr_openssl_locking) { int i; CRYPTO_set_locking_callback(NULL); for (i = 0; i < g_winpr_openssl_num_locks; i++) { CloseHandle(g_winpr_openssl_locks[i]); } g_winpr_openssl_num_locks = 0; free(g_winpr_openssl_locks); g_winpr_openssl_locks = NULL; } /* unset our dynamic locking callbacks */ if (CRYPTO_get_dynlock_create_callback() == _winpr_openssl_dynlock_create) { CRYPTO_set_dynlock_create_callback(NULL); } if (CRYPTO_get_dynlock_lock_callback() == _winpr_openssl_dynlock_lock) { CRYPTO_set_dynlock_lock_callback(NULL); } if (CRYPTO_get_dynlock_destroy_callback() == _winpr_openssl_dynlock_destroy) { CRYPTO_set_dynlock_destroy_callback(NULL); } #if (OPENSSL_VERSION_NUMBER < 0x10000000L) if (CRYPTO_get_id_callback() == _winpr_openssl_id) { CRYPTO_set_id_callback(NULL); } #endif return TRUE; }
void init_ssl() { #ifdef ENABLE_TCMALLOC HeapLeakChecker::Disabler disabler; #endif load_ssl_library(); if ((CRYPTO_get_id_callback() == NULL) && (CRYPTO_get_locking_callback() == NULL)) { //cuint_t n; CRYPTO_set_id_callback (__get_thread_id); CRYPTO_set_locking_callback (__lock_thread); int locks_num = CRYPTO_num_locks(); ssl_lock = new KMutex[locks_num]; } }
bool secure::init(void) { if(private_locks) return true; Thread::init(); Socket::init(); SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); if(CRYPTO_get_id_callback() != NULL) return false; private_locks = new Mutex[CRYPTO_num_locks()]; CRYPTO_set_id_callback(ssl_self); CRYPTO_set_locking_callback(ssl_lock); return true; }
static BOOL _winpr_openssl_initialize_locking(void) { int i, count; /* OpenSSL static locking */ if (CRYPTO_get_locking_callback()) { WLog_WARN(TAG, "OpenSSL static locking callback is already set"); } else { if ((count = CRYPTO_num_locks()) > 0) { HANDLE* locks; if (!(locks = calloc(count, sizeof(HANDLE)))) { WLog_ERR(TAG, "error allocating lock table"); return FALSE; } for (i = 0; i < count; i++) { if (!(locks[i] = CreateMutex(NULL, FALSE, NULL))) { WLog_ERR(TAG, "error creating lock #%d", i); while (i--) { if (locks[i]) CloseHandle(locks[i]); } free(locks); return FALSE; } } g_winpr_openssl_locks = locks; g_winpr_openssl_num_locks = count; CRYPTO_set_locking_callback(_winpr_openssl_locking); } } /* OpenSSL dynamic locking */ if (CRYPTO_get_dynlock_create_callback() || CRYPTO_get_dynlock_lock_callback() || CRYPTO_get_dynlock_destroy_callback()) { WLog_WARN(TAG, "dynamic locking callbacks are already set"); } else { CRYPTO_set_dynlock_create_callback(_winpr_openssl_dynlock_create); CRYPTO_set_dynlock_lock_callback(_winpr_openssl_dynlock_lock); CRYPTO_set_dynlock_destroy_callback(_winpr_openssl_dynlock_destroy); } /* Use the deprecated CRYPTO_get_id_callback() if building against OpenSSL < 1.0.0 */ #if (OPENSSL_VERSION_NUMBER < 0x10000000L) if (CRYPTO_get_id_callback()) { WLog_WARN(TAG, "OpenSSL id_callback is already set"); } else { CRYPTO_set_id_callback(_winpr_openssl_id); } #endif return TRUE; }
/** * Module activation */ static int globus_l_openssl_activate(void) { int i; int pci_NID; int pci_old_NID; X509V3_EXT_METHOD * pci_x509v3_ext_meth = NULL; X509V3_EXT_METHOD * pci_old_x509v3_ext_meth = NULL; SSL_library_init(); globus_module_activate(GLOBUS_COMMON_MODULE); globus_module_activate(GLOBUS_GSI_OPENSSL_ERROR_MODULE); mutex_pool = malloc(CRYPTO_num_locks() * sizeof(globus_mutex_t)); for(i=0;i<CRYPTO_num_locks();i++) { globus_mutex_init(&(mutex_pool[i]),NULL); } if (!CRYPTO_get_locking_callback()) { CRYPTO_set_locking_callback(globus_l_openssl_locking_cb); } if (!CRYPTO_get_id_callback()) { CRYPTO_set_id_callback(globus_l_openssl_thread_id); } if (OBJ_txt2nid(ANY_LANGUAGE_OID) == 0) { OBJ_create(ANY_LANGUAGE_OID, ANY_LANGUAGE_SN, ANY_LANGUAGE_LN); } if (OBJ_txt2nid(IMPERSONATION_PROXY_OID) == 0) { OBJ_create(IMPERSONATION_PROXY_OID, IMPERSONATION_PROXY_SN, IMPERSONATION_PROXY_LN); } if (OBJ_txt2nid(INDEPENDENT_PROXY_OID) == 0) { OBJ_create(INDEPENDENT_PROXY_OID, INDEPENDENT_PROXY_SN, INDEPENDENT_PROXY_LN); } if (OBJ_txt2nid(LIMITED_PROXY_OID) == 0) { OBJ_create(LIMITED_PROXY_OID, LIMITED_PROXY_SN, LIMITED_PROXY_LN); } pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID); if (pci_NID == 0) { pci_NID = OBJ_create(PROXYCERTINFO_OID, PROXYCERTINFO_SN, PROXYCERTINFO_LN); } pci_old_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID); if (pci_old_NID == 0) { pci_old_NID = OBJ_create(PROXYCERTINFO_OLD_OID, PROXYCERTINFO_OLD_SN, PROXYCERTINFO_OLD_LN); } /* this sets the pci NID in the static X509V3_EXT_METHOD struct */ if (X509V3_EXT_get_nid(pci_NID) == NULL) { pci_x509v3_ext_meth = PROXYCERTINFO_x509v3_ext_meth(); pci_x509v3_ext_meth->ext_nid = pci_NID; X509V3_EXT_add(pci_x509v3_ext_meth); } if (X509V3_EXT_get_nid(pci_old_NID) == NULL) { pci_old_x509v3_ext_meth = PROXYCERTINFO_OLD_x509v3_ext_meth(); pci_old_x509v3_ext_meth->ext_nid = pci_old_NID; X509V3_EXT_add(pci_old_x509v3_ext_meth); } return GLOBUS_SUCCESS; }
ret_t http2d_init (void) { if (_initialized) return ret_ok; /* Init OpenSSL */ OPENSSL_config (NULL); SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); /* Ensure PRNG has been seeded with enough data */ if (RAND_status() == 0) { LOG_WARNING_S (HTTP2D_ERROR_SSL_NO_ENTROPY); } /* Init concurrency related stuff */ if ((CRYPTO_get_id_callback() == NULL) && (CRYPTO_get_locking_callback() == NULL)) { cuint_t n; CRYPTO_set_id_callback (__get_thread_id); CRYPTO_set_locking_callback (__lock_thread); locks_num = CRYPTO_num_locks(); locks = malloc (locks_num * sizeof(*locks)); for (n = 0; n < locks_num; n++) { HTTP2D_MUTEX_INIT (&locks[n], NULL); } } /* Engines */ ENGINE_load_builtin_engines(); OpenSSL_add_all_algorithms(); ENGINE *e = ENGINE_by_id("pkcs11"); while (e != NULL) { if(! ENGINE_init(e)) { ENGINE_free (e); LOG_CRITICAL_S (HTTP2D_ERROR_SSL_PKCS11); break; } if(! ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ENGINE_free (e); LOG_CRITICAL_S (HTTP2D_ERROR_SSL_DEFAULTS); break; } ENGINE_finish(e); ENGINE_free(e); break; } return ret_ok; }