static int threadSetup(void) { int i; if (CRYPTO_get_locking_callback() != NULL) { /* Locking callback is already installed, dont touch it. */ return GT_OK; } lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); if (lock_cs == NULL) { return GT_OUT_OF_MEMORY; } for (i = 0; i < CRYPTO_num_locks(); ++i) { pthread_mutex_init(&(lock_cs[i]), NULL); } CRYPTO_set_locking_callback(pthreadsLockingCallback); CRYPTO_set_id_callback(pthreadsThreadId); thread_setup_done = 1; return GT_OK; }
/** * Module deactivation * */ static int globus_l_openssl_deactivate(void) { int i; OBJ_cleanup(); ERR_clear_error(); X509V3_EXT_cleanup(); if (CRYPTO_get_id_callback() == globus_l_openssl_thread_id) { CRYPTO_set_id_callback(NULL); } if (CRYPTO_get_locking_callback() == globus_l_openssl_locking_cb) { CRYPTO_set_locking_callback(NULL); } for (i=0; i<CRYPTO_num_locks(); i++) { globus_mutex_destroy(&(mutex_pool[i])); } free(mutex_pool); globus_module_deactivate(GLOBUS_GSI_OPENSSL_ERROR_MODULE); globus_module_deactivate(GLOBUS_COMMON_MODULE); return GLOBUS_SUCCESS; }
static int threadSetup(void) { int i; int j; if (CRYPTO_get_locking_callback() != NULL) { /* Locking callback is already installed, dont touch it. */ return GT_OK; } lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); if (lock_cs == NULL) { return GT_OUT_OF_MEMORY; } for (i = 0; i < CRYPTO_num_locks(); ++i) { lock_cs[i] = CreateMutex(NULL, FALSE, NULL); if (lock_cs[i] == NULL) { for (j = 0; j < i; ++j) { CloseHandle(lock_cs[j]); } OPENSSL_free(lock_cs); return GT_OUT_OF_MEMORY; } } CRYPTO_set_locking_callback(win32LockingCallback); /* ID callback is not needed on windows according to OpenSSL * documentation. */ thread_setup_done = 1; return GT_OK; }
void ff_tls_init(void) { avpriv_lock_avformat(); #if CONFIG_OPENSSL if (!openssl_init) { SSL_library_init(); SSL_load_error_strings(); #if HAVE_THREADS if (!CRYPTO_get_locking_callback()) { int i; openssl_mutexes = av_malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks()); for (i = 0; i < CRYPTO_num_locks(); i++) pthread_mutex_init(&openssl_mutexes[i], NULL); CRYPTO_set_locking_callback(openssl_lock); #if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000 CRYPTO_set_id_callback(openssl_thread_id); #endif } #endif } openssl_init++; #endif #if CONFIG_GNUTLS #if HAVE_THREADS && GNUTLS_VERSION_NUMBER < 0x020b00 if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif gnutls_global_init(); #endif avpriv_unlock_avformat(); }
void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) void (*locking_cb)(int, int, const char *, int); ENGINE *e; locking_cb = CRYPTO_get_locking_callback(); if (locking_cb) CRYPTO_set_locking_callback(NULL); e = ENGINE_by_id("gost"); if (!e) { #if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST) ENGINE_load_gost(); e = ENGINE_by_id("gost"); #else /* try to load dynamic gost engine */ e = ENGINE_by_id("dynamic"); if (!e) { ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); } if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) { ENGINE_free(e); e = NULL; } #endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */ } if (e) { ENGINE_set_default(e, ENGINE_METHOD_ALL); ENGINE_free(e); } if (locking_cb) CRYPTO_set_locking_callback(locking_cb); #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */ openssl_sha1_mech.mech_data = EVP_sha1(); sc_pkcs11_register_mechanism(card, &openssl_sha1_mech); #if OPENSSL_VERSION_NUMBER >= 0x00908000L openssl_sha256_mech.mech_data = EVP_sha256(); sc_pkcs11_register_mechanism(card, &openssl_sha256_mech); openssl_sha384_mech.mech_data = EVP_sha384(); sc_pkcs11_register_mechanism(card, &openssl_sha384_mech); openssl_sha512_mech.mech_data = EVP_sha512(); sc_pkcs11_register_mechanism(card, &openssl_sha512_mech); #endif openssl_md5_mech.mech_data = EVP_md5(); sc_pkcs11_register_mechanism(card, &openssl_md5_mech); openssl_ripemd160_mech.mech_data = EVP_ripemd160(); sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech); #if OPENSSL_VERSION_NUMBER >= 0x10000000L openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94); sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech); #endif }
/* returns -1 on error, 0 on success */ int tls_init_locks() { /* init "static" tls locks */ n_static_locks=CRYPTO_num_locks(); if (n_static_locks<0){ LM_CRIT("bad CRYPTO_num_locks %d\n", n_static_locks); n_static_locks=0; } if (n_static_locks){ if (CRYPTO_get_locking_callback()!=NULL) { LM_CRIT("ssl locking callback already set\n"); return -1; } static_locks=lock_set_alloc(n_static_locks); if (static_locks==0){ LM_CRIT("could not allocate lockset with %d locks\n", n_static_locks); goto error; } if (lock_set_init(static_locks)==0){ LM_CRIT("lock set init failed (%d locks)\n", n_static_locks); lock_set_dealloc(static_locks); static_locks=0; n_static_locks=0; goto error; } CRYPTO_set_locking_callback(locking_f); } /* OpenSSL is thread-safe since 1.1.0 */ #if OPENSSL_VERSION_NUMBER < 0x10100000L /* set "dynamic" locks callbacks */ CRYPTO_set_dynlock_create_callback(dyn_create_f); CRYPTO_set_dynlock_lock_callback(dyn_lock_f); CRYPTO_set_dynlock_destroy_callback(dyn_destroy_f); #endif /* starting with v1.0.0 openssl does not use anymore getpid(), but address * of errno which can point to same virtual address in a multi-process * application * - for refrence http://www.openssl.org/docs/crypto/threads.html */ CRYPTO_set_id_callback(sr_ssl_id_f); /* atomic add -- since for now we don't have atomic_add * (only atomic_inc), fallback to the default use-locks mode * CRYPTO_set_add_lock_callback(atomic_add_f); */ return 0; error: tls_destroy_locks(); return -1; }
/* called after g_module_check_init(), after shadow searches for __shadow_plugin_init__ */ void __shadow_plugin_init__(ShadowFunctionTable* shadowlibFuncs) { /* save the shadow functions we will use */ scallion.shadowlibFuncs = shadowlibFuncs; /* tell shadow which functions it should call to manage nodes */ shadowlibFuncs->registerPlugin(&_scallion_new, &_scallion_free, &_scallion_notify); shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished registering scallion plug-in state"); /* setup openssl locks */ #define OPENSSL_THREAD_DEFINES #include <openssl/opensslconf.h> #if defined(OPENSSL_THREADS) /* thread support enabled */ /* make sure openssl uses Shadow's random sources and make crypto thread-safe */ const RAND_METHOD* shadowRandomMethod = NULL; CRYPTO_lock_func shadowLockFunc = NULL; CRYPTO_id_func shadowIdFunc = NULL; int nLocks = CRYPTO_num_locks(); gboolean success = shadowlibFuncs->cryptoSetup(nLocks, (gpointer*)&shadowLockFunc, (gpointer*)&shadowIdFunc, (gconstpointer*)&shadowRandomMethod); if(!success) { /* ok, lets see if we can get shadow function pointers through LD_PRELOAD */ shadowRandomMethod = RAND_get_rand_method(); shadowLockFunc = CRYPTO_get_locking_callback(); shadowIdFunc = CRYPTO_get_id_callback(); } CRYPTO_set_locking_callback(shadowLockFunc); CRYPTO_set_id_callback(shadowIdFunc); RAND_set_rand_method(shadowRandomMethod); shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished initializing crypto thread state"); #else /* no thread support */ shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild openssl with threading support. expect segfaults."); #endif /* setup libevent locks */ #ifdef EVTHREAD_USE_PTHREADS_IMPLEMENTED if(evthread_use_pthreads()) { shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "error in evthread_use_pthreads()"); } shadowlibFuncs->log(SHADOW_LOG_LEVEL_MESSAGE, __FUNCTION__, "finished initializing event thread state evthread_use_pthreads()"); #else shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild libevent with threading support, or link with event_pthread. expect segfaults."); #endif }
static void initOpensslLocks(void) { unsigned ii, nlocks; if (CRYPTO_get_locking_callback() != NULL) { /* Someone already set the callback before us. Don't destroy it! */ return; } nlocks = CRYPTO_num_locks(); ossl_locks = malloc(sizeof(*ossl_locks) * nlocks); for (ii = 0; ii < nlocks; ii++) { sslLockInit(ossl_locks + ii); } CRYPTO_set_locking_callback(opensslDoLock); }
void ff_openssl_deinit(void) { avpriv_lock_avformat(); openssl_init--; if (!openssl_init) { #if HAVE_THREADS if (CRYPTO_get_locking_callback() == openssl_lock) { int i; CRYPTO_set_locking_callback(NULL); for (i = 0; i < CRYPTO_num_locks(); i++) pthread_mutex_destroy(&openssl_mutexes[i]); av_free(openssl_mutexes); } #endif } avpriv_unlock_avformat(); }
void start() { Platform::ThirdParty::start(); if (!RAND_status()) { // should be always inited in all modern OS char buf[16]; memcpy(buf, &_msStart, 8); memcpy(buf + 8, &_msFreq, 8); uchar sha256Buffer[32]; RAND_seed(hashSha256(buf, 16, sha256Buffer), 32); if (!RAND_status()) { LOG(("MTP Error: Could not init OpenSSL rand, RAND_status() is 0...")); } } // Force OpenSSL loading if it is linked in Qt, // so that we won't mess with our OpenSSL locking with Qt OpenSSL locking. auto sslSupported = QSslSocket::supportsSsl(); if (!sslSupported) { LOG(("Error: current Qt build doesn't support SSL requests.")); } if (!CRYPTO_get_locking_callback()) { // Qt didn't initialize OpenSSL, so we will. auto numLocks = CRYPTO_num_locks(); if (numLocks) { _sslLocks = new QMutex[numLocks]; CRYPTO_set_locking_callback(_sslLockingCallback); } else { LOG(("MTP Error: Could not init OpenSSL threads, CRYPTO_num_locks() returned zero!")); } CRYPTO_THREADID_set_callback(_sslThreadId); } if (!CRYPTO_get_dynlock_create_callback()) { CRYPTO_set_dynlock_create_callback(_sslCreateFunction); CRYPTO_set_dynlock_lock_callback(_sslLockFunction); CRYPTO_set_dynlock_destroy_callback(_sslDestroyFunction); } else if (!CRYPTO_get_dynlock_lock_callback()) { LOG(("MTP Error: dynlock_create callback is set without dynlock_lock callback!")); } av_register_all(); avcodec_register_all(); av_lockmgr_register(_ffmpegLockManager); _sslInited = true; }
int neo4j_openssl_init(void) { SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); int num_locks = CRYPTO_num_locks(); thread_locks = calloc(num_locks, sizeof(neo4j_mutex_t)); if (thread_locks == NULL) { return -1; } for (int i = 0; i < num_locks; i++) { int err = neo4j_mutex_init(&(thread_locks[i])); if (err) { for (; i > 0; --i) { neo4j_mutex_destroy(&(thread_locks[i-1])); } free(thread_locks); errno = err; return -1; } } if (CRYPTO_get_locking_callback() == NULL) { CRYPTO_set_locking_callback(locking_callback); CRYPTO_set_id_callback(neo4j_current_thread_id); } SSL_CTX *ctx = SSL_CTX_new(TLSv1_method()); if (ctx == NULL) { errno = openssl_error(NULL, NEO4J_LOG_ERROR, __FILE__, __LINE__); return -1; } SSL_CTX_free(ctx); return 0; }
static BOOL _winpr_openssl_cleanup_locking(void) { /* undo our static locking modifications */ if (CRYPTO_get_locking_callback() == _winpr_openssl_locking) { int i; CRYPTO_set_locking_callback(NULL); for (i = 0; i < g_winpr_openssl_num_locks; i++) { CloseHandle(g_winpr_openssl_locks[i]); } g_winpr_openssl_num_locks = 0; free(g_winpr_openssl_locks); g_winpr_openssl_locks = NULL; } /* unset our dynamic locking callbacks */ if (CRYPTO_get_dynlock_create_callback() == _winpr_openssl_dynlock_create) { CRYPTO_set_dynlock_create_callback(NULL); } if (CRYPTO_get_dynlock_lock_callback() == _winpr_openssl_dynlock_lock) { CRYPTO_set_dynlock_lock_callback(NULL); } if (CRYPTO_get_dynlock_destroy_callback() == _winpr_openssl_dynlock_destroy) { CRYPTO_set_dynlock_destroy_callback(NULL); } #if (OPENSSL_VERSION_NUMBER < 0x10000000L) if (CRYPTO_get_id_callback() == _winpr_openssl_id) { CRYPTO_set_id_callback(NULL); } #endif return TRUE; }
int neo4j_openssl_cleanup(void) { if (CRYPTO_get_locking_callback() == locking_callback) { CRYPTO_set_locking_callback(NULL); CRYPTO_set_id_callback(NULL); } int num_locks = CRYPTO_num_locks(); for (int i = 0; i < num_locks; i++) { neo4j_mutex_destroy(&(thread_locks[i])); } free(thread_locks); EVP_cleanup(); return 0; }
void init_ssl() { #ifdef ENABLE_TCMALLOC HeapLeakChecker::Disabler disabler; #endif load_ssl_library(); if ((CRYPTO_get_id_callback() == NULL) && (CRYPTO_get_locking_callback() == NULL)) { //cuint_t n; CRYPTO_set_id_callback (__get_thread_id); CRYPTO_set_locking_callback (__lock_thread); int locks_num = CRYPTO_num_locks(); ssl_lock = new KMutex[locks_num]; } }
void OpenSSLInitializer::initialize() { if (++_rc == 1) { #if OPENSSL_VERSION_NUMBER >= 0x0907000L OPENSSL_config(NULL); #endif if(! _disableSSLInitialization) { SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); } char seed[SEEDSIZE]; RandomInputStream rnd; rnd.read(seed, sizeof(seed)); RAND_seed(seed, SEEDSIZE); if(CRYPTO_get_locking_callback() == NULL) { int nMutexes = CRYPTO_num_locks(); _mutexes = new Poco::FastMutex[nMutexes]; CRYPTO_set_locking_callback(&OpenSSLInitializer::lock); #ifndef POCO_OS_FAMILY_WINDOWS // Not needed on Windows (see SF #110: random unhandled exceptions when linking with ssl). // https://sourceforge.net/p/poco/bugs/110/ // // From http://www.openssl.org/docs/crypto/threads.html : // "If the application does not register such a callback using CRYPTO_THREADID_set_callback(), // then a default implementation is used - on Windows and BeOS this uses the system's // default thread identifying APIs" #ifndef OPENSSL_NO_DEPRECATED CRYPTO_set_id_callback(&OpenSSLInitializer::id); #else CRYPTO_THREADID tid; CRYPTO_THREADID_set_numeric(&tid, OpenSSLInitializer::id()); #endif /* OPENSSL_NO_DEPRECATED */ #endif CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate); CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock); CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy); } } }
void ff_tls_deinit(void) { avpriv_lock_avformat(); #if CONFIG_OPENSSL openssl_init--; if (!openssl_init) { #if HAVE_THREADS if (CRYPTO_get_locking_callback() == openssl_lock) { int i; CRYPTO_set_locking_callback(NULL); for (i = 0; i < CRYPTO_num_locks(); i++) pthread_mutex_destroy(&openssl_mutexes[i]); av_free(openssl_mutexes); } #endif } #endif #if CONFIG_GNUTLS gnutls_global_deinit(); #endif avpriv_unlock_avformat(); }
void ff_openssl_init(void) { avpriv_lock_avformat(); if (!openssl_init) { SSL_library_init(); SSL_load_error_strings(); #if HAVE_THREADS if (!CRYPTO_get_locking_callback()) { int i; openssl_mutexes = av_malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks()); for (i = 0; i < CRYPTO_num_locks(); i++) pthread_mutex_init(&openssl_mutexes[i], NULL); CRYPTO_set_locking_callback(openssl_lock); #if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000 CRYPTO_set_id_callback(openssl_thread_id); #endif } #endif } openssl_init++; avpriv_unlock_avformat(); }
void MumbleSSL::initialize() { // Let Qt initialize its copy of OpenSSL, if it's different than // Mumble's. (Initialization is a side-effect of calling // QSslSocket::supportsSsl()). QSslSocket::supportsSsl(); // Initialize our copy of OpenSSL. SSL_library_init(); // Safe to discard return value, per OpenSSL man pages. SSL_load_error_strings(); // Determine if a locking callback has not been set. // This should be the case if there are multiple copies // of OpensSSL in the address space. This is mostly due // to Qt dynamically loading OpenSSL when it is not // configured with -openssl-linked. // // If we detect that no locking callback is configured, we // have to set it up ourselves to allow multi-threaded use // of OpenSSL. if (CRYPTO_get_locking_callback() == NULL) { SSLLocks::initialize(); } }
static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) { ENGINE cpy; dynamic_fns fns; if (ctx->dynamic_dso == NULL) ctx->dynamic_dso = DSO_new(); if (ctx->dynamic_dso == NULL) return 0; if (!ctx->DYNAMIC_LIBNAME) { if (!ctx->engine_id) return 0; ctx->DYNAMIC_LIBNAME = DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); } if (!int_load(ctx)) { ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND); DSO_free(ctx->dynamic_dso); ctx->dynamic_dso = NULL; return 0; } /* We have to find a bind function otherwise it'll always end badly */ if (! (ctx->bind_engine = (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso, ctx->DYNAMIC_F2))) { ctx->bind_engine = NULL; DSO_free(ctx->dynamic_dso); ctx->dynamic_dso = NULL; ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE); return 0; } /* Do we perform version checking? */ if (!ctx->no_vcheck) { unsigned long vcheck_res = 0; /* * Now we try to find a version checking function and decide how to * cope with failure if/when it fails. */ ctx->v_check = (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso, ctx->DYNAMIC_F1); if (ctx->v_check) vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); /* * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too * old. */ if (vcheck_res < OSSL_DYNAMIC_OLDEST) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL; DSO_free(ctx->dynamic_dso); ctx->dynamic_dso = NULL; ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_VERSION_INCOMPATIBILITY); return 0; } } /* * First binary copy the ENGINE structure so that we can roll back if the * hand-over fails */ memcpy(&cpy, e, sizeof(ENGINE)); /* * Provide the ERR, "ex_data", memory, and locking callbacks so the * loaded library uses our state rather than its own. FIXME: As noted in * engine.h, much of this would be simplified if each area of code * provided its own "summary" structure of all related callbacks. It * would also increase opaqueness. */ fns.static_state = ENGINE_get_static_state(); fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); /* * Now that we've loaded the dynamic engine, make sure no "dynamic" * ENGINE elements will show through. */ engine_set_all_null(e); /* Try to bind the ENGINE onto our own ENGINE structure */ if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { ctx->bind_engine = NULL; ctx->v_check = NULL; DSO_free(ctx->dynamic_dso); ctx->dynamic_dso = NULL; ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED); /* Copy the original ENGINE structure back */ memcpy(e, &cpy, sizeof(ENGINE)); return 0; } /* Do we try to add this ENGINE to the internal list too? */ if (ctx->list_add_value > 0) { if (!ENGINE_add(e)) { /* Do we tolerate this or fail? */ if (ctx->list_add_value > 1) { /* * Fail - NB: By this time, it's too late to rollback, and * trying to do so allows the bind_engine() code to have * created leaks. We just have to fail where we are, after * the ENGINE has changed. */ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_CONFLICTING_ENGINE_ID); return 0; } /* Tolerate */ ERR_clear_error(); } } return 1; }
static BOOL _winpr_openssl_initialize_locking(void) { int i, count; /* OpenSSL static locking */ if (CRYPTO_get_locking_callback()) { WLog_WARN(TAG, "OpenSSL static locking callback is already set"); } else { if ((count = CRYPTO_num_locks()) > 0) { HANDLE* locks; if (!(locks = calloc(count, sizeof(HANDLE)))) { WLog_ERR(TAG, "error allocating lock table"); return FALSE; } for (i = 0; i < count; i++) { if (!(locks[i] = CreateMutex(NULL, FALSE, NULL))) { WLog_ERR(TAG, "error creating lock #%d", i); while (i--) { if (locks[i]) CloseHandle(locks[i]); } free(locks); return FALSE; } } g_winpr_openssl_locks = locks; g_winpr_openssl_num_locks = count; CRYPTO_set_locking_callback(_winpr_openssl_locking); } } /* OpenSSL dynamic locking */ if (CRYPTO_get_dynlock_create_callback() || CRYPTO_get_dynlock_lock_callback() || CRYPTO_get_dynlock_destroy_callback()) { WLog_WARN(TAG, "dynamic locking callbacks are already set"); } else { CRYPTO_set_dynlock_create_callback(_winpr_openssl_dynlock_create); CRYPTO_set_dynlock_lock_callback(_winpr_openssl_dynlock_lock); CRYPTO_set_dynlock_destroy_callback(_winpr_openssl_dynlock_destroy); } /* Use the deprecated CRYPTO_get_id_callback() if building against OpenSSL < 1.0.0 */ #if (OPENSSL_VERSION_NUMBER < 0x10000000L) if (CRYPTO_get_id_callback()) { WLog_WARN(TAG, "OpenSSL id_callback is already set"); } else { CRYPTO_set_id_callback(_winpr_openssl_id); } #endif return TRUE; }
/** * Module activation */ static int globus_l_openssl_activate(void) { int i; int pci_NID; int pci_old_NID; X509V3_EXT_METHOD * pci_x509v3_ext_meth = NULL; X509V3_EXT_METHOD * pci_old_x509v3_ext_meth = NULL; SSL_library_init(); globus_module_activate(GLOBUS_COMMON_MODULE); globus_module_activate(GLOBUS_GSI_OPENSSL_ERROR_MODULE); mutex_pool = malloc(CRYPTO_num_locks() * sizeof(globus_mutex_t)); for(i=0;i<CRYPTO_num_locks();i++) { globus_mutex_init(&(mutex_pool[i]),NULL); } if (!CRYPTO_get_locking_callback()) { CRYPTO_set_locking_callback(globus_l_openssl_locking_cb); } if (!CRYPTO_get_id_callback()) { CRYPTO_set_id_callback(globus_l_openssl_thread_id); } if (OBJ_txt2nid(ANY_LANGUAGE_OID) == 0) { OBJ_create(ANY_LANGUAGE_OID, ANY_LANGUAGE_SN, ANY_LANGUAGE_LN); } if (OBJ_txt2nid(IMPERSONATION_PROXY_OID) == 0) { OBJ_create(IMPERSONATION_PROXY_OID, IMPERSONATION_PROXY_SN, IMPERSONATION_PROXY_LN); } if (OBJ_txt2nid(INDEPENDENT_PROXY_OID) == 0) { OBJ_create(INDEPENDENT_PROXY_OID, INDEPENDENT_PROXY_SN, INDEPENDENT_PROXY_LN); } if (OBJ_txt2nid(LIMITED_PROXY_OID) == 0) { OBJ_create(LIMITED_PROXY_OID, LIMITED_PROXY_SN, LIMITED_PROXY_LN); } pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID); if (pci_NID == 0) { pci_NID = OBJ_create(PROXYCERTINFO_OID, PROXYCERTINFO_SN, PROXYCERTINFO_LN); } pci_old_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID); if (pci_old_NID == 0) { pci_old_NID = OBJ_create(PROXYCERTINFO_OLD_OID, PROXYCERTINFO_OLD_SN, PROXYCERTINFO_OLD_LN); } /* this sets the pci NID in the static X509V3_EXT_METHOD struct */ if (X509V3_EXT_get_nid(pci_NID) == NULL) { pci_x509v3_ext_meth = PROXYCERTINFO_x509v3_ext_meth(); pci_x509v3_ext_meth->ext_nid = pci_NID; X509V3_EXT_add(pci_x509v3_ext_meth); } if (X509V3_EXT_get_nid(pci_old_NID) == NULL) { pci_old_x509v3_ext_meth = PROXYCERTINFO_OLD_x509v3_ext_meth(); pci_old_x509v3_ext_meth->ext_nid = pci_old_NID; X509V3_EXT_add(pci_old_x509v3_ext_meth); } return GLOBUS_SUCCESS; }
ret_t http2d_init (void) { if (_initialized) return ret_ok; /* Init OpenSSL */ OPENSSL_config (NULL); SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); /* Ensure PRNG has been seeded with enough data */ if (RAND_status() == 0) { LOG_WARNING_S (HTTP2D_ERROR_SSL_NO_ENTROPY); } /* Init concurrency related stuff */ if ((CRYPTO_get_id_callback() == NULL) && (CRYPTO_get_locking_callback() == NULL)) { cuint_t n; CRYPTO_set_id_callback (__get_thread_id); CRYPTO_set_locking_callback (__lock_thread); locks_num = CRYPTO_num_locks(); locks = malloc (locks_num * sizeof(*locks)); for (n = 0; n < locks_num; n++) { HTTP2D_MUTEX_INIT (&locks[n], NULL); } } /* Engines */ ENGINE_load_builtin_engines(); OpenSSL_add_all_algorithms(); ENGINE *e = ENGINE_by_id("pkcs11"); while (e != NULL) { if(! ENGINE_init(e)) { ENGINE_free (e); LOG_CRITICAL_S (HTTP2D_ERROR_SSL_PKCS11); break; } if(! ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ENGINE_free (e); LOG_CRITICAL_S (HTTP2D_ERROR_SSL_DEFAULTS); break; } ENGINE_finish(e); ENGINE_free(e); break; } return ret_ok; }
/* (de)initialisation functions. */ static int hwcrhk_init(ENGINE *e) { HWCryptoHook_Init_t *p1; HWCryptoHook_Finish_t *p2; HWCryptoHook_ModExp_t *p3; #ifndef OPENSSL_NO_RSA HWCryptoHook_RSA_t *p4; HWCryptoHook_RSALoadKey_t *p5; HWCryptoHook_RSAGetPublicKey_t *p6; HWCryptoHook_RSAUnloadKey_t *p7; #endif HWCryptoHook_RandomBytes_t *p8; HWCryptoHook_ModExpCRT_t *p9; if(hwcrhk_dso != NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED); goto err; } /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0); if(hwcrhk_dso == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); goto err; } if(!(p1 = (HWCryptoHook_Init_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) || !(p2 = (HWCryptoHook_Finish_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || !(p3 = (HWCryptoHook_ModExp_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || #ifndef OPENSSL_NO_RSA !(p4 = (HWCryptoHook_RSA_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || !(p5 = (HWCryptoHook_RSALoadKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) || !(p6 = (HWCryptoHook_RSAGetPublicKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || !(p7 = (HWCryptoHook_RSAUnloadKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || #endif !(p8 = (HWCryptoHook_RandomBytes_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || !(p9 = (HWCryptoHook_ModExpCRT_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); goto err; } /* Copy the pointers */ p_hwcrhk_Init = p1; p_hwcrhk_Finish = p2; p_hwcrhk_ModExp = p3; #ifndef OPENSSL_NO_RSA p_hwcrhk_RSA = p4; p_hwcrhk_RSALoadKey = p5; p_hwcrhk_RSAGetPublicKey = p6; p_hwcrhk_RSAUnloadKey = p7; #endif p_hwcrhk_RandomBytes = p8; p_hwcrhk_ModExpCRT = p9; /* Check if the application decided to support dynamic locks, and if it does, use them. */ if (disable_mutex_callbacks == 0) { if (CRYPTO_get_dynlock_create_callback() != NULL && CRYPTO_get_dynlock_lock_callback() != NULL && CRYPTO_get_dynlock_destroy_callback() != NULL) { hwcrhk_globals.mutex_init = hwcrhk_mutex_init; hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; } else if (CRYPTO_get_locking_callback() != NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING); ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()"); goto err; } } /* Try and get a context - if not, we may have a DSO but no * accelerator! */ if(!get_context(&hwcrhk_context, &password_context)) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE); goto err; } /* Everything's fine. */ #ifndef OPENSSL_NO_RSA if (hndidx_rsa == -1) hndidx_rsa = RSA_get_ex_new_index(0, "nFast HWCryptoHook RSA key handle", NULL, NULL, hwcrhk_ex_free); #endif return 1; err: if(hwcrhk_dso) DSO_free(hwcrhk_dso); hwcrhk_dso = NULL; p_hwcrhk_Init = NULL; p_hwcrhk_Finish = NULL; p_hwcrhk_ModExp = NULL; #ifndef OPENSSL_NO_RSA p_hwcrhk_RSA = NULL; p_hwcrhk_RSALoadKey = NULL; p_hwcrhk_RSAGetPublicKey = NULL; p_hwcrhk_RSAUnloadKey = NULL; #endif p_hwcrhk_ModExpCRT = NULL; p_hwcrhk_RandomBytes = NULL; return 0; }