static void
global_init(void)
{
subsystems_init_upto(SUBSYS_LEVEL_LIBS);
flush_log_messages_from_startup();
tor_compress_init();
if (crypto_global_init(0, NULL, NULL) < 0)
abort();
{
struct sipkey sipkey = { 1337, 7331 };
siphash_unset_global_key();
siphash_set_global_key(&sipkey);
}
/* set up the options. */
mock_options = tor_malloc_zero(sizeof(or_options_t));
MOCK(get_options, mock_get_options);
/* Make BUG() and nonfatal asserts crash */
tor_set_failed_assertion_callback(abort);
/* Make protocol warnings handled correctly. */
init_protocol_warning_severity_level();
}
/** Initialize OpenSSL, unless it has already been initialized.
*/
static void
tor_tls_init(void)
{
if (!tls_library_is_initialized) {
SSL_library_init();
SSL_load_error_strings();
crypto_global_init(-1);
}
tls_library_is_initialized = 1;
}
/** Initialize OpenSSL, unless it has already been initialized.
*/
static void
tor_tls_init(void)
{
if (!tls_library_is_initialized) {
long version;
SSL_library_init();
SSL_load_error_strings();
crypto_global_init(-1);
version = SSLeay();
/* OpenSSL 0.9.8l introdeced SSL3_FLAGS_ALLOW_UNSAGE_LEGACY_RENEGOTIATION
* here, but without thinking too hard about it: it turns out that the
* flag in question needed to be set at the last minute, and that it
* conflicted with an existing flag number that had already been added
* in the OpenSSL 1.0.0 betas. OpenSSL 0.9.8m thoughtfully replaced
* the flag with an option and (it seems) broke anything that used
* SSL3_FLAGS_* for the purpose. So we need to know how to do both,
* and we mustn't use the SSL3_FLAGS option with anything besides
* OpenSSL 0.9.8l.
*
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with
* OpenSSL 1.0.0beta, since i. No, we can't just set option
* 0x00040000L everywhere: before 0.9.8m, it meant something else.
*
* No, we can't simply detect whether the flag or the option is present
* in the headers at build-time: some vendors (notably Apple) like to
* leave their headers out of sync with their libraries.
*
* Yes, it _is_ almost as if the OpenSSL developers decided that no
* program should be allowed to use renegotiation its first passed an
* test of intelligence and determination.
*/
if (version >= 0x009080c0L && version < 0x009080d0L) {
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
"I will try SSL3_FLAGS to enable renegotation.",
SSLeay_version(SSLEAY_VERSION));
use_unsafe_renegotiation_flag = 1;
use_unsafe_renegotiation_op = 1;
} else if (version >= 0x009080d0L) {
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
"I will try SSL_OP to enable renegotiation",
SSLeay_version(SSLEAY_VERSION));
use_unsafe_renegotiation_op = 1;
} else {
log_info(LD_GENERAL, "OpenSSL %s has version %lx",
SSLeay_version(SSLEAY_VERSION), version);
}
tls_library_is_initialized = 1;
}
}
/** Entry point to tor-gencert */
int
main(int argc, char **argv)
{
int r = 1;
init_logging(1);
/* Don't bother using acceleration. */
if (crypto_global_init(0, NULL, NULL)) {
fprintf(stderr, "Couldn't initialize crypto library.\n");
return 1;
}
if (crypto_seed_rng()) {
fprintf(stderr, "Couldn't seed RNG.\n");
goto done;
}
/* Make sure that files are made private. */
umask(0077);
if (parse_commandline(argc, argv))
goto done;
if (load_identity_key())
goto done;
if (reuse_signing_key) {
if (load_signing_key())
goto done;
} else {
if (generate_signing_key())
goto done;
}
if (generate_certificate())
goto done;
r = 0;
done:
clear_passphrase();
if (identity_key)
EVP_PKEY_free(identity_key);
if (signing_key)
EVP_PKEY_free(signing_key);
tor_free(address);
tor_free(identity_key_file);
tor_free(signing_key_file);
tor_free(certificate_file);
tor_free(address);
crypto_global_cleanup();
return r;
}
/**
* tlsv1_client_global_init - Initialize TLSv1 client
* Returns: 0 on success, -1 on failure
*
* This function must be called before using any other TLSv1 client functions.
*/
int tlsv1_client_global_init(void)
{
return crypto_global_init();
}
int
main(int c, char **v)
{
crypto_pk_t *env;
char *str;
RSA *rsa;
int wantdigest=0;
int fname_idx;
char *fname=NULL;
init_logging();
if (c < 2) {
fprintf(stderr, "Hi. I'm tor-checkkey. Tell me a filename that "
"has a PEM-encoded RSA public key (like in a cert) and I'll "
"dump the modulus. Use the --digest option too and I'll "
"dump the digest.\n");
return 1;
}
if (crypto_global_init(0, NULL, NULL)) {
fprintf(stderr, "Couldn't initialize crypto library.\n");
return 1;
}
if (!strcmp(v[1], "--digest")) {
wantdigest = 1;
fname_idx = 2;
if (c<3) {
fprintf(stderr, "too few arguments");
return 1;
}
} else {
wantdigest = 0;
fname_idx = 1;
}
fname = expand_filename(v[fname_idx]);
str = read_file_to_str(fname, 0, NULL);
tor_free(fname);
if (!str) {
fprintf(stderr, "Couldn't read %s\n", v[fname_idx]);
return 1;
}
env = crypto_pk_new();
if (crypto_pk_read_public_key_from_string(env, str, strlen(str))<0) {
fprintf(stderr, "Couldn't parse key.\n");
return 1;
}
tor_free(str);
if (wantdigest) {
char digest[HEX_DIGEST_LEN+1];
if (crypto_pk_get_fingerprint(env, digest, 0)<0)
return 1;
printf("%s\n",digest);
} else {
rsa = crypto_pk_get_rsa_(env);
str = BN_bn2hex(rsa->n);
printf("%s\n", str);
}
return 0;
}
/**
* tlsv1_server_global_init - Initialize TLSv1 server
* Returns: 0 on success, -1 on failure
*
* This function must be called before using any other TLSv1 server functions.
*/
int tlsv1_server_global_init(void)
{
return crypto_global_init();
}
int
main(int argc, char **argv)
{
replyqueue_t *rq;
threadpool_t *tp;
int i;
tor_libevent_cfg evcfg;
struct event *ev;
uint32_t as_flags = 0;
for (i = 1; i < argc; ++i) {
if (!strcmp(argv[i], "-v")) {
opt_verbose = 1;
} else if (!strcmp(argv[i], "-T") && i+1<argc) {
opt_n_threads = atoi(argv[++i]);
} else if (!strcmp(argv[i], "-N") && i+1<argc) {
opt_n_items = atoi(argv[++i]);
} else if (!strcmp(argv[i], "-I") && i+1<argc) {
opt_n_inflight = atoi(argv[++i]);
} else if (!strcmp(argv[i], "-L") && i+1<argc) {
opt_n_lowwater = atoi(argv[++i]);
} else if (!strcmp(argv[i], "-R") && i+1<argc) {
opt_ratio_rsa = atoi(argv[++i]);
} else if (!strcmp(argv[i], "-C") && i+1<argc) {
opt_n_cancel = atoi(argv[++i]);
} else if (!strcmp(argv[i], "--no-eventfd2")) {
as_flags |= ASOCKS_NOEVENTFD2;
} else if (!strcmp(argv[i], "--no-eventfd")) {
as_flags |= ASOCKS_NOEVENTFD;
} else if (!strcmp(argv[i], "--no-pipe2")) {
as_flags |= ASOCKS_NOPIPE2;
} else if (!strcmp(argv[i], "--no-pipe")) {
as_flags |= ASOCKS_NOPIPE;
} else if (!strcmp(argv[i], "--no-socketpair")) {
as_flags |= ASOCKS_NOSOCKETPAIR;
} else if (!strcmp(argv[i], "-h")) {
help();
return 0;
} else {
help();
return 1;
}
}
if (opt_n_threads < 1 ||
opt_n_items < 1 || opt_n_inflight < 1 || opt_n_lowwater < 0 ||
opt_n_cancel > opt_n_inflight || opt_n_inflight > MAX_INFLIGHT ||
opt_ratio_rsa < 0) {
help();
return 1;
}
init_logging(1);
crypto_global_init(1, NULL, NULL);
crypto_seed_rng(1);
rq = replyqueue_new(as_flags);
tor_assert(rq);
tp = threadpool_new(opt_n_threads,
rq, new_state, free_state, NULL);
tor_assert(tp);
crypto_seed_weak_rng(&weak_rng);
memset(&evcfg, 0, sizeof(evcfg));
tor_libevent_initialize(&evcfg);
ev = tor_event_new(tor_libevent_get_base(),
replyqueue_get_socket(rq), EV_READ|EV_PERSIST,
replysock_readable_cb, tp);
event_add(ev, NULL);
#ifdef TRACK_RESPONSES
handled = bitarray_init_zero(opt_n_items);
received = bitarray_init_zero(opt_n_items);
tor_mutex_init(&bitmap_mutex);
handled_len = opt_n_items;
#endif
for (i = 0; i < opt_n_inflight; ++i) {
if (! add_work(tp)) {
puts("Couldn't add work.");
return 1;
}
}
{
struct timeval limit = { 30, 0 };
tor_event_base_loopexit(tor_libevent_get_base(), &limit);
}
event_base_loop(tor_libevent_get_base(), 0);
if (n_sent != opt_n_items || n_received+n_successful_cancel != n_sent) {
printf("%d vs %d\n", n_sent, opt_n_items);
printf("%d+%d vs %d\n", n_received, n_successful_cancel, n_sent);
puts("FAIL");
return 1;
} else {
puts("OK");
return 0;
}
}
