static void global_init(void) { subsystems_init_upto(SUBSYS_LEVEL_LIBS); flush_log_messages_from_startup(); tor_compress_init(); if (crypto_global_init(0, NULL, NULL) < 0) abort(); { struct sipkey sipkey = { 1337, 7331 }; siphash_unset_global_key(); siphash_set_global_key(&sipkey); } /* set up the options. */ mock_options = tor_malloc_zero(sizeof(or_options_t)); MOCK(get_options, mock_get_options); /* Make BUG() and nonfatal asserts crash */ tor_set_failed_assertion_callback(abort); /* Make protocol warnings handled correctly. */ init_protocol_warning_severity_level(); }
/** Initialize OpenSSL, unless it has already been initialized. */ static void tor_tls_init(void) { if (!tls_library_is_initialized) { SSL_library_init(); SSL_load_error_strings(); crypto_global_init(-1); } tls_library_is_initialized = 1; }
/** Initialize OpenSSL, unless it has already been initialized. */ static void tor_tls_init(void) { if (!tls_library_is_initialized) { long version; SSL_library_init(); SSL_load_error_strings(); crypto_global_init(-1); version = SSLeay(); /* OpenSSL 0.9.8l introdeced SSL3_FLAGS_ALLOW_UNSAGE_LEGACY_RENEGOTIATION * here, but without thinking too hard about it: it turns out that the * flag in question needed to be set at the last minute, and that it * conflicted with an existing flag number that had already been added * in the OpenSSL 1.0.0 betas. OpenSSL 0.9.8m thoughtfully replaced * the flag with an option and (it seems) broke anything that used * SSL3_FLAGS_* for the purpose. So we need to know how to do both, * and we mustn't use the SSL3_FLAGS option with anything besides * OpenSSL 0.9.8l. * * No, we can't just set flag 0x0010 everywhere. It breaks Tor with * OpenSSL 1.0.0beta, since i. No, we can't just set option * 0x00040000L everywhere: before 0.9.8m, it meant something else. * * No, we can't simply detect whether the flag or the option is present * in the headers at build-time: some vendors (notably Apple) like to * leave their headers out of sync with their libraries. * * Yes, it _is_ almost as if the OpenSSL developers decided that no * program should be allowed to use renegotiation its first passed an * test of intelligence and determination. */ if (version >= 0x009080c0L && version < 0x009080d0L) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; " "I will try SSL3_FLAGS to enable renegotation.", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_flag = 1; use_unsafe_renegotiation_op = 1; } else if (version >= 0x009080d0L) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; " "I will try SSL_OP to enable renegotiation", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_op = 1; } else { log_info(LD_GENERAL, "OpenSSL %s has version %lx", SSLeay_version(SSLEAY_VERSION), version); } tls_library_is_initialized = 1; } }
/** Entry point to tor-gencert */ int main(int argc, char **argv) { int r = 1; init_logging(1); /* Don't bother using acceleration. */ if (crypto_global_init(0, NULL, NULL)) { fprintf(stderr, "Couldn't initialize crypto library.\n"); return 1; } if (crypto_seed_rng()) { fprintf(stderr, "Couldn't seed RNG.\n"); goto done; } /* Make sure that files are made private. */ umask(0077); if (parse_commandline(argc, argv)) goto done; if (load_identity_key()) goto done; if (reuse_signing_key) { if (load_signing_key()) goto done; } else { if (generate_signing_key()) goto done; } if (generate_certificate()) goto done; r = 0; done: clear_passphrase(); if (identity_key) EVP_PKEY_free(identity_key); if (signing_key) EVP_PKEY_free(signing_key); tor_free(address); tor_free(identity_key_file); tor_free(signing_key_file); tor_free(certificate_file); tor_free(address); crypto_global_cleanup(); return r; }
/** * tlsv1_client_global_init - Initialize TLSv1 client * Returns: 0 on success, -1 on failure * * This function must be called before using any other TLSv1 client functions. */ int tlsv1_client_global_init(void) { return crypto_global_init(); }
int main(int c, char **v) { crypto_pk_t *env; char *str; RSA *rsa; int wantdigest=0; int fname_idx; char *fname=NULL; init_logging(); if (c < 2) { fprintf(stderr, "Hi. I'm tor-checkkey. Tell me a filename that " "has a PEM-encoded RSA public key (like in a cert) and I'll " "dump the modulus. Use the --digest option too and I'll " "dump the digest.\n"); return 1; } if (crypto_global_init(0, NULL, NULL)) { fprintf(stderr, "Couldn't initialize crypto library.\n"); return 1; } if (!strcmp(v[1], "--digest")) { wantdigest = 1; fname_idx = 2; if (c<3) { fprintf(stderr, "too few arguments"); return 1; } } else { wantdigest = 0; fname_idx = 1; } fname = expand_filename(v[fname_idx]); str = read_file_to_str(fname, 0, NULL); tor_free(fname); if (!str) { fprintf(stderr, "Couldn't read %s\n", v[fname_idx]); return 1; } env = crypto_pk_new(); if (crypto_pk_read_public_key_from_string(env, str, strlen(str))<0) { fprintf(stderr, "Couldn't parse key.\n"); return 1; } tor_free(str); if (wantdigest) { char digest[HEX_DIGEST_LEN+1]; if (crypto_pk_get_fingerprint(env, digest, 0)<0) return 1; printf("%s\n",digest); } else { rsa = crypto_pk_get_rsa_(env); str = BN_bn2hex(rsa->n); printf("%s\n", str); } return 0; }
/** * tlsv1_server_global_init - Initialize TLSv1 server * Returns: 0 on success, -1 on failure * * This function must be called before using any other TLSv1 server functions. */ int tlsv1_server_global_init(void) { return crypto_global_init(); }
int main(int argc, char **argv) { replyqueue_t *rq; threadpool_t *tp; int i; tor_libevent_cfg evcfg; struct event *ev; uint32_t as_flags = 0; for (i = 1; i < argc; ++i) { if (!strcmp(argv[i], "-v")) { opt_verbose = 1; } else if (!strcmp(argv[i], "-T") && i+1<argc) { opt_n_threads = atoi(argv[++i]); } else if (!strcmp(argv[i], "-N") && i+1<argc) { opt_n_items = atoi(argv[++i]); } else if (!strcmp(argv[i], "-I") && i+1<argc) { opt_n_inflight = atoi(argv[++i]); } else if (!strcmp(argv[i], "-L") && i+1<argc) { opt_n_lowwater = atoi(argv[++i]); } else if (!strcmp(argv[i], "-R") && i+1<argc) { opt_ratio_rsa = atoi(argv[++i]); } else if (!strcmp(argv[i], "-C") && i+1<argc) { opt_n_cancel = atoi(argv[++i]); } else if (!strcmp(argv[i], "--no-eventfd2")) { as_flags |= ASOCKS_NOEVENTFD2; } else if (!strcmp(argv[i], "--no-eventfd")) { as_flags |= ASOCKS_NOEVENTFD; } else if (!strcmp(argv[i], "--no-pipe2")) { as_flags |= ASOCKS_NOPIPE2; } else if (!strcmp(argv[i], "--no-pipe")) { as_flags |= ASOCKS_NOPIPE; } else if (!strcmp(argv[i], "--no-socketpair")) { as_flags |= ASOCKS_NOSOCKETPAIR; } else if (!strcmp(argv[i], "-h")) { help(); return 0; } else { help(); return 1; } } if (opt_n_threads < 1 || opt_n_items < 1 || opt_n_inflight < 1 || opt_n_lowwater < 0 || opt_n_cancel > opt_n_inflight || opt_n_inflight > MAX_INFLIGHT || opt_ratio_rsa < 0) { help(); return 1; } init_logging(1); crypto_global_init(1, NULL, NULL); crypto_seed_rng(1); rq = replyqueue_new(as_flags); tor_assert(rq); tp = threadpool_new(opt_n_threads, rq, new_state, free_state, NULL); tor_assert(tp); crypto_seed_weak_rng(&weak_rng); memset(&evcfg, 0, sizeof(evcfg)); tor_libevent_initialize(&evcfg); ev = tor_event_new(tor_libevent_get_base(), replyqueue_get_socket(rq), EV_READ|EV_PERSIST, replysock_readable_cb, tp); event_add(ev, NULL); #ifdef TRACK_RESPONSES handled = bitarray_init_zero(opt_n_items); received = bitarray_init_zero(opt_n_items); tor_mutex_init(&bitmap_mutex); handled_len = opt_n_items; #endif for (i = 0; i < opt_n_inflight; ++i) { if (! add_work(tp)) { puts("Couldn't add work."); return 1; } } { struct timeval limit = { 30, 0 }; tor_event_base_loopexit(tor_libevent_get_base(), &limit); } event_base_loop(tor_libevent_get_base(), 0); if (n_sent != opt_n_items || n_received+n_successful_cancel != n_sent) { printf("%d vs %d\n", n_sent, opt_n_items); printf("%d+%d vs %d\n", n_received, n_successful_cancel, n_sent); puts("FAIL"); return 1; } else { puts("OK"); return 0; } }