Пример #1
0
static int threadSetup(void)
{
	int i;

	if (CRYPTO_get_locking_callback() != NULL) {
		/* Locking callback is already installed, dont touch it. */
		return GT_OK;
	}

	lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
	if (lock_cs == NULL) {
		return GT_OUT_OF_MEMORY;
	}

	for (i = 0; i < CRYPTO_num_locks(); ++i) {
		pthread_mutex_init(&(lock_cs[i]), NULL);
	}

	CRYPTO_set_locking_callback(pthreadsLockingCallback);
	CRYPTO_set_id_callback(pthreadsThreadId);

	thread_setup_done = 1;

	return GT_OK;
}
Пример #2
0
/**
 * Module deactivation
 *
 */
static
int
globus_l_openssl_deactivate(void)
{
    int                                 i;

    OBJ_cleanup();

    ERR_clear_error();

    X509V3_EXT_cleanup();

    if (CRYPTO_get_id_callback() == globus_l_openssl_thread_id)
    {
        CRYPTO_set_id_callback(NULL);
    }
    if (CRYPTO_get_locking_callback() == globus_l_openssl_locking_cb)
    {
        CRYPTO_set_locking_callback(NULL);
    }

    for (i=0; i<CRYPTO_num_locks(); i++)
    {
        globus_mutex_destroy(&(mutex_pool[i]));
    }

    free(mutex_pool);

    globus_module_deactivate(GLOBUS_GSI_OPENSSL_ERROR_MODULE);
    globus_module_deactivate(GLOBUS_COMMON_MODULE);

    return GLOBUS_SUCCESS;
}
Пример #3
0
static int threadSetup(void)
{
	int i;
	int j;

	if (CRYPTO_get_locking_callback() != NULL) {
		/* Locking callback is already installed, dont touch it. */
		return GT_OK;
	}

	lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
	if (lock_cs == NULL) {
		return GT_OUT_OF_MEMORY;
	}

	for (i = 0; i < CRYPTO_num_locks(); ++i) {
		lock_cs[i] = CreateMutex(NULL, FALSE, NULL);
		if (lock_cs[i] == NULL) {
			for (j = 0; j < i; ++j) {
				CloseHandle(lock_cs[j]);
			}
			OPENSSL_free(lock_cs);
			return GT_OUT_OF_MEMORY;
		}
	}

	CRYPTO_set_locking_callback(win32LockingCallback);

	/* ID callback is not needed on windows according to OpenSSL
	 * documentation. */

	thread_setup_done = 1;

	return GT_OK;
}
Пример #4
0
void ff_tls_init(void)
{
    avpriv_lock_avformat();
#if CONFIG_OPENSSL
    if (!openssl_init) {
        SSL_library_init();
        SSL_load_error_strings();
#if HAVE_THREADS
        if (!CRYPTO_get_locking_callback()) {
            int i;
            openssl_mutexes = av_malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
            for (i = 0; i < CRYPTO_num_locks(); i++)
                pthread_mutex_init(&openssl_mutexes[i], NULL);
            CRYPTO_set_locking_callback(openssl_lock);
#if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000
            CRYPTO_set_id_callback(openssl_thread_id);
#endif
        }
#endif
    }
    openssl_init++;
#endif
#if CONFIG_GNUTLS
#if HAVE_THREADS && GNUTLS_VERSION_NUMBER < 0x020b00
    if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0)
        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif
    gnutls_global_init();
#endif
    avpriv_unlock_avformat();
}
Пример #5
0
void
sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE)
	void (*locking_cb)(int, int, const char *, int);
	ENGINE *e;

	locking_cb = CRYPTO_get_locking_callback();
	if (locking_cb)
		CRYPTO_set_locking_callback(NULL);

	e = ENGINE_by_id("gost");
	if (!e)
	{
#if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST)
		ENGINE_load_gost();
		e = ENGINE_by_id("gost");
#else
		/* try to load dynamic gost engine */
		e = ENGINE_by_id("dynamic");
		if (!e) {
			ENGINE_load_dynamic();
			e = ENGINE_by_id("dynamic");
		}
		if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) ||
					!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) {
			ENGINE_free(e);
			e = NULL;
		}
#endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */
	}
	if (e) {
		ENGINE_set_default(e, ENGINE_METHOD_ALL);
		ENGINE_free(e);
	}

	if (locking_cb)
		CRYPTO_set_locking_callback(locking_cb);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */

	openssl_sha1_mech.mech_data = EVP_sha1();
	sc_pkcs11_register_mechanism(card, &openssl_sha1_mech);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
	openssl_sha256_mech.mech_data = EVP_sha256();
	sc_pkcs11_register_mechanism(card, &openssl_sha256_mech);
	openssl_sha384_mech.mech_data = EVP_sha384();
	sc_pkcs11_register_mechanism(card, &openssl_sha384_mech);
	openssl_sha512_mech.mech_data = EVP_sha512();
	sc_pkcs11_register_mechanism(card, &openssl_sha512_mech);
#endif
	openssl_md5_mech.mech_data = EVP_md5();
	sc_pkcs11_register_mechanism(card, &openssl_md5_mech);
	openssl_ripemd160_mech.mech_data = EVP_ripemd160();
	sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
	openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94);
	sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech);
#endif
}
Пример #6
0
/* returns -1 on error, 0 on success */
int tls_init_locks()
{
	/* init "static" tls locks */
	n_static_locks=CRYPTO_num_locks();
	if (n_static_locks<0){
		LM_CRIT("bad CRYPTO_num_locks %d\n", n_static_locks);
		n_static_locks=0;
	}
	if (n_static_locks){
		if (CRYPTO_get_locking_callback()!=NULL) {
			LM_CRIT("ssl locking callback already set\n");
			return -1;
		}
		static_locks=lock_set_alloc(n_static_locks);
		if (static_locks==0){
			LM_CRIT("could not allocate lockset with %d locks\n",
					n_static_locks);
			goto error;
		}
		if (lock_set_init(static_locks)==0){
			LM_CRIT("lock set init failed (%d locks)\n", n_static_locks);
			lock_set_dealloc(static_locks);
			static_locks=0;
			n_static_locks=0;
			goto error;
		}
		CRYPTO_set_locking_callback(locking_f);
	}

/* OpenSSL is thread-safe since 1.1.0 */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
	/* set "dynamic" locks callbacks */
	CRYPTO_set_dynlock_create_callback(dyn_create_f);
	CRYPTO_set_dynlock_lock_callback(dyn_lock_f);
	CRYPTO_set_dynlock_destroy_callback(dyn_destroy_f);
#endif

	/* starting with v1.0.0 openssl does not use anymore getpid(), but address
	 * of errno which can point to same virtual address in a multi-process
	 * application
	 * - for refrence http://www.openssl.org/docs/crypto/threads.html
	 */
	CRYPTO_set_id_callback(sr_ssl_id_f);

	/* atomic add -- since for now we don't have atomic_add
	 *  (only atomic_inc), fallback to the default use-locks mode
	 * CRYPTO_set_add_lock_callback(atomic_add_f);
	 */

	return 0;
error:
	tls_destroy_locks();
	return -1;
}
Пример #7
0
/* called after g_module_check_init(), after shadow searches for __shadow_plugin_init__ */
void __shadow_plugin_init__(ShadowFunctionTable* shadowlibFuncs) {
	/* save the shadow functions we will use */
	scallion.shadowlibFuncs = shadowlibFuncs;

	/* tell shadow which functions it should call to manage nodes */
	shadowlibFuncs->registerPlugin(&_scallion_new, &_scallion_free, &_scallion_notify);

	shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished registering scallion plug-in state");

	/* setup openssl locks */

#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>
#if defined(OPENSSL_THREADS)
	/* thread support enabled */

	/* make sure openssl uses Shadow's random sources and make crypto thread-safe */
	const RAND_METHOD* shadowRandomMethod = NULL;
	CRYPTO_lock_func shadowLockFunc = NULL;
	CRYPTO_id_func shadowIdFunc = NULL;
	int nLocks = CRYPTO_num_locks();

	gboolean success = shadowlibFuncs->cryptoSetup(nLocks, (gpointer*)&shadowLockFunc,
			(gpointer*)&shadowIdFunc, (gconstpointer*)&shadowRandomMethod);
	if(!success) {
		/* ok, lets see if we can get shadow function pointers through LD_PRELOAD */
		shadowRandomMethod = RAND_get_rand_method();
		shadowLockFunc = CRYPTO_get_locking_callback();
		shadowIdFunc = CRYPTO_get_id_callback();
	}

	CRYPTO_set_locking_callback(shadowLockFunc);
	CRYPTO_set_id_callback(shadowIdFunc);
	RAND_set_rand_method(shadowRandomMethod);

	shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished initializing crypto thread state");
#else
    /* no thread support */
	shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild openssl with threading support. expect segfaults.");
#endif

	/* setup libevent locks */

#ifdef EVTHREAD_USE_PTHREADS_IMPLEMENTED
	if(evthread_use_pthreads()) {
		shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "error in evthread_use_pthreads()");
	}
	shadowlibFuncs->log(SHADOW_LOG_LEVEL_MESSAGE, __FUNCTION__, "finished initializing event thread state evthread_use_pthreads()");
#else
	shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild libevent with threading support, or link with event_pthread. expect segfaults.");
#endif
}
Пример #8
0
static void initOpensslLocks(void) {
    unsigned ii, nlocks;
    if (CRYPTO_get_locking_callback() != NULL) {
        /* Someone already set the callback before us. Don't destroy it! */
        return;
    }
    nlocks = CRYPTO_num_locks();
    ossl_locks = malloc(sizeof(*ossl_locks) * nlocks);
    for (ii = 0; ii < nlocks; ii++) {
        sslLockInit(ossl_locks + ii);
    }
    CRYPTO_set_locking_callback(opensslDoLock);
}
Пример #9
0
void ff_openssl_deinit(void)
{
    avpriv_lock_avformat();
    openssl_init--;
    if (!openssl_init) {
#if HAVE_THREADS
        if (CRYPTO_get_locking_callback() == openssl_lock) {
            int i;
            CRYPTO_set_locking_callback(NULL);
            for (i = 0; i < CRYPTO_num_locks(); i++)
                pthread_mutex_destroy(&openssl_mutexes[i]);
            av_free(openssl_mutexes);
        }
#endif
    }
    avpriv_unlock_avformat();
}
Пример #10
0
	void start() {
		Platform::ThirdParty::start();

		if (!RAND_status()) { // should be always inited in all modern OS
			char buf[16];
			memcpy(buf, &_msStart, 8);
			memcpy(buf + 8, &_msFreq, 8);
			uchar sha256Buffer[32];
			RAND_seed(hashSha256(buf, 16, sha256Buffer), 32);
			if (!RAND_status()) {
				LOG(("MTP Error: Could not init OpenSSL rand, RAND_status() is 0..."));
			}
		}

		// Force OpenSSL loading if it is linked in Qt,
		// so that we won't mess with our OpenSSL locking with Qt OpenSSL locking.
		auto sslSupported = QSslSocket::supportsSsl();
		if (!sslSupported) {
			LOG(("Error: current Qt build doesn't support SSL requests."));
		}
		if (!CRYPTO_get_locking_callback()) {
			// Qt didn't initialize OpenSSL, so we will.
			auto numLocks = CRYPTO_num_locks();
			if (numLocks) {
				_sslLocks = new QMutex[numLocks];
				CRYPTO_set_locking_callback(_sslLockingCallback);
			} else {
				LOG(("MTP Error: Could not init OpenSSL threads, CRYPTO_num_locks() returned zero!"));
			}
			CRYPTO_THREADID_set_callback(_sslThreadId);
		}
		if (!CRYPTO_get_dynlock_create_callback()) {
			CRYPTO_set_dynlock_create_callback(_sslCreateFunction);
			CRYPTO_set_dynlock_lock_callback(_sslLockFunction);
			CRYPTO_set_dynlock_destroy_callback(_sslDestroyFunction);
		} else if (!CRYPTO_get_dynlock_lock_callback()) {
			LOG(("MTP Error: dynlock_create callback is set without dynlock_lock callback!"));
		}

		av_register_all();
		avcodec_register_all();

		av_lockmgr_register(_ffmpegLockManager);

		_sslInited = true;
	}
Пример #11
0
int neo4j_openssl_init(void)
{
    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();

    int num_locks = CRYPTO_num_locks();
    thread_locks = calloc(num_locks, sizeof(neo4j_mutex_t));
    if (thread_locks == NULL)
    {
        return -1;
    }

    for (int i = 0; i < num_locks; i++)
    {
        int err = neo4j_mutex_init(&(thread_locks[i]));
        if (err)
        {
            for (; i > 0; --i)
            {
                neo4j_mutex_destroy(&(thread_locks[i-1]));
            }
            free(thread_locks);
            errno = err;
            return -1;
        }
    }

    if (CRYPTO_get_locking_callback() == NULL)
    {
        CRYPTO_set_locking_callback(locking_callback);
        CRYPTO_set_id_callback(neo4j_current_thread_id);
    }

    SSL_CTX *ctx = SSL_CTX_new(TLSv1_method());
    if (ctx == NULL)
    {
        errno = openssl_error(NULL, NEO4J_LOG_ERROR, __FILE__, __LINE__);
        return -1;
    }
    SSL_CTX_free(ctx);

    return 0;
}
Пример #12
0
static BOOL _winpr_openssl_cleanup_locking(void)
{
	/* undo our static locking modifications */
	if (CRYPTO_get_locking_callback() == _winpr_openssl_locking)
	{
		int i;
		CRYPTO_set_locking_callback(NULL);

		for (i = 0; i < g_winpr_openssl_num_locks; i++)
		{
			CloseHandle(g_winpr_openssl_locks[i]);
		}

		g_winpr_openssl_num_locks = 0;
		free(g_winpr_openssl_locks);
		g_winpr_openssl_locks = NULL;
	}

	/* unset our dynamic locking callbacks */

	if (CRYPTO_get_dynlock_create_callback() == _winpr_openssl_dynlock_create)
	{
		CRYPTO_set_dynlock_create_callback(NULL);
	}

	if (CRYPTO_get_dynlock_lock_callback() == _winpr_openssl_dynlock_lock)
	{
		CRYPTO_set_dynlock_lock_callback(NULL);
	}

	if (CRYPTO_get_dynlock_destroy_callback() == _winpr_openssl_dynlock_destroy)
	{
		CRYPTO_set_dynlock_destroy_callback(NULL);
	}

#if (OPENSSL_VERSION_NUMBER < 0x10000000L)

	if (CRYPTO_get_id_callback() == _winpr_openssl_id)
	{
		CRYPTO_set_id_callback(NULL);
	}

#endif
	return TRUE;
}
Пример #13
0
int neo4j_openssl_cleanup(void)
{
    if (CRYPTO_get_locking_callback() == locking_callback)
    {
        CRYPTO_set_locking_callback(NULL);
        CRYPTO_set_id_callback(NULL);
    }

    int num_locks = CRYPTO_num_locks();
    for (int i = 0; i < num_locks; i++)
    {
        neo4j_mutex_destroy(&(thread_locks[i]));
    }
    free(thread_locks);

    EVP_cleanup();
    return 0;
}
Пример #14
0
void init_ssl()
{
#ifdef ENABLE_TCMALLOC
	HeapLeakChecker::Disabler disabler;
#endif
	load_ssl_library();
	if ((CRYPTO_get_id_callback()      == NULL) &&
	    (CRYPTO_get_locking_callback() == NULL))
	{
		//cuint_t n;

		CRYPTO_set_id_callback (__get_thread_id);
		CRYPTO_set_locking_callback (__lock_thread);

		int locks_num = CRYPTO_num_locks();
		ssl_lock = new KMutex[locks_num];	
	}
}
Пример #15
0
void OpenSSLInitializer::initialize()
{
	if (++_rc == 1)
	{
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
		OPENSSL_config(NULL);
#endif
        if(! _disableSSLInitialization) {
		    SSL_library_init();
		    SSL_load_error_strings();
		    OpenSSL_add_all_algorithms();
        }

		char seed[SEEDSIZE];
		RandomInputStream rnd;
		rnd.read(seed, sizeof(seed));
		RAND_seed(seed, SEEDSIZE);
		
        if(CRYPTO_get_locking_callback() == NULL) {
    		int nMutexes = CRYPTO_num_locks();
	    	_mutexes = new Poco::FastMutex[nMutexes];
    		CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
#ifndef POCO_OS_FAMILY_WINDOWS
// Not needed on Windows (see SF #110: random unhandled exceptions when linking with ssl).
// https://sourceforge.net/p/poco/bugs/110/
//
// From http://www.openssl.org/docs/crypto/threads.html :
// "If the application does not register such a callback using CRYPTO_THREADID_set_callback(), 
//  then a default implementation is used - on Windows and BeOS this uses the system's 
//  default thread identifying APIs"
#ifndef OPENSSL_NO_DEPRECATED
		    CRYPTO_set_id_callback(&OpenSSLInitializer::id);
#else
		    CRYPTO_THREADID tid;
		    CRYPTO_THREADID_set_numeric(&tid, OpenSSLInitializer::id());
#endif /* OPENSSL_NO_DEPRECATED */
#endif
		    CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
		    CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
		    CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
        }
	}
}
Пример #16
0
void ff_tls_deinit(void)
{
    avpriv_lock_avformat();
#if CONFIG_OPENSSL
    openssl_init--;
    if (!openssl_init) {
#if HAVE_THREADS
        if (CRYPTO_get_locking_callback() == openssl_lock) {
            int i;
            CRYPTO_set_locking_callback(NULL);
            for (i = 0; i < CRYPTO_num_locks(); i++)
                pthread_mutex_destroy(&openssl_mutexes[i]);
            av_free(openssl_mutexes);
        }
#endif
    }
#endif
#if CONFIG_GNUTLS
    gnutls_global_deinit();
#endif
    avpriv_unlock_avformat();
}
Пример #17
0
void ff_openssl_init(void)
{
    avpriv_lock_avformat();
    if (!openssl_init) {
        SSL_library_init();
        SSL_load_error_strings();
#if HAVE_THREADS
        if (!CRYPTO_get_locking_callback()) {
            int i;
            openssl_mutexes = av_malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
            for (i = 0; i < CRYPTO_num_locks(); i++)
                pthread_mutex_init(&openssl_mutexes[i], NULL);
            CRYPTO_set_locking_callback(openssl_lock);
#if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000
            CRYPTO_set_id_callback(openssl_thread_id);
#endif
        }
#endif
    }
    openssl_init++;
    avpriv_unlock_avformat();
}
Пример #18
0
void MumbleSSL::initialize() {
	// Let Qt initialize its copy of OpenSSL, if it's different than
	// Mumble's. (Initialization is a side-effect of calling
	// QSslSocket::supportsSsl()).
	QSslSocket::supportsSsl();

	// Initialize our copy of OpenSSL.
	SSL_library_init(); // Safe to discard return value, per OpenSSL man pages.
	SSL_load_error_strings();

	// Determine if a locking callback has not been set.
	// This should be the case if there are multiple copies
	// of OpensSSL in the address space. This is mostly due
	// to Qt dynamically loading OpenSSL when it is not
	// configured with -openssl-linked.
	//
	// If we detect that no locking callback is configured, we
	// have to set it up ourselves to allow multi-threaded use
	// of OpenSSL.
	if (CRYPTO_get_locking_callback() == NULL) {
		SSLLocks::initialize();
	}
}
Пример #19
0
static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
{
    ENGINE cpy;
    dynamic_fns fns;

    if (ctx->dynamic_dso == NULL)
        ctx->dynamic_dso = DSO_new();
    if (ctx->dynamic_dso == NULL)
        return 0;
    if (!ctx->DYNAMIC_LIBNAME) {
        if (!ctx->engine_id)
            return 0;
        ctx->DYNAMIC_LIBNAME =
            DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
    }
    if (!int_load(ctx)) {
        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
        DSO_free(ctx->dynamic_dso);
        ctx->dynamic_dso = NULL;
        return 0;
    }
    /* We have to find a bind function otherwise it'll always end badly */
    if (!
        (ctx->bind_engine =
         (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
                                             ctx->DYNAMIC_F2))) {
        ctx->bind_engine = NULL;
        DSO_free(ctx->dynamic_dso);
        ctx->dynamic_dso = NULL;
        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
        return 0;
    }
    /* Do we perform version checking? */
    if (!ctx->no_vcheck) {
        unsigned long vcheck_res = 0;
        /*
         * Now we try to find a version checking function and decide how to
         * cope with failure if/when it fails.
         */
        ctx->v_check =
            (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
                                               ctx->DYNAMIC_F1);
        if (ctx->v_check)
            vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
        /*
         * We fail if the version checker veto'd the load *or* if it is
         * deferring to us (by returning its version) and we think it is too
         * old.
         */
        if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
            /* Fail */
            ctx->bind_engine = NULL;
            ctx->v_check = NULL;
            DSO_free(ctx->dynamic_dso);
            ctx->dynamic_dso = NULL;
            ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
                      ENGINE_R_VERSION_INCOMPATIBILITY);
            return 0;
        }
    }
    /*
     * First binary copy the ENGINE structure so that we can roll back if the
     * hand-over fails
     */
    memcpy(&cpy, e, sizeof(ENGINE));
    /*
     * Provide the ERR, "ex_data", memory, and locking callbacks so the
     * loaded library uses our state rather than its own. FIXME: As noted in
     * engine.h, much of this would be simplified if each area of code
     * provided its own "summary" structure of all related callbacks. It
     * would also increase opaqueness.
     */
    fns.static_state = ENGINE_get_static_state();
    fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
    fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
    fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
    fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
    fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
    /*
     * Now that we've loaded the dynamic engine, make sure no "dynamic"
     * ENGINE elements will show through.
     */
    engine_set_all_null(e);

    /* Try to bind the ENGINE onto our own ENGINE structure */
    if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
        ctx->bind_engine = NULL;
        ctx->v_check = NULL;
        DSO_free(ctx->dynamic_dso);
        ctx->dynamic_dso = NULL;
        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
        /* Copy the original ENGINE structure back */
        memcpy(e, &cpy, sizeof(ENGINE));
        return 0;
    }
    /* Do we try to add this ENGINE to the internal list too? */
    if (ctx->list_add_value > 0) {
        if (!ENGINE_add(e)) {
            /* Do we tolerate this or fail? */
            if (ctx->list_add_value > 1) {
                /*
                 * Fail - NB: By this time, it's too late to rollback, and
                 * trying to do so allows the bind_engine() code to have
                 * created leaks. We just have to fail where we are, after
                 * the ENGINE has changed.
                 */
                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
                          ENGINE_R_CONFLICTING_ENGINE_ID);
                return 0;
            }
            /* Tolerate */
            ERR_clear_error();
        }
    }
    return 1;
}
Пример #20
0
static BOOL _winpr_openssl_initialize_locking(void)
{
	int i, count;

	/* OpenSSL static locking */

	if (CRYPTO_get_locking_callback())
	{
		WLog_WARN(TAG, "OpenSSL static locking callback is already set");
	}
	else
	{
		if ((count = CRYPTO_num_locks()) > 0)
		{
			HANDLE* locks;

			if (!(locks = calloc(count, sizeof(HANDLE))))
			{
				WLog_ERR(TAG, "error allocating lock table");
				return FALSE;
			}

			for (i = 0; i < count; i++)
			{
				if (!(locks[i] = CreateMutex(NULL, FALSE, NULL)))
				{
					WLog_ERR(TAG, "error creating lock #%d", i);

					while (i--)
					{
						if (locks[i])
							CloseHandle(locks[i]);
					}

					free(locks);
					return FALSE;
				}
			}

			g_winpr_openssl_locks = locks;
			g_winpr_openssl_num_locks = count;
			CRYPTO_set_locking_callback(_winpr_openssl_locking);
		}
	}

	/* OpenSSL dynamic locking */

	if (CRYPTO_get_dynlock_create_callback() ||
			CRYPTO_get_dynlock_lock_callback()   ||
			CRYPTO_get_dynlock_destroy_callback())
	{
		WLog_WARN(TAG, "dynamic locking callbacks are already set");
	}
	else
	{
		CRYPTO_set_dynlock_create_callback(_winpr_openssl_dynlock_create);
		CRYPTO_set_dynlock_lock_callback(_winpr_openssl_dynlock_lock);
		CRYPTO_set_dynlock_destroy_callback(_winpr_openssl_dynlock_destroy);
	}

	/* Use the deprecated CRYPTO_get_id_callback() if building against OpenSSL < 1.0.0 */
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)

	if (CRYPTO_get_id_callback())
	{
		WLog_WARN(TAG, "OpenSSL id_callback is already set");
	}
	else
	{
		CRYPTO_set_id_callback(_winpr_openssl_id);
	}

#endif
	return TRUE;
}
Пример #21
0
/**
 * Module activation
 */
static
int
globus_l_openssl_activate(void)
{
    int                                 i;
    int                                 pci_NID;
    int                                 pci_old_NID;
    X509V3_EXT_METHOD *                 pci_x509v3_ext_meth = NULL;
    X509V3_EXT_METHOD *                 pci_old_x509v3_ext_meth = NULL;
    
    SSL_library_init();
    globus_module_activate(GLOBUS_COMMON_MODULE);
    globus_module_activate(GLOBUS_GSI_OPENSSL_ERROR_MODULE);
    mutex_pool = malloc(CRYPTO_num_locks() * sizeof(globus_mutex_t));

    for(i=0;i<CRYPTO_num_locks();i++)
    {
        globus_mutex_init(&(mutex_pool[i]),NULL);
    }

    if (!CRYPTO_get_locking_callback())
    {
        CRYPTO_set_locking_callback(globus_l_openssl_locking_cb);
    }
    if (!CRYPTO_get_id_callback())
    {
        CRYPTO_set_id_callback(globus_l_openssl_thread_id);
    }

    if (OBJ_txt2nid(ANY_LANGUAGE_OID) == 0)
    {
        OBJ_create(ANY_LANGUAGE_OID,
                   ANY_LANGUAGE_SN,
                   ANY_LANGUAGE_LN);
    }

    if (OBJ_txt2nid(IMPERSONATION_PROXY_OID) == 0)
    {
        OBJ_create(IMPERSONATION_PROXY_OID,
                   IMPERSONATION_PROXY_SN,
                   IMPERSONATION_PROXY_LN);
    }

    if (OBJ_txt2nid(INDEPENDENT_PROXY_OID) == 0)
    {
        OBJ_create(INDEPENDENT_PROXY_OID,
                   INDEPENDENT_PROXY_SN,
                   INDEPENDENT_PROXY_LN);
    }

    if (OBJ_txt2nid(LIMITED_PROXY_OID) == 0)
    {
        OBJ_create(LIMITED_PROXY_OID,
                   LIMITED_PROXY_SN,
                   LIMITED_PROXY_LN);
    }

    pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
    if (pci_NID == 0)
    {
        pci_NID = OBJ_create(PROXYCERTINFO_OID,
                             PROXYCERTINFO_SN,
                             PROXYCERTINFO_LN);
    }

    pci_old_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
    if (pci_old_NID == 0)
    {
        pci_old_NID = OBJ_create(PROXYCERTINFO_OLD_OID,
                                 PROXYCERTINFO_OLD_SN,
                                 PROXYCERTINFO_OLD_LN);
    }

    /* this sets the pci NID in the static X509V3_EXT_METHOD struct */
    if (X509V3_EXT_get_nid(pci_NID) == NULL)
    {
        pci_x509v3_ext_meth = PROXYCERTINFO_x509v3_ext_meth();
        pci_x509v3_ext_meth->ext_nid = pci_NID;
        X509V3_EXT_add(pci_x509v3_ext_meth);
    }

    if (X509V3_EXT_get_nid(pci_old_NID) == NULL)
    {
        pci_old_x509v3_ext_meth = PROXYCERTINFO_OLD_x509v3_ext_meth();
        pci_old_x509v3_ext_meth->ext_nid = pci_old_NID;
        X509V3_EXT_add(pci_old_x509v3_ext_meth);
    }

    return GLOBUS_SUCCESS;
}
Пример #22
0
ret_t
http2d_init (void)
{
	if (_initialized)
		return ret_ok;

        /* Init OpenSSL
         */
        OPENSSL_config (NULL);
        SSL_library_init();
        SSL_load_error_strings();
        OpenSSL_add_all_algorithms();

        /* Ensure PRNG has been seeded with enough data
         */
        if (RAND_status() == 0) {
                LOG_WARNING_S (HTTP2D_ERROR_SSL_NO_ENTROPY);
        }

        /* Init concurrency related stuff
         */
        if ((CRYPTO_get_id_callback()      == NULL) &&
            (CRYPTO_get_locking_callback() == NULL))
        {
                cuint_t n;

                CRYPTO_set_id_callback (__get_thread_id);
                CRYPTO_set_locking_callback (__lock_thread);

                locks_num = CRYPTO_num_locks();
                locks     = malloc (locks_num * sizeof(*locks));

                for (n = 0; n < locks_num; n++) {
                        HTTP2D_MUTEX_INIT (&locks[n], NULL);
                }
        }

	/* Engines
	 */
        ENGINE_load_builtin_engines();
        OpenSSL_add_all_algorithms();

        ENGINE *e = ENGINE_by_id("pkcs11");
        while (e != NULL) {
                if(! ENGINE_init(e)) {
                        ENGINE_free (e);
                        LOG_CRITICAL_S (HTTP2D_ERROR_SSL_PKCS11);
                        break;
                }

                if(! ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
                        ENGINE_free (e);
                        LOG_CRITICAL_S (HTTP2D_ERROR_SSL_DEFAULTS);
                        break;
                }

                ENGINE_finish(e);
                ENGINE_free(e);
                break;
        }

	return ret_ok;
}
Пример #23
0
/* (de)initialisation functions. */
static int hwcrhk_init(ENGINE *e)
{
    HWCryptoHook_Init_t *p1;
    HWCryptoHook_Finish_t *p2;
    HWCryptoHook_ModExp_t *p3;
#ifndef OPENSSL_NO_RSA
    HWCryptoHook_RSA_t *p4;
    HWCryptoHook_RSALoadKey_t *p5;
    HWCryptoHook_RSAGetPublicKey_t *p6;
    HWCryptoHook_RSAUnloadKey_t *p7;
#endif
    HWCryptoHook_RandomBytes_t *p8;
    HWCryptoHook_ModExpCRT_t *p9;

    if(hwcrhk_dso != NULL)
    {
        HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
        goto err;
    }
    /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
    hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
    if(hwcrhk_dso == NULL)
    {
        HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
        goto err;
    }
    if(!(p1 = (HWCryptoHook_Init_t *)
              DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
            !(p2 = (HWCryptoHook_Finish_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
            !(p3 = (HWCryptoHook_ModExp_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
#ifndef OPENSSL_NO_RSA
            !(p4 = (HWCryptoHook_RSA_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
            !(p5 = (HWCryptoHook_RSALoadKey_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
            !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
            !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
#endif
            !(p8 = (HWCryptoHook_RandomBytes_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
            !(p9 = (HWCryptoHook_ModExpCRT_t *)
                   DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
    {
        HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
        goto err;
    }
    /* Copy the pointers */
    p_hwcrhk_Init = p1;
    p_hwcrhk_Finish = p2;
    p_hwcrhk_ModExp = p3;
#ifndef OPENSSL_NO_RSA
    p_hwcrhk_RSA = p4;
    p_hwcrhk_RSALoadKey = p5;
    p_hwcrhk_RSAGetPublicKey = p6;
    p_hwcrhk_RSAUnloadKey = p7;
#endif
    p_hwcrhk_RandomBytes = p8;
    p_hwcrhk_ModExpCRT = p9;

    /* Check if the application decided to support dynamic locks,
       and if it does, use them. */
    if (disable_mutex_callbacks == 0)
    {
        if (CRYPTO_get_dynlock_create_callback() != NULL &&
                CRYPTO_get_dynlock_lock_callback() != NULL &&
                CRYPTO_get_dynlock_destroy_callback() != NULL)
        {
            hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
            hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
            hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
            hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
        }
        else if (CRYPTO_get_locking_callback() != NULL)
        {
            HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
            ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
            goto err;
        }
    }

    /* Try and get a context - if not, we may have a DSO but no
     * accelerator! */
    if(!get_context(&hwcrhk_context, &password_context))
    {
        HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
        goto err;
    }
    /* Everything's fine. */
#ifndef OPENSSL_NO_RSA
    if (hndidx_rsa == -1)
        hndidx_rsa = RSA_get_ex_new_index(0,
                                          "nFast HWCryptoHook RSA key handle",
                                          NULL, NULL, hwcrhk_ex_free);
#endif
    return 1;
err:
    if(hwcrhk_dso)
        DSO_free(hwcrhk_dso);
    hwcrhk_dso = NULL;
    p_hwcrhk_Init = NULL;
    p_hwcrhk_Finish = NULL;
    p_hwcrhk_ModExp = NULL;
#ifndef OPENSSL_NO_RSA
    p_hwcrhk_RSA = NULL;
    p_hwcrhk_RSALoadKey = NULL;
    p_hwcrhk_RSAGetPublicKey = NULL;
    p_hwcrhk_RSAUnloadKey = NULL;
#endif
    p_hwcrhk_ModExpCRT = NULL;
    p_hwcrhk_RandomBytes = NULL;
    return 0;
}