1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/*
* Copyright (c) 2011-2015 Balabit
* Copyright (c) 2011-2015 Balázs Scheidler
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* As an additional exemption you are allowed to compile & link against the
* OpenSSL libraries as published by the OpenSSL project. See the file
* COPYING for details.
*/
/* This file becomes part of libsyslog-ng-crypto.so, the shared object
* that contains all crypto related stuff to be used by plugins. This
* includes the TLS wrappers, random number initialization, and so on.
*/
#include "crypto.h"
#include "apphook.h"
#include "thread-utils.h"
#include <openssl/rand.h>
#include <openssl/ssl.h>
#include <stdio.h>
static gint ssl_lock_count;
static GStaticMutex *ssl_locks;
static gboolean randfile_loaded;
static void
ssl_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK)
{
g_static_mutex_lock(&ssl_locks[type]);
}
else
{
g_static_mutex_unlock(&ssl_locks[type]);
}
}
static unsigned long
ssl_thread_id(void)
{
return (unsigned long) get_thread_id();
}
static void
crypto_init_threading(void)
{
gint i;
ssl_lock_count = CRYPTO_num_locks();
ssl_locks = g_new(GStaticMutex, ssl_lock_count);
for (i = 0; i < ssl_lock_count; i++)
{
g_static_mutex_init(&ssl_locks[i]);
}
CRYPTO_set_id_callback(ssl_thread_id);
CRYPTO_set_locking_callback(ssl_locking_callback);
}
static void
crypto_deinit_threading(void)
{
gint i;
for (i = 0; i < ssl_lock_count; i++)
{
g_static_mutex_free(&ssl_locks[i]);
}
g_free(ssl_locks);
}
void
crypto_deinit(void)
{
char rnd_file[256];
if (randfile_loaded)
{
RAND_file_name(rnd_file, sizeof(rnd_file));
if (rnd_file[0])
RAND_write_file(rnd_file);
}
crypto_deinit_threading();
}
void
crypto_init(void)
{
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
crypto_init_threading();
if (RAND_status() < 0 || getenv("RANDFILE"))
{
char rnd_file[256];
RAND_file_name(rnd_file, sizeof(rnd_file));
if (rnd_file[0])
{
RAND_load_file(rnd_file, -1);
randfile_loaded = TRUE;
}
if (RAND_status() < 0)
fprintf(stderr, "WARNING: a trusted random number source is not available, crypto operations will probably fail. Please set the RANDFILE environment variable.");
}
}
|
