1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
/*
* Copyright (c) 2002-2012 BalaBit IT Ltd, Budapest, Hungary
* Copyright (c) 1998-2012 Balázs Scheidler
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* As an additional exemption you are allowed to compile & link against the
* OpenSSL libraries as published by the OpenSSL project. See the file
* COPYING for details.
*/
/* This file becomes part of libsyslog-ng-crypto.so, the shared object
* that contains all crypto related stuff to be used by plugins. This
* includes the TLS wrappers, random number initialization, and so on.
*/
#include "crypto.h"
#include "apphook.h"
#if ENABLE_SSL
#include <openssl/rand.h>
#include <openssl/ssl.h>
#include <stdio.h>
static gint ssl_lock_count;
static GStaticMutex *ssl_locks;
static gboolean randfile_loaded;
static void
ssl_locking_callback(int mode, int type, char *file, int line)
{
if (mode & CRYPTO_LOCK)
{
g_static_mutex_lock(&ssl_locks[type]);
}
else
{
g_static_mutex_unlock(&ssl_locks[type]);
}
}
static unsigned long
ssl_thread_id(void)
{
return (unsigned long) g_thread_self();
}
static void
crypto_init_threading(void)
{
gint i;
ssl_lock_count = CRYPTO_num_locks();
ssl_locks = g_new(GStaticMutex, ssl_lock_count);
for (i = 0; i < ssl_lock_count; i++)
{
g_static_mutex_init(&ssl_locks[i]);
}
CRYPTO_set_id_callback((unsigned long (*)()) ssl_thread_id);
CRYPTO_set_locking_callback((void (*)()) ssl_locking_callback);
}
static void
crypto_deinit_threading(void)
{
gint i;
for (i = 0; i < ssl_lock_count; i++)
{
g_static_mutex_free(&ssl_locks[i]);
}
g_free(ssl_locks);
}
void
crypto_deinit(void)
{
char rnd_file[256];
if (randfile_loaded)
{
RAND_file_name(rnd_file, sizeof(rnd_file));
if (rnd_file[0])
RAND_write_file(rnd_file);
}
crypto_deinit_threading();
}
static void
crypto_init(void)
{
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
crypto_init_threading();
if (RAND_status() < 0 || getenv("RANDFILE"))
{
char rnd_file[256];
RAND_file_name(rnd_file, sizeof(rnd_file));
if (rnd_file[0])
{
RAND_load_file(rnd_file, -1);
randfile_loaded = TRUE;
}
if (RAND_status() < 0)
fprintf(stderr, "WARNING: a trusted random number source is not available, crypto operations will probably fail. Please set the RANDFILE environment variable.");
}
}
static void __attribute__((constructor))
crypto_load(void)
{
crypto_init();
}
static void __attribute__((destructor))
crypto_unload(void)
{
crypto_deinit();
}
/* the crypto options (seed) are handled in main.c */
#endif
|