tor  0.4.2.0-alpha-dev
crypto_init.c
Go to the documentation of this file.
1 /* Copyright (c) 2001, Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
13 #include "orconfig.h"
14 
15 #define CRYPTO_PRIVATE
16 
18 
25 #include "lib/crypt_ops/crypto_sys.h"
26 
27 #include "lib/subsys/subsys.h"
28 
29 #include "ext/siphash.h"
30 
33 
36 
37 static int have_seeded_siphash = 0;
38 
40 int
42 {
43  struct sipkey key;
44  if (have_seeded_siphash)
45  return 0;
46 
47  crypto_rand((char*) &key, sizeof(key));
48  siphash_set_global_key(&key);
49  have_seeded_siphash = 1;
50  return 0;
51 }
52 
55 int
57 {
59 
61 
62 #ifdef ENABLE_OPENSSL
64 #endif
65 #ifdef ENABLE_NSS
66  crypto_nss_early_init(0);
67 #endif
68 
69  if (crypto_seed_rng() < 0)
70  return -1;
71  if (crypto_init_siphash_key() < 0)
72  return -1;
73 
75 
77  ed25519_init();
78  }
79  return 0;
80 }
81 
84 int
85 crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
86 {
88  if (crypto_early_init() < 0)
89  return -1;
90 
92 
93  crypto_dh_init();
94 
95 #ifdef ENABLE_OPENSSL
96  if (crypto_openssl_late_init(useAccel, accelName, accelDir) < 0)
97  return -1;
98 #else
99  (void)useAccel;
100  (void)accelName;
101  (void)accelDir;
102 #endif /* defined(ENABLE_OPENSSL) */
103 #ifdef ENABLE_NSS
104  if (crypto_nss_late_init() < 0)
105  return -1;
106 #endif
107  }
108  return 0;
109 }
110 
112 void
114 {
115 #ifdef ENABLE_OPENSSL
117 #endif
119 }
120 
125 int
127 {
128  crypto_dh_free_all();
129 
130 #ifdef ENABLE_OPENSSL
132 #endif
133 #ifdef ENABLE_NSS
134  crypto_nss_global_cleanup();
135 #endif
136 
138 
141  have_seeded_siphash = 0;
142  siphash_unset_global_key();
143 
144  return 0;
145 }
146 
149 void
151 {
152 #ifdef ENABLE_NSS
153  crypto_nss_prefork();
154 #endif
155  /* It is not safe to share a fast_rng object across a fork boundary unless
156  * we actually have zero-on-fork support in map_anon.c. If we have
157  * drop-on-fork support, we will crash; if we have neither, we will yield
158  * a copy of the parent process's rng, which is scary and insecure.
159  */
161 }
162 
165 void
167 {
168 #ifdef ENABLE_NSS
169  crypto_nss_postfork();
170 #endif
171 }
172 
174 const char *
176 {
177 #ifdef ENABLE_OPENSSL
178  return "OpenSSL";
179 #endif
180 #ifdef ENABLE_NSS
181  return "NSS";
182 #endif
183 }
184 
187 const char *
189 {
190 #ifdef ENABLE_OPENSSL
191  return crypto_openssl_get_version_str();
192 #endif
193 #ifdef ENABLE_NSS
194  return crypto_nss_get_version_str();
195 #endif
196 }
197 
200 const char *
202 {
203 #ifdef ENABLE_OPENSSL
204  return crypto_openssl_get_header_version_str();
205 #endif
206 #ifdef ENABLE_NSS
207  return crypto_nss_get_header_version_str();
208 #endif
209 }
210 
212 int
214 {
215 #ifdef ENABLE_NSS
216  return 1;
217 #else
218  return 0;
219 #endif
220 }
221 
222 static int
223 subsys_crypto_initialize(void)
224 {
225  if (crypto_early_init() < 0)
226  return -1;
227  crypto_dh_init();
228  return 0;
229 }
230 
231 static void
232 subsys_crypto_shutdown(void)
233 {
235 }
236 
237 static void
238 subsys_crypto_prefork(void)
239 {
240  crypto_prefork();
241 }
242 
243 static void
244 subsys_crypto_postfork(void)
245 {
246  crypto_postfork();
247 }
248 
249 static void
250 subsys_crypto_thread_cleanup(void)
251 {
253 }
254 
255 const struct subsys_fns_t sys_crypto = {
256  .name = "crypto",
257  .supported = true,
258  .level = -60,
259  .initialize = subsys_crypto_initialize,
260  .shutdown = subsys_crypto_shutdown,
261  .prefork = subsys_crypto_prefork,
262  .postfork = subsys_crypto_postfork,
263  .thread_cleanup = subsys_crypto_thread_cleanup,
264 };
int crypto_init_siphash_key(void)
Definition: crypto_init.c:41
Common functions for using (pseudo-)random number generators.
Headers for crypto_dh.c.
void crypto_rand_fast_shutdown(void)
int crypto_early_init(void)
Definition: crypto_init.c:56
void crypto_openssl_early_init(void)
void crypto_rand_fast_init(void)
Headers for crypto_openssl_mgt.c.
void crypto_openssl_global_cleanup(void)
void crypto_openssl_thread_cleanup(void)
int tor_is_using_nss(void)
Definition: crypto_init.c:213
void crypto_prefork(void)
Definition: crypto_init.c:150
const char * crypto_get_library_version_string(void)
Definition: crypto_init.c:188
void crypto_thread_cleanup(void)
Definition: crypto_init.c:113
static int crypto_early_initialized_
Definition: crypto_init.c:32
int crypto_global_cleanup(void)
Definition: crypto_init.c:126
int crypto_openssl_late_init(int useAccel, const char *accelName, const char *accelDir)
Header for crypto_ed25519.c.
static int crypto_global_initialized_
Definition: crypto_init.c:35
const char * crypto_get_header_version_string(void)
Definition: crypto_init.c:201
const char * name
Definition: subsys.h:28
void crypto_postfork(void)
Definition: crypto_init.c:166
int crypto_seed_rng(void)
Definition: crypto_rand.c:452
void curve25519_init(void)
Header for crypto_curve25519.c.
int crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
Definition: crypto_init.c:85
Headers for crypto_init.c.
Headers for crypto_nss_mgt.c.
void destroy_thread_fast_rng(void)
const char * crypto_get_library_name(void)
Definition: crypto_init.c:175