13 #include "lib/crypt_ops/compat_openssl.h"
24 DISABLE_GCC_WARNING(
"-Wredundant-decls")
26 #include <openssl/err.h>
27 #include <openssl/rsa.h>
28 #include <openssl/pem.h>
29 #include <openssl/evp.h>
30 #include <openssl/engine.h>
31 #include <openssl/rand.h>
32 #include <openssl/bn.h>
33 #include <openssl/dh.h>
34 #include <openssl/conf.h>
35 #include <openssl/hmac.h>
36 #include <openssl/crypto.h>
37 #include <openssl/ssl.h>
39 ENABLE_GCC_WARNING(
"-Wredundant-decls")
43 #ifndef NEW_THREAD_API
52 #ifndef NEW_THREAD_API
54 STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid);
64 const char *msg, *lib, *func;
65 while ((err = ERR_get_error()) != 0) {
66 msg = (
const char*)ERR_reason_error_string(err);
67 lib = (
const char*)ERR_lib_error_string(err);
68 func = (
const char*)ERR_func_error_string(err);
69 if (!msg) msg =
"(null)";
70 if (!lib) lib =
"(null)";
71 if (!func) func =
"(null)";
72 if (BUG(!doing)) doing =
"(null)";
74 doing, msg, lib, func);
84 const char *end_of_version = NULL;
88 raw_version += strlen(
"OpenSSL ");
89 end_of_version = strchr(raw_version,
' ');
93 return tor_strndup(raw_version,
94 end_of_version-raw_version);
96 return tor_strdup(raw_version);
99 static char *crypto_openssl_version_str = NULL;
102 crypto_openssl_get_version_str(
void)
104 #ifdef OPENSSL_VERSION
105 const int query = OPENSSL_VERSION;
108 const int query = SSLEAY_VERSION;
111 if (crypto_openssl_version_str == NULL) {
112 const char *raw_version = OpenSSL_version(query);
115 return crypto_openssl_version_str;
118 #undef QUERY_OPENSSL_VERSION
120 static char *crypto_openssl_header_version_str = NULL;
124 crypto_openssl_get_header_version_str(
void)
126 if (crypto_openssl_header_version_str == NULL) {
127 crypto_openssl_header_version_str =
130 return crypto_openssl_header_version_str;
134 #ifndef OPENSSL_THREADS
135 #error "OpenSSL has been built without thread support. Tor requires an \
136 OpenSSL library with thread support enabled."
140 #ifndef NEW_THREAD_API
152 if (mode & CRYPTO_LOCK)
159 tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
170 #ifndef NEW_THREAD_API
172 int n = CRYPTO_num_locks();
175 for (i=0; i < n; ++i)
178 CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
187 tor_free(crypto_openssl_version_str);
188 tor_free(crypto_openssl_header_version_str);
194 #ifndef NEW_THREAD_API
213 #ifdef OPENSSL_1_1_API
214 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
215 OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
216 OPENSSL_INIT_ADD_ALL_CIPHERS |
217 OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
219 ERR_load_crypto_strings();
220 OpenSSL_add_all_algorithms();
225 unsigned long version_num = tor_OpenSSL_version_num();
226 const char *version_str = crypto_openssl_get_version_str();
227 if (version_num == OPENSSL_VERSION_NUMBER &&
228 !strcmp(version_str, OPENSSL_VERSION_TEXT)) {
229 log_info(
LD_CRYPTO,
"OpenSSL version matches version from headers "
230 "(%lx: %s).", version_num, version_str);
231 }
else if ((version_num & 0xffff0000) ==
232 (OPENSSL_VERSION_NUMBER & 0xffff0000)) {
234 "We compiled with OpenSSL %lx: %s and we "
235 "are running with OpenSSL %lx: %s. "
236 "These two versions should be binary compatible.",
237 (
unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
238 version_num, version_str);
240 log_warn(
LD_CRYPTO,
"OpenSSL version from headers does not match the "
241 "version we're running with. If you get weird crashes, that "
242 "might be why. (Compiled with %lx: %s; running with %lx: %s).",
243 (
unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
244 version_num, version_str);
250 #ifndef DISABLE_ENGINES
256 ENGINE *e = ENGINE_by_id(
"dynamic");
258 if (!ENGINE_ctrl_cmd_string(e,
"ID", engine, 0) ||
259 !ENGINE_ctrl_cmd_string(e,
"DIR_LOAD",
"2", 0) ||
260 !ENGINE_ctrl_cmd_string(e,
"DIR_ADD", path, 0) ||
261 !ENGINE_ctrl_cmd_string(e,
"LOAD", NULL, 0)) {
270 #ifndef DISABLE_ENGINES
276 const char *
name, *id;
277 name = ENGINE_get_name(e);
278 id = ENGINE_get_id(e);
279 log_notice(
LD_CRYPTO,
"Default OpenSSL engine for %s is %s [%s]",
282 log_info(
LD_CRYPTO,
"Using default implementation for %s", fn);
296 const char *accelDir)
298 #ifdef DISABLE_ENGINES
301 log_warn(
LD_CRYPTO,
"No OpenSSL hardware acceleration support enabled.");
302 if (accelName && accelName[0] ==
'!') {
303 log_warn(
LD_CRYPTO,
"Unable to load required dynamic OpenSSL engine "
304 "\"%s\".", accelName+1);
311 log_info(
LD_CRYPTO,
"Initializing OpenSSL engine support.");
312 ENGINE_load_builtin_engines();
313 ENGINE_register_all_complete();
316 const bool required = accelName[0] ==
'!';
320 log_info(
LD_CRYPTO,
"Trying to load dynamic OpenSSL engine \"%s\""
321 " via path \"%s\".", accelName, accelDir);
324 log_info(
LD_CRYPTO,
"Initializing dynamic OpenSSL engine \"%s\""
325 " acceleration support.", accelName);
326 e = ENGINE_by_id(accelName);
329 log_warn(
LD_CRYPTO,
"Unable to load %sdynamic OpenSSL engine \"%s\".",
330 required?
"required ":
"",
335 log_info(
LD_CRYPTO,
"Loaded dynamic OpenSSL engine \"%s\".",
340 log_info(
LD_CRYPTO,
"Loaded OpenSSL hardware acceleration engine,"
341 " setting default ciphers.");
342 ENGINE_set_default(e, ENGINE_METHOD_ALL);
348 #ifdef OPENSSL_1_1_API
351 log_engine(
"ECDH", ENGINE_get_default_ECDH());
352 log_engine(
"ECDSA", ENGINE_get_default_ECDSA());
354 log_engine(
"RAND", ENGINE_get_default_RAND());
355 log_engine(
"RAND (which we will not use)", ENGINE_get_default_RAND());
356 log_engine(
"SHA1", ENGINE_get_digest_engine(NID_sha1));
357 log_engine(
"3DES-CBC", ENGINE_get_cipher_engine(NID_des_ede3_cbc));
358 log_engine(
"AES-128-ECB", ENGINE_get_cipher_engine(NID_aes_128_ecb));
359 log_engine(
"AES-128-CBC", ENGINE_get_cipher_engine(NID_aes_128_cbc));
360 #ifdef NID_aes_128_ctr
361 log_engine(
"AES-128-CTR", ENGINE_get_cipher_engine(NID_aes_128_ctr));
363 #ifdef NID_aes_128_gcm
364 log_engine(
"AES-128-GCM", ENGINE_get_cipher_engine(NID_aes_128_gcm));
366 log_engine(
"AES-256-CBC", ENGINE_get_cipher_engine(NID_aes_256_cbc));
367 #ifdef NID_aes_256_gcm
368 log_engine(
"AES-256-GCM", ENGINE_get_cipher_engine(NID_aes_256_gcm));
378 const char *accelDir)
384 log_info(
LD_CRYPTO,
"NOT using OpenSSL engine support.");
392 evaluate_evp_for_aes(-1);
393 evaluate_ctr_for_aes();
402 #ifndef NEW_THREAD_API
403 ERR_remove_thread_state(NULL);
411 #ifndef OPENSSL_1_1_API
414 #ifndef NEW_THREAD_API
415 ERR_remove_thread_state(NULL);
417 #ifndef OPENSSL_1_1_API
421 #ifndef DISABLE_ENGINES
422 #ifndef OPENSSL_1_1_API
427 CONF_modules_unload(1);
428 #ifndef OPENSSL_1_1_API
429 CRYPTO_cleanup_all_ex_data();
tor_mutex_t * tor_mutex_new(void)
Header for compat_mutex.c.
void tor_mutex_release(tor_mutex_t *m)
void tor_mutex_acquire(tor_mutex_t *m)
#define tor_mutex_free(m)
unsigned long tor_get_thread_id(void)
static tor_mutex_t ** openssl_mutexes_
void crypto_openssl_early_init(void)
void crypto_openssl_thread_cleanup(void)
static int n_openssl_mutexes_
int crypto_openssl_late_init(int useAccel, const char *accelName, const char *accelDir)
static ENGINE * try_load_engine(const char *path, const char *engine)
static int crypto_openssl_init_engines(const char *accelName, const char *accelDir)
static void log_engine(const char *fn, ENGINE *e)
static int setup_openssl_threading(void)
void crypto_openssl_global_cleanup(void)
STATIC char * parse_openssl_version_str(const char *raw_version)
STATIC void openssl_locking_cb_(int mode, int n, const char *file, int line)
static void crypto_openssl_free_all(void)
void crypto_openssl_log_errors(int severity, const char *doing)
Headers for crypto_openssl_mgt.c.
int crypto_seed_rng(void)
int crypto_force_rand_ssleay(void)
Common functions for using (pseudo-)random number generators.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Macros to implement mocking and selective exposure for the test code.
Macros to manage assertions, fatal and non-fatal.
int strcmpstart(const char *s1, const char *s2)
Header for util_string.c.