1*1c60b9acSAndroid Build Coastguard Worker /*
2*1c60b9acSAndroid Build Coastguard Worker * libwebsockets - small server side websockets and web server implementation
3*1c60b9acSAndroid Build Coastguard Worker *
4*1c60b9acSAndroid Build Coastguard Worker * Copyright (C) 2010 - 2021 Andy Green <[email protected]>
5*1c60b9acSAndroid Build Coastguard Worker *
6*1c60b9acSAndroid Build Coastguard Worker * Permission is hereby granted, free of charge, to any person obtaining a copy
7*1c60b9acSAndroid Build Coastguard Worker * of this software and associated documentation files (the "Software"), to
8*1c60b9acSAndroid Build Coastguard Worker * deal in the Software without restriction, including without limitation the
9*1c60b9acSAndroid Build Coastguard Worker * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10*1c60b9acSAndroid Build Coastguard Worker * sell copies of the Software, and to permit persons to whom the Software is
11*1c60b9acSAndroid Build Coastguard Worker * furnished to do so, subject to the following conditions:
12*1c60b9acSAndroid Build Coastguard Worker *
13*1c60b9acSAndroid Build Coastguard Worker * The above copyright notice and this permission notice shall be included in
14*1c60b9acSAndroid Build Coastguard Worker * all copies or substantial portions of the Software.
15*1c60b9acSAndroid Build Coastguard Worker *
16*1c60b9acSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17*1c60b9acSAndroid Build Coastguard Worker * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18*1c60b9acSAndroid Build Coastguard Worker * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19*1c60b9acSAndroid Build Coastguard Worker * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20*1c60b9acSAndroid Build Coastguard Worker * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21*1c60b9acSAndroid Build Coastguard Worker * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22*1c60b9acSAndroid Build Coastguard Worker * IN THE SOFTWARE.
23*1c60b9acSAndroid Build Coastguard Worker */
24*1c60b9acSAndroid Build Coastguard Worker
25*1c60b9acSAndroid Build Coastguard Worker #include "private-lib-core.h"
26*1c60b9acSAndroid Build Coastguard Worker #include "private-lib-tls-openssl.h"
27*1c60b9acSAndroid Build Coastguard Worker
28*1c60b9acSAndroid Build Coastguard Worker extern int openssl_websocket_private_data_index,
29*1c60b9acSAndroid Build Coastguard Worker openssl_SSL_CTX_private_data_index;
30*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_NETWORK)
31*1c60b9acSAndroid Build Coastguard Worker static char openssl_ex_indexes_acquired;
32*1c60b9acSAndroid Build Coastguard Worker #endif
33*1c60b9acSAndroid Build Coastguard Worker
34*1c60b9acSAndroid Build Coastguard Worker void
lws_tls_err_describe_clear(void)35*1c60b9acSAndroid Build Coastguard Worker lws_tls_err_describe_clear(void)
36*1c60b9acSAndroid Build Coastguard Worker {
37*1c60b9acSAndroid Build Coastguard Worker char buf[160];
38*1c60b9acSAndroid Build Coastguard Worker unsigned long l;
39*1c60b9acSAndroid Build Coastguard Worker
40*1c60b9acSAndroid Build Coastguard Worker do {
41*1c60b9acSAndroid Build Coastguard Worker l = ERR_get_error();
42*1c60b9acSAndroid Build Coastguard Worker if (!l)
43*1c60b9acSAndroid Build Coastguard Worker break;
44*1c60b9acSAndroid Build Coastguard Worker
45*1c60b9acSAndroid Build Coastguard Worker ERR_error_string_n(
46*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_BORINGSSL)
47*1c60b9acSAndroid Build Coastguard Worker (uint32_t)
48*1c60b9acSAndroid Build Coastguard Worker #endif
49*1c60b9acSAndroid Build Coastguard Worker l, buf, sizeof(buf));
50*1c60b9acSAndroid Build Coastguard Worker lwsl_info(" openssl error: %s\n", buf);
51*1c60b9acSAndroid Build Coastguard Worker } while (l);
52*1c60b9acSAndroid Build Coastguard Worker lwsl_info("\n");
53*1c60b9acSAndroid Build Coastguard Worker }
54*1c60b9acSAndroid Build Coastguard Worker
55*1c60b9acSAndroid Build Coastguard Worker #if LWS_MAX_SMP != 1
56*1c60b9acSAndroid Build Coastguard Worker
57*1c60b9acSAndroid Build Coastguard Worker static pthread_mutex_t *openssl_mutexes = NULL;
58*1c60b9acSAndroid Build Coastguard Worker
59*1c60b9acSAndroid Build Coastguard Worker static void
lws_openssl_lock_callback(int mode,int type,const char * file,int line)60*1c60b9acSAndroid Build Coastguard Worker lws_openssl_lock_callback(int mode, int type, const char *file, int line)
61*1c60b9acSAndroid Build Coastguard Worker {
62*1c60b9acSAndroid Build Coastguard Worker (void)file;
63*1c60b9acSAndroid Build Coastguard Worker (void)line;
64*1c60b9acSAndroid Build Coastguard Worker
65*1c60b9acSAndroid Build Coastguard Worker if (mode & CRYPTO_LOCK)
66*1c60b9acSAndroid Build Coastguard Worker pthread_mutex_lock(&openssl_mutexes[type]);
67*1c60b9acSAndroid Build Coastguard Worker else
68*1c60b9acSAndroid Build Coastguard Worker pthread_mutex_unlock(&openssl_mutexes[type]);
69*1c60b9acSAndroid Build Coastguard Worker }
70*1c60b9acSAndroid Build Coastguard Worker
71*1c60b9acSAndroid Build Coastguard Worker static unsigned long
lws_openssl_thread_id(void)72*1c60b9acSAndroid Build Coastguard Worker lws_openssl_thread_id(void)
73*1c60b9acSAndroid Build Coastguard Worker {
74*1c60b9acSAndroid Build Coastguard Worker #ifdef __PTW32_H
75*1c60b9acSAndroid Build Coastguard Worker return (unsigned long)(intptr_t)(pthread_self()).p;
76*1c60b9acSAndroid Build Coastguard Worker #else
77*1c60b9acSAndroid Build Coastguard Worker return (unsigned long)pthread_self();
78*1c60b9acSAndroid Build Coastguard Worker #endif
79*1c60b9acSAndroid Build Coastguard Worker }
80*1c60b9acSAndroid Build Coastguard Worker #endif
81*1c60b9acSAndroid Build Coastguard Worker
82*1c60b9acSAndroid Build Coastguard Worker int
lws_context_init_ssl_library(struct lws_context * cx,const struct lws_context_creation_info * info)83*1c60b9acSAndroid Build Coastguard Worker lws_context_init_ssl_library(struct lws_context *cx,
84*1c60b9acSAndroid Build Coastguard Worker const struct lws_context_creation_info *info)
85*1c60b9acSAndroid Build Coastguard Worker {
86*1c60b9acSAndroid Build Coastguard Worker #ifdef USE_WOLFSSL
87*1c60b9acSAndroid Build Coastguard Worker #ifdef USE_OLD_CYASSL
88*1c60b9acSAndroid Build Coastguard Worker lwsl_cx_info(cx, " Compiled with CyaSSL support");
89*1c60b9acSAndroid Build Coastguard Worker #else
90*1c60b9acSAndroid Build Coastguard Worker lwsl_cx_info(cx, " Compiled with wolfSSL support");
91*1c60b9acSAndroid Build Coastguard Worker #endif
92*1c60b9acSAndroid Build Coastguard Worker #else
93*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_BORINGSSL)
94*1c60b9acSAndroid Build Coastguard Worker lwsl_cx_info(cx, " Compiled with BoringSSL support");
95*1c60b9acSAndroid Build Coastguard Worker #else
96*1c60b9acSAndroid Build Coastguard Worker lwsl_cx_info(cx, " Compiled with OpenSSL support");
97*1c60b9acSAndroid Build Coastguard Worker #endif
98*1c60b9acSAndroid Build Coastguard Worker #endif
99*1c60b9acSAndroid Build Coastguard Worker if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) {
100*1c60b9acSAndroid Build Coastguard Worker lwsl_cx_info(cx, " SSL disabled: no "
101*1c60b9acSAndroid Build Coastguard Worker "LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT");
102*1c60b9acSAndroid Build Coastguard Worker return 0;
103*1c60b9acSAndroid Build Coastguard Worker }
104*1c60b9acSAndroid Build Coastguard Worker
105*1c60b9acSAndroid Build Coastguard Worker /* basic openssl init */
106*1c60b9acSAndroid Build Coastguard Worker
107*1c60b9acSAndroid Build Coastguard Worker lwsl_cx_info(cx, "Doing SSL library init");
108*1c60b9acSAndroid Build Coastguard Worker
109*1c60b9acSAndroid Build Coastguard Worker #if OPENSSL_VERSION_NUMBER < 0x10100000L
110*1c60b9acSAndroid Build Coastguard Worker SSL_library_init();
111*1c60b9acSAndroid Build Coastguard Worker OpenSSL_add_all_algorithms();
112*1c60b9acSAndroid Build Coastguard Worker SSL_load_error_strings();
113*1c60b9acSAndroid Build Coastguard Worker #else
114*1c60b9acSAndroid Build Coastguard Worker OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
115*1c60b9acSAndroid Build Coastguard Worker #endif
116*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_NETWORK)
117*1c60b9acSAndroid Build Coastguard Worker if (!openssl_ex_indexes_acquired) {
118*1c60b9acSAndroid Build Coastguard Worker openssl_websocket_private_data_index =
119*1c60b9acSAndroid Build Coastguard Worker SSL_get_ex_new_index(0, "lws", NULL, NULL, NULL);
120*1c60b9acSAndroid Build Coastguard Worker
121*1c60b9acSAndroid Build Coastguard Worker openssl_SSL_CTX_private_data_index =
122*1c60b9acSAndroid Build Coastguard Worker SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
123*1c60b9acSAndroid Build Coastguard Worker
124*1c60b9acSAndroid Build Coastguard Worker openssl_ex_indexes_acquired = 1;
125*1c60b9acSAndroid Build Coastguard Worker }
126*1c60b9acSAndroid Build Coastguard Worker #endif
127*1c60b9acSAndroid Build Coastguard Worker
128*1c60b9acSAndroid Build Coastguard Worker #if LWS_MAX_SMP != 1
129*1c60b9acSAndroid Build Coastguard Worker {
130*1c60b9acSAndroid Build Coastguard Worker int n;
131*1c60b9acSAndroid Build Coastguard Worker
132*1c60b9acSAndroid Build Coastguard Worker openssl_mutexes = (pthread_mutex_t *)
133*1c60b9acSAndroid Build Coastguard Worker OPENSSL_malloc((size_t)((unsigned long)CRYPTO_num_locks() *
134*1c60b9acSAndroid Build Coastguard Worker (unsigned long)sizeof(openssl_mutexes[0])));
135*1c60b9acSAndroid Build Coastguard Worker
136*1c60b9acSAndroid Build Coastguard Worker for (n = 0; n < CRYPTO_num_locks(); n++)
137*1c60b9acSAndroid Build Coastguard Worker pthread_mutex_init(&openssl_mutexes[n], NULL);
138*1c60b9acSAndroid Build Coastguard Worker
139*1c60b9acSAndroid Build Coastguard Worker /*
140*1c60b9acSAndroid Build Coastguard Worker * These "functions" disappeared in later OpenSSL which is
141*1c60b9acSAndroid Build Coastguard Worker * already threadsafe.
142*1c60b9acSAndroid Build Coastguard Worker */
143*1c60b9acSAndroid Build Coastguard Worker
144*1c60b9acSAndroid Build Coastguard Worker (void)lws_openssl_thread_id;
145*1c60b9acSAndroid Build Coastguard Worker (void)lws_openssl_lock_callback;
146*1c60b9acSAndroid Build Coastguard Worker
147*1c60b9acSAndroid Build Coastguard Worker CRYPTO_set_id_callback(lws_openssl_thread_id);
148*1c60b9acSAndroid Build Coastguard Worker CRYPTO_set_locking_callback(lws_openssl_lock_callback);
149*1c60b9acSAndroid Build Coastguard Worker }
150*1c60b9acSAndroid Build Coastguard Worker #endif
151*1c60b9acSAndroid Build Coastguard Worker
152*1c60b9acSAndroid Build Coastguard Worker return 0;
153*1c60b9acSAndroid Build Coastguard Worker }
154*1c60b9acSAndroid Build Coastguard Worker
155*1c60b9acSAndroid Build Coastguard Worker void
lws_context_deinit_ssl_library(struct lws_context * context)156*1c60b9acSAndroid Build Coastguard Worker lws_context_deinit_ssl_library(struct lws_context *context)
157*1c60b9acSAndroid Build Coastguard Worker {
158*1c60b9acSAndroid Build Coastguard Worker #if LWS_MAX_SMP != 1
159*1c60b9acSAndroid Build Coastguard Worker int n;
160*1c60b9acSAndroid Build Coastguard Worker
161*1c60b9acSAndroid Build Coastguard Worker if (!lws_check_opt(context->options,
162*1c60b9acSAndroid Build Coastguard Worker LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
163*1c60b9acSAndroid Build Coastguard Worker return;
164*1c60b9acSAndroid Build Coastguard Worker
165*1c60b9acSAndroid Build Coastguard Worker CRYPTO_set_locking_callback(NULL);
166*1c60b9acSAndroid Build Coastguard Worker
167*1c60b9acSAndroid Build Coastguard Worker if (openssl_mutexes) {
168*1c60b9acSAndroid Build Coastguard Worker for (n = 0; n < CRYPTO_num_locks(); n++)
169*1c60b9acSAndroid Build Coastguard Worker pthread_mutex_destroy(&openssl_mutexes[n]);
170*1c60b9acSAndroid Build Coastguard Worker
171*1c60b9acSAndroid Build Coastguard Worker OPENSSL_free(openssl_mutexes);
172*1c60b9acSAndroid Build Coastguard Worker openssl_mutexes = NULL;
173*1c60b9acSAndroid Build Coastguard Worker }
174*1c60b9acSAndroid Build Coastguard Worker #endif
175*1c60b9acSAndroid Build Coastguard Worker }
176