1 /* 2 * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 /* 60 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 61 * Use is subject to license terms. 62 */ 63 64 /* 65 * Thread setup portions of this code derived from 66 * OpenSSL 0.9.x file mt/mttest.c examples 67 */ 68 69 #include <stdio.h> 70 #include <stdlib.h> 71 #include <string.h> 72 #include <errno.h> 73 #include <libintl.h> 74 #include <synch.h> 75 #include <thread.h> 76 #include <dlfcn.h> 77 #include <openssl/lhash.h> 78 #include <openssl/crypto.h> 79 #include <openssl/ssl.h> 80 #include <openssl/err.h> 81 #include "ipsec_util.h" 82 83 /* OpenSSL function pointers */ 84 static X509_NAME *(*d2i_X509_NAME_fn)() = NULL; 85 static int (*X509_NAME_print_ex_fp_fn)() = NULL; 86 static char *(*ERR_get_error_fn)() = NULL; 87 static char *(*ERR_error_string_fn)() = NULL; 88 static void (*SSL_load_error_strings_fn)() = NULL; 89 static void (*ERR_free_strings_fn)() = NULL; 90 static void (*CRYPTO_set_locking_callback_fn)() = NULL; 91 static void (*CRYPTO_set_id_callback_fn)() = NULL; 92 static void (*X509_NAME_free_fn)() = NULL; 93 static int (*CRYPTO_num_locks_fn)() = NULL; 94 static void *(*OPENSSL_malloc_fn)() = NULL; 95 static void (*OPENSSL_free_fn)() = NULL; 96 97 static void solaris_locking_callback(int, int, char *, int); 98 static unsigned long solaris_thread_id(void); 99 static boolean_t thread_setup(void); 100 /* LINTED E_STATIC_UNUSED */ 101 static void thread_cleanup(void); 102 103 mutex_t init_lock = DEFAULTMUTEX; 104 static mutex_t *lock_cs; 105 static long *lock_count; 106 107 static boolean_t libssl_loaded = B_FALSE; 108 static boolean_t libcrypto_loaded = B_FALSE; 109 110 void 111 libssl_load() 112 { 113 void *dldesc; 114 115 (void) mutex_lock(&init_lock); 116 if (libssl_loaded) { 117 (void) mutex_unlock(&init_lock); 118 return; 119 } 120 121 dldesc = dlopen(LIBSSL, RTLD_LAZY); 122 if (dldesc != NULL) { 123 d2i_X509_NAME_fn = (X509_NAME*(*)())dlsym(dldesc, 124 "d2i_X509_NAME"); 125 if (d2i_X509_NAME_fn == NULL) 126 goto libssl_err; 127 128 X509_NAME_print_ex_fp_fn = (int(*)())dlsym(dldesc, 129 "X509_NAME_print_ex_fp"); 130 if (X509_NAME_print_ex_fp_fn == NULL) 131 goto libssl_err; 132 133 ERR_get_error_fn = (char *(*)())dlsym(dldesc, 134 "ERR_get_error"); 135 if (ERR_get_error_fn == NULL) 136 goto libssl_err; 137 138 ERR_error_string_fn = (char *(*)())dlsym(dldesc, 139 "ERR_error_string"); 140 if (ERR_error_string_fn == NULL) 141 goto libssl_err; 142 143 SSL_load_error_strings_fn = (void(*)())dlsym(dldesc, 144 "SSL_load_error_strings"); 145 if (SSL_load_error_strings_fn == NULL) 146 goto libssl_err; 147 148 ERR_free_strings_fn = (void(*)())dlsym(dldesc, 149 "ERR_free_strings"); 150 if (ERR_free_strings_fn == NULL) 151 goto libssl_err; 152 153 CRYPTO_set_locking_callback_fn = (void(*)())dlsym(dldesc, 154 "CRYPTO_set_locking_callback"); 155 if (CRYPTO_set_locking_callback_fn == NULL) 156 goto libssl_err; 157 158 CRYPTO_set_id_callback_fn = (void(*)())dlsym(dldesc, 159 "CRYPTO_set_id_callback"); 160 if (CRYPTO_set_id_callback_fn == NULL) 161 goto libssl_err; 162 163 X509_NAME_free_fn = (void(*)())dlsym(dldesc, 164 "X509_NAME_free"); 165 if (X509_NAME_free_fn == NULL) 166 goto libssl_err; 167 168 if (thread_setup() == B_FALSE) 169 goto libssl_err; 170 171 libssl_loaded = B_TRUE; 172 } 173 (void) mutex_unlock(&init_lock); 174 return; 175 libssl_err: 176 (void) dlclose(dldesc); 177 (void) mutex_unlock(&init_lock); 178 } 179 180 void 181 libcrypto_load() 182 { 183 void *dldesc; 184 185 (void) mutex_lock(&init_lock); 186 if (libcrypto_loaded) { 187 (void) mutex_unlock(&init_lock); 188 return; 189 } 190 191 dldesc = dlopen(LIBCRYPTO, RTLD_LAZY); 192 if (dldesc != NULL) { 193 CRYPTO_num_locks_fn = (int(*)())dlsym(dldesc, 194 "CRYPTO_num_locks"); 195 if (CRYPTO_num_locks_fn == NULL) 196 goto libcrypto_err; 197 198 /* 199 * OPENSSL_free is really a macro, so we 200 * need to reference the actual symbol, 201 * which is CRYPTO_free. 202 */ 203 OPENSSL_free_fn = (void(*)())dlsym(dldesc, 204 "CRYPTO_free"); 205 if (OPENSSL_free_fn == NULL) 206 goto libcrypto_err; 207 208 /* 209 * OPENSSL_malloc is really a macro, so we 210 * need to reference the actual symbol, 211 * which is CRYPTO_malloc. 212 */ 213 OPENSSL_malloc_fn = (void *(*)())dlsym(dldesc, 214 "CRYPTO_malloc"); 215 if (OPENSSL_malloc_fn == NULL) 216 goto libcrypto_err; 217 218 libcrypto_loaded = B_TRUE; 219 } 220 (void) mutex_unlock(&init_lock); 221 return; 222 libcrypto_err: 223 (void) dlclose(dldesc); 224 (void) mutex_unlock(&init_lock); 225 } 226 227 static boolean_t 228 thread_setup(void) 229 { 230 int i; 231 232 if ((lock_cs = OPENSSL_malloc_fn(CRYPTO_num_locks_fn() * 233 sizeof (mutex_t))) == NULL) 234 return (B_FALSE); 235 if ((lock_count = OPENSSL_malloc_fn(CRYPTO_num_locks_fn() * 236 sizeof (long))) == NULL) { 237 OPENSSL_free_fn(lock_cs); 238 return (B_FALSE); 239 } 240 241 for (i = 0; i < CRYPTO_num_locks_fn(); i++) { 242 lock_count[i] = 0; 243 (void) mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL); 244 } 245 246 CRYPTO_set_id_callback_fn((unsigned long (*)())solaris_thread_id); 247 CRYPTO_set_locking_callback_fn((void (*)())solaris_locking_callback); 248 return (B_TRUE); 249 } 250 251 static void 252 thread_cleanup(void) 253 { 254 int i; 255 256 (void) mutex_lock(&init_lock); 257 CRYPTO_set_locking_callback_fn(NULL); 258 CRYPTO_set_id_callback_fn(NULL); 259 for (i = 0; i < CRYPTO_num_locks_fn(); i++) 260 (void) mutex_destroy(&(lock_cs[i])); 261 OPENSSL_free_fn(lock_cs); 262 OPENSSL_free_fn(lock_count); 263 (void) mutex_unlock(&init_lock); 264 } 265 266 /* ARGSUSED */ 267 static void 268 solaris_locking_callback(int mode, int type, char *file, int line) 269 { 270 if (mode & CRYPTO_LOCK) { 271 (void) mutex_lock(&(lock_cs[type])); 272 lock_count[type]++; 273 } else { 274 (void) mutex_unlock(&(lock_cs[type])); 275 } 276 } 277 278 static unsigned long 279 solaris_thread_id(void) 280 { 281 unsigned long ret; 282 283 ret = (unsigned long)thr_self(); 284 return (ret); 285 } 286 287 void 288 print_asn1_name(FILE *file, const unsigned char *buf, long buflen) 289 { 290 libcrypto_load(); 291 if (libcrypto_loaded) 292 libssl_load(); 293 294 if (libssl_loaded && libcrypto_loaded) { 295 X509_NAME *x509name = NULL; 296 const unsigned char *p; 297 298 /* Make an effort to decode the ASN1 encoded name */ 299 SSL_load_error_strings_fn(); 300 301 /* 302 * Temporary variable is mandatory per d2i_X509(3). Upcoming 303 * call to d2i_X509_NAME_fn() will change the 'p' pointer. 304 */ 305 p = buf; 306 307 x509name = d2i_X509_NAME_fn(NULL, &p, buflen); 308 if (x509name != NULL) { 309 (void) X509_NAME_print_ex_fp_fn(file, x509name, 0, 310 (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | 311 XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN)); 312 X509_NAME_free_fn(x509name); 313 (void) fprintf(file, "\n"); 314 } else { 315 char errbuf[80]; 316 317 (void) fprintf(file, "\n# %s\n", 318 ERR_error_string_fn(ERR_get_error_fn(), errbuf)); 319 (void) fprintf(file, dgettext(TEXT_DOMAIN, 320 "<cannot interpret>\n")); 321 } 322 ERR_free_strings_fn(); 323 } else { 324 (void) fprintf(file, dgettext(TEXT_DOMAIN, "<cannot print>\n")); 325 } 326 } 327