1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/openssl_util.h" 6 7 #include <openssl/err.h> 8 #include <openssl/ssl.h> 9 10 #include "base/logging.h" 11 #include "base/memory/scoped_vector.h" 12 #include "base/memory/singleton.h" 13 #include "base/string_piece.h" 14 #include "base/synchronization/lock.h" 15 16 namespace crypto { 17 18 namespace { 19 20 unsigned long CurrentThreadId() { 21 return static_cast<unsigned long>(base::PlatformThread::CurrentId()); 22 } 23 24 // Singleton for initializing and cleaning up the OpenSSL library. 25 class OpenSSLInitSingleton { 26 public: 27 static OpenSSLInitSingleton* GetInstance() { 28 // We allow the SSL environment to leak for multiple reasons: 29 // - it is used from a non-joinable worker thread that is not stopped on 30 // shutdown, hence may still be using OpenSSL library after the AtExit 31 // runner has completed. 32 // - There are other OpenSSL related singletons (e.g. the client socket 33 // context) who's cleanup depends on the global environment here, but 34 // we can't control the order the AtExit handlers will run in so 35 // allowing the global environment to leak at least ensures it is 36 // available for those other singletons to reliably cleanup. 37 return Singleton<OpenSSLInitSingleton, 38 LeakySingletonTraits<OpenSSLInitSingleton> >::get(); 39 } 40 private: 41 friend struct DefaultSingletonTraits<OpenSSLInitSingleton>; 42 OpenSSLInitSingleton() { 43 SSL_load_error_strings(); 44 SSL_library_init(); 45 OpenSSL_add_all_algorithms(); 46 int num_locks = CRYPTO_num_locks(); 47 locks_.reserve(num_locks); 48 for (int i = 0; i < num_locks; ++i) 49 locks_.push_back(new base::Lock()); 50 CRYPTO_set_locking_callback(LockingCallback); 51 CRYPTO_set_id_callback(CurrentThreadId); 52 } 53 54 ~OpenSSLInitSingleton() { 55 CRYPTO_set_locking_callback(NULL); 56 EVP_cleanup(); 57 ERR_free_strings(); 58 } 59 60 static void LockingCallback(int mode, int n, const char* file, int line) { 61 OpenSSLInitSingleton::GetInstance()->OnLockingCallback(mode, n, file, line); 62 } 63 64 void OnLockingCallback(int mode, int n, const char* file, int line) { 65 CHECK_LT(static_cast<size_t>(n), locks_.size()); 66 if (mode & CRYPTO_LOCK) 67 locks_[n]->Acquire(); 68 else 69 locks_[n]->Release(); 70 } 71 72 // These locks are used and managed by OpenSSL via LockingCallback(). 73 ScopedVector<base::Lock> locks_; 74 75 DISALLOW_COPY_AND_ASSIGN(OpenSSLInitSingleton); 76 }; 77 78 // Callback routine for OpenSSL to print error messages. |str| is a 79 // NULL-terminated string of length |len| containing diagnostic information 80 // such as the library, function and reason for the error, the file and line 81 // where the error originated, plus potentially any context-specific 82 // information about the error. |context| contains a pointer to user-supplied 83 // data, which is currently unused. 84 // If this callback returns a value <= 0, OpenSSL will stop processing the 85 // error queue and return, otherwise it will continue calling this function 86 // until all errors have been removed from the queue. 87 int OpenSSLErrorCallback(const char* str, size_t len, void* context) { 88 DVLOG(1) << "\t" << base::StringPiece(str, len); 89 return 1; 90 } 91 92 } // namespace 93 94 void EnsureOpenSSLInit() { 95 (void)OpenSSLInitSingleton::GetInstance(); 96 } 97 98 void ClearOpenSSLERRStack(const tracked_objects::Location& location) { 99 if (logging::DEBUG_MODE && VLOG_IS_ON(1)) { 100 int error_num = ERR_peek_error(); 101 if (error_num == 0) 102 return; 103 104 std::string message; 105 location.Write(true, true, &message); 106 DVLOG(1) << "OpenSSL ERR_get_error stack from " << message; 107 ERR_print_errors_cb(&OpenSSLErrorCallback, NULL); 108 } else { 109 ERR_clear_error(); 110 } 111 } 112 113 } // namespace crypto 114