/src/libwebsockets/lib/tls/openssl/openssl-tls.c

Source
/*
 * libwebsockets - small server side websockets and web server implementation
 *
 * Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */

#include "private-lib-core.h"
#include "private-lib-tls-openssl.h"

extern int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;
#if defined(LWS_WITH_NETWORK)
static char openssl_ex_indexes_acquired;
#endif

void
lws_tls_err_describe_clear(void)
{
  char buf[160];
  unsigned long l;

  do {
    l = ERR_peek_error();
    if (!l)
      break;

    ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
    lwsl_info("   openssl error: %s\n", buf);
  } while (l);
  lwsl_info("\n");
}

#if LWS_MAX_SMP != 1

static pthread_mutex_t *openssl_mutexes = NULL;

static void
lws_openssl_lock_callback(int mode, int type, const char *file, int line)
{
  (void)file;
  (void)line;

  if (mode & CRYPTO_LOCK)
    pthread_mutex_lock(&openssl_mutexes[type]);
  else
    pthread_mutex_unlock(&openssl_mutexes[type]);
}

static unsigned long
lws_openssl_thread_id(void)
{
#ifdef __PTW32_H
  return (unsigned long)(intptr_t)(pthread_self()).p;
#else
  return (unsigned long)pthread_self();
#endif
}
#endif

int
lws_context_init_ssl_library(struct lws_context *cx,
                             const struct lws_context_creation_info *info)
{
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
  lwsl_cx_info(cx, " Compiled with CyaSSL support");
#else
  lwsl_cx_info(cx, " Compiled with wolfSSL support");
#endif
#else
#if defined(LWS_WITH_BORINGSSL)
  lwsl_cx_info(cx, " Compiled with BoringSSL support");
#elif defined(LWS_WITH_AWSLC)
  lwsl_cx_info(cx, " Compiled with AWS-LC support");
#else
  lwsl_cx_info(cx, " Compiled with OpenSSL support");
#endif
#endif
  if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) {
#if !defined(LWS_WITH_MBEDTLS) && defined(LWS_WITH_NETWORK)
    if (!info->provided_client_ssl_ctx)
#endif
      lwsl_cx_info(cx, " SSL disabled: no "
        "LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT");
    return 0;
  }

  /* basic openssl init */

  lwsl_cx_info(cx, "Doing SSL library init");

#if OPENSSL_VERSION_NUMBER < 0x10100000L
  SSL_library_init();
  OpenSSL_add_all_algorithms();
  SSL_load_error_strings();
#else
  OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
#endif
#if defined(LWS_WITH_NETWORK)
  if (!openssl_ex_indexes_acquired) {
    openssl_websocket_private_data_index =
      SSL_get_ex_new_index(0, "lws", NULL, NULL, NULL);

    openssl_SSL_CTX_private_data_index =
      SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);

    openssl_ex_indexes_acquired = 1;
  }
#endif

#if LWS_MAX_SMP != 1
  {
    int n;

    openssl_mutexes = (pthread_mutex_t *)
        OPENSSL_malloc((size_t)((unsigned long)CRYPTO_num_locks() *
                 (unsigned long)sizeof(openssl_mutexes[0])));

    for (n = 0; n < CRYPTO_num_locks(); n++)
      pthread_mutex_init(&openssl_mutexes[n], NULL);

    /*
     * These "functions" disappeared in later OpenSSL which is
     * already threadsafe.
     */

    (void)lws_openssl_thread_id;
    (void)lws_openssl_lock_callback;

    CRYPTO_set_id_callback(lws_openssl_thread_id);
    CRYPTO_set_locking_callback(lws_openssl_lock_callback);
  }
#endif

  return 0;
}

void
lws_context_deinit_ssl_library(struct lws_context *context)
{
#if LWS_MAX_SMP != 1
  int n;

  if (!lws_check_opt(context->options,
         LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
    return;

  CRYPTO_set_locking_callback(NULL);

  if (openssl_mutexes) {
    for (n = 0; n < CRYPTO_num_locks(); n++)
      pthread_mutex_destroy(&openssl_mutexes[n]);

    OPENSSL_free(openssl_mutexes);
    openssl_mutexes = NULL;
  }
#endif
}

Line	Count	Source
1		/*
2		* libwebsockets - small server side websockets and web server implementation
3		*
4		* Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
5		*
6		* Permission is hereby granted, free of charge, to any person obtaining a copy
7		* of this software and associated documentation files (the "Software"), to
8		* deal in the Software without restriction, including without limitation the
9		* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10		* sell copies of the Software, and to permit persons to whom the Software is
11		* furnished to do so, subject to the following conditions:
12		*
13		* The above copyright notice and this permission notice shall be included in
14		* all copies or substantial portions of the Software.
15		*
16		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21		* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22		* IN THE SOFTWARE.
23		*/
24
25		#include "private-lib-core.h"
26		#include "private-lib-tls-openssl.h"
27
28		extern int openssl_websocket_private_data_index,
29		openssl_SSL_CTX_private_data_index;
30		#if defined(LWS_WITH_NETWORK)
31		static char openssl_ex_indexes_acquired;
32		#endif
33
34		void
35		lws_tls_err_describe_clear(void)
36	0	{
37	0	char buf[160];
38	0	unsigned long l;
39
40	0	do {
41	0	l = ERR_peek_error();
42	0	if (!l)
43	0	break;
44
45	0	ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
46	0	lwsl_info(" openssl error: %s\n", buf);
47	0	} while (l);
48	0	lwsl_info("\n");
49	0	}
50
51		#if LWS_MAX_SMP != 1
52
53		static pthread_mutex_t *openssl_mutexes = NULL;
54
55		static void
56		lws_openssl_lock_callback(int mode, int type, const char *file, int line)
57		{
58		(void)file;
59		(void)line;
60
61		if (mode & CRYPTO_LOCK)
62		pthread_mutex_lock(&openssl_mutexes[type]);
63		else
64		pthread_mutex_unlock(&openssl_mutexes[type]);
65		}
66
67		static unsigned long
68		lws_openssl_thread_id(void)
69		{
70		#ifdef __PTW32_H
71		return (unsigned long)(intptr_t)(pthread_self()).p;
72		#else
73		return (unsigned long)pthread_self();
74		#endif
75		}
76		#endif
77
78		int
79		lws_context_init_ssl_library(struct lws_context *cx,
80		const struct lws_context_creation_info *info)
81	0	{
82		#ifdef USE_WOLFSSL
83		#ifdef USE_OLD_CYASSL
84		lwsl_cx_info(cx, " Compiled with CyaSSL support");
85		#else
86		lwsl_cx_info(cx, " Compiled with wolfSSL support");
87		#endif
88		#else
89		#if defined(LWS_WITH_BORINGSSL)
90		lwsl_cx_info(cx, " Compiled with BoringSSL support");
91		#elif defined(LWS_WITH_AWSLC)
92		lwsl_cx_info(cx, " Compiled with AWS-LC support");
93		#else
94	0	lwsl_cx_info(cx, " Compiled with OpenSSL support");
95	0	#endif
96	0	#endif
97	0	if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) {
98	0	#if !defined(LWS_WITH_MBEDTLS) && defined(LWS_WITH_NETWORK)
99	0	if (!info->provided_client_ssl_ctx)
100	0	#endif
101	0	lwsl_cx_info(cx, " SSL disabled: no "
102	0	"LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT");
103	0	return 0;
104	0	}
105
106		/* basic openssl init */
107
108	0	lwsl_cx_info(cx, "Doing SSL library init");
109
110		#if OPENSSL_VERSION_NUMBER < 0x10100000L
111		SSL_library_init();
112		OpenSSL_add_all_algorithms();
113		SSL_load_error_strings();
114		#else
115	0	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
116	0	#endif
117	0	#if defined(LWS_WITH_NETWORK)
118	0	if (!openssl_ex_indexes_acquired) {
119	0	openssl_websocket_private_data_index =
120	0	SSL_get_ex_new_index(0, "lws", NULL, NULL, NULL);
121
122	0	openssl_SSL_CTX_private_data_index =
123	0	SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
124
125	0	openssl_ex_indexes_acquired = 1;
126	0	}
127	0	#endif
128
129		#if LWS_MAX_SMP != 1
130		{
131		int n;
132
133		openssl_mutexes = (pthread_mutex_t *)
134		OPENSSL_malloc((size_t)((unsigned long)CRYPTO_num_locks() *
135		(unsigned long)sizeof(openssl_mutexes[0])));
136
137		for (n = 0; n < CRYPTO_num_locks(); n++)
138		pthread_mutex_init(&openssl_mutexes[n], NULL);
139
140		/*
141		* These "functions" disappeared in later OpenSSL which is
142		* already threadsafe.
143		*/
144
145		(void)lws_openssl_thread_id;
146		(void)lws_openssl_lock_callback;
147
148		CRYPTO_set_id_callback(lws_openssl_thread_id);
149		CRYPTO_set_locking_callback(lws_openssl_lock_callback);
150		}
151		#endif
152
153	0	return 0;
154	0	}
155
156		void
157		lws_context_deinit_ssl_library(struct lws_context *context)
158	0	{
159		#if LWS_MAX_SMP != 1
160		int n;
161
162		if (!lws_check_opt(context->options,
163		LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
164		return;
165
166		CRYPTO_set_locking_callback(NULL);
167
168		if (openssl_mutexes) {
169		for (n = 0; n < CRYPTO_num_locks(); n++)
170		pthread_mutex_destroy(&openssl_mutexes[n]);
171
172		OPENSSL_free(openssl_mutexes);
173		openssl_mutexes = NULL;
174		}
175		#endif
176	0	}

Coverage Report

Created: 2026-01-17 06:52