From 313834720d46a68071afe305975f8b70e9bc5782 Mon Sep 17 00:00:00 2001 From: "joth@chromium.org" Date: Wed, 17 Nov 2010 09:57:18 +0000 Subject: Refactor EnsureOpenSSLInit and openssl_util into base This allows the base/crypto methods to call EnsureOpenSSLInit. Also factors out the SSL_CTX and X509_STORE to be more closely associated with their consumers (ssl socket and X509Certificate resp.) rather than process wide globals. BUG=None TEST=None Review URL: http://codereview.chromium.org/4963002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66413 0039d316-1c4b-4281-b951-d872f2087c98 --- base/crypto/encryptor_openssl.cc | 5 +++- base/crypto/symmetric_key_openssl.cc | 2 ++ base/openssl_util.cc | 57 ++++++++++++++++++++++++++++++++++++ base/openssl_util.h | 20 +++++++++++++ base/scoped_vector.h | 1 + 5 files changed, 84 insertions(+), 1 deletion(-) (limited to 'base') diff --git a/base/crypto/encryptor_openssl.cc b/base/crypto/encryptor_openssl.cc index 6b08bd6..44ae932 100644 --- a/base/crypto/encryptor_openssl.cc +++ b/base/crypto/encryptor_openssl.cc @@ -44,7 +44,8 @@ class ScopedCipherCTX { } // namespace -Encryptor::Encryptor() { +Encryptor::Encryptor() + : key_(NULL) { } Encryptor::~Encryptor() { @@ -54,6 +55,7 @@ bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { DCHECK(key); DCHECK_EQ(CBC, mode); + EnsureOpenSSLInit(); if (iv.size() != AES_BLOCK_SIZE) return false; @@ -77,6 +79,7 @@ bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { bool Encryptor::Crypt(bool do_encrypt, const std::string& input, std::string* output) { + DCHECK(key_); // Must call Init() before En/De-crypt. // Work on the result in a local variable, and then only transfer it to // |output| on success to ensure no partial data is returned. std::string result; diff --git a/base/crypto/symmetric_key_openssl.cc b/base/crypto/symmetric_key_openssl.cc index e469135..9f0ad38 100644 --- a/base/crypto/symmetric_key_openssl.cc +++ b/base/crypto/symmetric_key_openssl.cc @@ -30,6 +30,7 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, if (key_size_in_bits == 0) return NULL; + EnsureOpenSSLInit(); scoped_ptr key(new SymmetricKey); uint8* key_data = reinterpret_cast(WriteInto(&key->key_, key_size_in_bytes + 1)); @@ -53,6 +54,7 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, int key_size_in_bytes = key_size_in_bits / 8; DCHECK_EQ(static_cast(key_size_in_bits), key_size_in_bytes * 8); + EnsureOpenSSLInit(); scoped_ptr key(new SymmetricKey); uint8* key_data = reinterpret_cast(WriteInto(&key->key_, key_size_in_bytes + 1)); diff --git a/base/openssl_util.cc b/base/openssl_util.cc index 82da868..894c710 100644 --- a/base/openssl_util.cc +++ b/base/openssl_util.cc @@ -5,11 +5,68 @@ #include "base/openssl_util.h" #include +#include +#include "base/lock.h" #include "base/logging.h" +#include "base/scoped_vector.h" +#include "base/singleton.h" namespace base { +namespace { + +unsigned long CurrentThreadId() { + return static_cast(PlatformThread::CurrentId()); +} + +// Singleton for initializing and cleaning up the OpenSSL library. +class OpenSSLInitSingleton { + private: + friend struct DefaultSingletonTraits; + OpenSSLInitSingleton() { + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + int num_locks = CRYPTO_num_locks(); + locks_.reserve(num_locks); + for (int i = 0; i < num_locks; ++i) + locks_.push_back(new Lock()); + CRYPTO_set_locking_callback(LockingCallback); + CRYPTO_set_id_callback(CurrentThreadId); + } + + ~OpenSSLInitSingleton() { + CRYPTO_set_locking_callback(NULL); + EVP_cleanup(); + ERR_free_strings(); + } + + static void LockingCallback(int mode, int n, const char* file, int line) { + Singleton::get()->OnLockingCallback(mode, n, file, + line); + } + + void OnLockingCallback(int mode, int n, const char* file, int line) { + CHECK_LT(static_cast(n), locks_.size()); + if (mode & CRYPTO_LOCK) + locks_[n]->Acquire(); + else + locks_[n]->Release(); + } + + // These locks are used and managed by OpenSSL via LockingCallback(). + ScopedVector locks_; + + DISALLOW_COPY_AND_ASSIGN(OpenSSLInitSingleton); +}; + +} // namespace + +void EnsureOpenSSLInit() { + (void)Singleton::get(); +} + void ClearOpenSSLERRStack() { if (logging::DEBUG_MODE && VLOG_IS_ON(1)) { int error_num = ERR_get_error(); diff --git a/base/openssl_util.h b/base/openssl_util.h index ed4101f..1d290ae 100644 --- a/base/openssl_util.h +++ b/base/openssl_util.h @@ -11,6 +11,20 @@ namespace base { +// A helper class that takes care of destroying OpenSSL objects when it goes out +// of scope. +template +class ScopedOpenSSL { + public: + explicit ScopedOpenSSL(T* ptr_) : ptr_(ptr_) { } + ~ScopedOpenSSL() { if (ptr_) (*destructor)(ptr_); } + + T* get() const { return ptr_; } + + private: + T* ptr_; +}; + // Provides a buffer of at least MIN_SIZE bytes, for use when calling OpenSSL's // SHA256, HMAC, etc functions, adapting the buffer sizing rules to meet those // of the our base wrapper APIs. @@ -51,6 +65,12 @@ class ScopedOpenSSLSafeSizeBuffer { DISALLOW_COPY_AND_ASSIGN(ScopedOpenSSLSafeSizeBuffer); }; +// Initialize OpenSSL if it isn't already initialized. This must be called +// before any other OpenSSL functions. +// This function is thread-safe, and OpenSSL will only ever be initialized once. +// OpenSSL will be properly shut down on program exit. +void EnsureOpenSSLInit(); + // Drains the OpenSSL ERR_get_error stack. On a debug build the error codes // are send to VLOG(1), on a release build they are disregarded. void ClearOpenSSLERRStack(); diff --git a/base/scoped_vector.h b/base/scoped_vector.h index ec152c9..9d372f3 100644 --- a/base/scoped_vector.h +++ b/base/scoped_vector.h @@ -54,6 +54,7 @@ class ScopedVector { } void reset() { STLDeleteElements(&v); } + void reserve(size_t capacity) { v.reserve(capacity); } void resize(size_t new_size) { v.resize(new_size); } // Lets the ScopedVector take ownership of |x|. -- cgit v1.1