Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Initialize OpenSSL on startup

Browse source
This commit is contained in:
Dominik Charousset 2022-04-28 08:35:36 +02:00
parent fa27f896d5
commit 8786f5ab1d
1 changed files with 84 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

93
src/zeek-setup.cc
View file

@ -88,6 +88,88 @@ int perftools_leaks = 0;
int perftools_profile = 0; int perftools_profile = 0;
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
namespace
{
struct CRYPTO_dynlock_value
{
std::mutex mtx;
};
std::unique_ptr<std::mutex[]> ssl_mtx_tbl;
void ssl_lock_fn(int mode, int n, const char*, int)
{
if ( mode & CRYPTO_LOCK )
ssl_mtx_tbl[static_cast<size_t>(n)].lock();
else
ssl_mtx_tbl[static_cast<size_t>(n)].unlock();
}
CRYPTO_dynlock_value* ssl_dynlock_create(const char*, int)
{
return new CRYPTO_dynlock_value;
}
void ssl_dynlock_lock(int mode, CRYPTO_dynlock_value* ptr, const char*, int)
{
if ( mode & CRYPTO_LOCK )
ptr->mtx.lock();
else
ptr->mtx.unlock();
}
void ssl_dynlock_destroy(CRYPTO_dynlock_value* ptr, const char*, int)
{
delete ptr;
}
void do_ssl_init()
{
ERR_load_crypto_strings();
OPENSSL_add_all_algorithms_conf();
SSL_library_init();
SSL_load_error_strings();
ssl_mtx_tbl.reset(new std::mutex[CRYPTO_num_locks()]);
CRYPTO_set_locking_callback(ssl_lock_fn);
CRYPTO_set_dynlock_create_callback(ssl_dynlock_create);
CRYPTO_set_dynlock_lock_callback(ssl_dynlock_lock);
CRYPTO_set_dynlock_destroy_callback(ssl_dynlock_destroy);
}
void do_ssl_deinit()
{
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
CRYPTO_set_locking_callback(nullptr);
CRYPTO_set_dynlock_create_callback(nullptr);
CRYPTO_set_dynlock_lock_callback(nullptr);
CRYPTO_set_dynlock_destroy_callback(nullptr);
ssl_mtx_tbl.reset();
}
} // namespace
#else
namespace
{
void do_ssl_init()
{
OPENSSL_init_ssl(0, nullptr);
}
void do_ssl_deinit()
{
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
}
} // namespace
#endif
zeek::ValManager* zeek::val_mgr = nullptr; zeek::ValManager* zeek::val_mgr = nullptr;
zeek::packet_analysis::Manager* zeek::packet_mgr = nullptr; zeek::packet_analysis::Manager* zeek::packet_mgr = nullptr;
zeek::analyzer::Manager* zeek::analyzer_mgr = nullptr; zeek::analyzer::Manager* zeek::analyzer_mgr = nullptr;
@ -545,12 +627,7 @@ SetupResult setup(int argc, char** argv, Options* zopts)
// DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key)); // DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key));
init_hash_function(); init_hash_function();
#if OPENSSL_VERSION_NUMBER < 0x10100000L do_ssl_init();
ERR_load_crypto_strings();
OPENSSL_add_all_algorithms_conf();
SSL_library_init();
SSL_load_error_strings();
#endif
// FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't // FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't
// seed the PRNG. We should do this here (but at least Linux, FreeBSD // seed the PRNG. We should do this here (but at least Linux, FreeBSD
@ -993,9 +1070,7 @@ int cleanup(bool did_run_loop)
sqlite3_shutdown(); sqlite3_shutdown();
ERR_free_strings(); do_ssl_deinit();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
// Close files after net_delete(), because net_delete() // Close files after net_delete(), because net_delete()
// might write to connection content files. // might write to connection content files.