From 2d342c281473cc9f03b76dfe234f60fc60377c4a Mon Sep 17 00:00:00 2001 From: Cedric BAIL Date: Tue, 17 Mar 2015 08:49:58 +0100 Subject: [PATCH] emile: move GNUTLS and OpenSSL initialization logic from Eet to Emile. --- src/lib/eet/eet_lib.c | 82 +++++--------------------------------- src/lib/emile/emile_main.c | 75 +++++++++++++++++++++++++++++++++- 2 files changed, 84 insertions(+), 73 deletions(-) diff --git a/src/lib/eet/eet_lib.c b/src/lib/eet/eet_lib.c index dcf11e936d..0d5eb58c5c 100644 --- a/src/lib/eet/eet_lib.c +++ b/src/lib/eet/eet_lib.c @@ -26,20 +26,7 @@ #endif /* ifdef HAVE_EVIL */ #include - -#ifdef HAVE_GNUTLS -# include -# include -#endif /* ifdef HAVE_GNUTLS */ - -#ifdef HAVE_OPENSSL -# include -# include -#endif /* ifdef HAVE_OPENSSL */ - -#ifdef HAVE_GNUTLS -GCRY_THREAD_OPTION_PTHREAD_IMPL; -#endif /* ifdef HAVE_GNUTLS */ +#include #include "Eet.h" #include "Eet_private.h" @@ -562,49 +549,20 @@ eet_init(void) goto shutdown_mempool; } -#ifdef HAVE_GNUTLS - /* Before the library can be used, it must initialize itself if needed. */ - if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) + if (!emile_init()) { - gcry_check_version(NULL); - /* Disable warning messages about problems with the secure memory subsystem. - This command should be run right after gcry_check_version. */ - if (gcry_control(GCRYCTL_DISABLE_SECMEM_WARN)) - goto shutdown_eet; /* This command is used to allocate a pool of secure memory and thus - enabling the use of secure memory. It also drops all extra privileges the - process has (i.e. if it is run as setuid (root)). If the argument nbytes - is 0, secure memory will be disabled. The minimum amount of secure memory - allocated is currently 16384 bytes; you may thus use a value of 1 to - request that default size. */ - - if (gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0)) - WRN( - "BIG FAT WARNING: I AM UNABLE TO REQUEST SECMEM, Cryptographic operation are at risk !"); + EINA_LOG_ERR("Emile: failed to initialize"); + goto shutdown_emile; } - if (gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread)) - WRN( - "YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!"); - - if (gnutls_global_init()) - goto shutdown_eet; - -#endif /* ifdef HAVE_GNUTLS */ -#ifdef HAVE_OPENSSL - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); -#endif /* ifdef HAVE_OPENSSL */ - eina_log_timing(_eet_log_dom_global, - EINA_LOG_STATE_STOP, - EINA_LOG_STATE_INIT); + EINA_LOG_STATE_STOP, + EINA_LOG_STATE_INIT); return eet_init_count; -#ifdef HAVE_GNUTLS -shutdown_eet: +shutdown_emile: eet_node_shutdown(); -#endif shutdown_mempool: eet_mempool_shutdown(); unregister_log_domain: @@ -627,8 +585,8 @@ eet_shutdown(void) return eet_init_count; eina_log_timing(_eet_log_dom_global, - EINA_LOG_STATE_START, - EINA_LOG_STATE_SHUTDOWN); + EINA_LOG_STATE_START, + EINA_LOG_STATE_SHUTDOWN); eet_clearcache(); @@ -663,26 +621,8 @@ eet_shutdown(void) eina_lock_free(&eet_cache_lock); -#ifdef HAVE_GNUTLS - /* Note that gnutls has a leak where it doesnt free stuff it alloced - * on init. valgrind trace here: - * 21 bytes in 1 blocks are definitely lost in loss record 24 of 194 - * at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - * by 0x68AC801: strdup (strdup.c:43) - * by 0xD215B6A: p11_kit_registered_module_to_name (in /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.0.0) - * by 0x9571574: gnutls_pkcs11_init (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.21.8) - * by 0x955B031: gnutls_global_init (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.21.8) - * by 0x6DFD6D0: eet_init (eet_lib.c:608) - * - * yes - i've tried calling gnutls_pkcs11_deinit() by hand but no luck. - * the leak is in there. - */ - gnutls_global_deinit(); -#endif /* ifdef HAVE_GNUTLS */ -#ifdef HAVE_OPENSSL - EVP_cleanup(); - ERR_free_strings(); -#endif /* ifdef HAVE_OPENSSL */ + emile_shutdown(); + eina_log_domain_unregister(_eet_log_dom_global); _eet_log_dom_global = -1; eina_shutdown(); diff --git a/src/lib/emile/emile_main.c b/src/lib/emile/emile_main.c index 389f66022b..5aa80acd66 100644 --- a/src/lib/emile/emile_main.c +++ b/src/lib/emile/emile_main.c @@ -1,6 +1,27 @@ +#ifdef HAVE_CONFIG_H +# include +#endif /* ifdef HAVE_CONFIG_H */ + +#ifdef HAVE_GNUTLS +# include +# include +# include +#endif /* ifdef HAVE_GNUTLS */ + +#ifdef HAVE_OPENSSL +# include +# include +# include +#endif /* ifdef HAVE_OPENSSL */ + #include #include "Emile.h" +#include "emile_private.h" + +#ifdef HAVE_GNUTLS +GCRY_THREAD_OPTION_PTHREAD_IMPL; +#endif /* ifdef HAVE_GNUTLS */ static unsigned int _emile_init_count = 0; int _emile_log_dom_global = -1; @@ -21,7 +42,38 @@ emile_init(void) goto shutdown_eina; } - // FIXME: Init the rest here. +#ifdef HAVE_GNUTLS + /* Before the library can be used, it must initialize itself if needed. */ + if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) + { + gcry_check_version(NULL); + /* Disable warning messages about problems with the secure memory subsystem. + This command should be run right after gcry_check_version. */ + if (gcry_control(GCRYCTL_DISABLE_SECMEM_WARN)) + goto shutdown_eet; /* This command is used to allocate a pool of secure memory and thus + enabling the use of secure memory. It also drops all extra privileges the + process has (i.e. if it is run as setuid (root)). If the argument nbytes + is 0, secure memory will be disabled. The minimum amount of secure memory + allocated is currently 16384 bytes; you may thus use a value of 1 to + request that default size. */ + + if (gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0)) + WRN( + "BIG FAT WARNING: I AM UNABLE TO REQUEST SECMEM, Cryptographic operation are at risk !"); + } + + if (gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread)) + WRN( + "YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!"); + + if (gnutls_global_init()) + goto shutdown_eet; + +#endif /* ifdef HAVE_GNUTLS */ +#ifdef HAVE_OPENSSL + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); +#endif /* ifdef HAVE_OPENSSL */ eina_log_timing(_emile_log_dom_global, EINA_LOG_STATE_STOP, @@ -45,7 +97,26 @@ emile_shutdown(void) EINA_LOG_STATE_START, EINA_LOG_STATE_SHUTDOWN); - // FIXME: Shutdown the rest here. +#ifdef HAVE_GNUTLS + /* Note that gnutls has a leak where it doesnt free stuff it alloced + * on init. valgrind trace here: + * 21 bytes in 1 blocks are definitely lost in loss record 24 of 194 + * at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + * by 0x68AC801: strdup (strdup.c:43) + * by 0xD215B6A: p11_kit_registered_module_to_name (in /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.0.0) + * by 0x9571574: gnutls_pkcs11_init (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.21.8) + * by 0x955B031: gnutls_global_init (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.21.8) + * by 0x6DFD6D0: eet_init (eet_lib.c:608) + * + * yes - i've tried calling gnutls_pkcs11_deinit() by hand but no luck. + * the leak is in there. + */ + gnutls_global_deinit(); +#endif /* ifdef HAVE_GNUTLS */ +#ifdef HAVE_OPENSSL + EVP_cleanup(); + ERR_free_strings(); +#endif /* ifdef HAVE_OPENSSL */ eina_log_domain_unregister(_emile_log_dom_global); _emile_log_dom_global = -1;