crypto/openssl_util.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/openssl_util.h"
   6
   7 #include <openssl/err.h>
   8 #include <openssl/ssl.h>
   9 #include <openssl/cpu.h>
  10
  11 #include "base/logging.h"
  12 #include "base/memory/scoped_vector.h"
  13 #include "base/memory/singleton.h"
  14 #include "base/strings/string_piece.h"
  15 #include "base/synchronization/lock.h"
  16 #include "build/build_config.h"
  17
  18 #if defined(OS_ANDROID) && defined(ARCH_CPU_ARMEL)
  19 #include <cpu-features.h>
  20 #include "base/cpu.h"
  21 #endif
  22
  23 namespace crypto {
  24
  25 namespace {
  26
  27 void CurrentThreadId(CRYPTO_THREADID* id) {
  28   CRYPTO_THREADID_set_numeric(
  29       id, static_cast<unsigned long>(base::PlatformThread::CurrentId()));
  30 }
  31
  32 // Singleton for initializing and cleaning up the OpenSSL library.
  33 class OpenSSLInitSingleton {
  34  public:
  35   static OpenSSLInitSingleton* GetInstance() {
  36     // We allow the SSL environment to leak for multiple reasons:
  37     //   -  it is used from a non-joinable worker thread that is not stopped on
  38     //      shutdown, hence may still be using OpenSSL library after the AtExit
  39     //      runner has completed.
  40     //   -  There are other OpenSSL related singletons (e.g. the client socket
  41     //      context) who's cleanup depends on the global environment here, but
  42     //      we can't control the order the AtExit handlers will run in so
  43     //      allowing the global environment to leak at least ensures it is
  44     //      available for those other singletons to reliably cleanup.
  45     return Singleton<OpenSSLInitSingleton,
  46                LeakySingletonTraits<OpenSSLInitSingleton> >::get();
  47   }
  48  private:
  49   friend struct DefaultSingletonTraits<OpenSSLInitSingleton>;
  50   OpenSSLInitSingleton() {
  51 #if defined(OS_ANDROID) && defined(ARCH_CPU_ARMEL)
  52     const bool has_neon =
  53         (android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_NEON) != 0;
  54     // CRYPTO_set_NEON_capable is called before |SSL_library_init| because this
  55     // stops BoringSSL from probing for NEON support via SIGILL in the case
  56     // that getauxval isn't present.
  57     CRYPTO_set_NEON_capable(has_neon);
  58     // See https://code.google.com/p/chromium/issues/detail?id=341598
  59     base::CPU cpu;
  60     CRYPTO_set_NEON_functional(!cpu.has_broken_neon());
  61 #endif
  62
  63     SSL_load_error_strings();
  64     SSL_library_init();
  65     int num_locks = CRYPTO_num_locks();
  66     locks_.reserve(num_locks);
  67     for (int i = 0; i < num_locks; ++i)
  68       locks_.push_back(new base::Lock());
  69     CRYPTO_set_locking_callback(LockingCallback);
  70     CRYPTO_THREADID_set_callback(CurrentThreadId);
  71   }
  72
  73   ~OpenSSLInitSingleton() {
  74     CRYPTO_set_locking_callback(NULL);
  75     EVP_cleanup();
  76     ERR_free_strings();
  77   }
  78
  79   static void LockingCallback(int mode, int n, const char* file, int line) {
  80     OpenSSLInitSingleton::GetInstance()->OnLockingCallback(mode, n, file, line);
  81   }
  82
  83   void OnLockingCallback(int mode, int n, const char* file, int line) {
  84     CHECK_LT(static_cast<size_t>(n), locks_.size());
  85     if (mode & CRYPTO_LOCK)
  86       locks_[n]->Acquire();
  87     else
  88       locks_[n]->Release();
  89   }
  90
  91   // These locks are used and managed by OpenSSL via LockingCallback().
  92   ScopedVector<base::Lock> locks_;
  93
  94   DISALLOW_COPY_AND_ASSIGN(OpenSSLInitSingleton);
  95 };
  96
  97 // Callback routine for OpenSSL to print error messages. |str| is a
  98 // NULL-terminated string of length |len| containing diagnostic information
  99 // such as the library, function and reason for the error, the file and line
 100 // where the error originated, plus potentially any context-specific
 101 // information about the error. |context| contains a pointer to user-supplied
 102 // data, which is currently unused.
 103 // If this callback returns a value <= 0, OpenSSL will stop processing the
 104 // error queue and return, otherwise it will continue calling this function
 105 // until all errors have been removed from the queue.
 106 int OpenSSLErrorCallback(const char* str, size_t len, void* context) {
 107   DVLOG(1) << "\t" << base::StringPiece(str, len);
 108   return 1;
 109 }
 110
 111 }  // namespace
 112
 113 void EnsureOpenSSLInit() {
 114   (void)OpenSSLInitSingleton::GetInstance();
 115 }
 116
 117 void ClearOpenSSLERRStack(const tracked_objects::Location& location) {
 118   if (logging::DEBUG_MODE && VLOG_IS_ON(1)) {
 119     uint32_t error_num = ERR_peek_error();
 120     if (error_num == 0)
 121       return;
 122
 123     std::string message;
 124     location.Write(true, true, &message);
 125     DVLOG(1) << "OpenSSL ERR_get_error stack from " << message;
 126     ERR_print_errors_cb(&OpenSSLErrorCallback, NULL);
 127   } else {
 128     ERR_clear_error();
 129   }
 130 }
 131
 132 }  // namespace crypto