1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2010-2011 Dreamhost
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
15 #include "common/ceph_context.h"
16 #include "common/config.h"
17 #include "ceph_crypto.h"
21 // for SECMOD_RestartModules()
28 #include <openssl/evp.h>
29 #endif /*USE_OPENSSL*/
33 static pthread_mutex_t crypto_init_mutex
= PTHREAD_MUTEX_INITIALIZER
;
34 static uint32_t crypto_refs
= 0;
35 static NSSInitContext
*crypto_context
= NULL
;
36 static pid_t crypto_init_pid
= 0;
38 void ceph::crypto::init(CephContext
*cct
)
41 pthread_mutex_lock(&crypto_init_mutex
);
42 if (crypto_init_pid
!= pid
) {
43 if (crypto_init_pid
> 0) {
44 SECMOD_RestartModules(PR_FALSE
);
46 crypto_init_pid
= pid
;
49 if (++crypto_refs
== 1) {
50 NSSInitParameters init_params
;
51 memset(&init_params
, 0, sizeof(init_params
));
52 init_params
.length
= sizeof(init_params
);
54 uint32_t flags
= (NSS_INIT_READONLY
| NSS_INIT_PK11RELOAD
);
55 if (cct
->_conf
->nss_db_path
.empty()) {
56 flags
|= (NSS_INIT_NOCERTDB
| NSS_INIT_NOMODDB
);
58 crypto_context
= NSS_InitContext(cct
->_conf
->nss_db_path
.c_str(), "", "",
59 SECMOD_DB
, &init_params
, flags
);
61 pthread_mutex_unlock(&crypto_init_mutex
);
62 ceph_assert_always(crypto_context
!= NULL
);
65 void ceph::crypto::shutdown(bool shared
)
67 pthread_mutex_lock(&crypto_init_mutex
);
68 ceph_assert_always(crypto_refs
> 0);
69 if (--crypto_refs
== 0) {
70 NSS_ShutdownContext(crypto_context
);
74 crypto_context
= NULL
;
77 pthread_mutex_unlock(&crypto_init_mutex
);
80 ceph::crypto::nss::HMAC::~HMAC()
82 PK11_DestroyContext(ctx
, PR_TRUE
);
83 PK11_FreeSymKey(symkey
);
88 # error "No supported crypto implementation found."
93 ceph::crypto::ssl::OpenSSLDigest::OpenSSLDigest(const EVP_MD
* _type
)
94 : mpContext(EVP_MD_CTX_create())
99 ceph::crypto::ssl::OpenSSLDigest::~OpenSSLDigest() {
100 EVP_MD_CTX_destroy(mpContext
);
103 void ceph::crypto::ssl::OpenSSLDigest::Restart() {
104 EVP_DigestInit_ex(mpContext
, mpType
, NULL
);
107 void ceph::crypto::ssl::OpenSSLDigest::Update(const unsigned char *input
, size_t length
) {
109 EVP_DigestUpdate(mpContext
, const_cast<void *>(reinterpret_cast<const void *>(input
)), length
);
113 void ceph::crypto::ssl::OpenSSLDigest::Final(unsigned char *digest
) {
115 EVP_DigestFinal_ex(mpContext
, digest
, &s
);
117 #endif /*USE_OPENSSL*/