1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2010-2011 Dreamhost
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
15 #include "include/int_types.h"
16 #include "common/config.h"
17 #include "common/ceph_context.h"
18 #include "ceph_crypto.h"
19 #include "auth/Crypto.h"
26 void ceph::crypto::init(CephContext
*cct
)
30 void ceph::crypto::shutdown(bool)
35 ceph::crypto::HMACSHA1::~HMACSHA1()
39 ceph::crypto::HMACSHA256::~HMACSHA256()
43 #elif defined(USE_NSS)
45 // for SECMOD_RestartModules()
49 static pthread_mutex_t crypto_init_mutex
= PTHREAD_MUTEX_INITIALIZER
;
50 static uint32_t crypto_refs
= 0;
51 static NSSInitContext
*crypto_context
= NULL
;
52 static pid_t crypto_init_pid
= 0;
54 void ceph::crypto::init(CephContext
*cct
)
57 pthread_mutex_lock(&crypto_init_mutex
);
58 if (crypto_init_pid
!= pid
) {
59 if (crypto_init_pid
> 0) {
60 SECMOD_RestartModules(PR_FALSE
);
62 crypto_init_pid
= pid
;
65 if (++crypto_refs
== 1) {
66 NSSInitParameters init_params
;
67 memset(&init_params
, 0, sizeof(init_params
));
68 init_params
.length
= sizeof(init_params
);
70 uint32_t flags
= NSS_INIT_READONLY
;
71 if (cct
->_conf
->nss_db_path
.empty()) {
72 flags
|= (NSS_INIT_NOCERTDB
| NSS_INIT_NOMODDB
);
74 crypto_context
= NSS_InitContext(cct
->_conf
->nss_db_path
.c_str(), "", "",
75 SECMOD_DB
, &init_params
, flags
);
77 pthread_mutex_unlock(&crypto_init_mutex
);
78 assert(crypto_context
!= NULL
);
81 void ceph::crypto::shutdown(bool shared
)
83 pthread_mutex_lock(&crypto_init_mutex
);
84 assert(crypto_refs
> 0);
85 if (--crypto_refs
== 0) {
86 NSS_ShutdownContext(crypto_context
);
90 crypto_context
= NULL
;
93 pthread_mutex_unlock(&crypto_init_mutex
);
96 ceph::crypto::HMAC::~HMAC()
98 PK11_DestroyContext(ctx
, PR_TRUE
);
99 PK11_FreeSymKey(symkey
);
104 # error "No supported crypto implementation found."