diff options
| -rw-r--r-- | src/common/Cryptography/ARC4.cpp | 17 | ||||
| -rw-r--r-- | src/common/Cryptography/ARC4.h | 5 | ||||
| -rw-r--r-- | src/common/Cryptography/OpenSSLCrypto.cpp | 22 | ||||
| -rw-r--r-- | src/common/Cryptography/OpenSSLCrypto.h | 11 | ||||
| -rw-r--r-- | src/server/bnetserver/Main.cpp | 9 | ||||
| -rw-r--r-- | src/server/worldserver/Main.cpp | 3 |
6 files changed, 34 insertions, 33 deletions
diff --git a/src/common/Cryptography/ARC4.cpp b/src/common/Cryptography/ARC4.cpp index faa2265ef71..8f21cd7c6a0 100644 --- a/src/common/Cryptography/ARC4.cpp +++ b/src/common/Cryptography/ARC4.cpp @@ -18,24 +18,16 @@ #include "ARC4.h" #include "Errors.h" -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -#include <openssl/provider.h> -#endif - Trinity::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new()) { - EVP_CIPHER const* cipher; #if OPENSSL_VERSION_NUMBER >= 0x30000000L - _libCtx = OSSL_LIB_CTX_new(); - _legacyProvider = OSSL_PROVIDER_load(_libCtx, "legacy"); - - cipher = EVP_CIPHER_fetch(_libCtx, "RC4", ""); + _cipher = EVP_CIPHER_fetch(nullptr, "RC4", nullptr); #else - cipher = EVP_rc4(); + _cipher = EVP_rc4(); #endif EVP_CIPHER_CTX_init(_ctx); - int result = EVP_EncryptInit_ex(_ctx, cipher, nullptr, nullptr, nullptr); + int result = EVP_EncryptInit_ex(_ctx, _cipher, nullptr, nullptr, nullptr); ASSERT(result == 1); } @@ -44,8 +36,7 @@ Trinity::Crypto::ARC4::~ARC4() EVP_CIPHER_CTX_free(_ctx); #if OPENSSL_VERSION_NUMBER >= 0x30000000L - OSSL_PROVIDER_unload(_legacyProvider); - OSSL_LIB_CTX_free(_libCtx); + EVP_CIPHER_free(_cipher); #endif } diff --git a/src/common/Cryptography/ARC4.h b/src/common/Cryptography/ARC4.h index b4c461dbd6b..d3a1bf18eea 100644 --- a/src/common/Cryptography/ARC4.h +++ b/src/common/Cryptography/ARC4.h @@ -38,10 +38,7 @@ namespace Trinity::Crypto template <typename Container> void UpdateData(Container& c) { UpdateData(std::data(c), std::size(c)); } private: -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - OSSL_LIB_CTX* _libCtx; - OSSL_PROVIDER* _legacyProvider; -#endif + EVP_CIPHER* _cipher; EVP_CIPHER_CTX* _ctx; }; } diff --git a/src/common/Cryptography/OpenSSLCrypto.cpp b/src/common/Cryptography/OpenSSLCrypto.cpp index 3346a1c2098..a515dca1c3d 100644 --- a/src/common/Cryptography/OpenSSLCrypto.cpp +++ b/src/common/Cryptography/OpenSSLCrypto.cpp @@ -39,13 +39,19 @@ static void threadIdCallback(CRYPTO_THREADID * id) (void)id; CRYPTO_THREADID_set_numeric(id, std::hash<std::thread::id>()(std::this_thread::get_id())); } +#elif OPENSSL_VERSION_NUMBER >= 0x30000000L +#include <openssl/provider.h> +OSSL_PROVIDER* LegacyProvider; +OSSL_PROVIDER* DefaultProvider; +#endif -void OpenSSLCrypto::threadsSetup() +void OpenSSLCrypto::threadsSetup([[maybe_unused]] boost::filesystem::path const& providerModulePath) { #ifdef VALGRIND ValgrindRandomSetup(); #endif +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL cryptoLocks.resize(CRYPTO_num_locks()); for(int i = 0 ; i < CRYPTO_num_locks(); ++i) { @@ -57,10 +63,18 @@ void OpenSSLCrypto::threadsSetup() (void)&lockingCallback; CRYPTO_set_locking_callback(lockingCallback); +#elif OPENSSL_VERSION_NUMBER >= 0x30000000L +#if TRINITY_PLATFORM == TRINITY_PLATFORM_WINDOWS + OSSL_PROVIDER_set_default_search_path(nullptr, providerModulePath.string().c_str()); +#endif + LegacyProvider = OSSL_PROVIDER_load(nullptr, "legacy"); + DefaultProvider = OSSL_PROVIDER_load(nullptr, "default"); +#endif } void OpenSSLCrypto::threadsCleanup() { +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL CRYPTO_set_locking_callback(nullptr); CRYPTO_THREADID_set_callback(nullptr); for(int i = 0 ; i < CRYPTO_num_locks(); ++i) @@ -68,8 +82,12 @@ void OpenSSLCrypto::threadsCleanup() delete cryptoLocks[i]; } cryptoLocks.resize(0); -} +#elif OPENSSL_VERSION_NUMBER >= 0x30000000L + OSSL_PROVIDER_unload(LegacyProvider); + OSSL_PROVIDER_unload(DefaultProvider); + OSSL_PROVIDER_set_default_search_path(nullptr, nullptr); #endif +} #ifdef VALGRIND #include <openssl/rand.h> diff --git a/src/common/Cryptography/OpenSSLCrypto.h b/src/common/Cryptography/OpenSSLCrypto.h index 7b646659c05..1e6ca9562dd 100644 --- a/src/common/Cryptography/OpenSSLCrypto.h +++ b/src/common/Cryptography/OpenSSLCrypto.h @@ -19,7 +19,7 @@ #define TRINITY_OPENSSL_CRYPTO_H #include "Define.h" -#include <openssl/opensslv.h> +#include <boost/filesystem/path.hpp> /** * A group of functions which setup openssl crypto module to work properly in multithreaded enviroment @@ -27,17 +27,10 @@ */ namespace OpenSSLCrypto { - -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL /// Needs to be called before threads using openssl are spawned - TC_COMMON_API void threadsSetup(); + TC_COMMON_API void threadsSetup(boost::filesystem::path const& providerModulePath); /// Needs to be called after threads using openssl are despawned TC_COMMON_API void threadsCleanup(); -#else - void threadsSetup() { }; - void threadsCleanup() { }; -#endif - } #endif diff --git a/src/server/bnetserver/Main.cpp b/src/server/bnetserver/Main.cpp index 7de39a4e01c..c8c414aeacd 100644 --- a/src/server/bnetserver/Main.cpp +++ b/src/server/bnetserver/Main.cpp @@ -34,6 +34,7 @@ #include "IPLocation.h" #include "LoginRESTService.h" #include "MySQLThreading.h" +#include "OpenSSLCrypto.h" #include "ProcessPriority.h" #include "RealmList.h" #include "SecretMgr.h" @@ -41,6 +42,7 @@ #include "SslContext.h" #include "Util.h" #include <boost/asio/signal_set.hpp> +#include <boost/dll/runtime_symbol_info.hpp> #include <boost/program_options.hpp> #include <boost/filesystem/operations.hpp> #include <google/protobuf/stubs/common.h> @@ -134,10 +136,9 @@ int main(int argc, char** argv) for (std::string const& key : overriddenKeys) TC_LOG_INFO("server.authserver", "Configuration field '%s' was overridden with environment variable.", key.c_str()); - // Seed the OpenSSL's PRNG here. - // That way it won't auto-seed when calling BigNumber::SetRand and slow down the first world login - BigNumber seed; - seed.SetRand(16 * 8); + OpenSSLCrypto::threadsSetup(boost::dll::program_location().remove_filename()); + + std::shared_ptr<void> opensslHandle(nullptr, [](void*) { OpenSSLCrypto::threadsCleanup(); }); // bnetserver PID file creation std::string pidFile = sConfigMgr->GetStringDefault("PidFile", ""); diff --git a/src/server/worldserver/Main.cpp b/src/server/worldserver/Main.cpp index c78b42f152d..22555f13eec 100644 --- a/src/server/worldserver/Main.cpp +++ b/src/server/worldserver/Main.cpp @@ -56,6 +56,7 @@ #include <openssl/opensslv.h> #include <openssl/crypto.h> #include <boost/asio/signal_set.hpp> +#include <boost/dll/runtime_symbol_info.hpp> #include <boost/filesystem/operations.hpp> #include <boost/program_options.hpp> #include <google/protobuf/stubs/common.h> @@ -216,7 +217,7 @@ extern int main(int argc, char** argv) for (std::string const& key : overriddenKeys) TC_LOG_INFO("server.worldserver", "Configuration field '%s' was overridden with environment variable.", key.c_str()); - OpenSSLCrypto::threadsSetup(); + OpenSSLCrypto::threadsSetup(boost::dll::program_location().remove_filename()); std::shared_ptr<void> opensslHandle(nullptr, [](void*) { OpenSSLCrypto::threadsCleanup(); }); |