crypto: Make unloading of crypto safer

Facts:
crypto nif-lib registers callback functions that openssl uses
for memory management and thread synchronization. The callback
functions can only be set once, openssl does not allow changing the
callback functions.

Problem:
If openssl is dynamicly linked to crypto, you might get s scenario
where the crypto lib is unloaded while leaving openssl loaded
with its old pointers to the unloaded crypto code intact.
If crypto is then reloaded (by init:restart() for example), the crypto
nif-lib might get relocated at a different address. crypto calls
openssl which in turn calls the old invalid callback functions...kaboom.

Solution:
Break apart the callback functions into a separate dynamic lib that
crypto loads with dlopen. When crypto is unloaded the callback lib is
left in place to be reused if/when crypto is loaded again.

1 files changed, 87 insertions, 132 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 91ab244620..8bd0690a17 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -53,6 +53,8 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 
+#include "crypto_callback.h"
+
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA224) && defined(NID_sha224)\
          && !defined(OPENSSL_NO_SHA256) /* disabled like this in my sha.h (?) */
 # define HAVE_SHA224
@@ -125,7 +127,6 @@
 
 /* NIF interface declarations */
 static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info);
-static int reload(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info);
 static int upgrade(ErlNifEnv* env, void** priv_data, void** old_priv_data, ERL_NIF_TERM load_info);
 static void unload(ErlNifEnv* env, void* priv_data);
 
@@ -204,17 +205,6 @@ static ERL_NIF_TERM bf_ecb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
 static ERL_NIF_TERM blowfish_ofb64_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 
 
-/* openssl callbacks */
-#ifdef OPENSSL_THREADS
-static void locking_function(int mode, int n, const char *file, int line);
-static unsigned long id_function(void);
-static struct CRYPTO_dynlock_value* dyn_create_function(const char *file,
-							int line);
-static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value* ptr,
-			      const char *file, int line);
-static void dyn_destroy_function(struct CRYPTO_dynlock_value *ptr,
-				 const char *file, int line);
-#endif /* OPENSSL_THREADS */
 
 /* helpers */
 static void init_digest_types(ErlNifEnv* env);
@@ -325,7 +315,7 @@ static ErlNifFunc nif_funcs[] = {
     {"blowfish_ofb64_encrypt", 3, blowfish_ofb64_encrypt}
 };
 
-ERL_NIF_INIT(crypto,nif_funcs,load,reload,upgrade,unload)
+ERL_NIF_INIT(crypto,nif_funcs,load,NULL,upgrade,unload)
 
 
 #define MD5_CTX_LEN     (sizeof(MD5_CTX))
@@ -347,7 +337,6 @@ ERL_NIF_INIT(crypto,nif_funcs,load,reload,upgrade,unload)
 #define HMAC_OPAD       0x5c
 
 
-static ErlNifRWLock** lock_vec = NULL; /* Static locks used by openssl */
 static ERL_NIF_TERM atom_true;
 static ERL_NIF_TERM atom_false;
 static ERL_NIF_TERM atom_sha;
@@ -374,55 +363,97 @@ static ERL_NIF_TERM atom_none;
 static ERL_NIF_TERM atom_notsup;
 static ERL_NIF_TERM atom_digest;
 
-
-static int is_ok_load_info(ErlNifEnv* env, ERL_NIF_TERM load_info)
+static int change_basename(char* buf, int bufsz, const char* newfile)
 {
-    int i;
-    return enif_get_int(env,load_info,&i) && i == 101;
-}
-static void* crypto_alloc(size_t size)
-{   
-    return enif_alloc(size);
+    char* p = strrchr(buf, '/');
+    p = (p == NULL) ? buf : p + 1;
+    
+    if ((p - buf) + strlen(newfile) >= bufsz) {
+	/*fprintf(stderr, "CRYPTO: lib name too long\r\n");*/
+	return 0;
+    }
+    strcpy(p, newfile);
+    return 1;
 }
-static void* crypto_realloc(void* ptr, size_t size)
+
+static void error_handler(void* null, const char* errstr)
 {
-    return enif_realloc(ptr, size);
-}   
-static void crypto_free(void* ptr)
-{   
-    enif_free(ptr); 
+    /*fprintf(stderr, "CRYPTO LOADING ERROR: '%s'\r\n", errstr);*/
 }
 
-static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
+static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
 {
     ErlNifSysInfo sys_info;
-    CRYPTO_set_mem_functions(crypto_alloc, crypto_realloc, crypto_free);
-
-    if (!is_ok_load_info(env, load_info)) {
-	return -1;
+    const char callback_lib[] = "crypto_callback";
+    void* handle;
+    get_crypto_callbacks_t* funcp;
+    struct crypto_callbacks* ccb;
+    int nlocks = 0;
+    int tpl_arity;
+    const ERL_NIF_TERM* tpl_array;
+    int vernum;
+    char lib_buf[1000];
+
+    /* load_info: {201, "/full/path/of/this/library"} */
+    if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array)
+	|| tpl_arity != 2
+	|| !enif_get_int(env, tpl_array[0], &vernum)
+	|| vernum != 201
+	|| enif_get_string(env, tpl_array[1], lib_buf, sizeof(lib_buf), ERL_NIF_LATIN1) <= 0) {
+
+	/*enif_fprintf(stderr, "CRYPTO: Invalid load_info '%T'\n", load_info);*/
+	return 0;
+    }
+    if (library_refc > 0) {
+	return 1;
     }
 
+    if (!change_basename(lib_buf, sizeof(lib_buf), callback_lib)) {
+	return 0;
+    }
+    
+    if (!(handle = enif_dlopen(lib_buf, &error_handler, NULL))) {
+	return 0;
+    }
+    if (!(funcp = (get_crypto_callbacks_t*) enif_dlsym(handle, "get_crypto_callbacks",
+						       &error_handler, NULL))) {
+	return 0;
+    }
+    
 #ifdef OPENSSL_THREADS
     enif_system_info(&sys_info, sizeof(sys_info));
-
     if (sys_info.scheduler_threads > 1) {
-	int i;
-	lock_vec = enif_alloc(CRYPTO_num_locks()*sizeof(*lock_vec));
-	if (lock_vec==NULL) return -1;
-	memset(lock_vec,0,CRYPTO_num_locks()*sizeof(*lock_vec));
-
-	for (i=CRYPTO_num_locks()-1; i>=0; --i) {
-	    lock_vec[i] = enif_rwlock_create("crypto_stat");
-	    if (lock_vec[i]==NULL) return -1;
-	}
-	CRYPTO_set_locking_callback(locking_function);
-	CRYPTO_set_id_callback(id_function);
-	CRYPTO_set_dynlock_create_callback(dyn_create_function);
-	CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
-	CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
+	nlocks = CRYPTO_num_locks(); 
     }
     /* else no need for locks */
+#endif
+    
+    ccb = (*funcp)(nlocks);
+    
+    if (!ccb || ccb->sizeof_me != sizeof(*ccb)) {
+	/*fprintf(stderr, "Invalid 'crypto_callbacks'\r\n");*/
+	return 0;
+    }
+    
+    CRYPTO_set_mem_functions(ccb->crypto_alloc, ccb->crypto_realloc, ccb->crypto_free);
+    
+#ifdef OPENSSL_THREADS
+    if (nlocks > 0) {
+	CRYPTO_set_locking_callback(ccb->locking_function);
+	CRYPTO_set_id_callback(ccb->id_function);
+	CRYPTO_set_dynlock_create_callback(ccb->dyn_create_function);
+	CRYPTO_set_dynlock_lock_callback(ccb->dyn_lock_function);
+	CRYPTO_set_dynlock_destroy_callback(ccb->dyn_destroy_function);
+    }
 #endif /* OPENSSL_THREADS */
+    return 1;
+}
+
+static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
+{
+    if (!init(env, load_info)) {
+	return -1;
+    }
 
     atom_true = enif_make_atom(env,"true");
     atom_false = enif_make_atom(env,"false");
@@ -456,8 +487,12 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
     return 0;
 }
 
-static int reload(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
-{   
+static int upgrade(ErlNifEnv* env, void** priv_data, void** old_priv_data,
+		   ERL_NIF_TERM load_info)
+{
+    if (*old_priv_data != NULL) {
+	return -1; /* Don't know how to do that */
+    }
     if (*priv_data != NULL) {
 	return -1; /* Don't know how to do that */
     }
@@ -466,43 +501,16 @@ static int reload(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
 	   when to (re)set the callbacks for allocation and locking. */
 	return -2;
     }
-    if (!is_ok_load_info(env, load_info)) {
+    if (!init(env, load_info)) {
 	return -1;
     }
-    return 0;    
-}
-
-static int upgrade(ErlNifEnv* env, void** priv_data, void** old_priv_data,
-		   ERL_NIF_TERM load_info)
-{
-    int i;
-    if (*old_priv_data != NULL) {
-	return -1; /* Don't know how to do that */
-    }
-    i = reload(env,priv_data,load_info);
-    if (i != 0) {
-	return i;
-    }
     library_refc++;
     return 0;
 }
 
 static void unload(ErlNifEnv* env, void* priv_data)
 {
-    if (--library_refc <= 0) {
-	CRYPTO_cleanup_all_ex_data();
-
-	if (lock_vec != NULL) {
-	    int i;
-	    for (i=CRYPTO_num_locks()-1; i>=0; --i) {
-		if (lock_vec[i] != NULL) {
-		    enif_rwlock_destroy(lock_vec[i]);
-		}
-	    }
-	    enif_free(lock_vec);
-	}
-    }
-    /*else NIF library still used by other (new) module code */
+    --library_refc;
 }
 
 static ERL_NIF_TERM info_lib(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
@@ -2338,59 +2346,6 @@ static ERL_NIF_TERM blowfish_ofb64_encrypt(ErlNifEnv* env, int argc, const ERL_N
 
 
 
-#ifdef OPENSSL_THREADS /* vvvvvvvvvvvvvvv OPENSSL_THREADS vvvvvvvvvvvvvvvv */
-
-static INLINE void locking(int mode, ErlNifRWLock* lock)
-{
-    switch (mode) {
-    case CRYPTO_LOCK|CRYPTO_READ:
-	enif_rwlock_rlock(lock);
-	break;
-    case CRYPTO_LOCK|CRYPTO_WRITE:
-	enif_rwlock_rwlock(lock);
-	break;
-    case CRYPTO_UNLOCK|CRYPTO_READ:
-	enif_rwlock_runlock(lock);
-	break;
-    case CRYPTO_UNLOCK|CRYPTO_WRITE:
-	enif_rwlock_rwunlock(lock);
-	break;
-    default:
-	ASSERT(!"Invalid lock mode");
-    }
-}
-
-/* Callback from openssl for static locking
- */
-static void locking_function(int mode, int n, const char *file, int line)
-{
-    ASSERT(n>=0 && n<CRYPTO_num_locks());
-
-    locking(mode, lock_vec[n]);
-}
-
-/* Callback from openssl for thread id
- */
-static unsigned long id_function(void)
-{
-    return(unsigned long) enif_thread_self();
-}
-
-/* Callbacks for dynamic locking, not used by current openssl version (0.9.8)
- */
-static struct CRYPTO_dynlock_value* dyn_create_function(const char *file, int line) {
-    return(struct CRYPTO_dynlock_value*) enif_rwlock_create("crypto_dyn");
-}
-static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value* ptr,const char *file, int line)
-{
-    locking(mode, (ErlNifRWLock*)ptr);
-}
-static void dyn_destroy_function(struct CRYPTO_dynlock_value *ptr, const char *file, int line)
-{
-    enif_rwlock_destroy((ErlNifRWLock*)ptr);
-}
-
-#endif /* ^^^^^^^^^^^^^^^^^^^^^^ OPENSSL_THREADS ^^^^^^^^^^^^^^^^^^^^^^ */
 
 /* HMAC */