diff options
| author | Nick Mathewson <nickm@torproject.org> | 2019-11-06 11:12:09 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2019-11-07 07:28:43 -0500 |
| commit | 32a2f96f82eaadafd4faf2c6184093e441661a4e (patch) | |
| tree | eb4bfdc80c1d44703bd484925b63ebf988d174fd /src/lib/crypt_ops/crypto_openssl_mgt.c | |
| parent | 27a4438805dcac7fa46a2c47f0b247c7f8d3668e (diff) | |
| download | tor-32a2f96f82eaadafd4faf2c6184093e441661a4e.tar.gz tor-32a2f96f82eaadafd4faf2c6184093e441661a4e.zip | |
Add the ability to fail when a hardware accelerator is missing.
Closes ticket 32406.
Diffstat (limited to 'src/lib/crypt_ops/crypto_openssl_mgt.c')
| -rw-r--r-- | src/lib/crypt_ops/crypto_openssl_mgt.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c index 2fbebd87e0..d7a3e0692b 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.c +++ b/src/lib/crypt_ops/crypto_openssl_mgt.c @@ -275,8 +275,14 @@ log_engine(const char *fn, ENGINE *e) } #endif /* !defined(DISABLE_ENGINES) */ -/** Initialize engines for openssl (if enabled). */ -static void +/** Initialize engines for openssl (if enabled). Load all the built-in + * engines, along with the one called <b>accelName</b> (which may be NULL). + * If <b>accelName is prefixed with "!", then it is required: return -1 + * if it can't be loaded. Otherwise return 0. + * + * If <b>accelDir</b> is not NULL, it is the path from which the engine should + * be loaded. */ +static int crypto_openssl_init_engines(const char *accelName, const char *accelDir) { @@ -284,6 +290,7 @@ crypto_openssl_init_engines(const char *accelName, (void)accelName; (void)accelDir; log_warn(LD_CRYPTO, "No OpenSSL hardware acceleration support enabled."); + return 0; #else ENGINE *e = NULL; @@ -292,6 +299,9 @@ crypto_openssl_init_engines(const char *accelName, ENGINE_register_all_complete(); if (accelName) { + const bool required = accelName[0] == '!'; + if (required) + ++accelName; if (accelDir) { log_info(LD_CRYPTO, "Trying to load dynamic OpenSSL engine \"%s\"" " via path \"%s\".", accelName, accelDir); @@ -304,6 +314,8 @@ crypto_openssl_init_engines(const char *accelName, if (!e) { log_warn(LD_CRYPTO, "Unable to load dynamic OpenSSL engine \"%s\".", accelName); + if (required) + return -1; } else { log_info(LD_CRYPTO, "Loaded dynamic OpenSSL engine \"%s\".", accelName); @@ -340,6 +352,7 @@ crypto_openssl_init_engines(const char *accelName, #ifdef NID_aes_256_gcm log_engine("AES-256-GCM", ENGINE_get_cipher_engine(NID_aes_256_gcm)); #endif + return 0; #endif /* defined(DISABLE_ENGINES) */ } @@ -350,7 +363,8 @@ crypto_openssl_late_init(int useAccel, const char *accelName, const char *accelDir) { if (useAccel > 0) { - crypto_openssl_init_engines(accelName, accelDir); + if (crypto_openssl_init_engines(accelName, accelDir) < 0) + return -1; } else { log_info(LD_CRYPTO, "NOT using OpenSSL engine support."); } |