Skip to content

Commit

Permalink
Move libcrypto resolution from fprintf to logging (#97)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bretambrose
bretambrose authored Jun 15, 2021
1 parent 624fdf0 commit aa89aa4
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 41 deletions.
1 change: 1 addition & 0 deletions include/aws/cal/cal.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ enum aws_cal_log_subject {
AWS_LS_CAL_HASH,
AWS_LS_CAL_HMAC,
AWS_LS_CAL_DER,
AWS_LS_CAL_LIBCRYPTO_RESOLVE,

AWS_LS_CAL_LAST = AWS_LOG_SUBJECT_END_RANGE(AWS_C_CAL_PACKAGE_ID)
};
Expand Down
4 changes: 4 additions & 0 deletions source/cal.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,10 @@ static struct aws_log_subject_info s_cal_log_subject_infos[] = {
DEFINE_LOG_SUBJECT_INFO(AWS_LS_CAL_HASH, "hash", "Subject for hashing specific logging."),
DEFINE_LOG_SUBJECT_INFO(AWS_LS_CAL_HMAC, "hmac", "Subject for hmac specific logging."),
DEFINE_LOG_SUBJECT_INFO(AWS_LS_CAL_DER, "der", "Subject for der specific logging."),
DEFINE_LOG_SUBJECT_INFO(
AWS_LS_CAL_LIBCRYPTO_RESOLVE,
"libcrypto_resolve",
"Subject for libcrypto symbol resolution logging."),
};

static struct aws_log_subject_info_list s_cal_log_subject_list = {
Expand Down
75 changes: 34 additions & 41 deletions source/unix/openssl_platform_init.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,15 @@
* SPDX-License-Identifier: Apache-2.0.
*/

#include <aws/cal/cal.h>
#include <aws/common/allocator.h>
#include <aws/common/logging.h>
#include <aws/common/mutex.h>
#include <aws/common/thread.h>

#include <dlfcn.h>

#include <aws/cal/private/opensslcrypto_common.h>
#define AWS_LIBCRYPTO_LOG_RESOLVE 1
#if defined(AWS_LIBCRYPTO_LOG_RESOLVE)
# define FLOGF(...) \
do { \
fprintf(stderr, "AWS libcrypto resolve: "); \
fprintf(stderr, __VA_ARGS__); \
fprintf(stderr, "\n"); \
} while (0)
#else
# define FLOGF(...)
#endif

static struct openssl_hmac_ctx_table hmac_ctx_table;
static struct openssl_evp_md_ctx_table evp_md_ctx_table;
Expand Down Expand Up @@ -120,7 +111,7 @@ bool s_resolve_hmac_102(void *module) {
/* were symbols bound by static linking? */
bool has_102_symbols = init_fn && clean_up_fn && update_fn && final_fn && init_ex_fn;
if (has_102_symbols) {
FLOGF("found static libcrypto 1.0.2 HMAC symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found static libcrypto 1.0.2 HMAC symbols");
} else {
/* If symbols aren't already found, try to find the requested version */
*(void **)(&init_fn) = dlsym(module, "HMAC_CTX_init");
Expand All @@ -129,7 +120,7 @@ bool s_resolve_hmac_102(void *module) {
*(void **)(&final_fn) = dlsym(module, "HMAC_Final");
*(void **)(&init_ex_fn) = dlsym(module, "HMAC_Init_ex");
if (init_fn) {
FLOGF("found dynamic libcrypto 1.0.2 HMAC symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found dynamic libcrypto 1.0.2 HMAC symbols");
}
}

Expand Down Expand Up @@ -162,7 +153,7 @@ bool s_resolve_hmac_111(void *module) {
bool has_111_symbols = new_fn && free_fn && update_fn && final_fn && init_ex_fn && reset_fn;

if (has_111_symbols) {
FLOGF("found static libcrypto 1.1.1 HMAC symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found static libcrypto 1.1.1 HMAC symbols");
} else {
*(void **)(&new_fn) = dlsym(module, "HMAC_CTX_new");
*(void **)(&reset_fn) = dlsym(module, "HMAC_CTX_reset");
Expand All @@ -171,7 +162,7 @@ bool s_resolve_hmac_111(void *module) {
*(void **)(&final_fn) = dlsym(module, "HMAC_Final");
*(void **)(&init_ex_fn) = dlsym(module, "HMAC_Init_ex");
if (new_fn) {
FLOGF("found dynamic libcrypto 1.1.1 HMAC symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found dynamic libcrypto 1.1.1 HMAC symbols");
}
}

Expand Down Expand Up @@ -209,7 +200,7 @@ bool s_resolve_hmac_lc(void *module) {
/* when built as a shared lib, and multiple versions of libcrypto are possibly
* available (e.g. brazil), select AWS-LC by default for consistency */
if (has_awslc_symbols) {
FLOGF("found static aws-lc HMAC symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found static aws-lc HMAC symbols");
} else {
*(void **)(&new_fn) = dlsym(module, "HMAC_CTX_new");
*(void **)(&reset_fn) = dlsym(module, "HMAC_CTX_reset");
Expand All @@ -218,7 +209,7 @@ bool s_resolve_hmac_lc(void *module) {
*(void **)(&final_fn) = dlsym(module, "HMAC_Final");
*(void **)(&init_ex_fn) = dlsym(module, "HMAC_Init_ex");
if (new_fn) {
FLOGF("found dynamic aws-lc HMAC symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found dynamic aws-lc HMAC symbols");
}
}

Expand Down Expand Up @@ -295,15 +286,15 @@ bool s_resolve_md_102(void *module) {
bool has_102_symbols = md_create_fn && md_destroy_fn && md_init_ex_fn && md_update_fn && md_final_ex_fn;

if (has_102_symbols) {
FLOGF("found static libcrypto 1.0.2 EVP_MD symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found static libcrypto 1.0.2 EVP_MD symbols");
} else {
*(void **)(&md_create_fn) = dlsym(module, "EVP_MD_CTX_create");
*(void **)(&md_destroy_fn) = dlsym(module, "EVP_MD_CTX_destroy");
*(void **)(&md_init_ex_fn) = dlsym(module, "EVP_DigestInit_ex");
*(void **)(&md_update_fn) = dlsym(module, "EVP_DigestUpdate");
*(void **)(&md_final_ex_fn) = dlsym(module, "EVP_DigestFinal_ex");
if (md_create_fn) {
FLOGF("found dynamic libcrypto 1.0.2 EVP_MD symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found dynamic libcrypto 1.0.2 EVP_MD symbols");
}
}

Expand All @@ -330,15 +321,15 @@ bool s_resolve_md_111(void *module) {

bool has_111_symbols = md_new_fn && md_free_fn && md_init_ex_fn && md_update_fn && md_final_ex_fn;
if (has_111_symbols) {
FLOGF("found static libcrypto 1.1.1 EVP_MD symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found static libcrypto 1.1.1 EVP_MD symbols");
} else {
*(void **)(&md_new_fn) = dlsym(module, "EVP_MD_CTX_new");
*(void **)(&md_free_fn) = dlsym(module, "EVP_MD_CTX_free");
*(void **)(&md_init_ex_fn) = dlsym(module, "EVP_DigestInit_ex");
*(void **)(&md_update_fn) = dlsym(module, "EVP_DigestUpdate");
*(void **)(&md_final_ex_fn) = dlsym(module, "EVP_DigestFinal_ex");
if (md_new_fn) {
FLOGF("found dynamic libcrypto 1.1.1 EVP_MD symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found dynamic libcrypto 1.1.1 EVP_MD symbols");
}
}

Expand Down Expand Up @@ -369,15 +360,15 @@ bool s_resolve_md_lc(void *module) {
md_new_fn && md_create_fn && md_free_fn && md_destroy_fn && md_init_ex_fn && md_update_fn && md_final_ex_fn;

if (has_awslc_symbols) {
FLOGF("found static aws-lc libcrypto 1.1.1 EVP_MD symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found static aws-lc libcrypto 1.1.1 EVP_MD symbols");
} else {
*(void **)(&md_new_fn) = dlsym(module, "EVP_MD_CTX_new");
*(void **)(&md_free_fn) = dlsym(module, "EVP_MD_CTX_free");
*(void **)(&md_init_ex_fn) = dlsym(module, "EVP_DigestInit_ex");
*(void **)(&md_update_fn) = dlsym(module, "EVP_DigestUpdate");
*(void **)(&md_final_ex_fn) = dlsym(module, "EVP_DigestFinal_ex");
if (md_new_fn) {
FLOGF("found dynamic aws-lc libcrypto 1.1.1 EVP_MD symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "found dynamic aws-lc libcrypto 1.1.1 EVP_MD symbols");
}
}

Expand Down Expand Up @@ -426,59 +417,59 @@ static enum aws_libcrypto_version s_resolve_libcrypto_lib(void) {
const char *libcrypto_102 = "libcrypto.so.1.0.0";
const char *libcrypto_111 = "libcrypto.so.1.1";

FLOGF("loading libcrypto 1.0.2");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "loading libcrypto 1.0.2");
void *module = dlopen(libcrypto_102, RTLD_NOW);
if (module) {
FLOGF("resolving against libcrypto 1.0.2");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "resolving against libcrypto 1.0.2");
enum aws_libcrypto_version result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_0_2, module);
if (result == AWS_LIBCRYPTO_1_0_2) {
return result;
}
dlclose(module);
} else {
FLOGF("libcrypto 1.0.2 not found");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto 1.0.2 not found");
}

FLOGF("loading libcrypto 1.1.1");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "loading libcrypto 1.1.1");
module = dlopen(libcrypto_111, RTLD_NOW);
if (module) {
FLOGF("resolving against libcrypto 1.1.1");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "resolving against libcrypto 1.1.1");
enum aws_libcrypto_version result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_1_1, module);
if (result == AWS_LIBCRYPTO_1_1_1) {
return result;
}
dlclose(module);
} else {
FLOGF("libcrypto 1.1.1 not found");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto 1.1.1 not found");
}

FLOGF("loading libcrypto.so");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "loading libcrypto.so");
module = dlopen("libcrypto.so", RTLD_NOW);
if (module) {
unsigned long (*openssl_version_num)(void) = NULL;
*(void **)(&openssl_version_num) = dlsym(module, "OpenSSL_version_num");
if (openssl_version_num) {
unsigned long version = openssl_version_num();
FLOGF("libcrypto.so reported version is 0x%lx", version);
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto.so reported version is 0x%lx", version);
enum aws_libcrypto_version result = AWS_LIBCRYPTO_NONE;
if (version >= 0x10101000L) {
FLOGF("probing libcrypto.so for 1.1.1 symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "probing libcrypto.so for 1.1.1 symbols");
result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_1_1, module);
} else if (version >= 0x10002000L) {
FLOGF("probing libcrypto.so for 1.0.2 symbols");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "probing libcrypto.so for 1.0.2 symbols");
result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_0_2, module);
} else {
FLOGF("libcrypto.so reported version is unsupported");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto.so reported version is unsupported");
}
if (result != AWS_LIBCRYPTO_NONE) {
return result;
}
} else {
FLOGF("Unable to determine version of libcrypto.so");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "Unable to determine version of libcrypto.so");
}
dlclose(module);
} else {
FLOGF("libcrypto.so not found");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto.so not found");
}

return AWS_LIBCRYPTO_NONE;
Expand All @@ -492,23 +483,25 @@ static enum aws_libcrypto_version s_resolve_libcrypto(void) {
}

/* Try to auto-resolve against what's linked in/process space */
FLOGF("searching process and loaded modules");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "searching process and loaded modules");
void *process = dlopen(NULL, RTLD_NOW);
AWS_FATAL_ASSERT(process && "Unable to load symbols from process space");
enum aws_libcrypto_version result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_LC, process);
if (result == AWS_LIBCRYPTO_NONE) {
FLOGF("did not find aws-lc symbols linked");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find aws-lc symbols linked");
result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_0_2, process);
}
if (result == AWS_LIBCRYPTO_NONE) {
FLOGF("did not find libcrypto 1.0.2 symbols linked");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find libcrypto 1.0.2 symbols linked");
result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_1_1, process);
}
dlclose(process);

if (result == AWS_LIBCRYPTO_NONE) {
FLOGF("did not find libcrypto 1.1.1 symbols linked");
FLOGF("libcrypto symbols were not statically linked, searching for shared libraries");
AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find libcrypto 1.1.1 symbols linked");
AWS_LOGF_DEBUG(
AWS_LS_CAL_LIBCRYPTO_RESOLVE,
"libcrypto symbols were not statically linked, searching for shared libraries");
result = s_resolve_libcrypto_lib();
}

Expand Down

0 comments on commit aa89aa4

Please sign in to comment.