kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-08 19:08:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move OpenSSL initialization to a single place, make library usage thread-safe.

Browse Source 
While doing some reading about OpenSSL, I noticed a couple of things that
needed to be improved with our usage of OpenSSL.

1) We had initialization of the library done in multiple modules.  This has now
   been moved to a core function that gets executed during Asterisk startup.
   We already link OpenSSL into the core for TCP/TLS functionality, so this
   was the most logical place to do it.

2) OpenSSL is not thread-safe by default.  However, making it thread safe is
   very easy.  We just have to provide a couple of callbacks.  One callback
   returns a thread ID.  The other handles locking.  For more information,
   start with the "Is OpenSSL thread-safe?" question on the FAQ page of
   openssl.org.


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@205120 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Russell Bryant
2009-07-08 15:17:19 +00:00
parent acc8bbbaf5
commit 0e8c630224
5 changed files with 106 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/asterisk/_private.h
View File

@@ -44,6 +44,7 @@ int ast_indications_reload(void);/*!< Provided by indications.c */
void ast_stun_init(void); /*!< Provided by stun.c */ void ast_stun_init(void); /*!< Provided by stun.c */
int ast_cel_engine_init(void); /*!< Provided by cel.c */ int ast_cel_engine_init(void); /*!< Provided by cel.c */
int ast_cel_engine_reload(void); /*!< Provided by cel.c */ int ast_cel_engine_reload(void); /*!< Provided by cel.c */
int ast_ssl_init(void); /*!< Porvided by ssl.c */
/*! /*!
* \brief Reload asterisk modules. * \brief Reload asterisk modules.

5
main/asterisk.c
View File

@@ -3571,6 +3571,11 @@ int main(int argc, char *argv[])
exit(1); exit(1);
} }
if (ast_ssl_init()) {
printf("%s", term_quit());
exit(1);
}
#ifdef AST_XML_DOCS #ifdef AST_XML_DOCS
/* Load XML documentation. */ /* Load XML documentation. */
ast_xmldoc_load_documentation(); ast_xmldoc_load_documentation();

100
main/ssl.c Normal file
View File

@@ -0,0 +1,100 @@
/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2009, Digium, Inc.
*
* Russell Bryant <russell@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*!
* \file
* \brief Common OpenSSL support code
*
* \author Russell Bryant <russell@digium.com>
*/
#include "asterisk.h"
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#ifdef HAVE_OPENSSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
#include "asterisk/_private.h" /* ast_ssl_init() */
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#ifdef HAVE_OPENSSL
static ast_mutex_t *ssl_locks;
static int ssl_num_locks;
static unsigned long ssl_threadid(void)
{
return pthread_self();
}
static void ssl_lock(int mode, int n, const char *file, int line)
{
if (n < 0 || n >= ssl_num_locks) {
ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - "
"ssl_num_locks '%d' - n '%d'\n",
ssl_num_locks, n);
return;
}
if (mode & CRYPTO_LOCK) {
ast_mutex_lock(&ssl_locks[n]);
} else {
ast_mutex_unlock(&ssl_locks[n]);
}
}
#endif /* HAVE_OPENSSL */
/*!
* \internal
* \brief Common OpenSSL initialization for all of Asterisk.
*/
int ast_ssl_init(void)
{
#ifdef HAVE_OPENSSL
unsigned int i;
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
/* Make OpenSSL thread-safe. */
CRYPTO_set_id_callback(ssl_threadid);
ssl_num_locks = CRYPTO_num_locks();
if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
return -1;
}
for (i = 0; i < ssl_num_locks; i++) {
ast_mutex_init(&ssl_locks[i]);
}
CRYPTO_set_locking_callback(ssl_lock);
#endif /* HAVE_OPENSSL */
return 0;
}

2
res/res_crypto.c
View File

@@ -585,8 +585,6 @@ static struct ast_cli_entry cli_crypto[] = {
/*! \brief initialise the res_crypto module */ /*! \brief initialise the res_crypto module */
static int crypto_init(void) static int crypto_init(void)
{ {
SSL_library_init();
ERR_load_crypto_strings();
ast_cli_register_multiple(cli_crypto, ARRAY_LEN(cli_crypto)); ast_cli_register_multiple(cli_crypto, ARRAY_LEN(cli_crypto));
/* Install ourselves into stubs */ /* Install ourselves into stubs */

4
res/res_jabber.c
View File

@@ -639,10 +639,6 @@ static int aji_tls_handshake(struct aji_client *client)
ast_debug(1, "Starting TLS handshake\n"); ast_debug(1, "Starting TLS handshake\n");
/* Load encryption, hashing algorithms and error strings */
SSL_library_init();
SSL_load_error_strings();
/* Choose an SSL/TLS protocol version, create SSL_CTX */ /* Choose an SSL/TLS protocol version, create SSL_CTX */
client->ssl_method = SSLv3_method(); client->ssl_method = SSLv3_method();
client->ssl_context = SSL_CTX_new(client->ssl_method); client->ssl_context = SSL_CTX_new(client->ssl_method);