diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-07-08 15:17:19 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-07-08 15:17:19 +0000 |
commit | aa0e8f1b3cea3d014c491e9cbf39b4bcd99def1a (patch) | |
tree | 64d823c71b2b948b5a724c62f8c4d49fc1d7640b /main/ssl.c | |
parent | 703f20aebeec4f9f2cace0a06e4e0bad278807a4 (diff) |
Move OpenSSL initialization to a single place, make library usage thread-safe.
While doing some reading about OpenSSL, I noticed a couple of things that
needed to be improved with our usage of OpenSSL.
1) We had initialization of the library done in multiple modules. This has now
been moved to a core function that gets executed during Asterisk startup.
We already link OpenSSL into the core for TCP/TLS functionality, so this
was the most logical place to do it.
2) OpenSSL is not thread-safe by default. However, making it thread safe is
very easy. We just have to provide a couple of callbacks. One callback
returns a thread ID. The other handles locking. For more information,
start with the "Is OpenSSL thread-safe?" question on the FAQ page of
openssl.org.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@205120 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main/ssl.c')
-rw-r--r-- | main/ssl.c | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/main/ssl.c b/main/ssl.c new file mode 100644 index 000000000..4f039c4f1 --- /dev/null +++ b/main/ssl.c @@ -0,0 +1,100 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * Copyright (C) 2009, Digium, Inc. + * + * Russell Bryant <russell@digium.com> + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. + */ + +/*! + * \file + * \brief Common OpenSSL support code + * + * \author Russell Bryant <russell@digium.com> + */ + +#include "asterisk.h" + +ASTERISK_FILE_VERSION(__FILE__, "$Revision$") + +#ifdef HAVE_OPENSSL +#include <openssl/ssl.h> +#include <openssl/err.h> +#endif + +#include "asterisk/_private.h" /* ast_ssl_init() */ + +#include "asterisk/utils.h" +#include "asterisk/lock.h" + +#ifdef HAVE_OPENSSL + +static ast_mutex_t *ssl_locks; + +static int ssl_num_locks; + +static unsigned long ssl_threadid(void) +{ + return pthread_self(); +} + +static void ssl_lock(int mode, int n, const char *file, int line) +{ + if (n < 0 || n >= ssl_num_locks) { + ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - " + "ssl_num_locks '%d' - n '%d'\n", + ssl_num_locks, n); + return; + } + + if (mode & CRYPTO_LOCK) { + ast_mutex_lock(&ssl_locks[n]); + } else { + ast_mutex_unlock(&ssl_locks[n]); + } +} + +#endif /* HAVE_OPENSSL */ + +/*! + * \internal + * \brief Common OpenSSL initialization for all of Asterisk. + */ +int ast_ssl_init(void) +{ +#ifdef HAVE_OPENSSL + unsigned int i; + + SSL_library_init(); + SSL_load_error_strings(); + ERR_load_crypto_strings(); + ERR_load_BIO_strings(); + OpenSSL_add_all_algorithms(); + + /* Make OpenSSL thread-safe. */ + + CRYPTO_set_id_callback(ssl_threadid); + + ssl_num_locks = CRYPTO_num_locks(); + if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) { + return -1; + } + for (i = 0; i < ssl_num_locks; i++) { + ast_mutex_init(&ssl_locks[i]); + } + CRYPTO_set_locking_callback(ssl_lock); + +#endif /* HAVE_OPENSSL */ + return 0; +} + |