Merged revisions 205120 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk ........ r205120 | russell | 2009-07-08 10:17:19 -0500 (Wed, 08 Jul 2009) | 16 lines Move OpenSSL initialization to a single place, make library usage thread-safe. While doing some reading about OpenSSL, I noticed a couple of things that needed to be improved with our usage of OpenSSL. 1) We had initialization of the library done in multiple modules. This has now been moved to a core function that gets executed during Asterisk startup. We already link OpenSSL into the core for TCP/TLS functionality, so this was the most logical place to do it. 2) OpenSSL is not thread-safe by default. However, making it thread safe is very easy. We just have to provide a couple of callbacks. One callback returns a thread ID. The other handles locking. For more information, start with the "Is OpenSSL thread-safe?" question on the FAQ page of openssl.org. ........ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.1@205147 f38db490-d61c-443f-a65b-d21fe96a405b
author: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2009-07-08 15:29:10 +0000
committer: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2009-07-08 15:29:10 +0000
commit: fe0a9734a4ad4e8fa17aa357890eb7ff1844f44a (patch)
tree: b6c3f03d0b3bc41a6cf3c372fb93ce59af74eb9c /main
parent: 8eb1e1143a5757b5cb379c6dfa2d99b6efd94b0e (diff)
3 files changed, 106 insertions, 1 deletions
diff --git a/main/Makefile b/main/Makefile
index 485d1b703..bf0cf49bb 100644
--- a/main/Makefile
+++ b/main/Makefile
@@ -28,7 +28,7 @@ OBJS= tcptls.o io.o sched.o logger.o frame.o loader.o config.o channel.o \
 	cryptostub.o sha1.o http.o fixedjitterbuf.o abstract_jb.o \
 	strcompat.o threadstorage.o dial.o event.o adsistub.o audiohook.o \
 	astobj2.o hashtab.o global_datastores.o version.o \
-	features.o taskprocessor.o timing.o datastore.o poll.o
+	features.o taskprocessor.o timing.o datastore.o poll.o ssl.o
 
 # we need to link in the objects statically, not as a library, because
 # otherwise modules will not have them available if none of the static
diff --git a/main/asterisk.c b/main/asterisk.c
index 1ae468cec..057370766 100644
--- a/main/asterisk.c
+++ b/main/asterisk.c
@@ -3414,6 +3414,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (ast_ssl_init()) {
+		printf("%s", term_quit());
+		exit(1);
+	}
+
 	if (load_modules(1)) {		/* Load modules, pre-load only */
 		printf("%s", term_quit());
 		exit(1);
diff --git a/main/ssl.c b/main/ssl.c
new file mode 100644
index 000000000..4f039c4f1
--- /dev/null
+++ b/main/ssl.c
@@ -0,0 +1,100 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 2009, Digium, Inc.
+ *
+ * Russell Bryant <russell@digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*! 
+ * \file
+ * \brief Common OpenSSL support code
+ *
+ * \author Russell Bryant <russell@digium.com>
+ */
+
+#include "asterisk.h"
+
+ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
+
+#ifdef HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#endif
+
+#include "asterisk/_private.h" /* ast_ssl_init() */
+
+#include "asterisk/utils.h"
+#include "asterisk/lock.h"
+
+#ifdef HAVE_OPENSSL
+
+static ast_mutex_t *ssl_locks;
+
+static int ssl_num_locks;
+
+static unsigned long ssl_threadid(void)
+{
+        return pthread_self();
+}
+
+static void ssl_lock(int mode, int n, const char *file, int line)
+{
+        if (n < 0 || n >= ssl_num_locks) {
+                ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - "
+				"ssl_num_locks '%d' - n '%d'\n",
+                                ssl_num_locks, n);
+                return;
+        }
+
+        if (mode & CRYPTO_LOCK) {
+                ast_mutex_lock(&ssl_locks[n]);
+        } else {
+                ast_mutex_unlock(&ssl_locks[n]);
+        }
+}
+
+#endif /* HAVE_OPENSSL */
+
+/*!
+ * \internal
+ * \brief Common OpenSSL initialization for all of Asterisk.
+ */
+int ast_ssl_init(void)
+{
+#ifdef HAVE_OPENSSL
+        unsigned int i;
+
+        SSL_library_init();
+        SSL_load_error_strings();
+        ERR_load_crypto_strings();
+        ERR_load_BIO_strings();
+        OpenSSL_add_all_algorithms();
+
+        /* Make OpenSSL thread-safe. */
+
+        CRYPTO_set_id_callback(ssl_threadid);
+
+        ssl_num_locks = CRYPTO_num_locks();
+        if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
+                return -1;
+        }
+        for (i = 0; i < ssl_num_locks; i++) {
+                ast_mutex_init(&ssl_locks[i]);
+        }
+        CRYPTO_set_locking_callback(ssl_lock);
+
+#endif /* HAVE_OPENSSL */
+        return 0;
+}
+
author	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2009-07-08 15:29:10 +0000
committer	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2009-07-08 15:29:10 +0000
commit	fe0a9734a4ad4e8fa17aa357890eb7ff1844f44a (patch)
tree	b6c3f03d0b3bc41a6cf3c372fb93ce59af74eb9c /main
parent	8eb1e1143a5757b5cb379c6dfa2d99b6efd94b0e (diff)