[asterisk-commits] russell: trunk r205120 - in /trunk: include/asterisk/ main/ res/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jul 8 10:17:23 CDT 2009 

Author: russell
Date: Wed Jul  8 10:17:19 2009
New Revision: 205120

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=205120
Log:
Move OpenSSL initialization to a single place, make library usage thread-safe.

While doing some reading about OpenSSL, I noticed a couple of things that
needed to be improved with our usage of OpenSSL.

1) We had initialization of the library done in multiple modules.  This has now
   been moved to a core function that gets executed during Asterisk startup.
   We already link OpenSSL into the core for TCP/TLS functionality, so this
   was the most logical place to do it.

2) OpenSSL is not thread-safe by default.  However, making it thread safe is
   very easy.  We just have to provide a couple of callbacks.  One callback
   returns a thread ID.  The other handles locking.  For more information,
   start with the "Is OpenSSL thread-safe?" question on the FAQ page of
   openssl.org.

Added:
    trunk/main/ssl.c   (with props)
Modified:
    trunk/include/asterisk/_private.h
    trunk/main/asterisk.c
    trunk/res/res_crypto.c
    trunk/res/res_jabber.c

Modified: trunk/include/asterisk/_private.h
URL: http://svn.asterisk.org/svn-view/asterisk/trunk/include/asterisk/_private.h?view=diff&rev=205120&r1=205119&r2=205120
==============================================================================
--- trunk/include/asterisk/_private.h (original)
+++ trunk/include/asterisk/_private.h Wed Jul  8 10:17:19 2009
@@ -44,6 +44,7 @@
 void ast_stun_init(void);               /*!< Provided by stun.c */
 int ast_cel_engine_init(void);		/*!< Provided by cel.c */
 int ast_cel_engine_reload(void);	/*!< Provided by cel.c */
+int ast_ssl_init(void);                 /*!< Porvided by ssl.c */
 
 /*!
  * \brief Reload asterisk modules.

Modified: trunk/main/asterisk.c
URL: http://svn.asterisk.org/svn-view/asterisk/trunk/main/asterisk.c?view=diff&rev=205120&r1=205119&r2=205120
==============================================================================
--- trunk/main/asterisk.c (original)
+++ trunk/main/asterisk.c Wed Jul  8 10:17:19 2009
@@ -3571,6 +3571,11 @@
 		exit(1);
 	}
 
+	if (ast_ssl_init()) {
+		printf("%s", term_quit());
+		exit(1);
+	}
+
 #ifdef AST_XML_DOCS
 	/* Load XML documentation. */
 	ast_xmldoc_load_documentation();

Added: trunk/main/ssl.c
URL: http://svn.asterisk.org/svn-view/asterisk/trunk/main/ssl.c?view=auto&rev=205120
==============================================================================
--- trunk/main/ssl.c (added)
+++ trunk/main/ssl.c Wed Jul  8 10:17:19 2009
@@ -1,0 +1,100 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 2009, Digium, Inc.
+ *
+ * Russell Bryant <russell at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*! 
+ * \file
+ * \brief Common OpenSSL support code
+ *
+ * \author Russell Bryant <russell at digium.com>
+ */
+
+#include "asterisk.h"
+
+ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
+
+#ifdef HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#endif
+
+#include "asterisk/_private.h" /* ast_ssl_init() */
+
+#include "asterisk/utils.h"
+#include "asterisk/lock.h"
+
+#ifdef HAVE_OPENSSL
+
+static ast_mutex_t *ssl_locks;
+
+static int ssl_num_locks;
+
+static unsigned long ssl_threadid(void)
+{
+        return pthread_self();
+}
+
+static void ssl_lock(int mode, int n, const char *file, int line)
+{
+        if (n < 0 || n >= ssl_num_locks) {
+                ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - "
+				"ssl_num_locks '%d' - n '%d'\n",
+                                ssl_num_locks, n);
+                return;
+        }
+
+        if (mode & CRYPTO_LOCK) {
+                ast_mutex_lock(&ssl_locks[n]);
+        } else {
+                ast_mutex_unlock(&ssl_locks[n]);
+        }
+}
+
+#endif /* HAVE_OPENSSL */
+
+/*!
+ * \internal
+ * \brief Common OpenSSL initialization for all of Asterisk.
+ */
+int ast_ssl_init(void)
+{
+#ifdef HAVE_OPENSSL
+        unsigned int i;
+
+        SSL_library_init();
+        SSL_load_error_strings();
+        ERR_load_crypto_strings();
+        ERR_load_BIO_strings();
+        OpenSSL_add_all_algorithms();
+
+        /* Make OpenSSL thread-safe. */
+
+        CRYPTO_set_id_callback(ssl_threadid);
+
+        ssl_num_locks = CRYPTO_num_locks();
+        if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
+                return -1;
+        }
+        for (i = 0; i < ssl_num_locks; i++) {
+                ast_mutex_init(&ssl_locks[i]);
+        }
+        CRYPTO_set_locking_callback(ssl_lock);
+
+#endif /* HAVE_OPENSSL */
+        return 0;
+}
+

Propchange: trunk/main/ssl.c
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: trunk/main/ssl.c
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: trunk/main/ssl.c
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: trunk/res/res_crypto.c
URL: http://svn.asterisk.org/svn-view/asterisk/trunk/res/res_crypto.c?view=diff&rev=205120&r1=205119&r2=205120
==============================================================================
--- trunk/res/res_crypto.c (original)
+++ trunk/res/res_crypto.c Wed Jul  8 10:17:19 2009
@@ -585,8 +585,6 @@
 /*! \brief initialise the res_crypto module */
 static int crypto_init(void)
 {
-	SSL_library_init();
-	ERR_load_crypto_strings();
 	ast_cli_register_multiple(cli_crypto, ARRAY_LEN(cli_crypto));
 
 	/* Install ourselves into stubs */

Modified: trunk/res/res_jabber.c
URL: http://svn.asterisk.org/svn-view/asterisk/trunk/res/res_jabber.c?view=diff&rev=205120&r1=205119&r2=205120
==============================================================================
--- trunk/res/res_jabber.c (original)
+++ trunk/res/res_jabber.c Wed Jul  8 10:17:19 2009
@@ -639,10 +639,6 @@
 	
 	ast_debug(1, "Starting TLS handshake\n"); 
 
-	/* Load encryption, hashing algorithms and error strings */
-	SSL_library_init();
-	SSL_load_error_strings();
-
 	/* Choose an SSL/TLS protocol version, create SSL_CTX */
 	client->ssl_method = SSLv3_method();
 	client->ssl_context = SSL_CTX_new(client->ssl_method);

More information about the asterisk-commits mailing list