Changeset 2028

Timestamp:

11/02/08 15:19:07 (2 months ago)

Author:

virdiq

Message:

Implement OpenSSL static locking callback function, required for correct multithreaded OpenSSL usage. See http://www.openssl.org/docs/crypto/threads.html for more information. Thanks to JGS for reporting this problem and providing sample code.

Files:

• trunk/libwzd-core/wzd_tls.c (modified) (7 diffs)

trunk/libwzd-core/wzd_tls.c

@@ -49 +49 @@
-#include "wzd_structs.h"
-#include "wzd_log.h"
+#include "wzd_mutex.h"
-
-#include "wzd_tls.h"
@@ -56 +57 @@
-
-#include "wzd_debug.h"
+
+
+static int _tls_init_threads(void);
+static void _tls_exit_threads(void);
+static void _openssl_static_lock_callback(int, int, const char *, int);
-
-
@@ -65 +71 @@
-};
-
-
-
+
+
+
+
+
+
+
+
-void tls_context_init(wzd_context_t * context)
-{
@@ -188 +200 @@
-{
-  int status;
+  int ret;
-  SSL_CTX * tls_ctx;
-  wzd_string_t * tls_certificate=NULL;
@@ -292 +305 @@
-  SSL_CTX_set_session_id_context(tls_ctx, (const unsigned char *) "1", 1);
-
+  ret = _tls_init_threads();
+  if (ret) {
+    out_log(LEVEL_CRITICAL, "_tls_init_threads failed (out of memory?)");
+    str_deallocate(tls_certificate);
+    str_deallocate(tls_certificate_key);
+    str_deallocate(tls_ca_file);
+    str_deallocate(tls_ca_path);
+    return 1;
+  }
+
+  CRYPTO_set_locking_callback((void(*)(int, int, const char *, int))_openssl_static_lock_callback);
+  /* TODO: set dynamic locking callbacks */
+
-  out_log(LEVEL_INFO,"TLS initialization successful (%s).\n",OPENSSL_VERSION_TEXT);
-
@@ -300 +326 @@
-}
-
+/*************** _tls_init_threads *******************/
+static int _tls_init_threads(void) {
+  int static_locks_req;
+  int i;
+  int j;
+
+  /* determine how many static locks OpenSSL requires */
+  static_locks_req = CRYPTO_num_locks();
+  if (static_locks_req > 0) {
+    openssl_static_lock = wzd_malloc(sizeof(wzd_mutex_t *) * static_locks_req);
+    if (!openssl_static_lock)
+      return -1;
+    /* create each mutex so it is ready to be used */
+    for (i = 0; i < static_locks_req; i++) {
+      openssl_static_lock[i] = wzd_mutex_create(0);
+      if (!openssl_static_lock[i]) {
+        for (j = 0; j < i; j++)
+          wzd_mutex_destroy(openssl_static_lock[j]);
+        wzd_free(openssl_static_lock);
+        openssl_static_lock = NULL;
+        return -1;
+      }
+    }
+  }
+  
+  /* TODO: init dynamic lock array (it can grow/shrink later) */
+
+  openssl_static_lock_num = static_locks_req;
+  return 0;
+}
+  
+
-/*************** tls_exit ****************************/
-
@@ -315 +373 @@
-  ERR_free_strings();
-
+  CRYPTO_set_locking_callback(NULL);
+  /* TODO: unset dynamic locking callbacks */
+  _tls_exit_threads();
+
-  SSL_CTX_free(mainConfig->tls_ctx);
-  return 0;
-}
-
+/*************** _tls_exit_threads *******************/
+static void _tls_exit_threads(void) {
+  int i;
+
+  for (i = 0; i < openssl_static_lock_num; i++)
+    wzd_mutex_destroy(openssl_static_lock[i]);
+  wzd_free(openssl_static_lock);
+
+  /* TODO: free up dynamic lock array */
+  return;
+}
+
+/*************** _openssl_static_lock_callback *******/
+static void _openssl_static_lock_callback(int mode, int n, const char *file, int line) {
+  if (mode & CRYPTO_LOCK)
+    wzd_mutex_lock(openssl_static_lock[n]);
+  else if (mode & CRYPTO_UNLOCK)
+    wzd_mutex_unlock(openssl_static_lock[n]);
+  return;
+}
-
-/*************** tls_read ****************************/