static int tls_init_multithread(void)
{
/* init static locks support */
tls_static_locks_no = CRYPTO_num_locks();
if (tls_static_locks_no>0) {
/* init a lock set & pass locking function to SSL */
tls_static_locks = lock_set_alloc(tls_static_locks_no);
if (tls_static_locks == NULL) {
LM_ERR("Failed to alloc static locks\n");
return -1;
}
if (lock_set_init(tls_static_locks)==0) {
LM_ERR("Failed to init static locks\n");
lock_set_dealloc(tls_static_locks);
return -1;
}
CRYPTO_set_locking_callback(tls_static_locks_ops);
}
CRYPTO_set_id_callback(tls_get_id);
/* dynamic locks support*/
CRYPTO_set_dynlock_create_callback(tls_dyn_lock_create);
CRYPTO_set_dynlock_lock_callback(tls_dyn_lock_ops);
CRYPTO_set_dynlock_destroy_callback(tls_dyn_lock_destroy);
return 0;
}
/*!
* @brief Initialize the OpenSSL subsystem for use in a multi threaded enviroment.
* @param transport Pointer to the transport instance.
* @return Indication of success or failure.
*/
static BOOL server_initialize_ssl(Transport* transport) {
int i;
lock_acquire(transport->lock);
// Begin to bring up the OpenSSL subsystem...
CRYPTO_malloc_init();
SSL_load_error_strings();
SSL_library_init();
// Setup the required OpenSSL multi-threaded enviroment...
ssl_locks = malloc(CRYPTO_num_locks() * sizeof(LOCK *));
if (ssl_locks == NULL) {
dprintf("[SSL INIT] failed to allocate locks (%d locks)", CRYPTO_num_locks());
lock_release(transport->lock);
return FALSE;
}
for (i = 0; i < CRYPTO_num_locks(); i++) {
ssl_locks[i] = lock_create();
}
CRYPTO_set_id_callback(server_threadid_callback);
CRYPTO_set_locking_callback(server_locking_callback);
CRYPTO_set_dynlock_create_callback(server_dynamiclock_create);
CRYPTO_set_dynlock_lock_callback(server_dynamiclock_lock);
CRYPTO_set_dynlock_destroy_callback(server_dynamiclock_destroy);
lock_release(transport->lock);
return TRUE;
}
/*
* Initialize OpenSSL thread support
* Returns: 0 on success
* errno on failure
*/
int openssl_init_threads (void)
{
int i, numlocks;
int status;
/* Set thread ID callback */
CRYPTO_set_id_callback(get_openssl_thread_id);
/* Initialize static locking */
numlocks = CRYPTO_num_locks();
mutexes = (pthread_mutex_t *) malloc(numlocks * sizeof(pthread_mutex_t));
for (i = 0; i < numlocks; i++) {
if ((status = pthread_mutex_init(&mutexes[i], NULL)) != 0) {
berrno be;
Jmsg1(NULL, M_FATAL, 0, _("Unable to init mutex: ERR=%s\n"), be.bstrerror(status));
return status;
}
}
/* Set static locking callback */
CRYPTO_set_locking_callback(openssl_update_static_mutex);
/* Initialize dyanmic locking */
CRYPTO_set_dynlock_create_callback(openssl_create_dynamic_mutex);
CRYPTO_set_dynlock_lock_callback(openssl_update_dynamic_mutex);
CRYPTO_set_dynlock_destroy_callback(openssl_destroy_dynamic_mutex);
return 0;
}
int sthreads_init(void) {
int i;
/* initialize OpenSSL dynamic locks callbacks */
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
/* initialize stunnel critical sections */
for(i=0; i<STUNNEL_LOCKS; i++)
stunnel_locks[i]=CRYPTO_get_new_dynlockid();
/* initialize OpenSSL locking callback */
lock_cs=str_alloc_detached(
(size_t)CRYPTO_num_locks()*sizeof(struct CRYPTO_dynlock_value));
for(i=0; i<CRYPTO_num_locks(); i++)
pthread_rwlock_init(&lock_cs[i].rwlock, NULL);
#if OPENSSL_VERSION_NUMBER>=0x10000000L
CRYPTO_THREADID_set_callback(threadid_func);
#else
CRYPTO_set_id_callback(stunnel_thread_id);
#endif
CRYPTO_set_locking_callback(locking_callback);
return 0;
}
/*
* Deinitialize OpenSSL and free as much memory as possible.
* Some 10k-100k will still remain resident no matter what.
*/
void
ssl_fini(void)
{
if (!ssl_initialized)
return;
ERR_remove_state(0); /* current thread */
#ifdef OPENSSL_THREADS
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
#ifdef OPENSSL_NO_THREADID
CRYPTO_set_id_callback(NULL);
#else /* !OPENSSL_NO_THREADID */
CRYPTO_THREADID_set_callback(NULL);
#endif /* !OPENSSL_NO_THREADID */
int i;
for (i = 0; i < ssl_mutex_num; i++) {
pthread_mutex_destroy(&ssl_mutex[i]);
}
free(ssl_mutex);
#endif
ENGINE_cleanup();
CONF_modules_finish();
CONF_modules_unload(1);
CONF_modules_free();
EVP_cleanup();
ERR_free_strings();
CRYPTO_cleanup_all_ex_data();
}
static rfbBool
InitializeTLS(void)
{
int i;
if (rfbTLSInitialized) return TRUE;
mutex_buf = malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
if (mutex_buf == NULL) {
rfbClientLog("Failed to initialized OpenSSL: memory.\n");
return (-1);
}
for (i = 0; i < CRYPTO_num_locks(); i++)
pthread_mutex_init(&mutex_buf[i], NULL);
CRYPTO_set_locking_callback(locking_function);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
RAND_load_file("/dev/urandom", 1024);
rfbClientLog("OpenSSL initialized.\n");
rfbTLSInitialized = TRUE;
return TRUE;
}
CAMLprim value ocaml_ssl_init(value use_threads)
{
int i;
SSL_library_init();
SSL_load_error_strings();
if(Int_val(use_threads))
{
#ifdef WIN32
mutex_buf = malloc(CRYPTO_num_locks() * sizeof(HANDLE));
#else
mutex_buf = malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
#endif
assert(mutex_buf);
for (i = 0; i < CRYPTO_num_locks(); i++)
#ifdef WIN32
mutex_buf[i] = CreateMutex(NULL, FALSE, NULL);
#else
pthread_mutex_init(&mutex_buf[i], NULL);
#endif
CRYPTO_set_locking_callback(locking_function);
#ifndef WIN32
/* Windows does not require id_function, see threads(3) */
CRYPTO_set_id_callback(id_function);
#endif
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
}
return Val_unit;
}
void ssl_util_thread_setup(apr_pool_t *p)
{
int i;
lock_num_locks = CRYPTO_num_locks();
lock_cs = apr_palloc(p, lock_num_locks * sizeof(*lock_cs));
for (i = 0; i < lock_num_locks; i++) {
apr_thread_mutex_create(&(lock_cs[i]), APR_THREAD_MUTEX_DEFAULT, p);
}
CRYPTO_set_id_callback(ssl_util_thr_id);
CRYPTO_set_locking_callback(ssl_util_thr_lock);
/* Set up dynamic locking scaffolding for OpenSSL to use at its
* convenience.
*/
dynlockpool = p;
CRYPTO_set_dynlock_create_callback(ssl_dyn_create_function);
CRYPTO_set_dynlock_lock_callback(ssl_dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(ssl_dyn_destroy_function);
apr_pool_cleanup_register(p, NULL, ssl_util_thread_cleanup,
apr_pool_cleanup_null);
}
void BaseSSLConfig::uninit_ssl() {
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
ERR_free_strings();
if (NULL != ssl_locks) {
for (int n = 0; n < number_of_locks; ++n)
DeleteCriticalSection(&ssl_locks[n]);
free(ssl_locks);
ssl_locks = NULL;
number_of_locks = 0;
}
if(m_rootcert != NULL) {
X509_free(m_rootcert);
m_rootcert=NULL;
}
if(m_rootkeypair != NULL) {
EVP_PKEY_free(m_rootkeypair);
m_rootkeypair=NULL;
}
m_status = STATUS_UNINIT;
}
int sthreads_init(void) {
int i;
/* initialize stunnel critical sections */
for(i=0; i<CRIT_SECTIONS; i++)
pthread_mutex_init(stunnel_cs+i, NULL);
/* initialize OpenSSL locking callback */
lock_cs=str_alloc_detached(
(size_t)CRYPTO_num_locks()*sizeof(pthread_mutex_t));
for(i=0; i<CRYPTO_num_locks(); i++)
pthread_mutex_init(lock_cs+i, NULL);
#if OPENSSL_VERSION_NUMBER>=0x10000000L
CRYPTO_THREADID_set_callback(threadid_func);
#else
CRYPTO_set_id_callback(stunnel_thread_id);
#endif
CRYPTO_set_locking_callback(locking_callback);
/* initialize OpenSSL dynamic locks callbacks */
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
return 0;
}
BOOL BaseSSLConfig::init_ssl() {
BOOL bRet = FALSE;
do {
number_of_locks = CRYPTO_num_locks();
if (number_of_locks > 0) {
ssl_locks = (ssl_lock*)malloc(number_of_locks * sizeof(ssl_lock));
for (int n = 0; n < number_of_locks; ++n)
InitializeCriticalSection(&ssl_locks[n]);
}
CRYPTO_set_locking_callback(&ssl_lock_callback);
CRYPTO_set_dynlock_create_callback(&ssl_lock_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback(&ssl_lock_dyn_callback);
CRYPTO_set_dynlock_destroy_callback(&ssl_lock_dyn_destroy_callback);
//init
SSL_load_error_strings();
SSL_library_init();
bRet=InitRootCert();
} while (0);
if (bRet) {
m_status = STATUS_INITFINAL;
}
return bRet;
}
bool
SSLContext::Init(X509 *pCert, EVP_PKEY *pPrivatekey){
int nLockCt = CRYPTO_num_locks();
InitializeCryptoLocks(nLockCt);
#ifdef _DEBUG
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options (V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl (CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_locking_callback (&ssl_lock_callback);
CRYPTO_set_dynlock_create_callback (&ssl_lock_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback (&ssl_lock_dyn_callback);
CRYPTO_set_dynlock_destroy_callback (&ssl_lock_dyn_destroy_callback);
SSL_load_error_strings ();
SSL_library_init ();
// Initialize and verify SSL context. {{
const SSL_METHOD* meth = SSLv23_method();
m_pssl_ctx = SSL_CTX_new(meth);
SSL_CTX_set_verify(m_pssl_ctx, SSL_VERIFY_NONE, nullptr);
// }}
#ifdef _SERVER
SSL_CTX_set_options(m_pssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
if( pCert )
SSL_CTX_use_certificate (m_pssl_ctx, pCert);
if( pPrivatekey )
SSL_CTX_use_PrivateKey (m_pssl_ctx, pPrivatekey);
return true;
}
/*
* Bring down the OpenSSL subsystem
*/
static BOOL server_destroy_ssl( Remote * remote )
{
int i = 0;
if( remote == NULL )
return FALSE;
dprintf("[SERVER] Destroying SSL");
lock_acquire( remote->lock );
SSL_free( remote->ssl );
SSL_CTX_free( remote->ctx );
CRYPTO_set_locking_callback( NULL );
CRYPTO_set_id_callback( NULL );
CRYPTO_set_dynlock_create_callback( NULL );
CRYPTO_set_dynlock_lock_callback( NULL );
CRYPTO_set_dynlock_destroy_callback( NULL );
for( i=0 ; i<CRYPTO_num_locks() ; i++ )
lock_destroy( ssl_locks[i] );
free( ssl_locks );
lock_release( remote->lock );
return TRUE;
}
/*
* Initialize the OpenSSL subsystem for use in a multi threaded enviroment.
*/
static BOOL server_initialize_ssl( Remote * remote )
{
int i = 0;
lock_acquire( remote->lock );
// Begin to bring up the OpenSSL subsystem...
CRYPTO_malloc_init();
SSL_load_error_strings();
SSL_library_init();
// Setup the required OpenSSL multi-threaded enviroment...
ssl_locks = (LOCK**)malloc( CRYPTO_num_locks() * sizeof(LOCK *) );
if( ssl_locks == NULL )
{
lock_release( remote->lock );
return FALSE;
}
for( i=0 ; i<CRYPTO_num_locks() ; i++ )
ssl_locks[i] = lock_create();
CRYPTO_set_id_callback( server_threadid_callback );
CRYPTO_set_locking_callback( server_locking_callback );
CRYPTO_set_dynlock_create_callback( server_dynamiclock_create );
CRYPTO_set_dynlock_lock_callback( server_dynamiclock_lock );
CRYPTO_set_dynlock_destroy_callback( server_dynamiclock_destroy );
lock_release( remote->lock );
return TRUE;
}
/*!
* @brief Bring down the OpenSSL subsystem
* @param transport Pointer to the transport instance.
* @return Indication of success or failure.
*/
static BOOL server_destroy_ssl(Transport* transport) {
TcpTransportContext* ctx = NULL;
int i;
if (transport) {
dprintf("[SERVER] Destroying SSL");
lock_acquire(transport->lock);
if (transport && transport->ctx) {
ctx = (TcpTransportContext*)transport->ctx;
SSL_free(ctx->ssl);
SSL_CTX_free(ctx->ctx);
}
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++) {
lock_destroy(ssl_locks[i]);
}
free(ssl_locks);
lock_release(transport->lock);
}
return TRUE;
}
CSSLApplication::CSSLApplication()
{
if (SSLInited) return;
SSLInited = 1;
NeedDataOp = 0;
#ifdef _DEBUG
// OpenSSL internal memory-leak checkers
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
openssl_locks = new Synchronizer[CRYPTO_num_locks()];
// callbacks for static lock
CRYPTO_set_locking_callback(funcOpenSSLLockingCallback);
CRYPTO_set_id_callback(funcOpenSSLIDCallback);
// callbacks for dynamic lock
CRYPTO_set_dynlock_create_callback(funcOpenSSLDynCreateCallback);
CRYPTO_set_dynlock_destroy_callback(funcOpenSSLDynDestroyCallback);
CRYPTO_set_dynlock_lock_callback(funcOpenSSLDynLockCallback);
// Load algorithms and error strings.
SSL_load_error_strings();
SSL_library_init();
};
CSSLInitializer::CSSLInitializer()
{
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
sm_iLockNum = CRYPTO_num_locks();
if(sm_iLockNum > 0)
sm_pcsLocks = new CSimpleRWLock[sm_iLockNum];
/*
#ifdef _DEBUG
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
*/
CRYPTO_set_locking_callback (&ssl_lock_callback);
CRYPTO_set_dynlock_create_callback (&ssl_lock_dyn_create_callback);
CRYPTO_set_dynlock_destroy_callback (&ssl_lock_dyn_destroy_callback);
CRYPTO_set_dynlock_lock_callback (&ssl_lock_dyn_callback);
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
#else
OPENSSL_init_ssl(OPENSSL_INIT_SSL_DEFAULT, nullptr);
#endif
}
CSSLInitializer::~CSSLInitializer()
{
CleanupThreadState();
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
CONF_modules_free();
ENGINE_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
SSL_COMP_free_compression_methods();
CRYPTO_set_locking_callback (nullptr);
CRYPTO_set_dynlock_create_callback (nullptr);
CRYPTO_set_dynlock_destroy_callback (nullptr);
CRYPTO_set_dynlock_lock_callback (nullptr);
if(sm_iLockNum > 0)
{
delete[] sm_pcsLocks;
sm_pcsLocks = nullptr;
sm_iLockNum = 0;
}
#endif
}
bool
SSLSocketServer::SSL_Init(){
int nLockCt = CRYPTO_num_locks();
InitializeCryptoLocks(nLockCt);
#ifdef _DEBUG
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options (V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl (CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_locking_callback (&ssl_lock_callback);
CRYPTO_set_dynlock_create_callback (&ssl_lock_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback (&ssl_lock_dyn_callback);
CRYPTO_set_dynlock_destroy_callback (&ssl_lock_dyn_destroy_callback);
SSL_load_error_strings ();
SSL_library_init ();
// Initialize and verify SSL context. {{
const SSL_METHOD* meth = SSLv23_method();
m_pssl_ctx = SSL_CTX_new(meth);
SSL_CTX_set_verify(m_pssl_ctx, SSL_VERIFY_NONE, nullptr);
// }}
::InitializeCriticalSection(&m_lock_connect_ex);
return true;
}
void OpenSSLInitializer::initialize()
{
Poco::FastMutex::ScopedLock lock(_mutex);
if (++_rc == 1)
{
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
OPENSSL_config(NULL);
#endif
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
int nMutexes = CRYPTO_num_locks();
_mutexes = new Poco::FastMutex[nMutexes];
CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
#ifndef POCO_OS_FAMILY_WINDOWS // SF# 1828231: random unhandled exceptions when linking with ssl
CRYPTO_set_id_callback(&OpenSSLInitializer::id);
#endif
CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
}
}
void start() {
PlatformSpecific::ThirdParty::start();
if (!RAND_status()) { // should be always inited in all modern OS
char buf[16];
memcpy(buf, &_msStart, 8);
memcpy(buf + 8, &_msFreq, 8);
uchar sha256Buffer[32];
RAND_seed(hashSha256(buf, 16, sha256Buffer), 32);
if (!RAND_status()) {
LOG(("MTP Error: Could not init OpenSSL rand, RAND_status() is 0.."));
}
}
int32 numLocks = CRYPTO_num_locks();
if (numLocks) {
_sslLocks = new QMutex[numLocks];
CRYPTO_set_locking_callback(_sslLockingCallback);
} else {
LOG(("MTP Error: Could not init OpenSSL threads, CRYPTO_num_locks() returned zero!"));
}
CRYPTO_THREADID_set_callback(_sslThreadId);
CRYPTO_set_dynlock_create_callback(_sslCreateFunction);
CRYPTO_set_dynlock_lock_callback(_sslLockFunction);
CRYPTO_set_dynlock_destroy_callback(_sslDestroyFunction);
av_register_all();
avcodec_register_all();
av_lockmgr_register(_ffmpegLockManager);
_sslInited = true;
}
static void Init_ossl_locks(void)
{
int i;
int num_locks = CRYPTO_num_locks();
if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) {
rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks);
}
ossl_locks = (rb_nativethread_lock_t *) OPENSSL_malloc(num_locks * (int)sizeof(rb_nativethread_lock_t));
if (!ossl_locks) {
rb_raise(rb_eNoMemError, "CRYPTO_num_locks() is too big: %d", num_locks);
}
for (i = 0; i < num_locks; i++) {
rb_nativethread_lock_initialize(&ossl_locks[i]);
}
#ifdef HAVE_CRYPTO_THREADID_PTR
CRYPTO_THREADID_set_callback(ossl_threadid_func);
#else
CRYPTO_set_id_callback(ossl_thread_id);
#endif
CRYPTO_set_locking_callback(ossl_lock_callback);
CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback);
CRYPTO_set_dynlock_destroy_callback(ossl_dyn_destroy_callback);
}
void initialize()
{
Mutex::ScopedLock lock(_mutex);
if (++_refCount == 1)
{
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
OPENSSL_config(NULL);
#endif
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
char seed[SEEDSIZE];
Random::getSeed(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
int nMutexes = CRYPTO_num_locks();
_mutexes = new Mutex[nMutexes];
CRYPTO_set_locking_callback(&internal::lock);
// #ifndef WIN32 // SF# 1828231: random unhandled exceptions when linking with ssl
// CRYPTO_set_id_callback(&internal::id);
// #endif
CRYPTO_set_dynlock_create_callback(&internal::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&internal::dynlock);
CRYPTO_set_dynlock_destroy_callback(&internal::dynlockDestroy);
}
}
/*
================================================================================
Function :initSSLThreadMutex
Input :void
Output :void
Return :int
< status >
Description :initialize mutexes for ssl thread safe
================================================================================
*/
static int initSSLThreadMutex( void )
{
int i;
int result;
mutex_locks = ( pthread_mutex_t* )malloc( CRYPTO_num_locks( ) *
sizeof( pthread_mutex_t ) );
if( !mutex_locks )
{
return( -1 );
}
for( i = 0 ; i < CRYPTO_num_locks( ) ; i++ )
{
if( ( result = pthread_mutex_init( &( mutex_locks[ i ] ), NULL ) ) < 0 )
{
return( result );
}
}
if( ( result = CRYPTO_THREADID_set_callback( getThreadId ) ) < 0 )
{
return( result );
}
CRYPTO_set_locking_callback( lockSSLThreadMutex );
CRYPTO_set_dynlock_create_callback( createSSLDynamicThreadMutex );
CRYPTO_set_dynlock_lock_callback( lockSSLDynamicThreadMutex );
CRYPTO_set_dynlock_destroy_callback( destroySSLDynamicThreadMutex );
return( 0 );
}
/**
* thread_cleanup
*
* Clean up multi-thread protection used by the SSL library.
*
* Note that this function is not currently used because there is no shutdown
* code for plugins. It is left here in case that happens in the future.
*
* Return value: 0 for success, -1 for failure (though it currently can't fail)
**/
static int thread_cleanup(void)
{
int i;
/* Nullify the locking functions we registered with the SSL library */
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
/* Clean up and destroy mutexes, if we have any */
g_static_mutex_lock(&ssl_mutexes);
if (mutexes) {
for (i = 0; i < CRYPTO_num_locks(); i++) {
if (mutexes[i]) {
g_mutex_free(mutexes[i]);
}
}
g_free(mutexes);
mutexes = NULL;
}
g_static_mutex_free(&ssl_mutexes);
return(0); /* No errors */
}
void _ssl_init() {
// check if ssl already initialized
int num_locks;
int i;
if (g_ssl_locks != NULL) {
return;
}
num_locks = CRYPTO_num_locks();
g_ssl_locks = _memory_malloc(sizeof(int *)*num_locks);
if (g_ssl_locks == NULL) {
return;
}
for (i = 0; i < num_locks; ++i) {
_tr50_mutex_create(&(g_ssl_locks[i]));
}
CRYPTO_set_id_callback(_id_function);
CRYPTO_set_locking_callback(_locking_function);
CRYPTO_set_dynlock_create_callback(_dyn_create_function);
CRYPTO_set_dynlock_lock_callback(_dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(_dyn_destroy_function);
SSL_library_init();
SSL_load_error_strings();
//random_init();
return;
}
void OpenSSL::ClassInit() {
MS_TRACE();
MS_DEBUG("loaded openssl version: %s", SSLeay_version(SSLEAY_VERSION));
// First initialize OpenSSL stuff.
SSL_load_error_strings();
SSL_library_init();
RAND_poll();
// Make OpenSSL thread-safe.
OpenSSL::mutexes = new pthread_mutex_t[CRYPTO_num_locks()];
if (! OpenSSL::mutexes)
MS_THROW_ERROR("allocation of mutexes failed");
OpenSSL::numMutexes = CRYPTO_num_locks();
for (int i=0; i<OpenSSL::numMutexes; i++) {
int err = pthread_mutex_init(&OpenSSL::mutexes[i], nullptr);
if (err)
MS_THROW_ERROR("pthread_mutex_init() failed with return code %d\n", err);
}
CRYPTO_THREADID_set_callback(OpenSSL::SetThreadId);
CRYPTO_set_locking_callback(OpenSSL::LockingFunction);
CRYPTO_set_dynlock_create_callback(OpenSSL::DynCreateFunction);
CRYPTO_set_dynlock_lock_callback(OpenSSL::DynLockFunction);
CRYPTO_set_dynlock_destroy_callback(OpenSSL::DynDestroyFunction);
}
void OpenSSLInitializer::uninitialize()
{
if (--_rc == 0)
{
if(_mutexes != NULL) {
CRYPTO_set_dynlock_create_callback(0);
CRYPTO_set_dynlock_lock_callback(0);
CRYPTO_set_dynlock_destroy_callback(0);
CRYPTO_set_locking_callback(0);
#ifndef POCO_OS_FAMILY_WINDOWS
#ifndef OPENSSL_NO_DEPRECATED
CRYPTO_set_id_callback(0);
#else
CRYPTO_THREADID tid;
CRYPTO_THREADID_set_numeric(&tid, 0);
#endif /* OPENSSL_NO_DEPRECATED */
#endif
delete [] _mutexes;
}
if(! _disableSSLInitialization) {
EVP_cleanup();
ERR_free_strings();
CONF_modules_free();
}
}
}
/*
Initialize the MPR SSL layer
*/
PUBLIC int mprSslInit(void *unused, MprModule *module)
{
RandBuf randBuf;
int i;
randBuf.now = mprGetTime();
randBuf.pid = getpid();
RAND_seed((void*) &randBuf, sizeof(randBuf));
#if ME_UNIX_LIKE
RAND_load_file("/dev/urandom", 256);
#endif
if ((openProvider = mprAllocObj(MprSocketProvider, manageOpenProvider)) == NULL) {
return MPR_ERR_MEMORY;
}
openProvider->name = sclone("openssl");
openProvider->upgradeSocket = upgradeOss;
openProvider->closeSocket = closeOss;
openProvider->disconnectSocket = disconnectOss;
openProvider->flushSocket = flushOss;
openProvider->socketState = getOssState;
openProvider->readSocket = readOss;
openProvider->writeSocket = writeOss;
mprSetSslProvider(openProvider);
/*
Configure the SSL library. Use the crypto ID as a one-time test. This allows
users to configure the library and have their configuration used instead.
*/
mprGlobalLock();
if (CRYPTO_get_id_callback() == 0) {
numLocks = CRYPTO_num_locks();
if ((olocks = mprAlloc(numLocks * sizeof(MprMutex*))) == 0) {
return MPR_ERR_MEMORY;
}
for (i = 0; i < numLocks; i++) {
olocks[i] = mprCreateLock();
}
CRYPTO_set_id_callback(sslThreadId);
CRYPTO_set_locking_callback(sslStaticLock);
CRYPTO_set_dynlock_create_callback(sslCreateDynLock);
CRYPTO_set_dynlock_destroy_callback(sslDestroyDynLock);
CRYPTO_set_dynlock_lock_callback(sslDynLock);
#if !ME_WIN_LIKE
OpenSSL_add_all_algorithms();
#endif
/*
WARNING: SSL_library_init() is not reentrant. Caller must ensure safety.
*/
SSL_library_init();
SSL_load_error_strings();
}
mprGlobalUnlock();
return 0;
}
static apr_status_t cleanup_ssl(void *data)
{
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
return APR_SUCCESS;
}
