/* ================================================================================ Function :initSSLThreadMutex Input :void Output :void Return :int < status > Description :initialize mutexes for ssl thread safe ================================================================================ */ static int initSSLThreadMutex( void ) { int i; int result; mutex_locks = ( pthread_mutex_t* )malloc( CRYPTO_num_locks( ) * sizeof( pthread_mutex_t ) ); if( !mutex_locks ) { return( -1 ); } for( i = 0 ; i < CRYPTO_num_locks( ) ; i++ ) { if( ( result = pthread_mutex_init( &( mutex_locks[ i ] ), NULL ) ) < 0 ) { return( result ); } } if( ( result = CRYPTO_THREADID_set_callback( getThreadId ) ) < 0 ) { return( result ); } CRYPTO_set_locking_callback( lockSSLThreadMutex ); CRYPTO_set_dynlock_create_callback( createSSLDynamicThreadMutex ); CRYPTO_set_dynlock_lock_callback( lockSSLDynamicThreadMutex ); CRYPTO_set_dynlock_destroy_callback( destroySSLDynamicThreadMutex ); return( 0 ); }
int sthreads_init(void) { int i; /* initialize OpenSSL dynamic locks callbacks */ CRYPTO_set_dynlock_create_callback(dyn_create_function); CRYPTO_set_dynlock_lock_callback(dyn_lock_function); CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function); /* initialize stunnel critical sections */ for(i=0; i<STUNNEL_LOCKS; i++) stunnel_locks[i]=CRYPTO_get_new_dynlockid(); /* initialize OpenSSL locking callback */ lock_cs=str_alloc_detached( (size_t)CRYPTO_num_locks()*sizeof(struct CRYPTO_dynlock_value)); for(i=0; i<CRYPTO_num_locks(); i++) pthread_rwlock_init(&lock_cs[i].rwlock, NULL); #if OPENSSL_VERSION_NUMBER>=0x10000000L CRYPTO_THREADID_set_callback(threadid_func); #else CRYPTO_set_id_callback(stunnel_thread_id); #endif CRYPTO_set_locking_callback(locking_callback); return 0; }
/* * Deinitialize OpenSSL and free as much memory as possible. * Some 10k-100k will still remain resident no matter what. */ void ssl_fini(void) { if (!ssl_initialized) return; ERR_remove_state(0); /* current thread */ #ifdef OPENSSL_THREADS CRYPTO_set_locking_callback(NULL); CRYPTO_set_dynlock_create_callback(NULL); CRYPTO_set_dynlock_lock_callback(NULL); CRYPTO_set_dynlock_destroy_callback(NULL); #ifdef OPENSSL_NO_THREADID CRYPTO_set_id_callback(NULL); #else /* !OPENSSL_NO_THREADID */ CRYPTO_THREADID_set_callback(NULL); #endif /* !OPENSSL_NO_THREADID */ int i; for (i = 0; i < ssl_mutex_num; i++) { pthread_mutex_destroy(&ssl_mutex[i]); } free(ssl_mutex); #endif ENGINE_cleanup(); CONF_modules_finish(); CONF_modules_unload(1); CONF_modules_free(); EVP_cleanup(); ERR_free_strings(); CRYPTO_cleanup_all_ex_data(); }
int git_openssl_set_locking(void) { #if defined(GIT_THREADS) && defined(OPENSSL_LEGACY_API) int num_locks, i; CRYPTO_THREADID_set_callback(threadid_cb); num_locks = CRYPTO_num_locks(); openssl_locks = git__calloc(num_locks, sizeof(git_mutex)); GITERR_CHECK_ALLOC(openssl_locks); for (i = 0; i < num_locks; i++) { if (git_mutex_init(&openssl_locks[i]) != 0) { giterr_set(GITERR_SSL, "failed to initialize openssl locks"); return -1; } } CRYPTO_set_locking_callback(openssl_locking_function); git__on_shutdown(shutdown_ssl_locking); return 0; #elif !defined(OPENSSL_LEGACY_API) return 0; #else giterr_set(GITERR_THREAD, "libgit2 was not built with threads"); return -1; #endif }
static int ssl_crypto_init() { int i, rc= 1, max= CRYPTO_num_locks(); #if (OPENSSL_VERSION_NUMBER < 0x10000000) CRYPTO_set_id_callback(my_cb_threadid); #else rc= CRYPTO_THREADID_set_callback(my_cb_threadid); #endif /* if someone else already set callbacks * there is nothing do */ if (!rc) return 0; if (LOCK_crypto == NULL) { if (!(LOCK_crypto= (pthread_mutex_t *)my_malloc(sizeof(pthread_mutex_t) * max, MYF(0)))) return 1; for (i=0; i < max; i++) pthread_mutex_init(&LOCK_crypto[i], NULL); } CRYPTO_set_locking_callback(my_cb_locking); return 0; }
static void Init_ossl_locks(void) { int i; int num_locks = CRYPTO_num_locks(); if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) { rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks); } ossl_locks = (rb_nativethread_lock_t *) OPENSSL_malloc(num_locks * (int)sizeof(rb_nativethread_lock_t)); if (!ossl_locks) { rb_raise(rb_eNoMemError, "CRYPTO_num_locks() is too big: %d", num_locks); } for (i = 0; i < num_locks; i++) { rb_nativethread_lock_initialize(&ossl_locks[i]); } #ifdef HAVE_CRYPTO_THREADID_PTR CRYPTO_THREADID_set_callback(ossl_threadid_func); #else CRYPTO_set_id_callback(ossl_thread_id); #endif CRYPTO_set_locking_callback(ossl_lock_callback); CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback); CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback); CRYPTO_set_dynlock_destroy_callback(ossl_dyn_destroy_callback); }
void start() { PlatformSpecific::ThirdParty::start(); if (!RAND_status()) { // should be always inited in all modern OS char buf[16]; memcpy(buf, &_msStart, 8); memcpy(buf + 8, &_msFreq, 8); uchar sha256Buffer[32]; RAND_seed(hashSha256(buf, 16, sha256Buffer), 32); if (!RAND_status()) { LOG(("MTP Error: Could not init OpenSSL rand, RAND_status() is 0..")); } } int32 numLocks = CRYPTO_num_locks(); if (numLocks) { _sslLocks = new QMutex[numLocks]; CRYPTO_set_locking_callback(_sslLockingCallback); } else { LOG(("MTP Error: Could not init OpenSSL threads, CRYPTO_num_locks() returned zero!")); } CRYPTO_THREADID_set_callback(_sslThreadId); CRYPTO_set_dynlock_create_callback(_sslCreateFunction); CRYPTO_set_dynlock_lock_callback(_sslLockFunction); CRYPTO_set_dynlock_destroy_callback(_sslDestroyFunction); av_register_all(); avcodec_register_all(); av_lockmgr_register(_ffmpegLockManager); _sslInited = true; }
int sthreads_init(void) { int i; /* initialize stunnel critical sections */ for(i=0; i<CRIT_SECTIONS; i++) pthread_mutex_init(stunnel_cs+i, NULL); /* initialize OpenSSL locking callback */ lock_cs=str_alloc_detached( (size_t)CRYPTO_num_locks()*sizeof(pthread_mutex_t)); for(i=0; i<CRYPTO_num_locks(); i++) pthread_mutex_init(lock_cs+i, NULL); #if OPENSSL_VERSION_NUMBER>=0x10000000L CRYPTO_THREADID_set_callback(threadid_func); #else CRYPTO_set_id_callback(stunnel_thread_id); #endif CRYPTO_set_locking_callback(locking_callback); /* initialize OpenSSL dynamic locks callbacks */ CRYPTO_set_dynlock_create_callback(dyn_create_function); CRYPTO_set_dynlock_lock_callback(dyn_lock_function); CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function); return 0; }
bool OpenSSL::SetThreadSafe() { int err; mutexArray = (pthread_mutex_t*)malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks()); if (! mutexArray) { ::Error("-OpenSSL::SetThreadSafe(): allocation of mutexArray failed\n"); return false; } for (int i=0; i<CRYPTO_num_locks(); i++) { err = pthread_mutex_init(&mutexArray[i], NULL); if (err) { ::Error("-OpenSSL::SetThreadSafe(): pthread_mutex_init() failed with return code %d\n", err); return false; } } /* Set OpenSSL thread id callback. */ // Deprecated in OpenSSL >= 1.0.0. // CRYPTO_set_id_callback(GetThreadId); // For OpenSSL >= 1.0.0. CRYPTO_THREADID_set_callback(SetThreadId); /* Set OpenSSL locking callback. */ CRYPTO_set_locking_callback(LockingFunction); return true; }
void OpenSSL::ClassInit() { MS_TRACE(); MS_DEBUG("loaded openssl version: %s", SSLeay_version(SSLEAY_VERSION)); // First initialize OpenSSL stuff. SSL_load_error_strings(); SSL_library_init(); RAND_poll(); // Make OpenSSL thread-safe. OpenSSL::mutexes = new pthread_mutex_t[CRYPTO_num_locks()]; if (! OpenSSL::mutexes) MS_THROW_ERROR("allocation of mutexes failed"); OpenSSL::numMutexes = CRYPTO_num_locks(); for (int i=0; i<OpenSSL::numMutexes; i++) { int err = pthread_mutex_init(&OpenSSL::mutexes[i], nullptr); if (err) MS_THROW_ERROR("pthread_mutex_init() failed with return code %d\n", err); } CRYPTO_THREADID_set_callback(OpenSSL::SetThreadId); CRYPTO_set_locking_callback(OpenSSL::LockingFunction); CRYPTO_set_dynlock_create_callback(OpenSSL::DynCreateFunction); CRYPTO_set_dynlock_lock_callback(OpenSSL::DynLockFunction); CRYPTO_set_dynlock_destroy_callback(OpenSSL::DynDestroyFunction); }
void OpenSSLCrypto::threadsCleanup() { CRYPTO_set_locking_callback(NULL); CRYPTO_THREADID_set_callback(NULL); for(int i = 0 ; i < CRYPTO_num_locks(); ++i) { delete cryptoLocks[i]; } cryptoLocks.resize(0); }
void OpenSSLCrypto::threadsSetup() { cryptoLocks.resize(CRYPTO_num_locks()); for(int i = 0 ; i < CRYPTO_num_locks(); ++i) { cryptoLocks[i] = new ACE_Thread_Mutex(); } CRYPTO_THREADID_set_callback(threadIdCallback); CRYPTO_set_locking_callback(lockingCallback); }
static void make_OpenSSL_thread_safe(void) { int i; openssl_locks = malloc(sizeof(*openssl_locks) * CRYPTO_num_locks()); for (i = 0; i < CRYPTO_num_locks(); i++) mutex_init(&openssl_locks[i]); CRYPTO_THREADID_set_callback(cb_openssl_threadid); CRYPTO_set_locking_callback(cb_openssl_lock); }
static void threading_setup(void) { int i; lock_cs = cf_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); for (i = 0; i < CRYPTO_num_locks(); i++) { pthread_mutex_init(&(lock_cs[i]), NULL); } CRYPTO_THREADID_set_callback(pthreads_thread_id); CRYPTO_set_locking_callback(pthreads_locking_callback); }
int SSLSocket_initialize() { int rc = 0; /*int prc;*/ int i; int lockMemSize; FUNC_ENTRY; if ((rc = SSL_library_init()) != 1) rc = -1; ERR_load_crypto_strings(); SSL_load_error_strings(); /* OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). Applications which need to use SHA2 in earlier versions of OpenSSL should call OpenSSL_add_all_algorithms() as well. */ OpenSSL_add_all_algorithms(); lockMemSize = CRYPTO_num_locks() * sizeof(ssl_mutex_type); sslLocks = malloc(lockMemSize); if (!sslLocks) { rc = -1; goto exit; } else memset(sslLocks, 0, lockMemSize); for (i = 0; i < CRYPTO_num_locks(); i++) { /* prc = */SSL_create_mutex(&sslLocks[i]); } #if (OPENSSL_VERSION_NUMBER >= 0x010000000) CRYPTO_THREADID_set_callback(SSLThread_id); #else CRYPTO_set_id_callback(SSLThread_id); #endif CRYPTO_set_locking_callback(SSLLocks_callback); SSL_create_mutex(&sslCoreMutex); exit: FUNC_EXIT_RC(rc); return rc; }
int main (int argc, char *argv[]) { pMutexArray = new pthread_mutex_t[ CRYPTO_num_locks()]; int k = 0 ; for(k =0 ; k< CRYPTO_num_locks() ; k++) pthread_mutex_init(&(pMutexArray[k]),NULL); CRYPTO_set_locking_callback(lockingFunction); CRYPTO_THREADID_set_callback(threadIdFunction); //zwolnij zasoby for(k= 0 ; k< CRYPTO_num_locks() ; k++) pthread_mutex_destroy( &(pMutexArray[k]) ); mga::MainClass sequential; char * pData; int iRes = RET_OK; iRes = sequential.m_oParams.Read("/home/cl/params", pData); if(iRes == RET_OK) iRes = sequential.m_oParams.Parse(pData); if(iRes = RET_OK) { sequential.Run(); } delete [] pMutexArray; delete [] pData; int numThreads, tid = 0 ; /* // This creates a team of threads; each thread has own copy of variables #pragma omp parallel private(numThreads, tid) { tid = omp_get_thread_num(); printf("Hello World from thread number %d\n", tid); // The following is executed by the master thread only (tid=0) if (tid == 0) { numThreads = omp_get_num_threads(); printf("Number of threads is %d\n", numThreads); } } */ return 0; }
void ReleaseOpensslLocks() { int iLockNum = CRYPTO_num_locks(); #if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0 CRYPTO_THREADID_set_callback(NULL); #else CRYPTO_set_id_callback(NULL); #endif CRYPTO_set_locking_callback(NULL); for (int i = 0; i < iLockNum; i++) uv_mutex_destroy(&g_pMutex[i]); delete(g_pMutex); }
void InitOpensslLocks() { int iLockNum = CRYPTO_num_locks(); g_pMutex = new uv_mutex_t[iLockNum]; for (int i = 0; i< iLockNum; i++) uv_mutex_init(&g_pMutex[i]); #if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0 CRYPTO_THREADID_set_callback(thread_id); #else CRYPTO_set_id_callback((unsigned long(*)())thread_id); #endif CRYPTO_set_locking_callback((void(*)(int, int, const char *, int))lock_callback); }
static void Init_ossl_locks(void) { int i; int num_locks = CRYPTO_num_locks(); ossl_locks = ALLOC_N(struct CRYPTO_dynlock_value, num_locks); for (i = 0; i < num_locks; i++) ossl_lock_init(&ossl_locks[i]); CRYPTO_THREADID_set_callback(ossl_threadid_func); CRYPTO_set_locking_callback(ossl_lock_callback); CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback); CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback); CRYPTO_set_dynlock_destroy_callback(ossl_dyn_destroy_callback); }
void start() { Platform::ThirdParty::start(); if (!RAND_status()) { // should be always inited in all modern OS char buf[16]; memcpy(buf, &_msStart, 8); memcpy(buf + 8, &_msFreq, 8); uchar sha256Buffer[32]; RAND_seed(hashSha256(buf, 16, sha256Buffer), 32); if (!RAND_status()) { LOG(("MTP Error: Could not init OpenSSL rand, RAND_status() is 0...")); } } // Force OpenSSL loading if it is linked in Qt, // so that we won't mess with our OpenSSL locking with Qt OpenSSL locking. auto sslSupported = QSslSocket::supportsSsl(); if (!sslSupported) { LOG(("Error: current Qt build doesn't support SSL requests.")); } if (!CRYPTO_get_locking_callback()) { // Qt didn't initialize OpenSSL, so we will. auto numLocks = CRYPTO_num_locks(); if (numLocks) { _sslLocks = new QMutex[numLocks]; CRYPTO_set_locking_callback(_sslLockingCallback); } else { LOG(("MTP Error: Could not init OpenSSL threads, CRYPTO_num_locks() returned zero!")); } CRYPTO_THREADID_set_callback(_sslThreadId); } if (!CRYPTO_get_dynlock_create_callback()) { CRYPTO_set_dynlock_create_callback(_sslCreateFunction); CRYPTO_set_dynlock_lock_callback(_sslLockFunction); CRYPTO_set_dynlock_destroy_callback(_sslDestroyFunction); } else if (!CRYPTO_get_dynlock_lock_callback()) { LOG(("MTP Error: dynlock_create callback is set without dynlock_lock callback!")); } av_register_all(); avcodec_register_all(); av_lockmgr_register(_ffmpegLockManager); _sslInited = true; }
HttpRequestManager::HttpRequestManager() { if(g_sslMutexes != nullptr) throw std::runtime_error("Multiple HttpRequestManagers not currently supported"); currentRequestHandle = 1; exit = false; curl_global_init(CURL_GLOBAL_ALL); CRYPTO_THREADID_set_callback(&crypto_threadid_callback); CRYPTO_set_locking_callback(&crypto_locking_callback); int locks = CRYPTO_num_locks(); g_sslMutexes = new std::mutex[locks]; for(int i=0; i<MaxiumumConnections; i++) { threads.push_back(std::thread(&HttpRequestManager::ThreadFunction, this)); } }
void OpenSSL::ClassDestroy() { MS_TRACE(); MS_DEBUG("unloading openssl"); // FAQ: https://www.openssl.org/support/faq.html#PROG13 // Thread-local cleanup functions. ERR_remove_thread_state(nullptr); // Application-global cleanup functions that are aware of usage (and // therefore thread-safe). ENGINE_cleanup(); // "Brutal" (thread-unsafe) Application-global cleanup functions. ERR_free_strings(); EVP_cleanup(); // Removes all ciphers and digests. CRYPTO_cleanup_all_ex_data(); // https://bugs.launchpad.net/percona-server/+bug/1341067. sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); // Free mutexes. for (int i=0; i<OpenSSL::numMutexes; i++) { int err = pthread_mutex_destroy(&OpenSSL::mutexes[i]); if (err) MS_ERROR("pthread_mutex_destroy() failed with return code %d\n", err); } if (OpenSSL::mutexes) delete[] OpenSSL::mutexes; // Reset callbacks. CRYPTO_THREADID_set_callback(nullptr); CRYPTO_set_locking_callback(nullptr); CRYPTO_set_dynlock_create_callback(nullptr); CRYPTO_set_dynlock_lock_callback(nullptr); CRYPTO_set_dynlock_destroy_callback(nullptr); }
static int ssl_thread_init() { int i, max= CRYPTO_num_locks(); if (LOCK_crypto == NULL) { if (!(LOCK_crypto= (pthread_mutex_t *)ma_malloc(sizeof(pthread_mutex_t) * max, MYF(0)))) return 1; for (i=0; i < max; i++) pthread_mutex_init(&LOCK_crypto[i], NULL); } #if (OPENSSL_VERSION_NUMBER < 0x10000000) CRYPTO_set_id_callback(my_cb_threadid); #else CRYPTO_THREADID_set_callback(my_cb_threadid); #endif CRYPTO_set_locking_callback(my_cb_locking); return 0; }
/* * Initialize OpenSSL and verify the random number generator works. * Returns -1 on failure, 0 on success. */ int ssl_init(void) { #ifndef PURIFY int fd; #endif /* !PURIFY */ char buf[256]; if (ssl_initialized) return 0; /* general initialization */ SSL_library_init(); #ifdef PURIFY CRYPTO_umalloc_init(); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif /* PURIFY */ SSL_load_error_strings(); OpenSSL_add_all_algorithms(); /* thread-safety */ #ifdef OPENSSL_THREADS ssl_mutex_num = CRYPTO_num_locks(); ssl_mutex = umalloc(ssl_mutex_num * sizeof(*ssl_mutex)); int i; for (i = 0; i < ssl_mutex_num; i++) { pthread_mutex_init(&ssl_mutex[i], NULL); } CRYPTO_set_locking_callback(ssl_thr_locking_cb); CRYPTO_set_dynlock_create_callback(ssl_thr_dyn_create_cb); CRYPTO_set_dynlock_lock_callback(ssl_thr_dyn_lock_cb); CRYPTO_set_dynlock_destroy_callback(ssl_thr_dyn_destroy_cb); #ifdef OPENSSL_NO_THREADID CRYPTO_set_id_callback(ssl_thr_id_cb); #else /* !OPENSSL_NO_THREADID */ CRYPTO_THREADID_set_callback(ssl_thr_id_cb); #endif /* !OPENSSL_NO_THREADID */ #endif /* OPENSSL_THREADS */ /* randomness */ #ifndef PURIFY if ((fd = open("/dev/urandom", O_RDONLY)) == -1) { log_err_printf("Error opening /dev/urandom for reading: %s\n", strerror(errno)); return -1; } while (!RAND_status()) { if (read(fd, buf, sizeof(buf)) == -1) { log_err_printf("Error reading from /dev/urandom: %s\n", strerror(errno)); close(fd); return -1; } RAND_seed(buf, sizeof(buf)); } close(fd); if (!RAND_poll()) { log_err_printf("RAND_poll() failed.\n"); return -1; } #else /* PURIFY */ log_err_printf("Warning: not seeding OpenSSL RAND due to PURITY!\n"); memset(buf, 0, sizeof(buf)); while (!RAND_status()) { RAND_seed(buf, sizeof(buf)); } #endif /* PURIFY */ #ifdef USE_FOOTPRINT_HACKS /* HACK: disable compression by zeroing the global comp algo stack. * This lowers the per-connection memory footprint by ~500k. */ STACK_OF(SSL_COMP)* comp_methods = SSL_COMP_get_compression_methods(); sk_SSL_COMP_zero(comp_methods); #endif /* USE_FOOTPRINT_HACKS */ ssl_initialized = 1; return 0; }
CInitOpenSsl() { s_pOpenSslMutexes = new mutex[CRYPTO_num_locks()]; CRYPTO_set_locking_callback(&OpenSslLockingCallback); CRYPTO_THREADID_set_callback(&OpenSslThreadId); }
~CInitOpenSsl() { CRYPTO_set_locking_callback(nullptr); CRYPTO_THREADID_set_callback(nullptr); delete[] exchange(s_pOpenSslMutexes, nullptr); }
/* DTLS-SRTP initialization */ gint janus_dtls_srtp_init(const char* server_pem, const char* server_key) { /* FIXME First of all make OpenSSL thread safe (see note above on issue #316) */ janus_dtls_locks = g_malloc0(sizeof(*janus_dtls_locks) * CRYPTO_num_locks()); int l=0; for(l = 0; l < CRYPTO_num_locks(); l++) { janus_mutex_init(&janus_dtls_locks[l]); } CRYPTO_THREADID_set_callback(janus_dtls_cb_openssl_threadid); CRYPTO_set_locking_callback(janus_dtls_cb_openssl_lock); /* Go on and create the DTLS context */ ssl_ctx = SSL_CTX_new(DTLSv1_method()); if(!ssl_ctx) { JANUS_LOG(LOG_FATAL, "Ops, error creating DTLS context?\n"); return -1; } SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, janus_dtls_verify_callback); SSL_CTX_set_tlsext_use_srtp(ssl_ctx, "SRTP_AES128_CM_SHA1_80"); /* FIXME Should we support something else as well? */ if (!server_pem && !server_key) { JANUS_LOG(LOG_WARN, "No cert/key specified, autogenerating some...\n"); if (janus_dtls_generate_keys(&ssl_cert, &ssl_key) != 0) { JANUS_LOG(LOG_FATAL, "Error generating DTLS key/certificate\n"); return -2; } } else if (!server_pem || !server_key) { JANUS_LOG(LOG_FATAL, "DTLS certificate and key must be specified\n"); return -2; } else if (janus_dtls_load_keys(server_pem, server_key, &ssl_cert, &ssl_key) != 0) { return -3; } if(!SSL_CTX_use_certificate(ssl_ctx, ssl_cert)) { JANUS_LOG(LOG_FATAL, "Certificate error (%s)\n", ERR_reason_error_string(ERR_get_error())); return -4; } if(!SSL_CTX_use_PrivateKey(ssl_ctx, ssl_key)) { JANUS_LOG(LOG_FATAL, "Certificate key error (%s)\n", ERR_reason_error_string(ERR_get_error())); return -5; } if(!SSL_CTX_check_private_key(ssl_ctx)) { JANUS_LOG(LOG_FATAL, "Certificate check error (%s)\n", ERR_reason_error_string(ERR_get_error())); return -6; } SSL_CTX_set_read_ahead(ssl_ctx,1); unsigned int size; unsigned char fingerprint[EVP_MAX_MD_SIZE]; if(X509_digest(ssl_cert, EVP_sha256(), (unsigned char *)fingerprint, &size) == 0) { JANUS_LOG(LOG_FATAL, "Error converting X509 structure (%s)\n", ERR_reason_error_string(ERR_get_error())); return -7; } char *lfp = (char *)&local_fingerprint; unsigned int i = 0; for(i = 0; i < size; i++) { g_snprintf(lfp, 4, "%.2X:", fingerprint[i]); lfp += 3; } *(lfp-1) = 0; JANUS_LOG(LOG_INFO, "Fingerprint of our certificate: %s\n", local_fingerprint); SSL_CTX_set_cipher_list(ssl_ctx, DTLS_CIPHERS); /* Initialize libsrtp */ if(srtp_init() != err_status_ok) { JANUS_LOG(LOG_FATAL, "Ops, error setting up libsrtp?\n"); return 5; } return 0; }
/* DTLS-SRTP initialization */ gint janus_dtls_srtp_init(const char *server_pem, const char *server_key, const char *password) { const char *crypto_lib = NULL; #if JANUS_USE_OPENSSL_PRE_1_1_API #if defined(LIBRESSL_VERSION_NUMBER) crypto_lib = "LibreSSL"; #else crypto_lib = "OpenSSL pre-1.1.0"; #endif /* First of all make OpenSSL thread safe (see note above on issue #316) */ janus_dtls_locks = g_malloc0(sizeof(*janus_dtls_locks) * CRYPTO_num_locks()); int l=0; for(l = 0; l < CRYPTO_num_locks(); l++) { janus_mutex_init(&janus_dtls_locks[l]); } CRYPTO_THREADID_set_callback(janus_dtls_cb_openssl_threadid); CRYPTO_set_locking_callback(janus_dtls_cb_openssl_lock); #else crypto_lib = "OpenSSL >= 1.1.0"; #endif #ifdef HAVE_BORINGSSL crypto_lib = "BoringSSL"; #endif JANUS_LOG(LOG_INFO, "Crypto: %s\n", crypto_lib); #ifndef HAVE_SRTP_AESGCM JANUS_LOG(LOG_WARN, "The libsrtp installation does not support AES-GCM profiles\n"); #endif /* Go on and create the DTLS context */ #if JANUS_USE_OPENSSL_PRE_1_1_API ssl_ctx = SSL_CTX_new(DTLSv1_method()); #else ssl_ctx = SSL_CTX_new(DTLS_method()); #endif if(!ssl_ctx) { JANUS_LOG(LOG_FATAL, "Ops, error creating DTLS context?\n"); return -1; } SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, janus_dtls_verify_callback); SSL_CTX_set_tlsext_use_srtp(ssl_ctx, #ifdef HAVE_SRTP_AESGCM "SRTP_AEAD_AES_256_GCM:SRTP_AEAD_AES_128_GCM:SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32"); #else "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32"); #endif if(!server_pem && !server_key) { JANUS_LOG(LOG_WARN, "No cert/key specified, autogenerating some...\n"); if(janus_dtls_generate_keys(&ssl_cert, &ssl_key) != 0) { JANUS_LOG(LOG_FATAL, "Error generating DTLS key/certificate\n"); return -2; } } else if(!server_pem || !server_key) { JANUS_LOG(LOG_FATAL, "DTLS certificate and key must be specified\n"); return -2; } else if(janus_dtls_load_keys(server_pem, server_key, password, &ssl_cert, &ssl_key) != 0) { return -3; } if(!SSL_CTX_use_certificate(ssl_ctx, ssl_cert)) { JANUS_LOG(LOG_FATAL, "Certificate error (%s)\n", ERR_reason_error_string(ERR_get_error())); return -4; } if(!SSL_CTX_use_PrivateKey(ssl_ctx, ssl_key)) { JANUS_LOG(LOG_FATAL, "Certificate key error (%s)\n", ERR_reason_error_string(ERR_get_error())); return -5; } if(!SSL_CTX_check_private_key(ssl_ctx)) { JANUS_LOG(LOG_FATAL, "Certificate check error (%s)\n", ERR_reason_error_string(ERR_get_error())); return -6; } SSL_CTX_set_read_ahead(ssl_ctx,1); unsigned int size; unsigned char fingerprint[EVP_MAX_MD_SIZE]; if(X509_digest(ssl_cert, EVP_sha256(), (unsigned char *)fingerprint, &size) == 0) { JANUS_LOG(LOG_FATAL, "Error converting X509 structure (%s)\n", ERR_reason_error_string(ERR_get_error())); return -7; } char *lfp = (char *)&local_fingerprint; unsigned int i = 0; for(i = 0; i < size; i++) { g_snprintf(lfp, 4, "%.2X:", fingerprint[i]); lfp += 3; } *(lfp-1) = 0; JANUS_LOG(LOG_INFO, "Fingerprint of our certificate: %s\n", local_fingerprint); SSL_CTX_set_cipher_list(ssl_ctx, DTLS_CIPHERS); if(janus_dtls_bio_filter_init() < 0) { JANUS_LOG(LOG_FATAL, "Error initializing BIO filter\n"); return -8; } /* Initialize libsrtp */ if(srtp_init() != srtp_err_status_ok) { JANUS_LOG(LOG_FATAL, "Ops, error setting up libsrtp?\n"); return 5; } return 0; }
static int openssl_set_id_callback(void (*threadid_func)(CRYPTO_THREADID *)) { return CRYPTO_THREADID_set_callback(threadid_func); }