/*
================================================================================
Function :initSSLThreadMutex
Input :void
Output :void
Return :int
< status >
Description :initialize mutexes for ssl thread safe
================================================================================
*/
static int initSSLThreadMutex( void )
{
int i;
int result;
mutex_locks = ( pthread_mutex_t* )malloc( CRYPTO_num_locks( ) *
sizeof( pthread_mutex_t ) );
if( !mutex_locks )
{
return( -1 );
}
for( i = 0 ; i < CRYPTO_num_locks( ) ; i++ )
{
if( ( result = pthread_mutex_init( &( mutex_locks[ i ] ), NULL ) ) < 0 )
{
return( result );
}
}
if( ( result = CRYPTO_THREADID_set_callback( getThreadId ) ) < 0 )
{
return( result );
}
CRYPTO_set_locking_callback( lockSSLThreadMutex );
CRYPTO_set_dynlock_create_callback( createSSLDynamicThreadMutex );
CRYPTO_set_dynlock_lock_callback( lockSSLDynamicThreadMutex );
CRYPTO_set_dynlock_destroy_callback( destroySSLDynamicThreadMutex );
return( 0 );
}
int sthreads_init(void) {
int i;
/* initialize OpenSSL dynamic locks callbacks */
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
/* initialize stunnel critical sections */
for(i=0; i<STUNNEL_LOCKS; i++)
stunnel_locks[i]=CRYPTO_get_new_dynlockid();
/* initialize OpenSSL locking callback */
lock_cs=str_alloc_detached(
(size_t)CRYPTO_num_locks()*sizeof(struct CRYPTO_dynlock_value));
for(i=0; i<CRYPTO_num_locks(); i++)
pthread_rwlock_init(&lock_cs[i].rwlock, NULL);
#if OPENSSL_VERSION_NUMBER>=0x10000000L
CRYPTO_THREADID_set_callback(threadid_func);
#else
CRYPTO_set_id_callback(stunnel_thread_id);
#endif
CRYPTO_set_locking_callback(locking_callback);
return 0;
}
/*
* Deinitialize OpenSSL and free as much memory as possible.
* Some 10k-100k will still remain resident no matter what.
*/
void
ssl_fini(void)
{
if (!ssl_initialized)
return;
ERR_remove_state(0); /* current thread */
#ifdef OPENSSL_THREADS
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
#ifdef OPENSSL_NO_THREADID
CRYPTO_set_id_callback(NULL);
#else /* !OPENSSL_NO_THREADID */
CRYPTO_THREADID_set_callback(NULL);
#endif /* !OPENSSL_NO_THREADID */
int i;
for (i = 0; i < ssl_mutex_num; i++) {
pthread_mutex_destroy(&ssl_mutex[i]);
}
free(ssl_mutex);
#endif
ENGINE_cleanup();
CONF_modules_finish();
CONF_modules_unload(1);
CONF_modules_free();
EVP_cleanup();
ERR_free_strings();
CRYPTO_cleanup_all_ex_data();
}
int git_openssl_set_locking(void)
{
#if defined(GIT_THREADS) && defined(OPENSSL_LEGACY_API)
int num_locks, i;
CRYPTO_THREADID_set_callback(threadid_cb);
num_locks = CRYPTO_num_locks();
openssl_locks = git__calloc(num_locks, sizeof(git_mutex));
GITERR_CHECK_ALLOC(openssl_locks);
for (i = 0; i < num_locks; i++) {
if (git_mutex_init(&openssl_locks[i]) != 0) {
giterr_set(GITERR_SSL, "failed to initialize openssl locks");
return -1;
}
}
CRYPTO_set_locking_callback(openssl_locking_function);
git__on_shutdown(shutdown_ssl_locking);
return 0;
#elif !defined(OPENSSL_LEGACY_API)
return 0;
#else
giterr_set(GITERR_THREAD, "libgit2 was not built with threads");
return -1;
#endif
}
static int ssl_crypto_init()
{
int i, rc= 1, max= CRYPTO_num_locks();
#if (OPENSSL_VERSION_NUMBER < 0x10000000)
CRYPTO_set_id_callback(my_cb_threadid);
#else
rc= CRYPTO_THREADID_set_callback(my_cb_threadid);
#endif
/* if someone else already set callbacks
* there is nothing do */
if (!rc)
return 0;
if (LOCK_crypto == NULL)
{
if (!(LOCK_crypto=
(pthread_mutex_t *)my_malloc(sizeof(pthread_mutex_t) * max, MYF(0))))
return 1;
for (i=0; i < max; i++)
pthread_mutex_init(&LOCK_crypto[i], NULL);
}
CRYPTO_set_locking_callback(my_cb_locking);
return 0;
}
static void Init_ossl_locks(void)
{
int i;
int num_locks = CRYPTO_num_locks();
if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) {
rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks);
}
ossl_locks = (rb_nativethread_lock_t *) OPENSSL_malloc(num_locks * (int)sizeof(rb_nativethread_lock_t));
if (!ossl_locks) {
rb_raise(rb_eNoMemError, "CRYPTO_num_locks() is too big: %d", num_locks);
}
for (i = 0; i < num_locks; i++) {
rb_nativethread_lock_initialize(&ossl_locks[i]);
}
#ifdef HAVE_CRYPTO_THREADID_PTR
CRYPTO_THREADID_set_callback(ossl_threadid_func);
#else
CRYPTO_set_id_callback(ossl_thread_id);
#endif
CRYPTO_set_locking_callback(ossl_lock_callback);
CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback);
CRYPTO_set_dynlock_destroy_callback(ossl_dyn_destroy_callback);
}
void start() {
PlatformSpecific::ThirdParty::start();
if (!RAND_status()) { // should be always inited in all modern OS
char buf[16];
memcpy(buf, &_msStart, 8);
memcpy(buf + 8, &_msFreq, 8);
uchar sha256Buffer[32];
RAND_seed(hashSha256(buf, 16, sha256Buffer), 32);
if (!RAND_status()) {
LOG(("MTP Error: Could not init OpenSSL rand, RAND_status() is 0.."));
}
}
int32 numLocks = CRYPTO_num_locks();
if (numLocks) {
_sslLocks = new QMutex[numLocks];
CRYPTO_set_locking_callback(_sslLockingCallback);
} else {
LOG(("MTP Error: Could not init OpenSSL threads, CRYPTO_num_locks() returned zero!"));
}
CRYPTO_THREADID_set_callback(_sslThreadId);
CRYPTO_set_dynlock_create_callback(_sslCreateFunction);
CRYPTO_set_dynlock_lock_callback(_sslLockFunction);
CRYPTO_set_dynlock_destroy_callback(_sslDestroyFunction);
av_register_all();
avcodec_register_all();
av_lockmgr_register(_ffmpegLockManager);
_sslInited = true;
}
int sthreads_init(void) {
int i;
/* initialize stunnel critical sections */
for(i=0; i<CRIT_SECTIONS; i++)
pthread_mutex_init(stunnel_cs+i, NULL);
/* initialize OpenSSL locking callback */
lock_cs=str_alloc_detached(
(size_t)CRYPTO_num_locks()*sizeof(pthread_mutex_t));
for(i=0; i<CRYPTO_num_locks(); i++)
pthread_mutex_init(lock_cs+i, NULL);
#if OPENSSL_VERSION_NUMBER>=0x10000000L
CRYPTO_THREADID_set_callback(threadid_func);
#else
CRYPTO_set_id_callback(stunnel_thread_id);
#endif
CRYPTO_set_locking_callback(locking_callback);
/* initialize OpenSSL dynamic locks callbacks */
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
return 0;
}
bool OpenSSL::SetThreadSafe()
{
int err;
mutexArray = (pthread_mutex_t*)malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
if (! mutexArray) {
::Error("-OpenSSL::SetThreadSafe(): allocation of mutexArray failed\n");
return false;
}
for (int i=0; i<CRYPTO_num_locks(); i++) {
err = pthread_mutex_init(&mutexArray[i], NULL);
if (err) {
::Error("-OpenSSL::SetThreadSafe(): pthread_mutex_init() failed with return code %d\n", err);
return false;
}
}
/* Set OpenSSL thread id callback. */
// Deprecated in OpenSSL >= 1.0.0.
// CRYPTO_set_id_callback(GetThreadId);
// For OpenSSL >= 1.0.0.
CRYPTO_THREADID_set_callback(SetThreadId);
/* Set OpenSSL locking callback. */
CRYPTO_set_locking_callback(LockingFunction);
return true;
}
void OpenSSL::ClassInit() {
MS_TRACE();
MS_DEBUG("loaded openssl version: %s", SSLeay_version(SSLEAY_VERSION));
// First initialize OpenSSL stuff.
SSL_load_error_strings();
SSL_library_init();
RAND_poll();
// Make OpenSSL thread-safe.
OpenSSL::mutexes = new pthread_mutex_t[CRYPTO_num_locks()];
if (! OpenSSL::mutexes)
MS_THROW_ERROR("allocation of mutexes failed");
OpenSSL::numMutexes = CRYPTO_num_locks();
for (int i=0; i<OpenSSL::numMutexes; i++) {
int err = pthread_mutex_init(&OpenSSL::mutexes[i], nullptr);
if (err)
MS_THROW_ERROR("pthread_mutex_init() failed with return code %d\n", err);
}
CRYPTO_THREADID_set_callback(OpenSSL::SetThreadId);
CRYPTO_set_locking_callback(OpenSSL::LockingFunction);
CRYPTO_set_dynlock_create_callback(OpenSSL::DynCreateFunction);
CRYPTO_set_dynlock_lock_callback(OpenSSL::DynLockFunction);
CRYPTO_set_dynlock_destroy_callback(OpenSSL::DynDestroyFunction);
}
void OpenSSLCrypto::threadsCleanup()
{
CRYPTO_set_locking_callback(NULL);
CRYPTO_THREADID_set_callback(NULL);
for(int i = 0 ; i < CRYPTO_num_locks(); ++i)
{
delete cryptoLocks[i];
}
cryptoLocks.resize(0);
}
void OpenSSLCrypto::threadsSetup()
{
cryptoLocks.resize(CRYPTO_num_locks());
for(int i = 0 ; i < CRYPTO_num_locks(); ++i)
{
cryptoLocks[i] = new ACE_Thread_Mutex();
}
CRYPTO_THREADID_set_callback(threadIdCallback);
CRYPTO_set_locking_callback(lockingCallback);
}
static void make_OpenSSL_thread_safe(void) {
int i;
openssl_locks = malloc(sizeof(*openssl_locks) * CRYPTO_num_locks());
for (i = 0; i < CRYPTO_num_locks(); i++)
mutex_init(&openssl_locks[i]);
CRYPTO_THREADID_set_callback(cb_openssl_threadid);
CRYPTO_set_locking_callback(cb_openssl_lock);
}
static void
threading_setup(void)
{
int i;
lock_cs = cf_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
for (i = 0; i < CRYPTO_num_locks(); i++) {
pthread_mutex_init(&(lock_cs[i]), NULL);
}
CRYPTO_THREADID_set_callback(pthreads_thread_id);
CRYPTO_set_locking_callback(pthreads_locking_callback);
}
int SSLSocket_initialize()
{
int rc = 0;
/*int prc;*/
int i;
int lockMemSize;
FUNC_ENTRY;
if ((rc = SSL_library_init()) != 1)
rc = -1;
ERR_load_crypto_strings();
SSL_load_error_strings();
/* OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
Applications which need to use SHA2 in earlier versions of OpenSSL should call
OpenSSL_add_all_algorithms() as well. */
OpenSSL_add_all_algorithms();
lockMemSize = CRYPTO_num_locks() * sizeof(ssl_mutex_type);
sslLocks = malloc(lockMemSize);
if (!sslLocks)
{
rc = -1;
goto exit;
}
else
memset(sslLocks, 0, lockMemSize);
for (i = 0; i < CRYPTO_num_locks(); i++)
{
/* prc = */SSL_create_mutex(&sslLocks[i]);
}
#if (OPENSSL_VERSION_NUMBER >= 0x010000000)
CRYPTO_THREADID_set_callback(SSLThread_id);
#else
CRYPTO_set_id_callback(SSLThread_id);
#endif
CRYPTO_set_locking_callback(SSLLocks_callback);
SSL_create_mutex(&sslCoreMutex);
exit:
FUNC_EXIT_RC(rc);
return rc;
}
int main (int argc, char *argv[])
{
pMutexArray = new pthread_mutex_t[ CRYPTO_num_locks()];
int k = 0 ;
for(k =0 ; k< CRYPTO_num_locks() ; k++)
pthread_mutex_init(&(pMutexArray[k]),NULL);
CRYPTO_set_locking_callback(lockingFunction);
CRYPTO_THREADID_set_callback(threadIdFunction);
//zwolnij zasoby
for(k= 0 ; k< CRYPTO_num_locks() ; k++)
pthread_mutex_destroy( &(pMutexArray[k]) );
mga::MainClass sequential;
char * pData;
int iRes = RET_OK;
iRes = sequential.m_oParams.Read("/home/cl/params", pData);
if(iRes == RET_OK)
iRes = sequential.m_oParams.Parse(pData);
if(iRes = RET_OK)
{
sequential.Run();
}
delete [] pMutexArray;
delete [] pData;
int numThreads, tid = 0 ;
/*
// This creates a team of threads; each thread has own copy of variables
#pragma omp parallel private(numThreads, tid)
{
tid = omp_get_thread_num();
printf("Hello World from thread number %d\n", tid);
// The following is executed by the master thread only (tid=0)
if (tid == 0)
{
numThreads = omp_get_num_threads();
printf("Number of threads is %d\n", numThreads);
}
}
*/
return 0;
}
void ReleaseOpensslLocks()
{
int iLockNum = CRYPTO_num_locks();
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0
CRYPTO_THREADID_set_callback(NULL);
#else
CRYPTO_set_id_callback(NULL);
#endif
CRYPTO_set_locking_callback(NULL);
for (int i = 0; i < iLockNum; i++)
uv_mutex_destroy(&g_pMutex[i]);
delete(g_pMutex);
}
void InitOpensslLocks()
{
int iLockNum = CRYPTO_num_locks();
g_pMutex = new uv_mutex_t[iLockNum];
for (int i = 0; i< iLockNum; i++)
uv_mutex_init(&g_pMutex[i]);
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0
CRYPTO_THREADID_set_callback(thread_id);
#else
CRYPTO_set_id_callback((unsigned long(*)())thread_id);
#endif
CRYPTO_set_locking_callback((void(*)(int, int, const char *, int))lock_callback);
}
static void Init_ossl_locks(void)
{
int i;
int num_locks = CRYPTO_num_locks();
ossl_locks = ALLOC_N(struct CRYPTO_dynlock_value, num_locks);
for (i = 0; i < num_locks; i++)
ossl_lock_init(&ossl_locks[i]);
CRYPTO_THREADID_set_callback(ossl_threadid_func);
CRYPTO_set_locking_callback(ossl_lock_callback);
CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback);
CRYPTO_set_dynlock_destroy_callback(ossl_dyn_destroy_callback);
}
void start() {
Platform::ThirdParty::start();
if (!RAND_status()) { // should be always inited in all modern OS
char buf[16];
memcpy(buf, &_msStart, 8);
memcpy(buf + 8, &_msFreq, 8);
uchar sha256Buffer[32];
RAND_seed(hashSha256(buf, 16, sha256Buffer), 32);
if (!RAND_status()) {
LOG(("MTP Error: Could not init OpenSSL rand, RAND_status() is 0..."));
}
}
// Force OpenSSL loading if it is linked in Qt,
// so that we won't mess with our OpenSSL locking with Qt OpenSSL locking.
auto sslSupported = QSslSocket::supportsSsl();
if (!sslSupported) {
LOG(("Error: current Qt build doesn't support SSL requests."));
}
if (!CRYPTO_get_locking_callback()) {
// Qt didn't initialize OpenSSL, so we will.
auto numLocks = CRYPTO_num_locks();
if (numLocks) {
_sslLocks = new QMutex[numLocks];
CRYPTO_set_locking_callback(_sslLockingCallback);
} else {
LOG(("MTP Error: Could not init OpenSSL threads, CRYPTO_num_locks() returned zero!"));
}
CRYPTO_THREADID_set_callback(_sslThreadId);
}
if (!CRYPTO_get_dynlock_create_callback()) {
CRYPTO_set_dynlock_create_callback(_sslCreateFunction);
CRYPTO_set_dynlock_lock_callback(_sslLockFunction);
CRYPTO_set_dynlock_destroy_callback(_sslDestroyFunction);
} else if (!CRYPTO_get_dynlock_lock_callback()) {
LOG(("MTP Error: dynlock_create callback is set without dynlock_lock callback!"));
}
av_register_all();
avcodec_register_all();
av_lockmgr_register(_ffmpegLockManager);
_sslInited = true;
}
HttpRequestManager::HttpRequestManager()
{
if(g_sslMutexes != nullptr)
throw std::runtime_error("Multiple HttpRequestManagers not currently supported");
currentRequestHandle = 1;
exit = false;
curl_global_init(CURL_GLOBAL_ALL);
CRYPTO_THREADID_set_callback(&crypto_threadid_callback);
CRYPTO_set_locking_callback(&crypto_locking_callback);
int locks = CRYPTO_num_locks();
g_sslMutexes = new std::mutex[locks];
for(int i=0; i<MaxiumumConnections; i++)
{
threads.push_back(std::thread(&HttpRequestManager::ThreadFunction, this));
}
}
void OpenSSL::ClassDestroy() {
MS_TRACE();
MS_DEBUG("unloading openssl");
// FAQ: https://www.openssl.org/support/faq.html#PROG13
// Thread-local cleanup functions.
ERR_remove_thread_state(nullptr);
// Application-global cleanup functions that are aware of usage (and
// therefore thread-safe).
ENGINE_cleanup();
// "Brutal" (thread-unsafe) Application-global cleanup functions.
ERR_free_strings();
EVP_cleanup(); // Removes all ciphers and digests.
CRYPTO_cleanup_all_ex_data();
// https://bugs.launchpad.net/percona-server/+bug/1341067.
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
// Free mutexes.
for (int i=0; i<OpenSSL::numMutexes; i++) {
int err = pthread_mutex_destroy(&OpenSSL::mutexes[i]);
if (err)
MS_ERROR("pthread_mutex_destroy() failed with return code %d\n", err);
}
if (OpenSSL::mutexes)
delete[] OpenSSL::mutexes;
// Reset callbacks.
CRYPTO_THREADID_set_callback(nullptr);
CRYPTO_set_locking_callback(nullptr);
CRYPTO_set_dynlock_create_callback(nullptr);
CRYPTO_set_dynlock_lock_callback(nullptr);
CRYPTO_set_dynlock_destroy_callback(nullptr);
}
static int ssl_thread_init()
{
int i, max= CRYPTO_num_locks();
if (LOCK_crypto == NULL)
{
if (!(LOCK_crypto=
(pthread_mutex_t *)ma_malloc(sizeof(pthread_mutex_t) * max, MYF(0))))
return 1;
for (i=0; i < max; i++)
pthread_mutex_init(&LOCK_crypto[i], NULL);
}
#if (OPENSSL_VERSION_NUMBER < 0x10000000)
CRYPTO_set_id_callback(my_cb_threadid);
#else
CRYPTO_THREADID_set_callback(my_cb_threadid);
#endif
CRYPTO_set_locking_callback(my_cb_locking);
return 0;
}
/*
* Initialize OpenSSL and verify the random number generator works.
* Returns -1 on failure, 0 on success.
*/
int
ssl_init(void)
{
#ifndef PURIFY
int fd;
#endif /* !PURIFY */
char buf[256];
if (ssl_initialized)
return 0;
/* general initialization */
SSL_library_init();
#ifdef PURIFY
CRYPTO_umalloc_init();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif /* PURIFY */
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
/* thread-safety */
#ifdef OPENSSL_THREADS
ssl_mutex_num = CRYPTO_num_locks();
ssl_mutex = umalloc(ssl_mutex_num * sizeof(*ssl_mutex));
int i;
for (i = 0; i < ssl_mutex_num; i++) {
pthread_mutex_init(&ssl_mutex[i], NULL);
}
CRYPTO_set_locking_callback(ssl_thr_locking_cb);
CRYPTO_set_dynlock_create_callback(ssl_thr_dyn_create_cb);
CRYPTO_set_dynlock_lock_callback(ssl_thr_dyn_lock_cb);
CRYPTO_set_dynlock_destroy_callback(ssl_thr_dyn_destroy_cb);
#ifdef OPENSSL_NO_THREADID
CRYPTO_set_id_callback(ssl_thr_id_cb);
#else /* !OPENSSL_NO_THREADID */
CRYPTO_THREADID_set_callback(ssl_thr_id_cb);
#endif /* !OPENSSL_NO_THREADID */
#endif /* OPENSSL_THREADS */
/* randomness */
#ifndef PURIFY
if ((fd = open("/dev/urandom", O_RDONLY)) == -1) {
log_err_printf("Error opening /dev/urandom for reading: %s\n",
strerror(errno));
return -1;
}
while (!RAND_status()) {
if (read(fd, buf, sizeof(buf)) == -1) {
log_err_printf("Error reading from /dev/urandom: %s\n",
strerror(errno));
close(fd);
return -1;
}
RAND_seed(buf, sizeof(buf));
}
close(fd);
if (!RAND_poll()) {
log_err_printf("RAND_poll() failed.\n");
return -1;
}
#else /* PURIFY */
log_err_printf("Warning: not seeding OpenSSL RAND due to PURITY!\n");
memset(buf, 0, sizeof(buf));
while (!RAND_status()) {
RAND_seed(buf, sizeof(buf));
}
#endif /* PURIFY */
#ifdef USE_FOOTPRINT_HACKS
/* HACK: disable compression by zeroing the global comp algo stack.
* This lowers the per-connection memory footprint by ~500k. */
STACK_OF(SSL_COMP)* comp_methods = SSL_COMP_get_compression_methods();
sk_SSL_COMP_zero(comp_methods);
#endif /* USE_FOOTPRINT_HACKS */
ssl_initialized = 1;
return 0;
}
CInitOpenSsl() {
s_pOpenSslMutexes = new mutex[CRYPTO_num_locks()];
CRYPTO_set_locking_callback(&OpenSslLockingCallback);
CRYPTO_THREADID_set_callback(&OpenSslThreadId);
}
~CInitOpenSsl() {
CRYPTO_set_locking_callback(nullptr);
CRYPTO_THREADID_set_callback(nullptr);
delete[] exchange(s_pOpenSslMutexes, nullptr);
}
/* DTLS-SRTP initialization */
gint janus_dtls_srtp_init(const char* server_pem, const char* server_key) {
/* FIXME First of all make OpenSSL thread safe (see note above on issue #316) */
janus_dtls_locks = g_malloc0(sizeof(*janus_dtls_locks) * CRYPTO_num_locks());
int l=0;
for(l = 0; l < CRYPTO_num_locks(); l++) {
janus_mutex_init(&janus_dtls_locks[l]);
}
CRYPTO_THREADID_set_callback(janus_dtls_cb_openssl_threadid);
CRYPTO_set_locking_callback(janus_dtls_cb_openssl_lock);
/* Go on and create the DTLS context */
ssl_ctx = SSL_CTX_new(DTLSv1_method());
if(!ssl_ctx) {
JANUS_LOG(LOG_FATAL, "Ops, error creating DTLS context?\n");
return -1;
}
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, janus_dtls_verify_callback);
SSL_CTX_set_tlsext_use_srtp(ssl_ctx, "SRTP_AES128_CM_SHA1_80"); /* FIXME Should we support something else as well? */
if (!server_pem && !server_key) {
JANUS_LOG(LOG_WARN, "No cert/key specified, autogenerating some...\n");
if (janus_dtls_generate_keys(&ssl_cert, &ssl_key) != 0) {
JANUS_LOG(LOG_FATAL, "Error generating DTLS key/certificate\n");
return -2;
}
} else if (!server_pem || !server_key) {
JANUS_LOG(LOG_FATAL, "DTLS certificate and key must be specified\n");
return -2;
} else if (janus_dtls_load_keys(server_pem, server_key, &ssl_cert, &ssl_key) != 0) {
return -3;
}
if(!SSL_CTX_use_certificate(ssl_ctx, ssl_cert)) {
JANUS_LOG(LOG_FATAL, "Certificate error (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -4;
}
if(!SSL_CTX_use_PrivateKey(ssl_ctx, ssl_key)) {
JANUS_LOG(LOG_FATAL, "Certificate key error (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -5;
}
if(!SSL_CTX_check_private_key(ssl_ctx)) {
JANUS_LOG(LOG_FATAL, "Certificate check error (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -6;
}
SSL_CTX_set_read_ahead(ssl_ctx,1);
unsigned int size;
unsigned char fingerprint[EVP_MAX_MD_SIZE];
if(X509_digest(ssl_cert, EVP_sha256(), (unsigned char *)fingerprint, &size) == 0) {
JANUS_LOG(LOG_FATAL, "Error converting X509 structure (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -7;
}
char *lfp = (char *)&local_fingerprint;
unsigned int i = 0;
for(i = 0; i < size; i++) {
g_snprintf(lfp, 4, "%.2X:", fingerprint[i]);
lfp += 3;
}
*(lfp-1) = 0;
JANUS_LOG(LOG_INFO, "Fingerprint of our certificate: %s\n", local_fingerprint);
SSL_CTX_set_cipher_list(ssl_ctx, DTLS_CIPHERS);
/* Initialize libsrtp */
if(srtp_init() != err_status_ok) {
JANUS_LOG(LOG_FATAL, "Ops, error setting up libsrtp?\n");
return 5;
}
return 0;
}
/* DTLS-SRTP initialization */
gint janus_dtls_srtp_init(const char *server_pem, const char *server_key, const char *password) {
const char *crypto_lib = NULL;
#if JANUS_USE_OPENSSL_PRE_1_1_API
#if defined(LIBRESSL_VERSION_NUMBER)
crypto_lib = "LibreSSL";
#else
crypto_lib = "OpenSSL pre-1.1.0";
#endif
/* First of all make OpenSSL thread safe (see note above on issue #316) */
janus_dtls_locks = g_malloc0(sizeof(*janus_dtls_locks) * CRYPTO_num_locks());
int l=0;
for(l = 0; l < CRYPTO_num_locks(); l++) {
janus_mutex_init(&janus_dtls_locks[l]);
}
CRYPTO_THREADID_set_callback(janus_dtls_cb_openssl_threadid);
CRYPTO_set_locking_callback(janus_dtls_cb_openssl_lock);
#else
crypto_lib = "OpenSSL >= 1.1.0";
#endif
#ifdef HAVE_BORINGSSL
crypto_lib = "BoringSSL";
#endif
JANUS_LOG(LOG_INFO, "Crypto: %s\n", crypto_lib);
#ifndef HAVE_SRTP_AESGCM
JANUS_LOG(LOG_WARN, "The libsrtp installation does not support AES-GCM profiles\n");
#endif
/* Go on and create the DTLS context */
#if JANUS_USE_OPENSSL_PRE_1_1_API
ssl_ctx = SSL_CTX_new(DTLSv1_method());
#else
ssl_ctx = SSL_CTX_new(DTLS_method());
#endif
if(!ssl_ctx) {
JANUS_LOG(LOG_FATAL, "Ops, error creating DTLS context?\n");
return -1;
}
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, janus_dtls_verify_callback);
SSL_CTX_set_tlsext_use_srtp(ssl_ctx,
#ifdef HAVE_SRTP_AESGCM
"SRTP_AEAD_AES_256_GCM:SRTP_AEAD_AES_128_GCM:SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32");
#else
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32");
#endif
if(!server_pem && !server_key) {
JANUS_LOG(LOG_WARN, "No cert/key specified, autogenerating some...\n");
if(janus_dtls_generate_keys(&ssl_cert, &ssl_key) != 0) {
JANUS_LOG(LOG_FATAL, "Error generating DTLS key/certificate\n");
return -2;
}
} else if(!server_pem || !server_key) {
JANUS_LOG(LOG_FATAL, "DTLS certificate and key must be specified\n");
return -2;
} else if(janus_dtls_load_keys(server_pem, server_key, password, &ssl_cert, &ssl_key) != 0) {
return -3;
}
if(!SSL_CTX_use_certificate(ssl_ctx, ssl_cert)) {
JANUS_LOG(LOG_FATAL, "Certificate error (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -4;
}
if(!SSL_CTX_use_PrivateKey(ssl_ctx, ssl_key)) {
JANUS_LOG(LOG_FATAL, "Certificate key error (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -5;
}
if(!SSL_CTX_check_private_key(ssl_ctx)) {
JANUS_LOG(LOG_FATAL, "Certificate check error (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -6;
}
SSL_CTX_set_read_ahead(ssl_ctx,1);
unsigned int size;
unsigned char fingerprint[EVP_MAX_MD_SIZE];
if(X509_digest(ssl_cert, EVP_sha256(), (unsigned char *)fingerprint, &size) == 0) {
JANUS_LOG(LOG_FATAL, "Error converting X509 structure (%s)\n", ERR_reason_error_string(ERR_get_error()));
return -7;
}
char *lfp = (char *)&local_fingerprint;
unsigned int i = 0;
for(i = 0; i < size; i++) {
g_snprintf(lfp, 4, "%.2X:", fingerprint[i]);
lfp += 3;
}
*(lfp-1) = 0;
JANUS_LOG(LOG_INFO, "Fingerprint of our certificate: %s\n", local_fingerprint);
SSL_CTX_set_cipher_list(ssl_ctx, DTLS_CIPHERS);
if(janus_dtls_bio_filter_init() < 0) {
JANUS_LOG(LOG_FATAL, "Error initializing BIO filter\n");
return -8;
}
/* Initialize libsrtp */
if(srtp_init() != srtp_err_status_ok) {
JANUS_LOG(LOG_FATAL, "Ops, error setting up libsrtp?\n");
return 5;
}
return 0;
}
static int openssl_set_id_callback(void (*threadid_func)(CRYPTO_THREADID *))
{
return CRYPTO_THREADID_set_callback(threadid_func);
}
