[sr-dev] git:master: tls: do TLS pre-init operations at the time of loading module

Tue, 13 Dec 2011 04:04:22 -0800 

Module: sip-router
Branch: master
Commit: 517d38ed02586bc9fc88ea0d3ceb8b81f510ade5
URL:    
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=517d38ed02586bc9fc88ea0d3ceb8b81f510ade5

Author: Daniel-Constantin Mierla <[email protected]>
Committer: Daniel-Constantin Mierla <[email protected]>
Date:   Tue Dec 13 13:00:50 2011 +0100

tls: do TLS pre-init operations at the time of loading module

- makes sure that it sets the memory managing functions and the locks
  before other modules may start using libssl
- reported by Øyvind Kolbu, FS#183

---

 modules/tls/tls_init.c |   50 +++++++++++++++++++++++++++++++----------------
 modules/tls/tls_init.h |    5 ++++
 modules/tls/tls_mod.c  |   10 +++++++++
 3 files changed, 48 insertions(+), 17 deletions(-)

diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
index a57772e..cc16598 100644
--- a/modules/tls/tls_init.c
+++ b/modules/tls/tls_init.c
@@ -74,6 +74,9 @@
 #include "tls_ct_wrq.h"
 #include "tls_cfg.h"
 
+/* will be set to 1 when the TLS env is initialized to make destroy safe */
+static int tls_mod_initialized = 0;
+
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 #    warning ""
 #    warning "==============================================================="
@@ -148,7 +151,6 @@ const SSL_METHOD* ssl_methods[TLS_USE_SSLv23 + 1];
 #define NULL_GRACE_PERIOD 10U
 */
 
-
 inline static char* buf_append(char* buf, char* end, char* str, int str_len)
 {
        if ( (buf+str_len)<end){
@@ -442,6 +444,32 @@ end:
 }
 
 
+/**
+ * tls pre-init function
+ */
+int tls_pre_init(void)
+{
+            /*
+             * this has to be called before any function calling CRYPTO_malloc,
+             * CRYPTO_malloc will set allow_customize in openssl to 0
+             */
+#ifdef TLS_MALLOC_DBG
+       if (!CRYPTO_set_mem_ex_functions(ser_malloc, ser_realloc, ser_free)) {
+#else
+       if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
+#endif
+               ERR("Unable to set the memory allocation functions\n");
+               return -1;
+       }
+
+       if (tls_init_locks()<0)
+               return -1;
+
+       init_tls_compression();
+
+       return 0;
+}
+
 /*
  * First step of TLS initialization
  */
@@ -538,21 +566,7 @@ int init_tls_h(void)
                                                " enabled. Possible unstable 
configuration\n");
                }
        }
-            /*
-             * this has to be called before any function calling CRYPTO_malloc,
-             * CRYPTO_malloc will set allow_customize in openssl to 0 
-             */
-#ifdef TLS_MALLOC_DBG
-       if (!CRYPTO_set_mem_ex_functions(ser_malloc, ser_realloc, ser_free)) {
-#else
-       if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
-#endif
-               ERR("Unable to set the memory allocation functions\n");
-               return -1;
-       }
-       if (tls_init_locks()<0)
-               return -1;
-       init_tls_compression();
+
        #ifdef TLS_KSSL_WORKARROUND
        /* if openssl compiled with kerberos support, and openssl < 0.9.8e-dev
         * or openssl between 0.9.9-dev and 0.9.9-beta1 apply workaround for
@@ -623,6 +637,7 @@ int init_tls_h(void)
        SSL_library_init();
        SSL_load_error_strings();
        init_ssl_methods();
+       tls_mod_initialized = 1;
        return 0;
 }
 
@@ -655,7 +670,8 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
 void destroy_tls_h(void)
 {
        DBG("tls module final tls destroy\n");
-       ERR_free_strings();
+       if(tls_mod_initialized > 0)
+               ERR_free_strings();
        /* TODO: free all the ctx'es */
        tls_destroy_cfg();
        tls_destroy_locks();
diff --git a/modules/tls/tls_init.h b/modules/tls/tls_init.h
index f234df7..7101949 100644
--- a/modules/tls/tls_init.h
+++ b/modules/tls/tls_init.h
@@ -61,6 +61,11 @@ extern const SSL_METHOD* ssl_methods[];
 
 
 /*
+ * just once, pre-initialize the tls subsystem
+ */
+int tls_pre_init(void);
+
+/*
  * just once, initialize the tls subsystem 
  */
 int init_tls_h(void);
diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c
index 0f1df72..2f7d626 100644
--- a/modules/tls/tls_mod.c
+++ b/modules/tls/tls_mod.c
@@ -57,6 +57,7 @@
 #include "../../timer.h" /* ticks_t */
 #include "../../tls_hooks.h"
 #include "../../ut.h"
+#include "../../shm_init.h"
 #include "../../rpc_lookup.h"
 #include "../../cfg/cfg.h"
 #include "tls_init.h"
@@ -269,7 +270,16 @@ static tls_domains_cfg_t* tls_use_modparams(void)
 }
 #endif
 
+int mod_register(char *path, int *dlflags, void *p1, void *p2)
+{
+       /* shm is used, be sure it is initialized */
+       if(!shm_initialized() && init_shm()<0)
+               return -1;
 
+       if(tls_pre_init()<0)
+               return -1;
+       return 0;
+}
 
 static int mod_init(void)
 {


_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to