[sr-dev] git:master: tls: do TLS pre-init operations at the time of loading module

Tue Dec 13 13:03:47 CET 2011

Module: sip-router
Branch: master
Commit: 517d38ed02586bc9fc88ea0d3ceb8b81f510ade5
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=517d38ed02586bc9fc88ea0d3ceb8b81f510ade5

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Tue Dec 13 13:00:50 2011 +0100

tls: do TLS pre-init operations at the time of loading module

- makes sure that it sets the memory managing functions and the locks
  before other modules may start using libssl
- reported by Øyvind Kolbu, FS#183

---

 modules/tls/tls_init.c |   50 +++++++++++++++++++++++++++++++----------------
 modules/tls/tls_init.h |    5 ++++
 modules/tls/tls_mod.c  |   10 +++++++++
 3 files changed, 48 insertions(+), 17 deletions(-)

diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
index a57772e..cc16598 100644
--- a/modules/tls/tls_init.c
+++ b/modules/tls/tls_init.c
@@ -74,6 +74,9 @@
 #include "tls_ct_wrq.h"
 #include "tls_cfg.h"
 
+/* will be set to 1 when the TLS env is initialized to make destroy safe */
+static int tls_mod_initialized = 0;
+
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 #    warning ""
 #    warning "==============================================================="
@@ -148,7 +151,6 @@ const SSL_METHOD* ssl_methods[TLS_USE_SSLv23 + 1];
 #define NULL_GRACE_PERIOD 10U
 */
 
-
 inline static char* buf_append(char* buf, char* end, char* str, int str_len)
 {
 	if ( (buf+str_len)<end){
@@ -442,6 +444,32 @@ end:
 }
 
 
+/**
+ * tls pre-init function
+ */
+int tls_pre_init(void)
+{
+	     /*
+	      * this has to be called before any function calling CRYPTO_malloc,
+	      * CRYPTO_malloc will set allow_customize in openssl to 0
+	      */
+#ifdef TLS_MALLOC_DBG
+	if (!CRYPTO_set_mem_ex_functions(ser_malloc, ser_realloc, ser_free)) {
+#else
+	if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
+#endif
+		ERR("Unable to set the memory allocation functions\n");
+		return -1;
+	}
+
+	if (tls_init_locks()<0)
+		return -1;
+
+	init_tls_compression();
+
+	return 0;
+}
+
 /*
  * First step of TLS initialization
  */
@@ -538,21 +566,7 @@ int init_tls_h(void)
 						" enabled. Possible unstable configuration\n");
 		}
 	}
-	     /*
-	      * this has to be called before any function calling CRYPTO_malloc,
-	      * CRYPTO_malloc will set allow_customize in openssl to 0 
-	      */
-#ifdef TLS_MALLOC_DBG
-	if (!CRYPTO_set_mem_ex_functions(ser_malloc, ser_realloc, ser_free)) {
-#else
-	if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
-#endif
-		ERR("Unable to set the memory allocation functions\n");
-		return -1;
-	}
-	if (tls_init_locks()<0)
-		return -1;
-	init_tls_compression();
+
 	#ifdef TLS_KSSL_WORKARROUND
 	/* if openssl compiled with kerberos support, and openssl < 0.9.8e-dev
 	 * or openssl between 0.9.9-dev and 0.9.9-beta1 apply workaround for
@@ -623,6 +637,7 @@ int init_tls_h(void)
 	SSL_library_init();
 	SSL_load_error_strings();
 	init_ssl_methods();
+	tls_mod_initialized = 1;
 	return 0;
 }
 
@@ -655,7 +670,8 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
 void destroy_tls_h(void)
 {
 	DBG("tls module final tls destroy\n");
-	ERR_free_strings();
+	if(tls_mod_initialized > 0)
+		ERR_free_strings();
 	/* TODO: free all the ctx'es */
 	tls_destroy_cfg();
 	tls_destroy_locks();
diff --git a/modules/tls/tls_init.h b/modules/tls/tls_init.h
index f234df7..7101949 100644
--- a/modules/tls/tls_init.h
+++ b/modules/tls/tls_init.h
@@ -61,6 +61,11 @@ extern const SSL_METHOD* ssl_methods[];
 
 
 /*
+ * just once, pre-initialize the tls subsystem
+ */
+int tls_pre_init(void);
+
+/*
  * just once, initialize the tls subsystem 
  */
 int init_tls_h(void);
diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c
index 0f1df72..2f7d626 100644
--- a/modules/tls/tls_mod.c
+++ b/modules/tls/tls_mod.c
@@ -57,6 +57,7 @@
 #include "../../timer.h" /* ticks_t */
 #include "../../tls_hooks.h"
 #include "../../ut.h"
+#include "../../shm_init.h"
 #include "../../rpc_lookup.h"
 #include "../../cfg/cfg.h"
 #include "tls_init.h"
@@ -269,7 +270,16 @@ static tls_domains_cfg_t* tls_use_modparams(void)
 }
 #endif
 
+int mod_register(char *path, int *dlflags, void *p1, void *p2)
+{
+	/* shm is used, be sure it is initialized */
+	if(!shm_initialized() && init_shm()<0)
+		return -1;
 
+	if(tls_pre_init()<0)
+		return -1;
+	return 0;
+}
 
 static int mod_init(void)
 {


