Implement CRYPTO_set_locking_callback() for mod_ssl

PR:
Obtained from:
Submitted by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:	dougm

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90612 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 9553287112aa68c3291b976854bae059f19f2a7f..820ce199941c50ef9244e6a103b7b38e58187934 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 Changes with Apache 2.0.25-dev
+  *)  Implement CRYPTO_set_locking_callback() in terms of apr_lock
+      for mod_ssl
+     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]
+
   *) Fix for mod_include. Ryan's patch to check error
      codes put a return in the wrong place. Also, the
      include handler return code wasn't being checked.

diff --git a/modules/ssl/README b/modules/ssl/README
index 3dd54226839d7a2f19576f4718486dcb3862db99..7299128c79d0c78566f265ca17efa9858450f62d 100644 (file)
--- a/modules/ssl/README
+++ b/modules/ssl/README
@@ -174,7 +174,6 @@
  o Whether to unregister and how to unregister?
    ssl_var_unregister();
    ssl_ext_unregister();
- o We certainly need CRYPTO_set_locking_callback() now also under Unix!
  o Do we need SSL_set_read_ahead()?
  o Enable use of MM, SHMCB and SHMHT.
  o Enable SSL extensions (ssl_engine_ext.c)

diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index c24e2f3ef07ab6f990b59cd99c7f4a49a76121b6..4bdeb65942bbe8ba16cc8126fa5c99deb89dfb69 100644 (file)
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -728,7 +728,7 @@ BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
 ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
 char        *ssl_util_algotypestr(ssl_algo_t);
 char        *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
-void         ssl_util_thread_setup(void);
+void         ssl_util_thread_setup(server_rec *, apr_pool_t *);
 apr_status_t     ssl_util_setmodconfig(server_rec *, const char *, SSLModConfigRec *);
 SSLModConfigRec *ssl_util_getmodconfig(server_rec *, const char *);
 SSLModConfigRec *ssl_util_getmodconfig_ssl(SSL *, const char *);

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index f6472966d7af0e7d3291ca168b3a4657f02ec182..73f8e7e4c0c364528c45e2a39b3ced12e5d86917 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -185,6 +185,7 @@ void ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         ssl_init_SSLLibrary();
     }
 #endif
+    ssl_util_thread_setup(s, p);
     if (mc->nInitCount == 1) {
         ssl_pphrase_Handle(s, p);
         ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);

diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index 9bbf52568f23227074650e9af443dbaed60b8085..46eb14abe2ef8683ec451ac2552e50fa188dd96e 100644 (file)
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -328,3 +328,49 @@ ssl_util_getmodconfig_ssl(
     return mc;
 }
 
+/*
+ * To ensure thread-safetyness in OpenSSL - work in progress
+ */
+
+static apr_lock_t *lock_cs[CRYPTO_NUM_LOCKS];
+static long        lock_count[CRYPTO_NUM_LOCKS];
+
+void ssl_util_thread_locking_callback(int mode, int type, char *file, int line)
+{
+    if (mode & CRYPTO_LOCK) {
+        apr_lock_acquire(lock_cs[type]);
+        lock_count[type]++;
+    }
+    else {
+        apr_lock_release(lock_cs[type]);
+    }
+}
+
+apr_status_t ssl_util_thread_cleanup(void *data)
+{
+    int i;
+
+    CRYPTO_set_locking_callback(NULL);
+    for (i = 0; i < CRYPTO_NUM_LOCKS; i++)
+        apr_lock_destroy(lock_cs[i]);
+    return APR_SUCCESS;
+}
+
+void ssl_util_thread_setup(server_rec *s, apr_pool_t *p)
+{
+    int i;
+    SSLModConfigRec *mc = myModConfig(s);
+
+    *lock_cs = apr_palloc(p, CRYPTO_NUM_LOCKS);
+    for (i = 0; i < CRYPTO_NUM_LOCKS; i++)
+    {
+        lock_count[i]=0;
+        apr_lock_create(&(lock_cs[i]), APR_MUTEX, APR_LOCKALL,
+                                                mc->szMutexFile, p);
+    }
+
+    CRYPTO_set_locking_callback((void (*)())ssl_util_thread_locking_callback);
+    apr_pool_cleanup_register(p, NULL,
+                ssl_util_thread_cleanup, apr_pool_cleanup_null);
+
+}