proto_tls/wss: complete fix in commit b6b7520

Author: rvlad-patrascu

modules/proto_tls/proto_tls.c

@@ -139,26 +139,20 @@ static mi_response_t *tls_trace_mi_1(const mi_params_t *params,
 
 trace_dest t_dst;
 
-#ifndef NO_SSL_GLOBAL_LOCK
-gen_lock_t *ssl_global_lock;
-#else
-#define ssl_global_lock NULL
-#endif
-
 static int w_tls_blocking_write(struct tcp_connection *c, int fd, const char *buf,
 																	size_t len)
 {
 	int ret;
 
 	lock_get(&c->write_lock);
 	ret = tls_blocking_write(c, fd, buf, len,
-			tls_handshake_tout, tls_send_tout, t_dst, ssl_global_lock);
+			tls_handshake_tout, tls_send_tout, t_dst, &tls_mgm_api);
 	lock_release(&c->write_lock);
 	return ret;
 }
 
 static int tls_write_on_socket(struct tcp_connection* c, int fd,
-		char *buf, int len, gen_lock_t *ssl_global_lock)
+		char *buf, int len)
 {
 	int n;
 
@@ -174,7 +168,7 @@ static int tls_write_on_socket(struct tcp_connection* c, int fd,
 				goto release;
 			}
 
-			n = tls_write(c, fd, buf, len, NULL, ssl_global_lock);
+			n = tls_write(c, fd, buf, len, NULL, &tls_mgm_api);
 			if (n >= 0 && len - n) {
 				/* if could not write entire buffer, delay it */
 				n = tcp_async_add_chunk(c, buf + n, len - n, 0);
@@ -184,7 +178,7 @@ static int tls_write_on_socket(struct tcp_connection* c, int fd,
 		}
 	} else {
 		n = tls_blocking_write(c, fd, buf, len,
-				tls_handshake_tout, tls_send_tout, t_dst, ssl_global_lock);
+				tls_handshake_tout, tls_send_tout, t_dst, &tls_mgm_api);
 	}
 release:
 	lock_release(&c->write_lock);
@@ -334,14 +328,6 @@ static int mod_init(void)
 				sroutes->request, RT_NO);
 	}
 
-	#ifndef NO_SSL_GLOBAL_LOCK
-	ssl_global_lock = lock_alloc();
-	if (!ssl_global_lock || !lock_init(ssl_global_lock)) {
-		LM_ERR("could not initialize openssl lock!\n");
-		return -1;
-	}
-	#endif
-
 	return 0;
 }
 
@@ -351,11 +337,6 @@ static int mod_init(void)
  */
 static void mod_destroy(void)
 {
-	#ifndef NO_SSL_GLOBAL_LOCK
-	lock_destroy(ssl_global_lock);
-	lock_dealloc(ssl_global_lock);
-	#endif
-
 	/* library destroy */
 	ERR_free_strings();
 	/*SSL_free_comp_methods(); - this function is not on std. openssl*/
@@ -459,7 +440,7 @@ static void proto_tls_conn_clean(struct tcp_connection* c)
 		c->proto_data = NULL;
 	}
 
-	tls_conn_clean(c, ssl_global_lock, &tls_mgm_api);
+	tls_conn_clean(c, &tls_mgm_api);
 }
 
 
@@ -557,7 +538,7 @@ static int proto_tls_send(struct socket_info* send_sock,
 			 * connect status */
 			tls_update_fd(c, fd);
 			n = tls_async_connect(c, fd, tls_async_handshake_connect_timeout, t_dst,
-				ssl_global_lock);
+				&tls_mgm_api);
 			lock_release(&c->write_lock);
 			if (n<0) {
 				LM_ERR("failed async TLS connect\n");
@@ -601,7 +582,7 @@ static int proto_tls_send(struct socket_info* send_sock,
 send_it:
 	LM_DBG("sending via fd %d...\n",fd);
 
-	rlen = tls_write_on_socket(c, fd, buf, len, ssl_global_lock);
+	rlen = tls_write_on_socket(c, fd, buf, len);
 	tcp_conn_set_lifetime( c, tcp_con_lifetime);
 
 	LM_DBG("after write: c=%p n=%d fd=%d\n",c, rlen, fd);
@@ -655,7 +636,7 @@ static int tls_read_req(struct tcp_connection* con, int* bytes_read)
 	}
 
 	/* do this trick in order to trace whether if it's an error or not */
-	ret=tls_fix_read_conn(con, tls_handshake_tout, t_dst, ssl_global_lock);
+	ret=tls_fix_read_conn(con, tls_handshake_tout, t_dst, &tls_mgm_api);
 	if (ret < 0) {
 		LM_ERR("failed to do pre-tls handshake!\n");
 		return -1;
@@ -697,7 +678,7 @@ static int tls_read_req(struct tcp_connection* con, int* bytes_read)
 		if (req->parsed<req->pos){
 			bytes=0;
 		}else{
-			bytes=tls_read(con,req, ssl_global_lock);
+			bytes=tls_read(con,req, &tls_mgm_api);
 			if (bytes<0) {
 				LM_ERR("failed to read \n");
 				goto error;
@@ -761,7 +742,7 @@ static int tls_async_write(struct tcp_connection* con, int fd)
 	SSL *ssl = (SSL *)con->extra_data;
 
 	err = tls_fix_read_conn_unlocked(con, fd, tls_handshake_tout, t_dst,
-		ssl_global_lock);
+		&tls_mgm_api);
 	if (err < 0) {
 		LM_ERR("failed to do pre-tls handshake!\n");
 		return -1;
@@ -776,7 +757,7 @@ static int tls_async_write(struct tcp_connection* con, int fd)
 				chunk->len, chunk, con, chunk->ticks, get_ticks());
 
 		#ifndef NO_SSL_GLOBAL_LOCK
-		lock_get(ssl_global_lock);
+		tls_mgm_api.global_lock_get();
 		#endif
 
 		n=SSL_write(con->extra_data, chunk->buf, chunk->len);
@@ -785,15 +766,15 @@ static int tls_async_write(struct tcp_connection* con, int fd)
 			switch (err) {
 				case SSL_ERROR_ZERO_RETURN:
 					#ifndef NO_SSL_GLOBAL_LOCK
-					lock_release(ssl_global_lock);
+					tls_mgm_api.global_lock_release();
 					#endif
 
 					LM_DBG("connection closed cleanly\n");
 					return -1;
 				case SSL_ERROR_WANT_READ:
 				case SSL_ERROR_WANT_WRITE:
 					#ifndef NO_SSL_GLOBAL_LOCK
-					lock_release(ssl_global_lock);
+					tls_mgm_api.global_lock_release();
 					#endif
 
 					LM_DBG("Can't finish to write chunk %p on conn %p\n",
@@ -806,7 +787,7 @@ static int tls_async_write(struct tcp_connection* con, int fd)
 					tls_print_errstack();
 
 					#ifndef NO_SSL_GLOBAL_LOCK
-					lock_release(ssl_global_lock);
+					tls_mgm_api.global_lock_release();
 					#endif
 
 					/* report the conn as broken */

modules/proto_wss/proto_wss.c

@@ -73,17 +73,11 @@ static str wss_resource = str_init("/");
 static int wss_raw_writev(struct tcp_connection *c, int fd,
 		const struct iovec *iov, int iovcnt, int tout);
 
-#ifndef NO_SSL_GLOBAL_LOCK
-gen_lock_t *ssl_global_lock;
-#else
-#define ssl_global_lock NULL
-#endif
-
 #define _ws_common_module "wss"
 #define _ws_common_tcp_current_req tcp_current_req
 #define _ws_common_current_req wss_current_req
 #define _ws_common_max_msg_chunks wss_max_msg_chunks
-#define _ws_common_read(c, r) tls_read((c), (r), ssl_global_lock)
+#define _ws_common_read(c, r) tls_read((c), (r), &tls_mgm_api)
 #define _ws_common_writev wss_raw_writev
 #define _ws_common_read_tout wss_hs_read_tout
 /*
@@ -111,7 +105,6 @@ static int trace_filter_route_id = -1;
 /**/
 
 static int mod_init(void);
-static void mod_destroy(void);
 static int proto_wss_init(struct proto_info *pi);
 static int proto_wss_init_listener(struct socket_info *si);
 static int proto_wss_send(struct socket_info* send_sock,
@@ -187,7 +180,7 @@ struct module_exports exports = {
 	0,          /* module pre-initialization function */
 	mod_init,   /* module initialization function */
 	0,          /* response function */
-	mod_destroy,/* destroy function */
+	0,          /* destroy function */
 	0,          /* per-child init function */
 	0           /* reload confirm function */
 };
@@ -262,25 +255,9 @@ static int mod_init(void)
 				sroutes->request, RT_NO);
 	}
 
-	#ifndef NO_SSL_GLOBAL_LOCK
-	ssl_global_lock = lock_alloc();
-	if (!ssl_global_lock || !lock_init(ssl_global_lock)) {
-		LM_ERR("could not initialize openssl lock!\n");
-		return -1;
-	}
-	#endif
-
 	return 0;
 }
 
-static void mod_destroy(void)
-{
-	#ifndef NO_SSL_GLOBAL_LOCK
-	lock_destroy(ssl_global_lock);
-	lock_dealloc(ssl_global_lock);
-	#endif
-}
-
 static int wss_conn_init(struct tcp_connection* c)
 {
 	struct ws_data *d;
@@ -343,7 +320,7 @@ static void ws_conn_clean(struct tcp_connection* c)
 
 	}
 
-	tls_conn_clean(c, ssl_global_lock, &tls_mgm_api);
+	tls_conn_clean(c, &tls_mgm_api);
 }
 
 
@@ -511,7 +488,7 @@ static int wss_read_req(struct tcp_connection* con, int* bytes_read)
 	struct ws_data* d;
 
 	/* we need to fix the SSL connection before doing anything */
-	if (tls_fix_read_conn(con, 0, t_dst, ssl_global_lock) < 0) {
+	if (tls_fix_read_conn(con, 0, t_dst, &tls_mgm_api) < 0) {
 		LM_ERR("cannot fix read connection\n");
 		if ( (d=con->proto_data) && d->dest && d->tprot ) {
 			if ( d->message ) {
@@ -581,7 +558,7 @@ static int wss_raw_writev(struct tcp_connection *c, int fd,
 	lock_get(&c->write_lock);
 	for (i = 0; i < iovcnt; i++) {
 		n = tls_blocking_write(c, fd, iov[i].iov_base, iov[i].iov_len,
-				wss_hs_tls_tout, wss_send_tout, t_dst, ssl_global_lock);
+				wss_hs_tls_tout, wss_send_tout, t_dst, &tls_mgm_api);
 		if (n < 0) {
 			ret = -1;
 			goto end;
@@ -604,7 +581,7 @@ static int wss_raw_writev(struct tcp_connection *c, int fd,
 	}
 	lock_get(&c->write_lock);
 	n = tls_blocking_write(c, fd, buf, n,
-				wss_hs_tls_tout, wss_send_tout, t_dst, ssl_global_lock);
+				wss_hs_tls_tout, wss_send_tout, t_dst, &tls_mgm_api);
 #endif /* TLS_DONT_WRITE_FRAGMENTS */
 
 end:

modules/tls_mgm/api.h

@@ -43,6 +43,10 @@ typedef struct tls_domain * (*tls_find_server_domain_f) (struct ip_addr *, unsig
 typedef struct tls_domain * (*tls_find_client_domain_f) (struct ip_addr *, unsigned short);
 typedef struct tls_domain * (*tls_find_client_domain_name_f) (str *);
 typedef void (*tls_release_domain_f) (struct tls_domain *);
+#ifndef NO_SSL_GLOBAL_LOCK
+typedef void (*tls_global_lock_get_f) (void);
+typedef void (*tls_global_lock_release_f) (void);
+#endif
 
 /* utility functions for operations directly on a SSL_CTX */
 typedef void (*tls_ctx_set_cert_store_f) (void *ctx, void *src_ctx);
@@ -57,6 +61,10 @@ struct tls_mgm_binds {
     tls_ctx_set_cert_store_f ctx_set_cert_store;
     tls_ctx_set_cert_chain_f ctx_set_cert_chain;
     tls_ctx_set_pkey_file_f ctx_set_pkey_file;
+    #ifndef NO_SSL_GLOBAL_LOCK
+    tls_global_lock_get_f global_lock_get;
+    tls_global_lock_release_f global_lock_release;
+    #endif
 };