Cross-platform and (truly) thread-safe OpenSSL initialization.

2013-05-13 16:05:56 +02:00 · 2013-05-13 16:05:56 +02:00 · ea700d80f5
commit ea700d80f5
parent 20c1358402
5 changed files with 58 additions and 55 deletions
--- a/src/net/tls/openssl/OpenSSLInitializer.cpp
+++ b/src/net/tls/openssl/OpenSSLInitializer.cpp
@ -50,79 +50,69 @@ namespace tls {
 ref <vmime::utility::sync::criticalSection >* OpenSSLInitializer::sm_mutexes;
 int OpenSSLInitializer::sm_initCount(0);
-OpenSSLInitializer::OpenSSLInitializer()
+OpenSSLInitializer::autoInitializer::autoInitializer()
 {
 	// The construction of this unique 'oneTimeInitializer' object will be triggered
 	// by the 'autoInitializer' objects from the other translation units
 	static OpenSSLInitializer::oneTimeInitializer oneTimeInitializer;
 }
 OpenSSLInitializer::autoInitializer::~autoInitializer()
 {
 }
 OpenSSLInitializer::oneTimeInitializer::oneTimeInitializer()
 {
 	initialize();
 }
-OpenSSLInitializer::~OpenSSLInitializer()
+OpenSSLInitializer::oneTimeInitializer::~oneTimeInitializer()
 {
 	uninitialize();
 }
 // static
 ref <vmime::utility::sync::criticalSection> OpenSSLInitializer::getMutex()
 {
 	static ref <vmime::utility::sync::criticalSection> criticalSection
 		= vmime::platform::getHandler()->createCriticalSection();
 	return criticalSection;
 }
 // static
 void OpenSSLInitializer::initialize()
 {
 	ref <vmime::utility::sync::criticalSection> mutex = getMutex();
 	vmime::utility::sync::autoLock <vmime::utility::sync::criticalSection> lock(mutex);
 	if (++sm_initCount == 1)
 	{
 #if OPENSSL_VERSION_NUMBER >= 0x0907000L
-		OPENSSL_config(NULL);
+	OPENSSL_config(NULL);
 #endif
-		SSL_load_error_strings();
+	SSL_load_error_strings();
-		SSL_library_init();
+	SSL_library_init();
-		OpenSSL_add_all_algorithms();
+	OpenSSL_add_all_algorithms();
-		unsigned char seed[SEEDSIZE];
+	unsigned char seed[SEEDSIZE];
-		vmime::platform::getHandler()->generateRandomBytes(seed, SEEDSIZE);
+	vmime::platform::getHandler()->generateRandomBytes(seed, SEEDSIZE);
-		RAND_seed(seed, SEEDSIZE);
+	RAND_seed(seed, SEEDSIZE);
-		int numMutexes = CRYPTO_num_locks();
+	int numMutexes = CRYPTO_num_locks();
-		sm_mutexes = new ref <vmime::utility::sync::criticalSection>[numMutexes];
+	sm_mutexes = new ref <vmime::utility::sync::criticalSection>[numMutexes];
-		for (int i = 0 ; i < numMutexes ; ++i)
+	for (int i = 0 ; i < numMutexes ; ++i)
-			sm_mutexes[i] = vmime::platform::getHandler()->createCriticalSection();
+		sm_mutexes[i] = vmime::platform::getHandler()->createCriticalSection();
-		CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
+	CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
-		CRYPTO_set_id_callback(&OpenSSLInitializer::id);
+	CRYPTO_set_id_callback(&OpenSSLInitializer::id);
 	}
 }
 // static
 void OpenSSLInitializer::uninitialize()
 {
-	ref <vmime::utility::sync::criticalSection> mutex = getMutex();
+	EVP_cleanup();
-	vmime::utility::sync::autoLock <vmime::utility::sync::criticalSection> lock(mutex);
+	ERR_free_strings();
-	if (--sm_initCount == 0)
+	CRYPTO_set_locking_callback(NULL);
-	{
+	CRYPTO_set_id_callback(NULL);
 		EVP_cleanup();
 		ERR_free_strings();
-		CRYPTO_set_locking_callback(NULL);
+	delete [] sm_mutexes;
 		CRYPTO_set_id_callback(NULL);
 		delete [] sm_mutexes;
 	}
 }
--- a/src/net/tls/openssl/TLSSession_OpenSSL.cpp
+++ b/src/net/tls/openssl/TLSSession_OpenSSL.cpp
@ -41,6 +41,9 @@ namespace net {
 namespace tls {
 static OpenSSLInitializer::autoInitializer openSSLInitializer;
 // static
 ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
 {
@ -51,9 +54,6 @@ ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv
 TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv)
 	: m_sslctx(0), m_certVerifier(cv)
 {
 	// Thread-safe OpenSSL initialization
 	static OpenSSLInitializer openSSLInitialization;
 	m_sslctx = SSL_CTX_new(SSLv23_client_method());
 	SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
 	SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY);
--- a/src/net/tls/openssl/TLSSocket_OpenSSL.cpp
+++ b/src/net/tls/openssl/TLSSocket_OpenSSL.cpp
@ -32,6 +32,7 @@
 #include "vmime/net/tls/openssl/TLSSocket_OpenSSL.hpp"
 #include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
 #include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
 #include "vmime/platform.hpp"
@ -45,6 +46,9 @@ namespace net {
 namespace tls {
 static OpenSSLInitializer::autoInitializer openSSLInitializer;
 // static
 BIO_METHOD TLSSocket_OpenSSL::sm_customBIOMethod =
 {
--- a/src/security/cert/openssl/X509Certificate_OpenSSL.cpp
+++ b/src/security/cert/openssl/X509Certificate_OpenSSL.cpp
@ -59,6 +59,9 @@ namespace security {
 namespace cert {
 static net::tls::OpenSSLInitializer::autoInitializer openSSLInitializer;
 #ifndef VMIME_BUILDING_DOC
 class monthMap
@ -107,9 +110,6 @@ struct OpenSSLX509CertificateInternalData
 {
 	OpenSSLX509CertificateInternalData()
 	{
 		// Thread-safe OpenSSL initialization
 		static net::tls::OpenSSLInitializer openSSLInitialization;
 		cert = 0;
 	}
--- a/vmime/net/tls/openssl/OpenSSLInitializer.hpp
+++ b/vmime/net/tls/openssl/OpenSSLInitializer.hpp
@ -48,19 +48,29 @@ namespace tls {
  */
 class OpenSSLInitializer
 {
 public:
 	/** Automatically initialize OpenSSL
 	  */
-	OpenSSLInitializer();
+	class autoInitializer
 	{
 	public:
-	/** Automatically uninitialize OpenSSL
+		autoInitializer();
-	  */
+		~autoInitializer();
-	~OpenSSLInitializer();
+	};
 protected:
 	class oneTimeInitializer
 	{
 	public:
 		oneTimeInitializer();
 		~oneTimeInitializer();
 	};
 	/** Initializes the OpenSSL lib
 	  */
 	static void initialize();
@ -85,7 +95,6 @@ protected:
 private:
 	static ref <vmime::utility::sync::criticalSection >* sm_mutexes;
 	static int sm_initCount;
 };