Skip to content

Commit

Permalink
Remove obsoleted OpenSSL init code
Browse files Browse the repository at this point in the history
Starting with OpenSSL v1.1.0, library init/uninit is automatically
handled by the library. This removes unnecessary code from rabbitmq-c
and marks the initialization functions as deprecated.

Fixed: #737

Signed-off-by: GitHub <[email protected]>
  • Loading branch information
alanxz authored Feb 2, 2023
1 parent 40c629a commit c161b65
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 136 deletions.
15 changes: 12 additions & 3 deletions include/rabbitmq-c/ssl_socket.h
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,9 @@ int AMQP_CALL amqp_ssl_socket_set_ssl_versions(amqp_socket_t *self,
/**
* Sets whether rabbitmq-c will initialize OpenSSL.
*
* \deprecated Since v0.13.0 this is a no-op. OpenSSL automatically manages
* library initialization and uninitialization.
*
* OpenSSL requires a one-time initialization across a whole program, this sets
* whether or not rabbitmq-c will initialize the SSL library when the first call
* to amqp_ssl_socket_new() is made. You should call this function with
Expand All @@ -226,12 +229,15 @@ int AMQP_CALL amqp_ssl_socket_set_ssl_versions(amqp_socket_t *self,
*
* \since v0.4.0
*/
AMQP_EXPORT
AMQP_DEPRECATED_EXPORT
void AMQP_CALL amqp_set_initialize_ssl_library(amqp_boolean_t do_initialize);

/**
* Initialize the underlying SSL/TLS library.
*
* \deprecated Since v0.13.0 this is a no-op. OpenSSL automatically manages
* library initialization and uninitialization.
*
* The OpenSSL library requires a one-time initialization across the whole
* program.
*
Expand All @@ -244,7 +250,7 @@ void AMQP_CALL amqp_set_initialize_ssl_library(amqp_boolean_t do_initialize);
*
* \since v0.9.0
*/
AMQP_EXPORT
AMQP_DEPRECATED_EXPORT
int AMQP_CALL amqp_initialize_ssl_library(void);

/**
Expand All @@ -266,11 +272,14 @@ int amqp_set_ssl_engine(const char *engine);
/**
* Uninitialize the underlying SSL/TLS library.
*
* \deprecated Since v0.13.0 this is a no-op. OpenSSL automatically manages
* library initialization and uninitialization.
*
* \return AMQP_STATUS_OK on success.
*
* \since v0.9.0
*/
AMQP_EXPORT
AMQP_DEPRECATED_EXPORT
int AMQP_CALL amqp_uninitialize_ssl_library(void);

AMQP_END_DECLS
Expand Down
142 changes: 9 additions & 133 deletions librabbitmq/amqp_openssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,7 @@
static int initialize_ssl_and_increment_connections(void);
static int decrement_ssl_connections(void);

static unsigned long ssl_threadid_callback(void);
static void ssl_locking_callback(int mode, int n, const char *file, int line);
static pthread_mutex_t *amqp_openssl_lockarray = NULL;

static pthread_mutex_t openssl_init_mutex = PTHREAD_MUTEX_INITIALIZER;
static amqp_boolean_t do_initialize_openssl = 1;
static amqp_boolean_t openssl_initialized = 0;
static amqp_boolean_t openssl_bio_initialized = 0;
static int openssl_connections = 0;
static ENGINE *openssl_engine = NULL;
Expand Down Expand Up @@ -578,89 +572,16 @@ int amqp_ssl_socket_set_ssl_versions(amqp_socket_t *base,
}

void amqp_set_initialize_ssl_library(amqp_boolean_t do_initialize) {
CHECK_SUCCESS(pthread_mutex_lock(&openssl_init_mutex));

if (openssl_connections == 0 && !openssl_initialized) {
do_initialize_openssl = do_initialize;
}
CHECK_SUCCESS(pthread_mutex_unlock(&openssl_init_mutex));
}

static unsigned long ssl_threadid_callback(void) {
return (unsigned long)pthread_self();
}

static void ssl_locking_callback(int mode, int n, AMQP_UNUSED const char *file,
AMQP_UNUSED int line) {
if (mode & CRYPTO_LOCK) {
CHECK_SUCCESS(pthread_mutex_lock(&amqp_openssl_lockarray[n]));
} else {
CHECK_SUCCESS(pthread_mutex_unlock(&amqp_openssl_lockarray[n]));
}
}

static int setup_openssl(void) {
int status;

int i;
amqp_openssl_lockarray = calloc(CRYPTO_num_locks(), sizeof(pthread_mutex_t));
if (!amqp_openssl_lockarray) {
status = AMQP_STATUS_NO_MEMORY;
goto out;
}
for (i = 0; i < CRYPTO_num_locks(); i++) {
if (pthread_mutex_init(&amqp_openssl_lockarray[i], NULL)) {
int j;
for (j = 0; j < i; j++) {
pthread_mutex_destroy(&amqp_openssl_lockarray[j]);
}
free(amqp_openssl_lockarray);
status = AMQP_STATUS_SSL_ERROR;
goto out;
}
}
CRYPTO_set_id_callback(ssl_threadid_callback);
CRYPTO_set_locking_callback(ssl_locking_callback);

if (OPENSSL_init_ssl(0, NULL) <= 0) {
status = AMQP_STATUS_SSL_ERROR;
goto out;
}
SSL_library_init();
SSL_load_error_strings();

status = AMQP_STATUS_OK;
out:
return status;
(void)do_initialize;
return;
}

int amqp_initialize_ssl_library(void) {
int status;
CHECK_SUCCESS(pthread_mutex_lock(&openssl_init_mutex));

if (!openssl_initialized) {
status = setup_openssl();
if (status) {
goto out;
}
openssl_initialized = 1;
}

status = AMQP_STATUS_OK;
out:
CHECK_SUCCESS(pthread_mutex_unlock(&openssl_init_mutex));
return status;
}
int amqp_initialize_ssl_library(void) { return AMQP_STATUS_OK; }

int amqp_set_ssl_engine(const char *engine) {
int status = AMQP_STATUS_OK;
CHECK_SUCCESS(pthread_mutex_lock(&openssl_init_mutex));

if (!openssl_initialized) {
status = AMQP_STATUS_SSL_ERROR;
goto out;
}

if (openssl_engine != NULL) {
ENGINE_free(openssl_engine);
openssl_engine = NULL;
Expand Down Expand Up @@ -693,14 +614,6 @@ static int initialize_ssl_and_increment_connections() {
int status;
CHECK_SUCCESS(pthread_mutex_lock(&openssl_init_mutex));

if (do_initialize_openssl && !openssl_initialized) {
status = setup_openssl();
if (status) {
goto exit;
}
openssl_initialized = 1;
}

if (!openssl_bio_initialized) {
status = amqp_openssl_bio_init();
if (status) {
Expand All @@ -723,50 +636,13 @@ static int decrement_ssl_connections(void) {
openssl_connections--;
}

CHECK_SUCCESS(pthread_mutex_unlock(&openssl_init_mutex));
return AMQP_STATUS_OK;
}

int amqp_uninitialize_ssl_library(void) {
int status;
CHECK_SUCCESS(pthread_mutex_lock(&openssl_init_mutex));

if (openssl_connections > 0) {
status = AMQP_STATUS_SOCKET_INUSE;
goto out;
}

amqp_openssl_bio_destroy();
openssl_bio_initialized = 0;

CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
{
int i;
for (i = 0; i < CRYPTO_num_locks(); i++) {
pthread_mutex_destroy(&amqp_openssl_lockarray[i]);
}
free(amqp_openssl_lockarray);
if (openssl_connections == 0) {
amqp_openssl_bio_destroy();
openssl_bio_initialized = 0;
}

if (openssl_engine != NULL) {
ENGINE_free(openssl_engine);
openssl_engine = NULL;
}

ENGINE_cleanup();
CONF_modules_free();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
#if (OPENSSL_VERSION_NUMBER >= 0x10002003L) && !defined(LIBRESSL_VERSION_NUMBER)
SSL_COMP_free_compression_methods();
#endif

openssl_initialized = 0;

status = AMQP_STATUS_OK;
out:
CHECK_SUCCESS(pthread_mutex_unlock(&openssl_init_mutex));
return status;
return AMQP_STATUS_OK;
}

int amqp_uninitialize_ssl_library(void) { return AMQP_STATUS_OK; }

0 comments on commit c161b65

Please sign in to comment.