change ssl symbol visibility to specific places in core only

2013-02-04 10:47:27 -06:00 · 2013-02-04 10:47:27 -06:00 · 4cac512b97
parent 16fa338b49
commit 4cac512b97
5 changed files with 76 additions and 75 deletions
--- a/src/include/switch_core.h
+++ b/src/include/switch_core.h
@ -40,12 +40,6 @@
 #define SWITCH_CORE_H

 #include <switch.h>
-#include <openssl/pem.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif

 SWITCH_BEGIN_EXTERN_C
 #define SWITCH_MAX_CORE_THREAD_SESSION_OBJS 128
@ -2518,7 +2512,6 @@ SWITCH_DECLARE(pid_t) switch_fork(void);
 SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix);
 SWITCH_DECLARE(int) switch_core_cert_gen_fingerprint(const char *prefix, dtls_fingerprint_t *fp);
 SWITCH_DECLARE(int) switch_core_cert_expand_fingerprint(dtls_fingerprint_t *fp, const char *str);
-SWITCH_DECLARE(int) switch_core_cert_extract_fingerprint(X509* x509, dtls_fingerprint_t *fp);
 SWITCH_DECLARE(int) switch_core_cert_verify(dtls_fingerprint_t *fp);

 SWITCH_END_EXTERN_C
--- a/src/include/switch_ssl.h
+++ b/src/include/switch_ssl.h
@ -37,70 +37,23 @@
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 #endif
 #include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>

-static switch_mutex_t **ssl_mutexes;
-static switch_memory_pool_t *ssl_pool = NULL;
-static int ssl_count = 0;
+SWITCH_DECLARE(int) switch_core_cert_extract_fingerprint(X509* x509, dtls_fingerprint_t *fp);

-static inline void switch_ssl_ssl_lock_callback(int mode, int type, char *file, int line)
-{
-	if (mode & CRYPTO_LOCK) {
-		switch_mutex_lock(ssl_mutexes[type]);
-	}
-	else {
-		switch_mutex_unlock(ssl_mutexes[type]);
-	}
-}
-
-static inline unsigned long switch_ssl_ssl_thread_id(void)
-{
-	return (unsigned long) switch_thread_self();
-}
-
-static inline void switch_ssl_init_ssl_locks(void)
-{
-
-	int i, num;
-
-	if (ssl_count == 0) {
-		num = CRYPTO_num_locks();
-		
-		ssl_mutexes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(switch_mutex_t*));
-		switch_assert(ssl_mutexes != NULL);
-
-		switch_core_new_memory_pool(&ssl_pool);
-
-		for (i = 0; i < num; i++) {
-			switch_mutex_init(&(ssl_mutexes[i]), SWITCH_MUTEX_NESTED, ssl_pool);
-			switch_assert(ssl_mutexes[i] != NULL);
-		}
-
-		CRYPTO_set_id_callback(switch_ssl_ssl_thread_id);
-		CRYPTO_set_locking_callback((void (*)(int, int, const char*, int))switch_ssl_ssl_lock_callback);
-	}
-
-	ssl_count++;
-}
-
-static inline void switch_ssl_destroy_ssl_locks()
-{
-	int i;
-
-	if (ssl_count == 1) {
-		CRYPTO_set_locking_callback(NULL);
-		for (i = 0; i < CRYPTO_num_locks(); i++) {
-			if (ssl_mutexes[i]) {
-				switch_mutex_destroy(ssl_mutexes[i]);
-			}
-		}
-
-		OPENSSL_free(ssl_mutexes);
-		ssl_count--;
-	}
-}
 #else
-static inline void switch_ssl_init_ssl_locks(void) { return; }
-static inline void switch_ssl_destroy_ssl_locks(void) { return; }
+static inline int switch_core_cert_extract_fingerprint(void* x509, dtls_fingerprint_t *fp) { return 0; }
 #endif

+SWITCH_DECLARE(void) switch_ssl_destroy_ssl_locks(void);
+SWITCH_DECLARE(void) switch_ssl_init_ssl_locks(void);
+
 #endif
--- a/src/switch_core_cert.c
+++ b/src/switch_core_cert.c
@ -30,7 +30,68 @@
 */

 #include <switch.h>
+#include <switch_ssl.h>

+static switch_mutex_t **ssl_mutexes;
+static switch_memory_pool_t *ssl_pool = NULL;
+static int ssl_count = 0;
+
+static inline void switch_ssl_ssl_lock_callback(int mode, int type, char *file, int line)
+{
+	if (mode & CRYPTO_LOCK) {
+		switch_mutex_lock(ssl_mutexes[type]);
+	}
+	else {
+		switch_mutex_unlock(ssl_mutexes[type]);
+	}
+}
+
+static inline unsigned long switch_ssl_ssl_thread_id(void)
+{
+	return (unsigned long) switch_thread_self();
+}
+
+SWITCH_DECLARE(void) switch_ssl_init_ssl_locks(void)
+{
+
+	int i, num;
+
+	if (ssl_count == 0) {
+		num = CRYPTO_num_locks();
+		
+		ssl_mutexes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(switch_mutex_t*));
+		switch_assert(ssl_mutexes != NULL);
+
+		switch_core_new_memory_pool(&ssl_pool);
+
+		for (i = 0; i < num; i++) {
+			switch_mutex_init(&(ssl_mutexes[i]), SWITCH_MUTEX_NESTED, ssl_pool);
+			switch_assert(ssl_mutexes[i] != NULL);
+		}
+
+		CRYPTO_set_id_callback(switch_ssl_ssl_thread_id);
+		CRYPTO_set_locking_callback((void (*)(int, int, const char*, int))switch_ssl_ssl_lock_callback);
+	}
+
+	ssl_count++;
+}
+
+SWITCH_DECLARE(void) switch_ssl_destroy_ssl_locks(void)
+{
+	int i;
+
+	if (ssl_count == 1) {
+		CRYPTO_set_locking_callback(NULL);
+		for (i = 0; i < CRYPTO_num_locks(); i++) {
+			if (ssl_mutexes[i]) {
+				switch_mutex_destroy(ssl_mutexes[i]);
+			}
+		}
+
+		OPENSSL_free(ssl_mutexes);
+		ssl_count--;
+	}
+}

 static const EVP_MD *get_evp_by_name(const char *name)
 {
--- a/src/switch_core_media.c
+++ b/src/switch_core_media.c
@ -1055,7 +1055,6 @@ SWITCH_DECLARE(void) switch_core_media_prepare_codecs(switch_core_session_t *ses
 		goto ready;
 	}

-
 	if ((ocodec = switch_channel_get_variable(session->channel, SWITCH_ORIGINATOR_CODEC_VARIABLE))) {
 		if (!codec_string || (smh->media_flags[SCMF_DISABLE_TRANSCODING])) {
 			codec_string = ocodec;
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@ -49,12 +49,7 @@
 #include <srtp.h>
 #include <srtp_priv.h>
 #include <switch_version.h>
-
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-
-
+#include <switch_ssl.h>

 #define READ_INC(rtp_session) switch_mutex_lock(rtp_session->read_mutex); rtp_session->reading++
 #define READ_DEC(rtp_session)  switch_mutex_unlock(rtp_session->read_mutex); rtp_session->reading--