diff options
Diffstat (limited to 'main/libasteriskssl.c')
-rw-r--r-- | main/libasteriskssl.c | 235 |
1 files changed, 235 insertions, 0 deletions
diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c new file mode 100644 index 000000000..8b2d8b0a8 --- /dev/null +++ b/main/libasteriskssl.c @@ -0,0 +1,235 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * Copyright (C) 2009-2012, Digium, Inc. + * + * Russell Bryant <russell@digium.com> + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. + */ + +/*! + * \file + * \brief Common OpenSSL support code + * + * \author Russell Bryant <russell@digium.com> + */ + +#include "asterisk.h" + +ASTERISK_FILE_VERSION(__FILE__, "$Revision$") + +#ifdef HAVE_OPENSSL +#include <openssl/ssl.h> +#include <openssl/err.h> +#endif + +#include <dlfcn.h> + +#include "asterisk/_private.h" /* ast_ssl_init() */ + +#include "asterisk/utils.h" +#include "asterisk/lock.h" + +#ifdef HAVE_OPENSSL + +#define get_OpenSSL_function(func) do { real_##func = dlsym(RTLD_NEXT, __stringify(func)); } while(0) + +static int startup_complete; + +static ast_mutex_t *ssl_locks; + +static int ssl_num_locks; + +static unsigned long ssl_threadid(void) +{ + return (unsigned long) pthread_self(); +} + +static void ssl_lock(int mode, int n, const char *file, int line) +{ + if (n < 0 || n >= ssl_num_locks) { + ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - " + "ssl_num_locks '%d' - n '%d'\n", + ssl_num_locks, n); + return; + } + + if (mode & CRYPTO_LOCK) { + ast_mutex_lock(&ssl_locks[n]); + } else { + ast_mutex_unlock(&ssl_locks[n]); + } +} + +int SSL_library_init(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif + return 0; +} + +void SSL_load_error_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_load_SSL_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_load_crypto_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_load_BIO_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void CRYPTO_set_id_callback(unsigned long (*func)(void)) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void CRYPTO_set_locking_callback(void (*func)(int mode,int type, const char *file, int line)) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_free_strings(void) +{ + /* we can't allow this to be called, ever */ +} + +#endif /* HAVE_OPENSSL */ + +/*! + * \internal + * \brief Common OpenSSL initialization for all of Asterisk. + */ +int ast_ssl_init(void) +{ +#ifdef HAVE_OPENSSL + unsigned int i; + int (*real_SSL_library_init)(void); + void (*real_CRYPTO_set_id_callback)(unsigned long (*)(void)); + void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int)); + void (*real_SSL_load_error_strings)(void); + void (*real_ERR_load_SSL_strings)(void); + void (*real_ERR_load_crypto_strings)(void); + void (*real_ERR_load_BIO_strings)(void); + const char *errstr; + + /* clear any previous dynamic linker errors */ + dlerror(); + get_OpenSSL_function(SSL_library_init); + if ((errstr = dlerror()) != NULL) { + ast_debug(1, "unable to get real address of SSL_library_init: %s\n", errstr); + /* there is no way to continue in this situation... SSL will + * likely be broken in this process + */ + return -1; + } else { + real_SSL_library_init(); + } + + /* Make OpenSSL usage thread-safe. */ + + dlerror(); + get_OpenSSL_function(CRYPTO_set_id_callback); + if ((errstr = dlerror()) != NULL) { + ast_debug(1, "unable to get real address of CRYPTO_set_id_callback: %s\n", errstr); + /* there is no way to continue in this situation... SSL will + * likely be broken in this process + */ + return -1; + } else { + real_CRYPTO_set_id_callback(ssl_threadid); + } + + dlerror(); + get_OpenSSL_function(CRYPTO_set_locking_callback); + if ((errstr = dlerror()) != NULL) { + ast_debug(1, "unable to get real address of CRYPTO_set_locking_callback: %s\n", errstr); + /* there is no way to continue in this situation... SSL will + * likely be broken in this process + */ + return -1; + } else { + ssl_num_locks = CRYPTO_num_locks(); + if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) { + return -1; + } + for (i = 0; i < ssl_num_locks; i++) { + ast_mutex_init(&ssl_locks[i]); + } + real_CRYPTO_set_locking_callback(ssl_lock); + } + + /* after this point, we don't check for errors from the dlsym() calls, + * under the assumption that if the ones above were successful, all + * the rest will be too. this assumption holds as long as OpenSSL still + * provides all of these functions. + */ + + get_OpenSSL_function(SSL_load_error_strings); + real_SSL_load_error_strings(); + + get_OpenSSL_function(ERR_load_SSL_strings); + real_ERR_load_SSL_strings(); + + get_OpenSSL_function(ERR_load_crypto_strings); + real_ERR_load_crypto_strings(); + + get_OpenSSL_function(ERR_load_BIO_strings); + real_ERR_load_BIO_strings(); + +#if 0 + /* currently this is just another call to SSL_library_init, so we don't call it */ + OpenSSL_add_all_algorithms(); +#endif + + startup_complete = 1; + +#endif /* HAVE_OPENSSL */ + return 0; +} + |