diff options
Diffstat (limited to 'main')
| -rw-r--r-- | main/Makefile | 101 | ||||
| -rw-r--r-- | main/libasteriskssl.c | 235 | ||||
| -rw-r--r-- | main/libasteriskssl.exports.in | 4 | ||||
| -rw-r--r-- | main/ssl.c | 100 |
4 files changed, 326 insertions, 114 deletions
diff --git a/main/Makefile b/main/Makefile index 728b80591..0662f22f3 100644 --- a/main/Makefile +++ b/main/Makefile @@ -1,6 +1,6 @@ # # Asterisk -- A telephony toolkit for Linux. -# +# # Makefile to build main Asterisk binary # # Copyright (C) 1999-2006, Digium, Inc. @@ -18,7 +18,10 @@ all: asterisk include $(ASTTOPDIR)/Makefile.moddir_rules # Must include the extra ast_expr2.c, ast_expr2f.c, in case they need to be regenerated (because to force regeneration, we delete them) -SRC=$(wildcard *.c) ast_expr2.c ast_expr2f.c +SRC:=$(wildcard *.c) ast_expr2.c ast_expr2f.c +ifeq ($(AST_ASTERISKSSL),yes) +SRC:=$(filter-out libasteriskssl.c,$(SRC)) +endif OBJSFILTER=fskmodem_int.o fskmodem_float.o cygload.o buildinfo.o OBJS=$(filter-out $(OBJSFILTER),$(SRC:.c=.o)) @@ -26,14 +29,16 @@ OBJS=$(filter-out $(OBJSFILTER),$(SRC:.c=.o)) # otherwise modules will not have them available if none of the static # objects use it. OBJS+=stdtime/localtime.o + ifneq ($(firstword $(subst :, ,$(WEAKREF))),1) OBJS+=../res/res_adsi.o endif -AST_LIBS += $(OPENSSL_LIB) -AST_LIBS += $(BKTR_LIB) -AST_LIBS += $(LIBXML2_LIB) -AST_LIBS += $(SQLITE3_LIB) +ASTSSL_LIBS:=$(OPENSSL_LIB) +AST_LIBS+=$(BKTR_LIB) +AST_LIBS+=$(LIBXML2_LIB) +AST_LIBS+=$(SQLITE3_LIB) +AST_LIBS+=$(ASTSSL_LIBS) ifneq ($(findstring $(OSARCH), linux-gnu uclinux linux-uclibc linux-gnueabi kfreebsd-gnu linux-gnueabihf),) ifneq ($(findstring LOADABLE_MODULES,$(MENUSELECT_CFLAGS)),) @@ -78,7 +83,7 @@ endif ifneq ($(findstring $(OSARCH), mingw32 cygwin ),) AST_LIBS+=-lminires -ldl - ASTLINK+= -shared -Wl,--out-implib,libasterisk.a + ASTLINK+=-shared -Wl,--out-implib,libasterisk.a endif ifeq ($(OSARCH),NetBSD) AST_LIBS+=-lpthread -lcrypto -lm -L/usr/pkg/lib $(EDITLINE_LIB) @@ -89,7 +94,8 @@ ifeq ($(OSARCH),OpenBSD) endif ifeq ($(OSARCH),SunOS) - AST_LIBS+=-lpthread -ldl -lrt -lnsl -lsocket -lresolv -L/opt/ssl/lib -L/usr/local/ssl/lib + AST_LIBS+=-lpthread -ldl -lrt -lnsl -lsocket -lresolv + ASTSSL_LIBS+=-L/opt/ssl/lib -L/usr/local/ssl/lib ASTLINK= endif @@ -140,7 +146,7 @@ testexpr2: ast_expr2f.c ast_expr2.c ast_expr2.h $(CC) -g -c -Iinclude -DSTANDALONE ast_expr2f.c $(CC) -g -c -Iinclude -DSTANDALONE ast_expr2.c $(CC) -g -o testexpr2 ast_expr2f.o ast_expr2.o -lm - rm ast_expr2.o ast_expr2f.o + rm ast_expr2.o ast_expr2f.o db.o: _ASTCFLAGS+=$(SQLITE3_INCLUDE) @@ -178,13 +184,61 @@ endif $(OBJS): _ASTCFLAGS+=-DAST_MODULE=\"core\" -$(MAIN_TGT): $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) +ifeq ($(AST_ASTERISKSSL),yes) +# The ABI *version* of the asteriskssl library; don't change this unless there truly is a +# non-backwards-compatible ABI change in the library +ASTSSL_SO_VERSION=1 + +ASTSSL_LDLIBS=-L. -lasteriskssl + +ifeq ($(findstring darwin,$(OSARCH)),) # not Darwin +ASTSSL_LIB:=libasteriskssl.so + +$(ASTSSL_LIB).$(ASTSSL_SO_VERSION): _ASTLDFLAGS+=-Wl,-soname=$(ASTSSL_LIB).$(ASTSSL_SO_VERSION) +$(ASTSSL_LIB).$(ASTSSL_SO_VERSION): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskssl\" +$(ASTSSL_LIB).$(ASTSSL_SO_VERSION): LIBS+=$(ASTSSL_LIBS) +$(ASTSSL_LIB).$(ASTSSL_SO_VERSION): SO_SUPPRESS_SYMBOLS=-Wl,--version-script,libasteriskssl.exports,--warn-common +$(ASTSSL_LIB).$(ASTSSL_SO_VERSION): SOLINK=$(DYLINK) + +# These rules are duplicated from $(ASTTOPDIR)/Makefile.rules because the library name +# being built does not match the "%.so" pattern; there are also additional steps +# required to build a proper shared library (as opposed to the 'loadable module' +# type that are built by the standard rules) +$(ASTSSL_LIB).$(ASTSSL_SO_VERSION): libasteriskssl.o +ifeq ($(GNU_LD),1) + $(CMD_PREFIX) $(ASTTOPDIR)/build_tools/make_linker_version_script libasteriskssl "$(LINKER_SYMBOL_PREFIX)" "$(ASTTOPDIR)" +endif + $(ECHO_PREFIX) echo " [LD] $^ -> $@" + $(CMD_PREFIX) $(CC) $(STATIC_BUILD) -o $@ $(CC_LDFLAGS_SO) $^ $(CC_LIBS) +ifneq ($(LDCONFIG),) + $(LDCONFIG) $(LDCONFIG_FLAGS) . +endif + +$(ASTSSL_LIB): $(ASTSSL_LIB).$(ASTSSL_SO_VERSION) + $(LN) -sf $< $@ + +else # Darwin +ASTSSL_LIB:=libasteriskssl.dylib + +$(ASTSSL_LIB): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskssl\" +$(ASTSSL_LIB): LIBS+=$(ASTSSL_LIBS) +$(ASTSSL_LIB): SOLINK=$(DYLINK) + +# Special rules for building a shared library (not a dynamically loadable module) +$(ASTSSL_LIB): libasteriskssl.o + $(ECHO_PREFIX) echo " [LD] $^ -> $@" + $(CMD_PREFIX) $(CC) $(STATIC_BUILD) -o $@ $(CC_LDFLAGS_SO) $^ $(CC_LIBS) +endif + +endif + +$(MAIN_TGT): $(OBJS) $(ASTSSL_LIB) editline/libedit.a $(AST_EMBED_LDSCRIPTS) @$(CC) -c -o buildinfo.o $(_ASTCFLAGS) buildinfo.c $(ASTCFLAGS) $(ECHO_PREFIX) echo " [LD] $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) -> $@" ifneq ($(findstring chan_h323,$(MENUSELECT_CHANNELS)),) - $(CMD_PREFIX) $(CC) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(GMIMELDFLAGS) + $(CMD_PREFIX) $(CC) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(OBJS) $(ASTSSL_LDLIBS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(GMIMELDFLAGS) else - $(CMD_PREFIX) $(CXX) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(H323LDFLAGS) $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(H323LDLIBS) $(GMIMELDFLAGS) + $(CMD_PREFIX) $(CXX) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(H323LDFLAGS) $(OBJS) $(ASTSSL_LDLIBS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(H323LDLIBS) $(GMIMELDFLAGS) endif ifeq ($(GNU_LD),1) @@ -193,9 +247,28 @@ asterisk.exports: asterisk.exports.in $(CMD_PREFIX) $(ASTTOPDIR)/build_tools/make_linker_version_script asterisk $(LINKER_SYMBOL_PREFIX) endif +bininstall: + $(INSTALL) -m 755 $(MAIN_TGT) "$(DESTDIR)$(ASTSBINDIR)/" +ifeq ($(AST_ASTERISKSSL),yes) + $(INSTALL) -m 755 $(ASTSSL_LIB).$(ASTSSL_SO_VERSION) "$(DESTDIR)$(ASTLIBDIR)/" + $(LN) -sf "$(DESTDIR)$(ASTLIBDIR)/$(ASTSSL_LIB).$(ASTSSL_SO_VERSION)" "$(DESTDIR)$(ASTLIBDIR)/$(ASTSSL_LIB)" +ifneq ($(LDCONFIG),) + $(LDCONFIG) $(LDCONFIG_FLAGS) "$(DESTDIR)$(ASTLIBDIR)/" +endif +endif + $(LN) -sf asterisk "$(DESTDIR)$(ASTSBINDIR)/rasterisk" + +binuninstall: + rm -f "$(DESTDIR)$(ASTSBINDIR)/$(MAIN_TGT)" + rm -f "$(DESTDIR)$(ASTSBINDIR)/rasterisk" + rm -f "$(DESTDIR)$(ASTLIBDIR)/$(ASTSSL_LIB).$(ASTSSL_SO_VERSION)" +ifneq ($(LDCONFIG),) + $(LDCONFIG) $(LDCONFIG_FLAGS) "$(DESTDIR)$(ASTLIBDIR)/" +endif + clean:: - rm -f asterisk - rm -f asterisk.exports + rm -f asterisk libasteriskssl.o $(ASTSSL_LIB) $(ASTSSL_LIB).* + rm -f asterisk.exports libasteriskssl.exports @if [ -f editline/Makefile ]; then $(MAKE) -C editline distclean ; fi @$(MAKE) -C stdtime clean rm -f libresample/src/*.o diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c new file mode 100644 index 000000000..8b2d8b0a8 --- /dev/null +++ b/main/libasteriskssl.c @@ -0,0 +1,235 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * Copyright (C) 2009-2012, Digium, Inc. + * + * Russell Bryant <russell@digium.com> + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. + */ + +/*! + * \file + * \brief Common OpenSSL support code + * + * \author Russell Bryant <russell@digium.com> + */ + +#include "asterisk.h" + +ASTERISK_FILE_VERSION(__FILE__, "$Revision$") + +#ifdef HAVE_OPENSSL +#include <openssl/ssl.h> +#include <openssl/err.h> +#endif + +#include <dlfcn.h> + +#include "asterisk/_private.h" /* ast_ssl_init() */ + +#include "asterisk/utils.h" +#include "asterisk/lock.h" + +#ifdef HAVE_OPENSSL + +#define get_OpenSSL_function(func) do { real_##func = dlsym(RTLD_NEXT, __stringify(func)); } while(0) + +static int startup_complete; + +static ast_mutex_t *ssl_locks; + +static int ssl_num_locks; + +static unsigned long ssl_threadid(void) +{ + return (unsigned long) pthread_self(); +} + +static void ssl_lock(int mode, int n, const char *file, int line) +{ + if (n < 0 || n >= ssl_num_locks) { + ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - " + "ssl_num_locks '%d' - n '%d'\n", + ssl_num_locks, n); + return; + } + + if (mode & CRYPTO_LOCK) { + ast_mutex_lock(&ssl_locks[n]); + } else { + ast_mutex_unlock(&ssl_locks[n]); + } +} + +int SSL_library_init(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif + return 0; +} + +void SSL_load_error_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_load_SSL_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_load_crypto_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_load_BIO_strings(void) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void CRYPTO_set_id_callback(unsigned long (*func)(void)) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void CRYPTO_set_locking_callback(void (*func)(int mode,int type, const char *file, int line)) +{ +#if defined(AST_DEVMODE) + if (startup_complete) { + ast_debug(1, "Called after startup... ignoring!\n"); + } +#endif +} + +void ERR_free_strings(void) +{ + /* we can't allow this to be called, ever */ +} + +#endif /* HAVE_OPENSSL */ + +/*! + * \internal + * \brief Common OpenSSL initialization for all of Asterisk. + */ +int ast_ssl_init(void) +{ +#ifdef HAVE_OPENSSL + unsigned int i; + int (*real_SSL_library_init)(void); + void (*real_CRYPTO_set_id_callback)(unsigned long (*)(void)); + void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int)); + void (*real_SSL_load_error_strings)(void); + void (*real_ERR_load_SSL_strings)(void); + void (*real_ERR_load_crypto_strings)(void); + void (*real_ERR_load_BIO_strings)(void); + const char *errstr; + + /* clear any previous dynamic linker errors */ + dlerror(); + get_OpenSSL_function(SSL_library_init); + if ((errstr = dlerror()) != NULL) { + ast_debug(1, "unable to get real address of SSL_library_init: %s\n", errstr); + /* there is no way to continue in this situation... SSL will + * likely be broken in this process + */ + return -1; + } else { + real_SSL_library_init(); + } + + /* Make OpenSSL usage thread-safe. */ + + dlerror(); + get_OpenSSL_function(CRYPTO_set_id_callback); + if ((errstr = dlerror()) != NULL) { + ast_debug(1, "unable to get real address of CRYPTO_set_id_callback: %s\n", errstr); + /* there is no way to continue in this situation... SSL will + * likely be broken in this process + */ + return -1; + } else { + real_CRYPTO_set_id_callback(ssl_threadid); + } + + dlerror(); + get_OpenSSL_function(CRYPTO_set_locking_callback); + if ((errstr = dlerror()) != NULL) { + ast_debug(1, "unable to get real address of CRYPTO_set_locking_callback: %s\n", errstr); + /* there is no way to continue in this situation... SSL will + * likely be broken in this process + */ + return -1; + } else { + ssl_num_locks = CRYPTO_num_locks(); + if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) { + return -1; + } + for (i = 0; i < ssl_num_locks; i++) { + ast_mutex_init(&ssl_locks[i]); + } + real_CRYPTO_set_locking_callback(ssl_lock); + } + + /* after this point, we don't check for errors from the dlsym() calls, + * under the assumption that if the ones above were successful, all + * the rest will be too. this assumption holds as long as OpenSSL still + * provides all of these functions. + */ + + get_OpenSSL_function(SSL_load_error_strings); + real_SSL_load_error_strings(); + + get_OpenSSL_function(ERR_load_SSL_strings); + real_ERR_load_SSL_strings(); + + get_OpenSSL_function(ERR_load_crypto_strings); + real_ERR_load_crypto_strings(); + + get_OpenSSL_function(ERR_load_BIO_strings); + real_ERR_load_BIO_strings(); + +#if 0 + /* currently this is just another call to SSL_library_init, so we don't call it */ + OpenSSL_add_all_algorithms(); +#endif + + startup_complete = 1; + +#endif /* HAVE_OPENSSL */ + return 0; +} + diff --git a/main/libasteriskssl.exports.in b/main/libasteriskssl.exports.in new file mode 100644 index 000000000..5db09cc02 --- /dev/null +++ b/main/libasteriskssl.exports.in @@ -0,0 +1,4 @@ +{ + global: + *; +}; diff --git a/main/ssl.c b/main/ssl.c deleted file mode 100644 index 40129f84f..000000000 --- a/main/ssl.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Asterisk -- An open source telephony toolkit. - * - * Copyright (C) 2009, Digium, Inc. - * - * Russell Bryant <russell@digium.com> - * - * See http://www.asterisk.org for more information about - * the Asterisk project. Please do not directly contact - * any of the maintainers of this project for assistance; - * the project provides a web site, mailing lists and IRC - * channels for your use. - * - * This program is free software, distributed under the terms of - * the GNU General Public License Version 2. See the LICENSE file - * at the top of the source tree. - */ - -/*! - * \file - * \brief Common OpenSSL support code - * - * \author Russell Bryant <russell@digium.com> - */ - -#include "asterisk.h" - -ASTERISK_FILE_VERSION(__FILE__, "$Revision$") - -#ifdef HAVE_OPENSSL -#include <openssl/ssl.h> -#include <openssl/err.h> -#endif - -#include "asterisk/_private.h" /* ast_ssl_init() */ - -#include "asterisk/utils.h" -#include "asterisk/lock.h" - -#ifdef HAVE_OPENSSL - -static ast_mutex_t *ssl_locks; - -static int ssl_num_locks; - -static unsigned long ssl_threadid(void) -{ - return (unsigned long)pthread_self(); -} - -static void ssl_lock(int mode, int n, const char *file, int line) -{ - if (n < 0 || n >= ssl_num_locks) { - ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - " - "ssl_num_locks '%d' - n '%d'\n", - ssl_num_locks, n); - return; - } - - if (mode & CRYPTO_LOCK) { - ast_mutex_lock(&ssl_locks[n]); - } else { - ast_mutex_unlock(&ssl_locks[n]); - } -} - -#endif /* HAVE_OPENSSL */ - -/*! - * \internal - * \brief Common OpenSSL initialization for all of Asterisk. - */ -int ast_ssl_init(void) -{ -#ifdef HAVE_OPENSSL - unsigned int i; - - SSL_library_init(); - SSL_load_error_strings(); - ERR_load_crypto_strings(); - ERR_load_BIO_strings(); - OpenSSL_add_all_algorithms(); - - /* Make OpenSSL thread-safe. */ - - CRYPTO_set_id_callback(ssl_threadid); - - ssl_num_locks = CRYPTO_num_locks(); - if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) { - return -1; - } - for (i = 0; i < ssl_num_locks; i++) { - ast_mutex_init(&ssl_locks[i]); - } - CRYPTO_set_locking_callback(ssl_lock); - -#endif /* HAVE_OPENSSL */ - return 0; -} - |