kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-29 07:24:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba3f6c0b1eefa891ff36d30a3081d0894a6882be
asterisk/main/libasteriskssl.c

211 lines
5.2 KiB
C
Raw Normal View History

Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
/*
* Asterisk -- An open source telephony toolkit.
*
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
* Copyright (C) 2009-2018, Digium, Inc.
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
*
* Russell Bryant <russell@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*!
* \file
* \brief Common OpenSSL support code
*
* \author Russell Bryant <russell@digium.com>
*/
#include "asterisk.h"
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#include "asterisk/_private.h" /* ast_ssl_init() */
Fix compiler warnings on Fedora 26 / GCC 7. GCC 7 has added capability to produce warnings, this fixes most of those warnings. The specific warnings are disabled in a few places: * app_voicemail.c: truncation of paths more than 4096 chars in many places. * chan_mgcp.c: callid truncated to 80 chars. * cdr.c: two userfields are combined to cdr copy, fix would break ABI. * tcptls.c: ignore use of deprecated method SSLv3_client_method(). ASTERISK-27156 #close Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
2017-07-27 21:58:22 -04:00
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
#ifdef HAVE_OPENSSL
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#include <openssl/opensslv.h> /* for OPENSSL_VERSION_NUMBER */
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
#endif
Fix compiler warnings on Fedora 26 / GCC 7. GCC 7 has added capability to produce warnings, this fixes most of those warnings. The specific warnings are disabled in a few places: * app_voicemail.c: truncation of paths more than 4096 chars in many places. * chan_mgcp.c: callid truncated to 80 chars. * cdr.c: two userfields are combined to cdr copy, fix would break ABI. * tcptls.c: ignore use of deprecated method SSLv3_client_method(). ASTERISK-27156 #close Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
2017-07-27 21:58:22 -04:00
#if defined(HAVE_OPENSSL) && \
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
(defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L)
#include <dlfcn.h> /* for dlerror, dlsym, RTLD_NEXT */
#include <openssl/crypto.h> /* for CRYPTO_num_locks, CRYPTO_set_id_call... */
#include <openssl/err.h> /* for ERR_free_strings */
#include <openssl/ssl.h> /* for SSL_library_init, SSL_load_error_str... */
#if OPENSSL_VERSION_NUMBER < 0x10000000L
#include <pthread.h> /* for pthread_self */
#endif
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#include "asterisk/lock.h" /* for ast_mutex_t, ast_mutex_init, ast_mut... */
#include "asterisk/logger.h" /* for ast_debug, ast_log, LOG_ERROR */
#include "asterisk/utils.h" /* for ast_calloc */
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
#define get_OpenSSL_function(func) do { real_##func = dlsym(RTLD_NEXT, __stringify(func)); } while(0)
static int startup_complete;
static ast_mutex_t *ssl_locks;
static int ssl_num_locks;
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#if OPENSSL_VERSION_NUMBER < 0x10000000L
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
static unsigned long ssl_threadid(void)
{
return (unsigned long) pthread_self();
}
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#endif
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
static void ssl_lock(int mode, int n, const char *file, int line)
{
if (n < 0 || n >= ssl_num_locks) {
ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - "
"ssl_num_locks '%d' - n '%d'\n",
ssl_num_locks, n);
return;
}
OpenSSL 1.1.0 support OpenSSL 1.1.0 includes some major changes in the interface. See https://wiki.openssl.org/index.php/1.1_API_Changes . Status: Right now there are still a few deprecation notes with OpenSSL 1.1.0. But it's a start. Changes: * CRYPTO_LOCK is no longer available. Replace it with its value for now. I don't completely understand what it is used for there. * Remove several functions from libasteriskssl that seem to no longer be needed. * Structures have become opaque and are accesses with accessors. * ERR_remove_thread_state() no longer needed. * SSLv2 code now could no longer be used in 1.1. ASTERISK-26109 #close Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b
2016-06-28 23:26:59 +02:00
if (mode & 0x1) {
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
ast_mutex_lock(&ssl_locks[n]);
} else {
ast_mutex_unlock(&ssl_locks[n]);
}
}
int SSL_library_init(void)
{
#if defined(AST_DEVMODE)
if (startup_complete) {
ast_debug(1, "Called after startup... ignoring!\n");
}
#endif
Fix initial loading problem with res_curl When the OpenSSL duplicate initialization issues were resolved in r351447, res_curl could fail to load if it checked SSL_library_init after SSL initialization completed. This is due to the SSL_library_init stub returning a value of 0 for success, as opposed to a value of 1. OpenSSL uses a value of 1 to indicate success - in fact, SSL_library_init is documented to always return 1. Interestingly, the CURL libraries actually checked the return value - the fact that nothing else that depends on OpenSSL was having problems loading probably means they don't check the return value. (closes issue AST-924) Reported by: Guenther Kelleter patches: (AST-924.patch license #6372 uploaded by Guenther Kelleter) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369870 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-07-10 13:34:15 +00:00
return 1;
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
}
void SSL_load_error_strings(void)
{
#if defined(AST_DEVMODE)
if (startup_complete) {
ast_debug(1, "Called after startup... ignoring!\n");
}
#endif
}
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#if OPENSSL_VERSION_NUMBER < 0x10000000L
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
void CRYPTO_set_id_callback(unsigned long (*func)(void))
{
#if defined(AST_DEVMODE)
if (startup_complete) {
ast_debug(1, "Called after startup... ignoring!\n");
}
#endif
}
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#endif
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
void CRYPTO_set_locking_callback(void (*func)(int mode,int type, const char *file, int line))
{
#if defined(AST_DEVMODE)
if (startup_complete) {
ast_debug(1, "Called after startup... ignoring!\n");
}
#endif
}
void ERR_free_strings(void)
{
/* we can't allow this to be called, ever */
}
/*!
* \internal
* \brief Common OpenSSL initialization for all of Asterisk.
libasteriskssl: do nothing with OpenSSL >= 1.1 OpenSSL 1.1 requires no explicit initialization. The hacks in the library are not needed. They also happen to fail running Asterisk. Change-Id: I3b3efd5d80234a4c45a8ee58dcfe25b15d9ad100
2017-02-03 10:25:33 +02:00
*
* Not needed for OpenSSL versions >= 1.1.0
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
*/
int ast_ssl_init(void)
{
unsigned int i;
int (*real_SSL_library_init)(void);
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#if OPENSSL_VERSION_NUMBER < 0x10000000L
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
void (*real_CRYPTO_set_id_callback)(unsigned long (*)(void));
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#endif
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int));
void (*real_SSL_load_error_strings)(void);
const char *errstr;
/* clear any previous dynamic linker errors */
dlerror();
get_OpenSSL_function(SSL_library_init);
if ((errstr = dlerror()) != NULL) {
ast_debug(1, "unable to get real address of SSL_library_init: %s\n", errstr);
/* there is no way to continue in this situation... SSL will
* likely be broken in this process
*/
return -1;
} else {
real_SSL_library_init();
}
/* Make OpenSSL usage thread-safe. */
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#if OPENSSL_VERSION_NUMBER < 0x10000000L
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
dlerror();
get_OpenSSL_function(CRYPTO_set_id_callback);
if ((errstr = dlerror()) != NULL) {
ast_debug(1, "unable to get real address of CRYPTO_set_id_callback: %s\n", errstr);
/* there is no way to continue in this situation... SSL will
* likely be broken in this process
*/
return -1;
} else {
real_CRYPTO_set_id_callback(ssl_threadid);
}
libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. Use CRYPTO_set_id_callback(.) only with OpenSSL 0.9.8 and older. ASTERISK-27867 Change-Id: Iadd58d5bf6f538eb224203970a4e88e26f259655
2018-05-20 13:36:51 +02:00
#endif
Address OpenSSL initialization issues when using third-party libraries. When Asterisk is used with various third-party libraries (CURL, PostgresSQL, many others) that have the ability themselves to use OpenSSL, it is possible for conflicts to arise in how the OpenSSL libraries are initialized and shutdown. This patch addresses these conflicts by 'wrapping' the important functions from the OpenSSL libraries in a new shared library that is part of Asterisk itself, and is loaded in such a way as to ensure that *all* calls to these functions will be dispatched through the Asterisk wrapper functions, not the native functions. This new library is optional, but enabled by default. See the CHANGES file for documentation on how to disable it. Along the way, this patch also makes a few other minor changes: * Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to more closely match what is used during run-time configuration. * Corrects some errors in the configure script where AC_CHECK_TOOLS was used instead of AC_PATH_PROG. * Adds a new variable for linker flags in the build system (DYLINK), used for producing true shared libraries (as opposed to the dynamically loadable modules that the build system produces for 'regular' Asterisk modules). * Moves the Makefile bits that handle installation and uninstallation of the main Asterisk binary into main/Makefile from the top-level Makefile. * Moves a couple of useful preprocessor macros from optional_api.h to asterisk.h. Review: https://reviewboard.asterisk.org/r/1006/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-01-30 21:21:16 +00:00
dlerror();
get_OpenSSL_function(CRYPTO_set_locking_callback);
if ((errstr = dlerror()) != NULL) {
ast_debug(1, "unable to get real address of CRYPTO_set_locking_callback: %s\n", errstr);
/* there is no way to continue in this situation... SSL will
* likely be broken in this process
*/
return -1;
} else {
ssl_num_locks = CRYPTO_num_locks();
if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
return -1;
}
for (i = 0; i < ssl_num_locks; i++) {
ast_mutex_init(&ssl_locks[i]);
}
real_CRYPTO_set_locking_callback(ssl_lock);
}
/* after this point, we don't check for errors from the dlsym() calls,
* under the assumption that if the ones above were successful, all
* the rest will be too. this assumption holds as long as OpenSSL still
* provides all of these functions.
*/
get_OpenSSL_function(SSL_load_error_strings);
real_SSL_load_error_strings();
startup_complete = 1;
return 0;
}
Fix compiler warnings on Fedora 26 / GCC 7. GCC 7 has added capability to produce warnings, this fixes most of those warnings. The specific warnings are disabled in a few places: * app_voicemail.c: truncation of paths more than 4096 chars in many places. * chan_mgcp.c: callid truncated to 80 chars. * cdr.c: two userfields are combined to cdr copy, fix would break ABI. * tcptls.c: ignore use of deprecated method SSLv3_client_method(). ASTERISK-27156 #close Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
2017-07-27 21:58:22 -04:00
#else
int ast_ssl_init(void)
{
return 0;
}
#endif
Reference in New Issue Copy Permalink