kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-26 22:30:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8fb6cbc65e78ba75c80098522240eef765382416
asterisk/main/ssl.c
Matthew Jordan 8fb6cbc65e Multiple revisions 366052,367002,367416,369731,373061 
........
  r366052 | mmichelson | 2012-05-10 11:10:18 -0500 (Thu, 10 May 2012) | 7 lines
  
  Close the proper tcptls_session when session creation fails.
  
  (issue AST-998)
  Reported by: Thomas Arimont
  Tested by: Thomas Arimont
........
  r367002 | mmichelson | 2012-05-18 11:53:47 -0500 (Fri, 18 May 2012) | 17 lines
  
  Fix memory leak of SSL_CTX structures in TLS core.
  
  SSL_CTX structures were allocated but never freed. This was a bigger
  issue for clients than servers since new SSL_CTX structures could be
  allocated for each connection. Servers, on the other hand, typically
  set up a single SSL_CTX for their lifetime.
  
  This is solved in two ways:
  
  1. In __ssl_setup(), if a tcptls_cfg has an ssl_ctx on it, it is
  freed so that a new one can take its place.
  2. A companion to ast_ssl_setup() called ast_ssl_teardown() has
  been added so that servers can properly free their SSL_CTXs.
  
  (issue ASTERISK-19278)
........
  r367416 | mmichelson | 2012-05-23 15:27:47 -0500 (Wed, 23 May 2012) | 5 lines
  
  Only call SSL_CTX_free if DO_SSL is defined.
  
  Thanks to Paul Belanger for pointing out this error.
........
  r369731 | mmichelson | 2012-07-06 13:40:06 -0500 (Fri, 06 Jul 2012) | 19 lines
  
  Remove a superfluous and dangerous freeing of an SSL_CTX.
  
  The problem here is that multiple server sessions share
  a SSL_CTX. When one session ended, the SSL_CTX would be
  freed and set NULL, leaving the other sessions unable to
  function.
  
  The code being removed is superfluous because the SSL_CTX
  structures for servers will be properly freed when ast_ssl_teardown
  is called.
  
  (closes issue ASTERISK-20074)
  Reported by Trevor Helmsley
  Patches:
  	ASTERISK-20074.diff uploaded by Mark Michelson (license #5049)
  Testers:
  	Trevor Helmsley
........
  r373061 | mjordan | 2012-09-14 14:07:20 -0500 (Fri, 14 Sep 2012) | 28 lines
  
  Resolve memory leaks in TLS initialization and TLS client connections
  
  This patch resolves two sources of memory leaks when using TLS in Asterisk:
  1) It removes improper initialization (and multiple re-initializations) of
     portions of the SSL library.  Asterisk calls SSL_library_init and
     SSL_load_error_strings during SSL initialization; collectively this
     obviates the need for calling any of the following during initialization
     or client connection handling:
     * ERR_load_crypto_strings (handled by SSL_load_error_strings)
     * OpenSSL_add_all_algorithms (synonym for SSL_library_init)
     * SSLeay_add_ssl_algorithms (synonym for SSL_library_init)
  2) Failure to completely clean up all memory allocated by Asterisk and by
     the SSL library for TLS clients.  This included not freeing the SSL_CTX
     object in the SIP channel driver, as well as not clearing the error
     stack when the TLS client exited.
  
  Note that these memory leaks were found by Thomas Arimont, and this patch
  was essentially written by him with some minor tweaks.
  
  (closes issue AST-889)
  Reported by: Thomas Arimont
  Tested by: Thomas Arimont
  patches:
    (bugAST-889.patch) by Thomas Arimont (license 5525)
  
  Review: https://reviewboard.asterisk.org/r/2105
........

Merged revisions 366052,367002,367416,369731,373061 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@373088 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-09-14 20:25:44 +00:00

99 lines
2.0 KiB
C
Raw Blame History

/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2009, Digium, Inc.
*
* Russell Bryant <russell@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*!
* \file
* \brief Common OpenSSL support code
*
* \author Russell Bryant <russell@digium.com>
*/
#include "asterisk.h"
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#ifdef HAVE_OPENSSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
#include "asterisk/_private.h" /* ast_ssl_init() */
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#ifdef HAVE_OPENSSL
static ast_mutex_t *ssl_locks;
static int ssl_num_locks;
static unsigned long ssl_threadid(void)
{
return (unsigned long)pthread_self();
}
static void ssl_lock(int mode, int n, const char *file, int line)
{
if (n < 0 || n >= ssl_num_locks) {
ast_log(LOG_ERROR, "OpenSSL is full of LIES!!! - "
"ssl_num_locks '%d' - n '%d'\n",
ssl_num_locks, n);
return;
}
if (mode & CRYPTO_LOCK) {
ast_mutex_lock(&ssl_locks[n]);
} else {
ast_mutex_unlock(&ssl_locks[n]);
}
}
#endif /* HAVE_OPENSSL */
/*!
* \internal
* \brief Common OpenSSL initialization for all of Asterisk.
*/
int ast_ssl_init(void)
{
#ifdef HAVE_OPENSSL
unsigned int i;
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
/* Make OpenSSL thread-safe. */
CRYPTO_set_id_callback(ssl_threadid);
ssl_num_locks = CRYPTO_num_locks();
if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
return -1;
}
for (i = 0; i < ssl_num_locks; i++) {
ast_mutex_init(&ssl_locks[i]);
}
CRYPTO_set_locking_callback(ssl_lock);
#endif /* HAVE_OPENSSL */
return 0;
}
Reference in New Issue View Git Blame Copy Permalink