Browse code

- preliminary tls support - added qm_realloc/pkg_realloc/shm_realloc (needed by libssl)

Andrei Pelinescu-Onciul authored on 30/06/2003 10:04:02
Showing 9 changed files
... ...
@@ -26,6 +26,7 @@
26 26
 #  2003-06-06  moved compiler detection before DEFS (andrei)
27 27
 #  2003-06-10  removed -m32 for gcc 3.x/sparc64  -- it will use 
28 28
 #              arch. default: -m32 on solaris, -m64 on *bsd (andrei)
29
+#  2003-06-29  added TLS support: TLS=1 (andrei)
29 30
 
30 31
 
31 32
 # check if already included/exported
... ...
@@ -39,14 +40,16 @@ export makefile_defs
39 39
 #version number
40 40
 VERSION = 0
41 41
 PATCHLEVEL = 8
42
-SUBLEVEL =   11
43
-EXTRAVERSION = dev34
42
+SUBLEVEL =   12
43
+EXTRAVERSION = dev-tls01
44 44
 
45 45
 RELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
46 46
 OS = $(shell uname -s | sed -e s/SunOS/solaris/ | tr "[A-Z]" "[a-z]")
47 47
 ARCH = $(shell uname -m |sed -e s/i.86/i386/ -e s/sun4u/sparc64/  \
48 48
 			-e s/armv4l/arm/)
49 49
 
50
+# TLS support
51
+TLS ?=
50 52
 # extra CC command line options (e.g  -march=athlon-mp)
51 53
 CC_EXTRA_OPTS ?=
52 54
  # install location
... ...
@@ -251,10 +254,12 @@ endif
251 251
 #  		forking (done at the top of main_loop). Needed if you want
252 252
 #  		to use the snmp module.
253 253
 # -DUSE_TCP
254
-#		compiles in tcp support (highly experimental for now, it will probably
255
-#		not work, use it only if you really now what you are doing)
254
+#		compiles in tcp support
256 255
 # -DDISABLE_NAGLE
257 256
 #		disable the tcp Nagle algorithm (lower delay)
257
+# -DUSE_TLS
258
+#		compiles in tls support, requires -DUSE_TCP. Please use
259
+#		make TLS=1 instead. (tls support is highly experimental for now)
258 260
 
259 261
 
260 262
 DEFS+= $(extra_defs) \
... ...
@@ -289,6 +294,11 @@ DEFS+= $(extra_defs) \
289 289
 # WARNING: do not add mode=debug or mode=release anymore in the Makefile,
290 290
 # use make mode=debug all instead. Anyway no by default ser is  compiled w/ 
291 291
 # debugging symbols in all cases (-g). --andrei
292
+
293
+ifneq ($(TLS),)
294
+	DEFS+= -DUSE_TLS
295
+endif
296
+
292 297
 ifeq ($(mode),)
293 298
 	mode = release
294 299
 endif
... ...
@@ -675,6 +685,11 @@ ifneq (,$(findstring CYGWIN, $(OS)))
675 675
 	endif
676 676
 endif
677 677
 
678
+#add libssl if needed
679
+ifneq ($(TLS),)
680
+LIBS+= -lssl
681
+endif
682
+
678 683
 ifneq ($(found_lock_method), yes)
679 684
 $(warning	No locking method found so far, trying SYS V sems)
680 685
 		DEFS+= -DUSE_SYSV_SEM  # try sys v sems
... ...
@@ -38,10 +38,15 @@
38 38
 #include "types.h"
39 39
 
40 40
 /* default sip port if none specified */
41
-#define SIP_PORT 5060
41
+#define SIP_PORT  5060
42
+#define SIPS_PORT 5061
42 43
 
43 44
 #define CFG_FILE CFG_DIR "ser.cfg"
44 45
 
46
+#define TLS_PKEY_FILE CFG_DIR "cert.pem" 
47
+#define TLS_CERT_FILE CFG_DIR "cert.pem"
48
+#define TLS_CA_FILE 0 /* no CA list file by default */
49
+
45 50
 
46 51
 /* maximum number of addresses on which we will listen */
47 52
 #define MAX_LISTEN 16
... ...
@@ -40,6 +40,8 @@
40 40
  *               after daemonize (so that we won't catch anymore our own
41 41
  *               SIGCHLD generated when becoming session leader) (andrei)
42 42
  *              changed is_main default value to 1 (andrei)
43
+ *  2003-06-29  preliminary tls support (andrei)
44
+ *              replaced port_no_str snprintf w/ int2str (andrei)
43 45
  *
44 46
  */
45 47
 
... ...
@@ -92,9 +94,14 @@
92 92
 #include "hash_func.h"
93 93
 #include "pt.h"
94 94
 #include "script_cb.h"
95
+#include "ut.h"
95 96
 #ifdef USE_TCP
96 97
 #include "tcp_init.h"
98
+#ifdef USE_TLS
99
+#include "tls_init.h"
97 100
 #endif
101
+#endif
102
+
98 103
 
99 104
 
100 105
 #include "stats.h"
... ...
@@ -119,6 +126,9 @@ static char flags[]=
119 119
 #ifdef USE_TCP
120 120
 ", USE_TCP"
121 121
 #endif
122
+#ifdef USE_TLS
123
+", USE_TLS"
124
+#endif
122 125
 #ifdef DISABLE_NAGLE
123 126
 ", DISABLE_NAGLE"
124 127
 #endif
... ...
@@ -267,6 +277,9 @@ int children_no = 0;			/* number of children processing requests */
267 267
 int tcp_children_no = 0;
268 268
 int tcp_disable = 0; /* 1 if tcp is disabled */
269 269
 #endif
270
+#ifdef USE_TLS
271
+int tls_disable = 0; /* 1 if tls is disabled */
272
+#endif
270 273
 struct process_table *pt=0;		/*array with childrens pids, 0= main proc,
271 274
 									alloc'ed in shared mem if possible*/
272 275
 int sig_flag = 0;              /* last signal received */
... ...
@@ -315,6 +328,9 @@ struct socket_info sock_info[MAX_LISTEN];/*all addresses we listen/send from*/
315 315
 #ifdef USE_TCP
316 316
 struct socket_info tcp_info[MAX_LISTEN];/*all tcp addresses we listen on*/
317 317
 #endif
318
+#ifdef USE_TLS
319
+struct socket_info tls_info[MAX_LISTEN]; /* all tls addresses we listen on*/
320
+#endif
318 321
 int sock_no=0; /* number of addresses/open sockets*/
319 322
 struct socket_info* bind_address=0; /* pointer to the crt. proc.
320 323
 									 listening address*/
... ...
@@ -325,8 +341,15 @@ struct socket_info* sendipv6; /* same as above for ipv6 */
325 325
 struct socket_info* sendipv4_tcp; 
326 326
 struct socket_info* sendipv6_tcp; 
327 327
 #endif
328
+#ifdef USE_TLS
329
+struct socket_info* sendipv4_tls;
330
+struct socket_info* sendipv6_tls;
331
+#endif
328 332
 
329 333
 unsigned short port_no=0; /* default port*/
334
+#ifdef USE_TLS
335
+unsigned short tls_port_no=0; /* default port */
336
+#endif
330 337
 
331 338
 struct host_alias* aliases=0; /* name aliases list */
332 339
 
... ...
@@ -368,6 +391,9 @@ void cleanup(show_status)
368 368
 #ifdef USE_TCP
369 369
 	destroy_tcp();
370 370
 #endif
371
+#ifdef USE_TLS
372
+	destroy_tls();
373
+#endif
371 374
 	destroy_timer();
372 375
 	destroy_fifo();
373 376
 	destroy_script_cb();
... ...
@@ -702,6 +728,10 @@ int main_loop()
702 702
 #ifdef USE_TCP
703 703
 	int sockfd[2];
704 704
 #endif
705
+#ifdef USE_TLS
706
+	char* tmp;
707
+	int len;
708
+#endif
705 709
 		
706 710
 
707 711
 	/* one "main" process and n children handling i/o */
... ...
@@ -818,7 +848,36 @@ int main_loop()
818 818
 					sendipv6_tcp=&tcp_info[r];
819 819
 		#endif
820 820
 			}
821
-#endif
821
+#ifdef USE_TLS
822
+			if (!tls_disable){
823
+				tls_info[r]=sock_info[r]; /* copy the sockets */
824
+				/* fix the port number -- there is no way so far to set-up
825
+				 * individual tls port numbers */
826
+				tls_info[r].port_no=tls_port_no; /* FIXME: */
827
+				tmp=int2str(tls_info[r].port_no, &len);
828
+				/* we don't need to free the previous content, is uesd
829
+				 * by tcp & udp! */
830
+				tls_info[r].port_no_str.s=(char*)pkg_malloc(len+1);
831
+				if (tls_info[r].port_no_str.s==0){
832
+					LOG(L_CRIT, "memory allocation failure\n");
833
+					goto error;
834
+				}
835
+				strncpy(tls_info[r].port_no_str.s, tmp, len+1);
836
+				tls_info[r].port_no_str.len=len;
837
+				
838
+				/* same as for tcp*/
839
+				if (tls_init(&tls_info[r])==-1)  goto error;
840
+				/* get first ipv4/ipv6 socket*/
841
+				if ((tls_info[r].address.af==AF_INET)&&
842
+						((sendipv4_tls==0)||(sendipv4_tls->is_lo)))
843
+					sendipv4_tls=&tls_info[r];
844
+		#ifdef USE_IPV6
845
+				if((sendipv6_tls==0)&&(tls_info[r].address.af==AF_INET6))
846
+					sendipv6_tls=&tls_info[r];
847
+		#endif
848
+			}
849
+#endif /* USE_TLS */
850
+#endif /* USE_TCP */
822 851
 			/* all procs should have access to all the sockets (for sending)
823 852
 			 * so we open all first*/
824 853
 		}
... ...
@@ -942,9 +1001,9 @@ int main_loop()
942 942
 	}
943 943
 #ifdef USE_TCP
944 944
 		if (!tcp_disable){
945
-				/* start tcp receivers */
945
+				/* start tcp  & tls receivers */
946 946
 			if (tcp_init_children()<0) goto error;
947
-				/* start tcp master proc */
947
+				/* start tcp+tls master proc */
948 948
 			process_no++;
949 949
 			if ((pid=fork())<0){
950 950
 				LOG(L_CRIT, "main_loop: cannot fork tcp main process\n");
... ...
@@ -1147,8 +1206,7 @@ int main(int argc, char** argv)
1147 1147
 	struct host_alias* a;
1148 1148
 	struct utsname myname;
1149 1149
 	char *options;
1150
-	char port_no_str[MAX_PORT_LEN];
1151
-	int port_no_str_len;
1150
+	int len;
1152 1151
 	int ret;
1153 1152
 	struct passwd *pw_entry;
1154 1153
 	struct group  *gr_entry;
... ...
@@ -1156,7 +1214,6 @@ int main(int argc, char** argv)
1156 1156
 	int rfd;
1157 1157
 
1158 1158
 	/*init*/
1159
-	port_no_str_len=0;
1160 1159
 	ret=-1;
1161 1160
 	my_argc=argc; my_argv=argv;
1162 1161
 	
... ...
@@ -1402,6 +1459,9 @@ try_again:
1402 1402
 	
1403 1403
 	/* fix parameters */
1404 1404
 	if (port_no<=0) port_no=SIP_PORT;
1405
+#ifdef USE_TLS
1406
+	if (tls_port_no<=0) tls_port_no=SIPS_PORT;
1407
+#endif
1405 1408
 	
1406 1409
 	
1407 1410
 	if (children_no<=0) children_no=CHILD_NO;
... ...
@@ -1483,31 +1543,19 @@ try_again:
1483 1483
 	for (r=0; r<sock_no;r++){
1484 1484
 		/* fix port number, port_no should be !=0 here */
1485 1485
 		if (sock_info[r].port_no==0) sock_info[r].port_no=port_no;
1486
-		port_no_str_len=snprintf(port_no_str, MAX_PORT_LEN, "%d", 
1487
-									(unsigned short) sock_info[r].port_no);
1488
-		/* if buffer too small, snprintf may return per C99 estimated size
1489
-		   of needed space; there is no guarantee how many characters 
1490
-		   have been written to the buffer and we can be happy if
1491
-		   the snprintf implementation zero-terminates whatever it wrote
1492
-		   -jku
1493
-		*/
1494
-		if (port_no_str_len<0 || port_no_str_len>=MAX_PORT_LEN){
1486
+		tmp=int2str(sock_info[r].port_no, &len);
1487
+		if (len>=MAX_PORT_LEN){
1495 1488
 			fprintf(stderr, "ERROR: bad port number: %d\n", 
1496 1489
 						sock_info[r].port_no);
1497 1490
 			goto error;
1498 1491
 		}
1499
-		/* on some systems snprintf returns really strange things if it does 
1500
-		  not have  enough space */
1501
-		port_no_str_len=
1502
-				(port_no_str_len<MAX_PORT_LEN)?port_no_str_len:MAX_PORT_LEN;
1503
-		sock_info[r].port_no_str.s=(char*)pkg_malloc(strlen(port_no_str)+1);
1492
+		sock_info[r].port_no_str.s=(char*)pkg_malloc(len+1);
1504 1493
 		if (sock_info[r].port_no_str.s==0){
1505 1494
 			fprintf(stderr, "Out of memory.\n");
1506 1495
 			goto error;
1507 1496
 		}
1508
-		strncpy(sock_info[r].port_no_str.s, port_no_str,
1509
-					strlen(port_no_str)+1);
1510
-		sock_info[r].port_no_str.len=strlen(port_no_str);
1497
+		strncpy(sock_info[r].port_no_str.s, tmp, len+1);
1498
+		sock_info[r].port_no_str.len=len;
1511 1499
 		
1512 1500
 		/* get "official hostnames", all the aliases etc. */
1513 1501
 		he=resolvehost(sock_info[r].name.s);
... ...
@@ -1643,7 +1691,16 @@ try_again:
1643 1643
 			goto error;
1644 1644
 		}
1645 1645
 	}
1646
-#endif
1646
+#ifdef USE_TLS
1647
+	if (!tls_disable){
1648
+		/* init tls*/
1649
+		if (init_tls()<0){
1650
+			LOG(L_CRIT, "could not initialize tls, exiting...\n");
1651
+			goto error;
1652
+		}
1653
+	}
1654
+#endif /* USE_TLS */
1655
+#endif /* USE_TCP */
1647 1656
 	/* init_daemon? */
1648 1657
 	if (!dont_fork){
1649 1658
 		if ( daemonize(argv[0]) <0 ) goto error;
... ...
@@ -74,6 +74,8 @@
74 74
 #		else
75 75
 #			define pkg_malloc(s) qm_malloc(mem_block, (s),__FILE__, \
76 76
 				__FUNCTION__, __LINE__)
77
+#			define pkg_realloc(p, s) qm_realloc(mem_block, (p), (s),__FILE__, \
78
+				__FUNCTION__, __LINE__)
77 79
 #			define pkg_free(p)   qm_free(mem_block, (p), __FILE__,  \
78 80
 				__FUNCTION__, __LINE__)
79 81
 #		endif
... ...
@@ -86,6 +88,7 @@
86 86
 #			define pkg_free(p)   fm_free(mem_block, (p))
87 87
 #		else
88 88
 #			define pkg_malloc(s) qm_malloc(mem_block, (s))
89
+#			define pkg_realloc(p, s) qm_realloc(mem_block, (p), (s))
89 90
 #			define pkg_free(p)   qm_free(mem_block, (p))
90 91
 #		endif
91 92
 #	endif
... ...
@@ -29,6 +29,7 @@
29 29
  * --------
30 30
  *  ????-??-??  created by andrei
31 31
  *  2003-04-14  more debugging added in DBG_QM_MALLOC mode (andrei)
32
+ *  2003-06-29  added qm_realloc (andrei)
32 33
  */
33 34
 
34 35
 
... ...
@@ -266,6 +267,49 @@ static inline struct qm_frag* qm_find_free(struct qm_block* qm,
266 266
 }
267 267
 
268 268
 
269
+/* returns 0 on success, -1 on error;
270
+ * new_size < size & rounduped already!*/
271
+static inline
272
+#ifdef DBG_QM_MALLOC
273
+int split_frag(struct qm_block* qm, struct qm_frag* f, unsigned int new_size,
274
+				char* file, char* func, unsigned int line)
275
+#else
276
+int split_frag(struct qm_block* qm, struct qm_frag* f, unsigned int new_size)
277
+#endif
278
+{
279
+	unsigned int rest;
280
+	struct qm_frag* n;
281
+	struct qm_frag_end* end;
282
+	
283
+	rest=f->size-new_size;
284
+	if (rest>(FRAG_OVERHEAD+MIN_FRAG_SIZE)){
285
+		f->size=new_size;
286
+		/*split the fragment*/
287
+		end=FRAG_END(f);
288
+		end->size=new_size;
289
+		n=(struct qm_frag*)((char*)end+sizeof(struct qm_frag_end));
290
+		n->size=rest-FRAG_OVERHEAD;
291
+		FRAG_END(n)->size=n->size;
292
+		qm->real_used+=FRAG_OVERHEAD;
293
+#ifdef DBG_QM_MALLOC
294
+		end->check1=END_CHECK_PATTERN1;
295
+		end->check2=END_CHECK_PATTERN2;
296
+		/* frag created by malloc, mark it*/
297
+		n->file=file;
298
+		n->func=func;
299
+		n->line=line;
300
+		n->check=ST_CHECK_PATTERN;
301
+#endif
302
+		/* reinsert n in free list*/
303
+		qm_insert_free(qm, n);
304
+		return 0;
305
+	}else{
306
+			/* we cannot split this fragment any more */
307
+		return -1;
308
+	}
309
+}
310
+
311
+
269 312
 
270 313
 #ifdef DBG_QM_MALLOC
271 314
 void* qm_malloc(struct qm_block* qm, unsigned int size, char* file, char* func,
... ...
@@ -275,9 +319,6 @@ void* qm_malloc(struct qm_block* qm, unsigned int size)
275 275
 #endif
276 276
 {
277 277
 	struct qm_frag* f;
278
-	struct qm_frag_end* end;
279
-	struct qm_frag* n;
280
-	unsigned int rest;
281 278
 	
282 279
 #ifdef DBG_QM_MALLOC
283 280
 	unsigned int list_cntr;
... ...
@@ -304,34 +345,12 @@ void* qm_malloc(struct qm_block* qm, unsigned int size)
304 304
 		qm_detach_free(qm, f);
305 305
 		/*mark it as "busy"*/
306 306
 		f->u.is_free=0;
307
-		
308
-		/*see if we'll use full frag, or we'll split it in 2*/
309
-		rest=f->size-size;
310
-		if (rest>(FRAG_OVERHEAD+MIN_FRAG_SIZE)){
311
-			f->size=size;
312
-			/*split the fragment*/
313
-			end=FRAG_END(f);
314
-			end->size=size;
315
-			n=(struct qm_frag*)((char*)end+sizeof(struct qm_frag_end));
316
-			n->size=rest-FRAG_OVERHEAD;
317
-			FRAG_END(n)->size=n->size;
318
-			qm->real_used+=FRAG_OVERHEAD;
307
+		/* we ignore split return */
319 308
 #ifdef DBG_QM_MALLOC
320
-			end->check1=END_CHECK_PATTERN1;
321
-			end->check2=END_CHECK_PATTERN2;
322
-			/* frag created by malloc, mark it*/
323
-			n->file=file;
324
-			n->func="frag. from qm_malloc";
325
-			n->line=line;
326
-			n->check=ST_CHECK_PATTERN;
327
-/*			FRAG_END(n)->check1=END_CHECK_PATTERN1;
328
-			FRAG_END(n)->check2=END_CHECK_PATTERN2; */
309
+		split_frag(qm, f, size, file, "fragm. from qm_malloc", line);
310
+#else
311
+		split_frag(qm, f, size);
329 312
 #endif
330
-			/* reinsert n in free list*/
331
-			qm_insert_free(qm, n);
332
-		}else{
333
-			/* we cannot split this fragment any more => alloc all of it*/
334
-		}
335 313
 		qm->real_used+=f->size;
336 314
 		qm->used+=f->size;
337 315
 		if (qm->max_real_used<qm->real_used)
... ...
@@ -394,9 +413,6 @@ void qm_free(struct qm_block* qm, void* p)
394 394
 	size=f->size;
395 395
 	qm->used-=size;
396 396
 	qm->real_used-=size;
397
-#ifdef DBG_QM_MALLOC
398
-	qm_debug_frag(qm, f);
399
-#endif
400 397
 
401 398
 #ifdef QM_JOIN_FREE
402 399
 	/* join packets if possible*/
... ...
@@ -436,6 +452,131 @@ void qm_free(struct qm_block* qm, void* p)
436 436
 
437 437
 
438 438
 
439
+#ifdef DBG_QM_MALLOC
440
+void* qm_realloc(struct qm_block* qm, void* p, unsigned int size,
441
+					char* file, char* func, unsigned int line)
442
+#else
443
+void* qm_realloc(struct qm_block* qm, void* p, unsigned int size)
444
+#endif
445
+{
446
+	struct qm_frag* f;
447
+	unsigned int diff;
448
+	unsigned int orig_size;
449
+	struct qm_frag* n;
450
+	void* ptr;
451
+	
452
+	
453
+#ifdef DBG_QM_MALLOC
454
+	DBG("qm_realloc(%p, %p, %d) called from %s: %s(%d)\n", qm, p, size,
455
+			file, func, line);
456
+	if (p>(void*)qm->last_frag_end || p<(void*)qm->first_frag){
457
+		LOG(L_CRIT, "BUG: qm_free: bad pointer %p (out of memory block!) - "
458
+				"aborting\n", p);
459
+		abort();
460
+	}
461
+#endif
462
+	
463
+	if (size==0) {
464
+		if (p)
465
+#ifdef DBG_QM_MALLOC
466
+			qm_free(qm, p, file, func, line);
467
+#else
468
+			qm_free(qm, p);
469
+#endif
470
+		return 0;
471
+	}
472
+	if (p==0)
473
+#ifdef DBG_QM_MALLOC
474
+		return qm_malloc(qm, size, file, func, line);
475
+#else
476
+		return qm_malloc(qm, size);
477
+#endif
478
+	f=(struct qm_frag*) ((char*)p-sizeof(struct qm_frag));
479
+#ifdef DBG_QM_MALLOC
480
+	qm_debug_frag(qm, f);
481
+	DBG("qm_realloc: realloc'ing frag %p alloc'ed from %s: %s(%ld)\n",
482
+			f, f->file, f->func, f->line);
483
+	if (f->u.is_free){
484
+		LOG(L_CRIT, "BUG:qm_realloc: trying to realloc an already freed "
485
+				"pointer %p , fragment %p -- aborting\n", p, f);
486
+		abort();
487
+	}
488
+#endif
489
+	/* find first acceptable size */
490
+	size=ROUNDUP(size);
491
+	if (f->size > size){
492
+		/* shrink */
493
+#ifdef DBG_QM_MALLOC
494
+		DBG("qm_realloc: shrinking from %ld to %d\n", f->size, size);
495
+		if(split_frag(qm, f, size, file, "fragm. from qm_realloc", line)!=0){
496
+		DBG("qm_realloc : shrinked succesfull\n");
497
+#else
498
+		if(split_frag(qm, f, size)!=0){
499
+#endif
500
+			/* update used sizes */
501
+			qm->real_used-=(f->size-size);
502
+			qm->used-=(f->size-size);
503
+		}
504
+		
505
+	}else if (f->size < size){
506
+		/* grow */
507
+#ifdef DBG_QM_MALLOC
508
+		DBG("qm_realloc: growing from %ld to %d\n", f->size, size);
509
+#endif
510
+			orig_size=f->size;
511
+			diff=size-f->size;
512
+			n=FRAG_NEXT(f);
513
+			if (((char*)n < (char*)qm->last_frag_end) && 
514
+					(n->u.is_free)&&((n->size+FRAG_OVERHEAD)>=diff)){
515
+				/* join  */
516
+				qm_detach_free(qm, n);
517
+				f->size+=n->size+FRAG_OVERHEAD;
518
+				qm->real_used-=FRAG_OVERHEAD;
519
+				FRAG_END(f)->size=f->size;
520
+				/* end checks should be ok */
521
+				/* split it if necessary */
522
+				if (f->size > size ){
523
+	#ifdef DBG_QM_MALLOC
524
+					split_frag(qm, f, size, file, "fragm. from qm_realloc",
525
+										line);
526
+	#else
527
+					split_frag(qm, f, size);
528
+	#endif
529
+				}
530
+				qm->real_used+=(f->size-orig_size);
531
+				qm->used+=(f->size-orig_size);
532
+			}else{
533
+				/* could not join => realloc */
534
+	#ifdef DBG_QM_MALLOC
535
+				ptr=qm_malloc(qm, size, file, func, line);
536
+	#else
537
+				ptr=qm_malloc(qm, size);
538
+	#endif
539
+				if (ptr)
540
+					/* copy, need by libssl */
541
+					memcpy(ptr, p, orig_size);
542
+	#ifdef DBG_QM_MALLOC
543
+					qm_free(qm, p, file, func, line);
544
+	#else
545
+					qm_free(qm, p);
546
+	#endif
547
+				p=ptr;
548
+			}
549
+	}else{
550
+		/* do nothing */
551
+#ifdef DBG_QM_MALLOC
552
+		DBG("qm_realloc: doing nothing, same size: %ld - %d\n", f->size, size);
553
+#endif
554
+	}
555
+#ifdef DBG_QM_MALLOC
556
+	DBG("qm_realloc: returning %p\n", p);
557
+#endif
558
+	return p;
559
+}
560
+
561
+
562
+
563
+
439 564
 void qm_status(struct qm_block* qm)
440 565
 {
441 566
 	struct qm_frag* f;
... ...
@@ -136,6 +136,12 @@ void  qm_free(struct qm_block*, void* p, char* file, char* func,
136 136
 #else
137 137
 void  qm_free(struct qm_block*, void* p);
138 138
 #endif
139
+#ifdef DBG_QM_MALLOC
140
+void* qm_realloc(struct qm_block*, void* p, unsigned int size,
141
+				char* file, char* func, unsigned int line);
142
+#else
143
+void* qm_realloc(struct qm_block*, void* p, unsigned int size);
144
+#endif
139 145
 
140 146
 void  qm_status(struct qm_block*);
141 147
 
... ...
@@ -25,6 +25,11 @@
25 25
  * along with this program; if not, write to the Free Software 
26 26
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
27 27
  */
28
+/*
29
+ * History:
30
+ * --------
31
+ *  2003-06-29  added shm_realloc & replaced shm_resize (andrei)
32
+ */
28 33
 
29 34
 
30 35
 #ifdef SHM_MEM
... ...
@@ -71,6 +76,7 @@
71 71
 	extern struct qm_block* shm_block;
72 72
 #	define MY_MALLOC qm_malloc
73 73
 #	define MY_FREE qm_free
74
+#	define MY_REALLOC qm_realloc
74 75
 #	define MY_STATUS qm_status
75 76
 #	define  shm_malloc_init qm_malloc_init
76 77
 #endif
... ...
@@ -108,15 +114,29 @@ inline static void* _shm_malloc(unsigned int size,
108 108
 {
109 109
 	void *p;
110 110
 	
111
-	shm_lock();\
111
+	shm_lock();
112 112
 	p=MY_MALLOC(shm_block, size, file, function, line );
113 113
 	shm_unlock();
114 114
 	return p; 
115 115
 }
116 116
 
117
+
118
+inline static void* _shm_realloc(void *ptr, unsigned int size, 
119
+		char* file, char* function, int line )
120
+{
121
+	void *p;
122
+	shm_lock();
123
+	p=MY_REALLOC(shm_block, ptr, size, file, function, line);
124
+	shm_unlock();
125
+	return p;
126
+}
127
+
117 128
 #define shm_malloc( _size ) _shm_malloc((_size), \
118 129
 	__FILE__, __FUNCTION__, __LINE__ )
119 130
 
131
+#define shm_realloc( _ptr, _size ) _shm_realloc( (_ptr), (_size), \
132
+	__FILE__, __FUNCTION__, __LINE__ )
133
+
120 134
 
121 135
 
122 136
 #define shm_free_unsafe( _p  ) \
... ...
@@ -129,9 +149,9 @@ do { \
129 129
 		shm_unlock(); \
130 130
 }while(0)
131 131
 
132
-void* _shm_resize( void*, unsigned int, char*, char*, unsigned int);
133
-#define shm_resize(_p, _s ) \
134
-	_shm_resize( (_p), (_s),   __FILE__, __FUNCTION__, __LINE__)
132
+
133
+
134
+#define shm_resize(_p, _s ) shm_realloc( (_p), (_s))
135 135
 
136 136
 
137 137
 
... ...
@@ -151,7 +171,16 @@ inline static void* shm_malloc(unsigned int size)
151 151
 }
152 152
 
153 153
 
154
-void* _shm_resize( void*, unsigned int);
154
+inline static void* shm_realloc(void *ptr, unsigned int size)
155
+{
156
+	void *p;
157
+	shm_lock();
158
+	p=MY_REALLOC(shm_block, ptr, size);
159
+	shm_unlock();
160
+	return p;
161
+}
162
+
163
+
155 164
 
156 165
 #define shm_free_unsafe( _p ) MY_FREE(shm_block, (_p))
157 166
 
... ...
@@ -164,7 +193,7 @@ do { \
164 164
 
165 165
 
166 166
 
167
-#define shm_resize(_p, _s) _shm_resize( (_p), (_s))
167
+#define shm_resize(_p, _s) shm_realloc( (_p), (_s))
168 168
 
169 169
 
170 170
 #endif
171 171
new file mode 100644
... ...
@@ -0,0 +1,244 @@
0
+/*
1
+ * $Id$
2
+ *
3
+ * Copyright (C) 2001-2003 Fhg Fokus
4
+ *
5
+ * This file is part of ser, a free SIP server.
6
+ *
7
+ * ser is free software; you can redistribute it and/or modify
8
+ * it under the terms of the GNU General Public License as published by
9
+ * the Free Software Foundation; either version 2 of the License, or
10
+ * (at your option) any later version
11
+ *
12
+ * For a license to use the ser software under conditions
13
+ * other than those described here, or to purchase support for this
14
+ * software, please contact iptel.org by e-mail at the following addresses:
15
+ *    info@iptel.org
16
+ *
17
+ * ser is distributed in the hope that it will be useful,
18
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
19
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20
+ * GNU General Public License for more details.
21
+ *
22
+ * You should have received a copy of the GNU General Public License
23
+ * along with this program; if not, write to the Free Software
24
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
25
+ */
26
+/*
27
+ * tls initialization & cleanup functions
28
+ * 
29
+ * History:
30
+ * --------
31
+ *  2003-06-29  created by andrei
32
+ */
33
+#ifdef USE_TLS
34
+
35
+
36
+
37
+#include <openssl/ssl.h>
38
+#include <openssl/err.h>
39
+
40
+#include "mem/mem.h"
41
+#include "mem/shm_mem.h"
42
+#include "tcp_init.h"
43
+#include "dprint.h"
44
+
45
+
46
+
47
+#if OPENSSL_VERSION_NUMBER < 0x00906000L  /* 0.9.6*/
48
+#error "OpenSSL 0.9.6 or greater required"
49
+/* it might work ok with older versions (I think
50
+ *  >= 0.9.4 should be ok), but I didn't test them
51
+ *  so try them at your own risk :-) -- andrei
52
+ */
53
+#endif
54
+
55
+
56
+/* global tls related data */
57
+SSL_CTX* default_ctx=0 ; /* global ssl context */
58
+
59
+int tls_log=L_INFO; /* tls log level */
60
+int tls_require_cert=0; /* require client certificate */
61
+char* tls_pkey_file=0; /* private key file name */
62
+char* tls_cert_file=0; /* certificate file name */
63
+char* tls_ca_file=0;   /* CA list file name */
64
+
65
+
66
+/* inits a sock_info structure with tls data
67
+ * (calls tcp_init for the tcp part)
68
+ * returns 0 on success, -1 on error */
69
+int tls_init(struct socket_info* sock_info)
70
+{
71
+	int ret;
72
+	if ((ret=tcp_init(sock_info))!=0){
73
+		LOG(L_ERR, "ERROR: tls_init: tcp_init failed on"
74
+			"%.*s:%d\n", sock_info->address_str.len,
75
+			sock_info->address_str.s, sock_info->port_no);
76
+		return ret;
77
+	}
78
+	sock_info->proto=PROTO_TLS;
79
+	/* tls specific stuff */
80
+	return 0;
81
+}
82
+
83
+
84
+/* malloc & friends functions that will be used
85
+ * by libssl (we need most ssl info in shared mem.)*/
86
+
87
+void* tls_malloc(size_t size)
88
+{
89
+	return shm_malloc(size);
90
+}
91
+
92
+
93
+void tls_free(void* ptr)
94
+{
95
+	shm_free(ptr);
96
+}
97
+
98
+
99
+void* tls_realloc(void* ptr, size_t size)
100
+{
101
+	return shm_realloc(ptr, size);
102
+}
103
+
104
+
105
+/* print the ssl error stack */
106
+void tls_dump_errors(char* s)
107
+{
108
+	long err;
109
+	if ( 1 /*default_ctx */) /* only if ssl was initialized */
110
+		while((err=ERR_get_error()))
111
+			LOG(L_ERR, "%s%s\n", (s)?s:"", ERR_error_string(err,0));
112
+}
113
+
114
+
115
+
116
+/* inits ser tls support
117
+ * returns 0 on success, <0 on error */
118
+int init_tls()
119
+{
120
+
121
+	
122
+	if (tls_pkey_file==0)
123
+		tls_pkey_file=TLS_PKEY_FILE;
124
+	if (tls_cert_file==0)
125
+		tls_cert_file=TLS_CERT_FILE;
126
+	if (tls_ca_file==0)
127
+		tls_ca_file=TLS_CA_FILE;
128
+	
129
+	DBG("initializing openssl...\n");
130
+	SSL_library_init();  /* don't use shm_ for SSL_library_init() */
131
+	/* init mem. alloc. for libcrypt & openssl */
132
+	CRYPTO_set_mem_functions(tls_malloc, tls_realloc,
133
+								tls_free);
134
+	
135
+	/* init the openssl library */
136
+	SSL_load_error_strings(); /* readable error messages*/
137
+	/* seed the PRNG, nothing on linux because openssl should automatically
138
+	   use /dev/urandom, see RAND_seed, RAND_add */
139
+	
140
+	/* create the ssl context */
141
+	DBG("creating the ssl context...\n");
142
+	default_ctx=SSL_CTX_new(TLSv1_method());
143
+	if (default_ctx==0){
144
+		LOG(L_ERR, "init_tls: failed to create ssl context\n");
145
+		goto error;
146
+	}
147
+	/* no passwd: */
148
+	 /* SSL_CTX_set_default_passwd_cb(ctx, callback); */
149
+	
150
+	/* set options, e.g SSL_OP_NO_SSLv2, 
151
+	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
152
+	 */
153
+	/* SSL_CTX_set_options(ctx, options); */
154
+	
155
+	/* mode, e.g. SSL_MODE_ENABLE_PARTIAL_WRITE,
156
+	 * SSL_MODE_AUTO_RETRY */
157
+	/* SSL_CTX_set_mode(ctx, mode); */
158
+	
159
+	/* using certificates (we don't allow anonymous ciphers => at least
160
+	 * the server must have a cert)*/
161
+	/* private key */
162
+	if (SSL_CTX_use_PrivateKey_file(default_ctx, tls_pkey_file,
163
+				SSL_FILETYPE_PEM)!=1){
164
+		LOG(L_ERR, "init_tls: failed to load private key from \"%s\"\n",
165
+				tls_pkey_file);
166
+		goto error_certs;
167
+	}
168
+	if (SSL_CTX_use_certificate_chain_file(default_ctx, tls_cert_file)!=1){
169
+		/* better than *_use_certificate_file 
170
+		 * see SSL_CTX_use_certificate(3)/Notes */
171
+		LOG(L_ERR, "init_tls: failed to load certificate from \"%s\"\n",
172
+					tls_cert_file);
173
+		goto error_certs;
174
+	}
175
+	/* check if private key corresponds to the loaded ceritficate */
176
+	if (SSL_CTX_check_private_key(default_ctx)!=1){
177
+		LOG(L_CRIT, "init_tls: private key \"%s\" does not match the"
178
+				" certificate file \"%s\"\n", tls_pkey_file, tls_cert_file);
179
+		goto error_certs;
180
+	}
181
+	
182
+	/* set session id context, usefull for reusing stored sessions */
183
+	/*
184
+	if (SSL_CTX_set_session_id_context(ctx, version, version_len)!=1){
185
+		LOG(L_CRIT, "init_tls: failed to set session id\n");
186
+		goto error;
187
+	}
188
+	*/
189
+	
190
+	/* set cert. verifications options */
191
+	/* verify peer if it has a cert (to fail for no cert. add 
192
+	 *  | SSL_VERIFY_FAIL_IF_NO_PEER_CERT ); forces the server to send
193
+	 *  a client certificate request */
194
+	SSL_CTX_set_verify(default_ctx, SSL_VERIFY_PEER | ( (tls_require_cert)?
195
+			SSL_VERIFY_FAIL_IF_NO_PEER_CERT:0 ), 0);
196
+	/* SSL_CTX_set_verify_depth(ctx, 2);  -- default 9 */
197
+	/* CA locations, list */
198
+	if (tls_ca_file){
199
+		if (SSL_CTX_load_verify_locations(default_ctx, tls_ca_file, 0 )!=1){
200
+			/* we don't support ca path, we load them only from files */
201
+			LOG(L_CRIT, "init_tls: error while processing CA locations\n");
202
+			goto error_certs;
203
+		}
204
+		SSL_CTX_set_client_CA_list(default_ctx, 
205
+									SSL_load_client_CA_file(tls_ca_file));
206
+		if (SSL_CTX_get_client_CA_list(default_ctx)==0){
207
+			LOG(L_CRIT, "init_tls: error setting client CA list from <%s>\n",
208
+						tls_ca_file);
209
+			goto error_certs;
210
+		}
211
+	}
212
+	
213
+	/* DH tmp key generation -- see DSA_generate_parameters,
214
+	 * SSL_CTX_set_tmp_dh, SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE */
215
+	
216
+	/* RSA tmp key generation => we don't care, we won't accept 
217
+	 * connection to export restricted applications and tls does not
218
+	 * allow a tmp key in another sitaution */
219
+	
220
+	return 0;
221
+error_certs:
222
+	/*
223
+	SSL_CTX_free(ctx);
224
+	ctx=0;
225
+	*/
226
+error:
227
+	tls_dump_errors("tls_init:");
228
+	return -1;
229
+}
230
+
231
+
232
+
233
+void destroy_tls()
234
+{
235
+	if(default_ctx){
236
+		DBG("destroy_tls...\n");
237
+		SSL_CTX_free(default_ctx);
238
+		ERR_free_strings();
239
+		default_ctx=0; 
240
+	}
241
+}
242
+
243
+#endif
0 244
new file mode 100644
... ...
@@ -0,0 +1,67 @@
0
+
1
+/*
2
+ * $Id$
3
+ *
4
+ * Copyright (C) 2001-2003 Fhg Fokus
5
+ *
6
+ * This file is part of ser, a free SIP server.
7
+ *
8
+ * ser is free software; you can redistribute it and/or modify
9
+ * it under the terms of the GNU General Public License as published by
10
+ * the Free Software Foundation; either version 2 of the License, or
11
+ * (at your option) any later version
12
+ *
13
+ * For a license to use the ser software under conditions
14
+ * other than those described here, or to purchase support for this
15
+ * software, please contact iptel.org by e-mail at the following addresses:
16
+ *    info@iptel.org
17
+ *
18
+ * ser is distributed in the hope that it will be useful,
19
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
20
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21
+ * GNU General Public License for more details.
22
+ *
23
+ * You should have received a copy of the GNU General Public License
24
+ * along with this program; if not, write to the Free Software
25
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26
+ */
27
+/*
28
+ * tls initialization & cleanup functions
29
+ * 
30
+ * History:
31
+ * --------
32
+ *  2003-06-29  created by andrei
33
+ */
34
+#ifdef USE_TLS
35
+
36
+#ifndef tls_init_h
37
+#define tls_init_h
38
+
39
+#ifndef USE_TCP
40
+#error "TLS requires TCP support compiled-in, please" \
41
+        " add -DUSE_TCP to the Makefile.defs"
42
+#endif
43
+
44
+#ifndef SHM_MEM
45
+#error "shared memory support needed (add -DSHM_MEM to Makefile.defs)"
46
+#endif
47
+
48
+
49
+/* inits ser tls support
50
+ * returns 0 on success, <0 on error */
51
+int init_tls();
52
+
53
+/* cleans up */
54
+void destroy_tls();
55
+
56
+/* inits a sock_info structure with tls data
57
+ * (calls tcp_init for the tcp part)
58
+ * returns 0 on success, -1 on error */
59
+int tls_init(struct socket_info* sock_info);
60
+
61
+/* print the ssl error stack */
62
+void tls_dump_errors(char* s);
63
+
64
+
65
+#endif /* tls_init_h*/
66
+#endif /* USE_TLS*/