Browse code

- preliminary tls support - added qm_realloc/pkg_realloc/shm_realloc (needed by libssl)

Andrei Pelinescu-Onciul authored on 30/06/2003 10:04:02
Showing 9 changed files
... ...
@@ -26,6 +26,7 @@
26 26
 #  2003-06-06  moved compiler detection before DEFS (andrei)
27 27
 #  2003-06-10  removed -m32 for gcc 3.x/sparc64  -- it will use 
28 28
 #              arch. default: -m32 on solaris, -m64 on *bsd (andrei)
29
+#  2003-06-29  added TLS support: TLS=1 (andrei)
29 30
 
30 31
 
31 32
 # check if already included/exported
... ...
@@ -39,14 +40,16 @@ export makefile_defs
39 40
 #version number
40 41
 VERSION = 0
41 42
 PATCHLEVEL = 8
42
-SUBLEVEL =   11
43
-EXTRAVERSION = dev34
43
+SUBLEVEL =   12
44
+EXTRAVERSION = dev-tls01
44 45
 
45 46
 RELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
46 47
 OS = $(shell uname -s | sed -e s/SunOS/solaris/ | tr "[A-Z]" "[a-z]")
47 48
 ARCH = $(shell uname -m |sed -e s/i.86/i386/ -e s/sun4u/sparc64/  \
48 49
 			-e s/armv4l/arm/)
49 50
 
51
+# TLS support
52
+TLS ?=
50 53
 # extra CC command line options (e.g  -march=athlon-mp)
51 54
 CC_EXTRA_OPTS ?=
52 55
  # install location
... ...
@@ -251,10 +254,12 @@ endif
251 254
 #  		forking (done at the top of main_loop). Needed if you want
252 255
 #  		to use the snmp module.
253 256
 # -DUSE_TCP
254
-#		compiles in tcp support (highly experimental for now, it will probably
255
-#		not work, use it only if you really now what you are doing)
257
+#		compiles in tcp support
256 258
 # -DDISABLE_NAGLE
257 259
 #		disable the tcp Nagle algorithm (lower delay)
260
+# -DUSE_TLS
261
+#		compiles in tls support, requires -DUSE_TCP. Please use
262
+#		make TLS=1 instead. (tls support is highly experimental for now)
258 263
 
259 264
 
260 265
 DEFS+= $(extra_defs) \
... ...
@@ -289,6 +294,11 @@ DEFS+= $(extra_defs) \
289 294
 # WARNING: do not add mode=debug or mode=release anymore in the Makefile,
290 295
 # use make mode=debug all instead. Anyway no by default ser is  compiled w/ 
291 296
 # debugging symbols in all cases (-g). --andrei
297
+
298
+ifneq ($(TLS),)
299
+	DEFS+= -DUSE_TLS
300
+endif
301
+
292 302
 ifeq ($(mode),)
293 303
 	mode = release
294 304
 endif
... ...
@@ -675,6 +685,11 @@ ifneq (,$(findstring CYGWIN, $(OS)))
675 685
 	endif
676 686
 endif
677 687
 
688
+#add libssl if needed
689
+ifneq ($(TLS),)
690
+LIBS+= -lssl
691
+endif
692
+
678 693
 ifneq ($(found_lock_method), yes)
679 694
 $(warning	No locking method found so far, trying SYS V sems)
680 695
 		DEFS+= -DUSE_SYSV_SEM  # try sys v sems
... ...
@@ -38,10 +38,15 @@
38 38
 #include "types.h"
39 39
 
40 40
 /* default sip port if none specified */
41
-#define SIP_PORT 5060
41
+#define SIP_PORT  5060
42
+#define SIPS_PORT 5061
42 43
 
43 44
 #define CFG_FILE CFG_DIR "ser.cfg"
44 45
 
46
+#define TLS_PKEY_FILE CFG_DIR "cert.pem" 
47
+#define TLS_CERT_FILE CFG_DIR "cert.pem"
48
+#define TLS_CA_FILE 0 /* no CA list file by default */
49
+
45 50
 
46 51
 /* maximum number of addresses on which we will listen */
47 52
 #define MAX_LISTEN 16
... ...
@@ -40,6 +40,8 @@
40 40
  *               after daemonize (so that we won't catch anymore our own
41 41
  *               SIGCHLD generated when becoming session leader) (andrei)
42 42
  *              changed is_main default value to 1 (andrei)
43
+ *  2003-06-29  preliminary tls support (andrei)
44
+ *              replaced port_no_str snprintf w/ int2str (andrei)
43 45
  *
44 46
  */
45 47
 
... ...
@@ -92,9 +94,14 @@
92 94
 #include "hash_func.h"
93 95
 #include "pt.h"
94 96
 #include "script_cb.h"
97
+#include "ut.h"
95 98
 #ifdef USE_TCP
96 99
 #include "tcp_init.h"
100
+#ifdef USE_TLS
101
+#include "tls_init.h"
97 102
 #endif
103
+#endif
104
+
98 105
 
99 106
 
100 107
 #include "stats.h"
... ...
@@ -119,6 +126,9 @@ static char flags[]=
119 126
 #ifdef USE_TCP
120 127
 ", USE_TCP"
121 128
 #endif
129
+#ifdef USE_TLS
130
+", USE_TLS"
131
+#endif
122 132
 #ifdef DISABLE_NAGLE
123 133
 ", DISABLE_NAGLE"
124 134
 #endif
... ...
@@ -267,6 +277,9 @@ int children_no = 0;			/* number of children processing requests */
267 277
 int tcp_children_no = 0;
268 278
 int tcp_disable = 0; /* 1 if tcp is disabled */
269 279
 #endif
280
+#ifdef USE_TLS
281
+int tls_disable = 0; /* 1 if tls is disabled */
282
+#endif
270 283
 struct process_table *pt=0;		/*array with childrens pids, 0= main proc,
271 284
 									alloc'ed in shared mem if possible*/
272 285
 int sig_flag = 0;              /* last signal received */
... ...
@@ -315,6 +328,9 @@ struct socket_info sock_info[MAX_LISTEN];/*all addresses we listen/send from*/
315 328
 #ifdef USE_TCP
316 329
 struct socket_info tcp_info[MAX_LISTEN];/*all tcp addresses we listen on*/
317 330
 #endif
331
+#ifdef USE_TLS
332
+struct socket_info tls_info[MAX_LISTEN]; /* all tls addresses we listen on*/
333
+#endif
318 334
 int sock_no=0; /* number of addresses/open sockets*/
319 335
 struct socket_info* bind_address=0; /* pointer to the crt. proc.
320 336
 									 listening address*/
... ...
@@ -325,8 +341,15 @@ struct socket_info* sendipv6; /* same as above for ipv6 */
325 341
 struct socket_info* sendipv4_tcp; 
326 342
 struct socket_info* sendipv6_tcp; 
327 343
 #endif
344
+#ifdef USE_TLS
345
+struct socket_info* sendipv4_tls;
346
+struct socket_info* sendipv6_tls;
347
+#endif
328 348
 
329 349
 unsigned short port_no=0; /* default port*/
350
+#ifdef USE_TLS
351
+unsigned short tls_port_no=0; /* default port */
352
+#endif
330 353
 
331 354
 struct host_alias* aliases=0; /* name aliases list */
332 355
 
... ...
@@ -367,6 +390,9 @@ void cleanup(show_status)
367 390
 	destroy_modules();
368 391
 #ifdef USE_TCP
369 392
 	destroy_tcp();
393
+#endif
394
+#ifdef USE_TLS
395
+	destroy_tls();
370 396
 #endif
371 397
 	destroy_timer();
372 398
 	destroy_fifo();
... ...
@@ -702,6 +728,10 @@ int main_loop()
702 728
 #ifdef USE_TCP
703 729
 	int sockfd[2];
704 730
 #endif
731
+#ifdef USE_TLS
732
+	char* tmp;
733
+	int len;
734
+#endif
705 735
 		
706 736
 
707 737
 	/* one "main" process and n children handling i/o */
... ...
@@ -818,7 +848,36 @@ int main_loop()
818 848
 					sendipv6_tcp=&tcp_info[r];
819 849
 		#endif
820 850
 			}
821
-#endif
851
+#ifdef USE_TLS
852
+			if (!tls_disable){
853
+				tls_info[r]=sock_info[r]; /* copy the sockets */
854
+				/* fix the port number -- there is no way so far to set-up
855
+				 * individual tls port numbers */
856
+				tls_info[r].port_no=tls_port_no; /* FIXME: */
857
+				tmp=int2str(tls_info[r].port_no, &len);
858
+				/* we don't need to free the previous content, is uesd
859
+				 * by tcp & udp! */
860
+				tls_info[r].port_no_str.s=(char*)pkg_malloc(len+1);
861
+				if (tls_info[r].port_no_str.s==0){
862
+					LOG(L_CRIT, "memory allocation failure\n");
863
+					goto error;
864
+				}
865
+				strncpy(tls_info[r].port_no_str.s, tmp, len+1);
866
+				tls_info[r].port_no_str.len=len;
867
+				
868
+				/* same as for tcp*/
869
+				if (tls_init(&tls_info[r])==-1)  goto error;
870
+				/* get first ipv4/ipv6 socket*/
871
+				if ((tls_info[r].address.af==AF_INET)&&
872
+						((sendipv4_tls==0)||(sendipv4_tls->is_lo)))
873
+					sendipv4_tls=&tls_info[r];
874
+		#ifdef USE_IPV6
875
+				if((sendipv6_tls==0)&&(tls_info[r].address.af==AF_INET6))
876
+					sendipv6_tls=&tls_info[r];
877
+		#endif
878
+			}
879
+#endif /* USE_TLS */
880
+#endif /* USE_TCP */
822 881
 			/* all procs should have access to all the sockets (for sending)
823 882
 			 * so we open all first*/
824 883
 		}
... ...
@@ -942,9 +1001,9 @@ int main_loop()
942 1001
 	}
943 1002
 #ifdef USE_TCP
944 1003
 		if (!tcp_disable){
945
-				/* start tcp receivers */
1004
+				/* start tcp  & tls receivers */
946 1005
 			if (tcp_init_children()<0) goto error;
947
-				/* start tcp master proc */
1006
+				/* start tcp+tls master proc */
948 1007
 			process_no++;
949 1008
 			if ((pid=fork())<0){
950 1009
 				LOG(L_CRIT, "main_loop: cannot fork tcp main process\n");
... ...
@@ -1147,8 +1206,7 @@ int main(int argc, char** argv)
1147 1206
 	struct host_alias* a;
1148 1207
 	struct utsname myname;
1149 1208
 	char *options;
1150
-	char port_no_str[MAX_PORT_LEN];
1151
-	int port_no_str_len;
1209
+	int len;
1152 1210
 	int ret;
1153 1211
 	struct passwd *pw_entry;
1154 1212
 	struct group  *gr_entry;
... ...
@@ -1156,7 +1214,6 @@ int main(int argc, char** argv)
1156 1214
 	int rfd;
1157 1215
 
1158 1216
 	/*init*/
1159
-	port_no_str_len=0;
1160 1217
 	ret=-1;
1161 1218
 	my_argc=argc; my_argv=argv;
1162 1219
 	
... ...
@@ -1402,6 +1459,9 @@ try_again:
1402 1459
 	
1403 1460
 	/* fix parameters */
1404 1461
 	if (port_no<=0) port_no=SIP_PORT;
1462
+#ifdef USE_TLS
1463
+	if (tls_port_no<=0) tls_port_no=SIPS_PORT;
1464
+#endif
1405 1465
 	
1406 1466
 	
1407 1467
 	if (children_no<=0) children_no=CHILD_NO;
... ...
@@ -1483,31 +1543,19 @@ try_again:
1483 1543
 	for (r=0; r<sock_no;r++){
1484 1544
 		/* fix port number, port_no should be !=0 here */
1485 1545
 		if (sock_info[r].port_no==0) sock_info[r].port_no=port_no;
1486
-		port_no_str_len=snprintf(port_no_str, MAX_PORT_LEN, "%d", 
1487
-									(unsigned short) sock_info[r].port_no);
1488
-		/* if buffer too small, snprintf may return per C99 estimated size
1489
-		   of needed space; there is no guarantee how many characters 
1490
-		   have been written to the buffer and we can be happy if
1491
-		   the snprintf implementation zero-terminates whatever it wrote
1492
-		   -jku
1493
-		*/
1494
-		if (port_no_str_len<0 || port_no_str_len>=MAX_PORT_LEN){
1546
+		tmp=int2str(sock_info[r].port_no, &len);
1547
+		if (len>=MAX_PORT_LEN){
1495 1548
 			fprintf(stderr, "ERROR: bad port number: %d\n", 
1496 1549
 						sock_info[r].port_no);
1497 1550
 			goto error;
1498 1551
 		}
1499
-		/* on some systems snprintf returns really strange things if it does 
1500
-		  not have  enough space */
1501
-		port_no_str_len=
1502
-				(port_no_str_len<MAX_PORT_LEN)?port_no_str_len:MAX_PORT_LEN;
1503
-		sock_info[r].port_no_str.s=(char*)pkg_malloc(strlen(port_no_str)+1);
1552
+		sock_info[r].port_no_str.s=(char*)pkg_malloc(len+1);
1504 1553
 		if (sock_info[r].port_no_str.s==0){
1505 1554
 			fprintf(stderr, "Out of memory.\n");
1506 1555
 			goto error;
1507 1556
 		}
1508
-		strncpy(sock_info[r].port_no_str.s, port_no_str,
1509
-					strlen(port_no_str)+1);
1510
-		sock_info[r].port_no_str.len=strlen(port_no_str);
1557
+		strncpy(sock_info[r].port_no_str.s, tmp, len+1);
1558
+		sock_info[r].port_no_str.len=len;
1511 1559
 		
1512 1560
 		/* get "official hostnames", all the aliases etc. */
1513 1561
 		he=resolvehost(sock_info[r].name.s);
... ...
@@ -1643,7 +1691,16 @@ try_again:
1643 1691
 			goto error;
1644 1692
 		}
1645 1693
 	}
1646
-#endif
1694
+#ifdef USE_TLS
1695
+	if (!tls_disable){
1696
+		/* init tls*/
1697
+		if (init_tls()<0){
1698
+			LOG(L_CRIT, "could not initialize tls, exiting...\n");
1699
+			goto error;
1700
+		}
1701
+	}
1702
+#endif /* USE_TLS */
1703
+#endif /* USE_TCP */
1647 1704
 	/* init_daemon? */
1648 1705
 	if (!dont_fork){
1649 1706
 		if ( daemonize(argv[0]) <0 ) goto error;
... ...
@@ -74,6 +74,8 @@
74 74
 #		else
75 75
 #			define pkg_malloc(s) qm_malloc(mem_block, (s),__FILE__, \
76 76
 				__FUNCTION__, __LINE__)
77
+#			define pkg_realloc(p, s) qm_realloc(mem_block, (p), (s),__FILE__, \
78
+				__FUNCTION__, __LINE__)
77 79
 #			define pkg_free(p)   qm_free(mem_block, (p), __FILE__,  \
78 80
 				__FUNCTION__, __LINE__)
79 81
 #		endif
... ...
@@ -86,6 +88,7 @@
86 88
 #			define pkg_free(p)   fm_free(mem_block, (p))
87 89
 #		else
88 90
 #			define pkg_malloc(s) qm_malloc(mem_block, (s))
91
+#			define pkg_realloc(p, s) qm_realloc(mem_block, (p), (s))
89 92
 #			define pkg_free(p)   qm_free(mem_block, (p))
90 93
 #		endif
91 94
 #	endif
... ...
@@ -29,6 +29,7 @@
29 29
  * --------
30 30
  *  ????-??-??  created by andrei
31 31
  *  2003-04-14  more debugging added in DBG_QM_MALLOC mode (andrei)
32
+ *  2003-06-29  added qm_realloc (andrei)
32 33
  */
33 34
 
34 35
 
... ...
@@ -266,6 +267,49 @@ static inline struct qm_frag* qm_find_free(struct qm_block* qm,
266 267
 }
267 268
 
268 269
 
270
+/* returns 0 on success, -1 on error;
271
+ * new_size < size & rounduped already!*/
272
+static inline
273
+#ifdef DBG_QM_MALLOC
274
+int split_frag(struct qm_block* qm, struct qm_frag* f, unsigned int new_size,
275
+				char* file, char* func, unsigned int line)
276
+#else
277
+int split_frag(struct qm_block* qm, struct qm_frag* f, unsigned int new_size)
278
+#endif
279
+{
280
+	unsigned int rest;
281
+	struct qm_frag* n;
282
+	struct qm_frag_end* end;
283
+	
284
+	rest=f->size-new_size;
285
+	if (rest>(FRAG_OVERHEAD+MIN_FRAG_SIZE)){
286
+		f->size=new_size;
287
+		/*split the fragment*/
288
+		end=FRAG_END(f);
289
+		end->size=new_size;
290
+		n=(struct qm_frag*)((char*)end+sizeof(struct qm_frag_end));
291
+		n->size=rest-FRAG_OVERHEAD;
292
+		FRAG_END(n)->size=n->size;
293
+		qm->real_used+=FRAG_OVERHEAD;
294
+#ifdef DBG_QM_MALLOC
295
+		end->check1=END_CHECK_PATTERN1;
296
+		end->check2=END_CHECK_PATTERN2;
297
+		/* frag created by malloc, mark it*/
298
+		n->file=file;
299
+		n->func=func;
300
+		n->line=line;
301
+		n->check=ST_CHECK_PATTERN;
302
+#endif
303
+		/* reinsert n in free list*/
304
+		qm_insert_free(qm, n);
305
+		return 0;
306
+	}else{
307
+			/* we cannot split this fragment any more */
308
+		return -1;
309
+	}
310
+}
311
+
312
+
269 313
 
270 314
 #ifdef DBG_QM_MALLOC
271 315
 void* qm_malloc(struct qm_block* qm, unsigned int size, char* file, char* func,
... ...
@@ -275,9 +319,6 @@ void* qm_malloc(struct qm_block* qm, unsigned int size)
275 319
 #endif
276 320
 {
277 321
 	struct qm_frag* f;
278
-	struct qm_frag_end* end;
279
-	struct qm_frag* n;
280
-	unsigned int rest;
281 322
 	
282 323
 #ifdef DBG_QM_MALLOC
283 324
 	unsigned int list_cntr;
... ...
@@ -304,34 +345,12 @@ void* qm_malloc(struct qm_block* qm, unsigned int size)
304 345
 		qm_detach_free(qm, f);
305 346
 		/*mark it as "busy"*/
306 347
 		f->u.is_free=0;
307
-		
308
-		/*see if we'll use full frag, or we'll split it in 2*/
309
-		rest=f->size-size;
310
-		if (rest>(FRAG_OVERHEAD+MIN_FRAG_SIZE)){
311
-			f->size=size;
312
-			/*split the fragment*/
313
-			end=FRAG_END(f);
314
-			end->size=size;
315
-			n=(struct qm_frag*)((char*)end+sizeof(struct qm_frag_end));
316
-			n->size=rest-FRAG_OVERHEAD;
317
-			FRAG_END(n)->size=n->size;
318
-			qm->real_used+=FRAG_OVERHEAD;
348
+		/* we ignore split return */
319 349
 #ifdef DBG_QM_MALLOC
320
-			end->check1=END_CHECK_PATTERN1;
321
-			end->check2=END_CHECK_PATTERN2;
322
-			/* frag created by malloc, mark it*/
323
-			n->file=file;
324
-			n->func="frag. from qm_malloc";
325
-			n->line=line;
326
-			n->check=ST_CHECK_PATTERN;
327
-/*			FRAG_END(n)->check1=END_CHECK_PATTERN1;
328
-			FRAG_END(n)->check2=END_CHECK_PATTERN2; */
350
+		split_frag(qm, f, size, file, "fragm. from qm_malloc", line);
351
+#else
352
+		split_frag(qm, f, size);
329 353
 #endif
330
-			/* reinsert n in free list*/
331
-			qm_insert_free(qm, n);
332
-		}else{
333
-			/* we cannot split this fragment any more => alloc all of it*/
334
-		}
335 354
 		qm->real_used+=f->size;
336 355
 		qm->used+=f->size;
337 356
 		if (qm->max_real_used<qm->real_used)
... ...
@@ -394,9 +413,6 @@ void qm_free(struct qm_block* qm, void* p)
394 413
 	size=f->size;
395 414
 	qm->used-=size;
396 415
 	qm->real_used-=size;
397
-#ifdef DBG_QM_MALLOC
398
-	qm_debug_frag(qm, f);
399
-#endif
400 416
 
401 417
 #ifdef QM_JOIN_FREE
402 418
 	/* join packets if possible*/
... ...
@@ -436,6 +452,131 @@ void qm_free(struct qm_block* qm, void* p)
436 452
 
437 453
 
438 454
 
455
+#ifdef DBG_QM_MALLOC
456
+void* qm_realloc(struct qm_block* qm, void* p, unsigned int size,
457
+					char* file, char* func, unsigned int line)
458
+#else
459
+void* qm_realloc(struct qm_block* qm, void* p, unsigned int size)
460
+#endif
461
+{
462
+	struct qm_frag* f;
463
+	unsigned int diff;
464
+	unsigned int orig_size;
465
+	struct qm_frag* n;
466
+	void* ptr;
467
+	
468
+	
469
+#ifdef DBG_QM_MALLOC
470
+	DBG("qm_realloc(%p, %p, %d) called from %s: %s(%d)\n", qm, p, size,
471
+			file, func, line);
472
+	if (p>(void*)qm->last_frag_end || p<(void*)qm->first_frag){
473
+		LOG(L_CRIT, "BUG: qm_free: bad pointer %p (out of memory block!) - "
474
+				"aborting\n", p);
475
+		abort();
476
+	}
477
+#endif
478
+	
479
+	if (size==0) {
480
+		if (p)
481
+#ifdef DBG_QM_MALLOC
482
+			qm_free(qm, p, file, func, line);
483
+#else
484
+			qm_free(qm, p);
485
+#endif
486
+		return 0;
487
+	}
488
+	if (p==0)
489
+#ifdef DBG_QM_MALLOC
490
+		return qm_malloc(qm, size, file, func, line);
491
+#else
492
+		return qm_malloc(qm, size);
493
+#endif
494
+	f=(struct qm_frag*) ((char*)p-sizeof(struct qm_frag));
495
+#ifdef DBG_QM_MALLOC
496
+	qm_debug_frag(qm, f);
497
+	DBG("qm_realloc: realloc'ing frag %p alloc'ed from %s: %s(%ld)\n",
498
+			f, f->file, f->func, f->line);
499
+	if (f->u.is_free){
500
+		LOG(L_CRIT, "BUG:qm_realloc: trying to realloc an already freed "
501
+				"pointer %p , fragment %p -- aborting\n", p, f);
502
+		abort();
503
+	}
504
+#endif
505
+	/* find first acceptable size */
506
+	size=ROUNDUP(size);
507
+	if (f->size > size){
508
+		/* shrink */
509
+#ifdef DBG_QM_MALLOC
510
+		DBG("qm_realloc: shrinking from %ld to %d\n", f->size, size);
511
+		if(split_frag(qm, f, size, file, "fragm. from qm_realloc", line)!=0){
512
+		DBG("qm_realloc : shrinked succesfull\n");
513
+#else
514
+		if(split_frag(qm, f, size)!=0){
515
+#endif
516
+			/* update used sizes */
517
+			qm->real_used-=(f->size-size);
518
+			qm->used-=(f->size-size);
519
+		}
520
+		
521
+	}else if (f->size < size){
522
+		/* grow */
523
+#ifdef DBG_QM_MALLOC
524
+		DBG("qm_realloc: growing from %ld to %d\n", f->size, size);
525
+#endif
526
+			orig_size=f->size;
527
+			diff=size-f->size;
528
+			n=FRAG_NEXT(f);
529
+			if (((char*)n < (char*)qm->last_frag_end) && 
530
+					(n->u.is_free)&&((n->size+FRAG_OVERHEAD)>=diff)){
531
+				/* join  */
532
+				qm_detach_free(qm, n);
533
+				f->size+=n->size+FRAG_OVERHEAD;
534
+				qm->real_used-=FRAG_OVERHEAD;
535
+				FRAG_END(f)->size=f->size;
536
+				/* end checks should be ok */
537
+				/* split it if necessary */
538
+				if (f->size > size ){
539
+	#ifdef DBG_QM_MALLOC
540
+					split_frag(qm, f, size, file, "fragm. from qm_realloc",
541
+										line);
542
+	#else
543
+					split_frag(qm, f, size);
544
+	#endif
545
+				}
546
+				qm->real_used+=(f->size-orig_size);
547
+				qm->used+=(f->size-orig_size);
548
+			}else{
549
+				/* could not join => realloc */
550
+	#ifdef DBG_QM_MALLOC
551
+				ptr=qm_malloc(qm, size, file, func, line);
552
+	#else
553
+				ptr=qm_malloc(qm, size);
554
+	#endif
555
+				if (ptr)
556
+					/* copy, need by libssl */
557
+					memcpy(ptr, p, orig_size);
558
+	#ifdef DBG_QM_MALLOC
559
+					qm_free(qm, p, file, func, line);
560
+	#else
561
+					qm_free(qm, p);
562
+	#endif
563
+				p=ptr;
564
+			}
565
+	}else{
566
+		/* do nothing */
567
+#ifdef DBG_QM_MALLOC
568
+		DBG("qm_realloc: doing nothing, same size: %ld - %d\n", f->size, size);
569
+#endif
570
+	}
571
+#ifdef DBG_QM_MALLOC
572
+	DBG("qm_realloc: returning %p\n", p);
573
+#endif
574
+	return p;
575
+}
576
+
577
+
578
+
579
+
439 580
 void qm_status(struct qm_block* qm)
440 581
 {
441 582
 	struct qm_frag* f;
... ...
@@ -136,6 +136,12 @@ void  qm_free(struct qm_block*, void* p, char* file, char* func,
136 136
 #else
137 137
 void  qm_free(struct qm_block*, void* p);
138 138
 #endif
139
+#ifdef DBG_QM_MALLOC
140
+void* qm_realloc(struct qm_block*, void* p, unsigned int size,
141
+				char* file, char* func, unsigned int line);
142
+#else
143
+void* qm_realloc(struct qm_block*, void* p, unsigned int size);
144
+#endif
139 145
 
140 146
 void  qm_status(struct qm_block*);
141 147
 
... ...
@@ -25,6 +25,11 @@
25 25
  * along with this program; if not, write to the Free Software 
26 26
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
27 27
  */
28
+/*
29
+ * History:
30
+ * --------
31
+ *  2003-06-29  added shm_realloc & replaced shm_resize (andrei)
32
+ */
28 33
 
29 34
 
30 35
 #ifdef SHM_MEM
... ...
@@ -71,6 +76,7 @@
71 76
 	extern struct qm_block* shm_block;
72 77
 #	define MY_MALLOC qm_malloc
73 78
 #	define MY_FREE qm_free
79
+#	define MY_REALLOC qm_realloc
74 80
 #	define MY_STATUS qm_status
75 81
 #	define  shm_malloc_init qm_malloc_init
76 82
 #endif
... ...
@@ -108,15 +114,29 @@ inline static void* _shm_malloc(unsigned int size,
108 114
 {
109 115
 	void *p;
110 116
 	
111
-	shm_lock();\
117
+	shm_lock();
112 118
 	p=MY_MALLOC(shm_block, size, file, function, line );
113 119
 	shm_unlock();
114 120
 	return p; 
115 121
 }
116 122
 
123
+
124
+inline static void* _shm_realloc(void *ptr, unsigned int size, 
125
+		char* file, char* function, int line )
126
+{
127
+	void *p;
128
+	shm_lock();
129
+	p=MY_REALLOC(shm_block, ptr, size, file, function, line);
130
+	shm_unlock();
131
+	return p;
132
+}
133
+
117 134
 #define shm_malloc( _size ) _shm_malloc((_size), \
118 135
 	__FILE__, __FUNCTION__, __LINE__ )
119 136
 
137
+#define shm_realloc( _ptr, _size ) _shm_realloc( (_ptr), (_size), \
138
+	__FILE__, __FUNCTION__, __LINE__ )
139
+
120 140
 
121 141
 
122 142
 #define shm_free_unsafe( _p  ) \
... ...
@@ -129,9 +149,9 @@ do { \
129 149
 		shm_unlock(); \
130 150
 }while(0)
131 151
 
132
-void* _shm_resize( void*, unsigned int, char*, char*, unsigned int);
133
-#define shm_resize(_p, _s ) \
134
-	_shm_resize( (_p), (_s),   __FILE__, __FUNCTION__, __LINE__)
152
+
153
+
154
+#define shm_resize(_p, _s ) shm_realloc( (_p), (_s))
135 155
 
136 156
 
137 157
 
... ...
@@ -151,7 +171,16 @@ inline static void* shm_malloc(unsigned int size)
151 171
 }
152 172
 
153 173
 
154
-void* _shm_resize( void*, unsigned int);
174
+inline static void* shm_realloc(void *ptr, unsigned int size)
175
+{
176
+	void *p;
177
+	shm_lock();
178
+	p=MY_REALLOC(shm_block, ptr, size);
179
+	shm_unlock();
180
+	return p;
181
+}
182
+
183
+
155 184
 
156 185
 #define shm_free_unsafe( _p ) MY_FREE(shm_block, (_p))
157 186
 
... ...
@@ -164,7 +193,7 @@ do { \
164 193
 
165 194
 
166 195
 
167
-#define shm_resize(_p, _s) _shm_resize( (_p), (_s))
196
+#define shm_resize(_p, _s) shm_realloc( (_p), (_s))
168 197
 
169 198
 
170 199
 #endif
171 200
new file mode 100644
... ...
@@ -0,0 +1,244 @@
1
+/*
2
+ * $Id$
3
+ *
4
+ * Copyright (C) 2001-2003 Fhg Fokus
5
+ *
6
+ * This file is part of ser, a free SIP server.
7
+ *
8
+ * ser is free software; you can redistribute it and/or modify
9
+ * it under the terms of the GNU General Public License as published by
10
+ * the Free Software Foundation; either version 2 of the License, or
11
+ * (at your option) any later version
12
+ *
13
+ * For a license to use the ser software under conditions
14
+ * other than those described here, or to purchase support for this
15
+ * software, please contact iptel.org by e-mail at the following addresses:
16
+ *    info@iptel.org
17
+ *
18
+ * ser is distributed in the hope that it will be useful,
19
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
20
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21
+ * GNU General Public License for more details.
22
+ *
23
+ * You should have received a copy of the GNU General Public License
24
+ * along with this program; if not, write to the Free Software
25
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26
+ */
27
+/*
28
+ * tls initialization & cleanup functions
29
+ * 
30
+ * History:
31
+ * --------
32
+ *  2003-06-29  created by andrei
33
+ */
34
+#ifdef USE_TLS
35
+
36
+
37
+
38
+#include <openssl/ssl.h>
39
+#include <openssl/err.h>
40
+
41
+#include "mem/mem.h"
42
+#include "mem/shm_mem.h"
43
+#include "tcp_init.h"
44
+#include "dprint.h"
45
+
46
+
47
+
48
+#if OPENSSL_VERSION_NUMBER < 0x00906000L  /* 0.9.6*/
49
+#error "OpenSSL 0.9.6 or greater required"
50
+/* it might work ok with older versions (I think
51
+ *  >= 0.9.4 should be ok), but I didn't test them
52
+ *  so try them at your own risk :-) -- andrei
53
+ */
54
+#endif
55
+
56
+
57
+/* global tls related data */
58
+SSL_CTX* default_ctx=0 ; /* global ssl context */
59
+
60
+int tls_log=L_INFO; /* tls log level */
61
+int tls_require_cert=0; /* require client certificate */
62
+char* tls_pkey_file=0; /* private key file name */
63
+char* tls_cert_file=0; /* certificate file name */
64
+char* tls_ca_file=0;   /* CA list file name */
65
+
66
+
67
+/* inits a sock_info structure with tls data
68
+ * (calls tcp_init for the tcp part)
69
+ * returns 0 on success, -1 on error */
70
+int tls_init(struct socket_info* sock_info)
71
+{
72
+	int ret;
73
+	if ((ret=tcp_init(sock_info))!=0){
74
+		LOG(L_ERR, "ERROR: tls_init: tcp_init failed on"
75
+			"%.*s:%d\n", sock_info->address_str.len,
76
+			sock_info->address_str.s, sock_info->port_no);
77
+		return ret;
78
+	}
79
+	sock_info->proto=PROTO_TLS;
80
+	/* tls specific stuff */
81
+	return 0;
82
+}
83
+
84
+
85
+/* malloc & friends functions that will be used
86
+ * by libssl (we need most ssl info in shared mem.)*/
87
+
88
+void* tls_malloc(size_t size)
89
+{
90
+	return shm_malloc(size);
91
+}
92
+
93
+
94
+void tls_free(void* ptr)
95
+{
96
+	shm_free(ptr);
97
+}
98
+
99
+
100
+void* tls_realloc(void* ptr, size_t size)
101
+{
102
+	return shm_realloc(ptr, size);
103
+}
104
+
105
+
106
+/* print the ssl error stack */
107
+void tls_dump_errors(char* s)
108
+{
109
+	long err;
110
+	if ( 1 /*default_ctx */) /* only if ssl was initialized */
111
+		while((err=ERR_get_error()))
112
+			LOG(L_ERR, "%s%s\n", (s)?s:"", ERR_error_string(err,0));
113
+}
114
+
115
+
116
+
117
+/* inits ser tls support
118
+ * returns 0 on success, <0 on error */
119
+int init_tls()
120
+{
121
+
122
+	
123
+	if (tls_pkey_file==0)
124
+		tls_pkey_file=TLS_PKEY_FILE;
125
+	if (tls_cert_file==0)
126
+		tls_cert_file=TLS_CERT_FILE;
127
+	if (tls_ca_file==0)
128
+		tls_ca_file=TLS_CA_FILE;
129
+	
130
+	DBG("initializing openssl...\n");
131
+	SSL_library_init();  /* don't use shm_ for SSL_library_init() */
132
+	/* init mem. alloc. for libcrypt & openssl */
133
+	CRYPTO_set_mem_functions(tls_malloc, tls_realloc,
134
+								tls_free);
135
+	
136
+	/* init the openssl library */
137
+	SSL_load_error_strings(); /* readable error messages*/
138
+	/* seed the PRNG, nothing on linux because openssl should automatically
139
+	   use /dev/urandom, see RAND_seed, RAND_add */
140
+	
141
+	/* create the ssl context */
142
+	DBG("creating the ssl context...\n");
143
+	default_ctx=SSL_CTX_new(TLSv1_method());
144
+	if (default_ctx==0){
145
+		LOG(L_ERR, "init_tls: failed to create ssl context\n");
146
+		goto error;
147
+	}
148
+	/* no passwd: */
149
+	 /* SSL_CTX_set_default_passwd_cb(ctx, callback); */
150
+	
151
+	/* set options, e.g SSL_OP_NO_SSLv2, 
152
+	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
153
+	 */
154
+	/* SSL_CTX_set_options(ctx, options); */
155
+	
156
+	/* mode, e.g. SSL_MODE_ENABLE_PARTIAL_WRITE,
157
+	 * SSL_MODE_AUTO_RETRY */
158
+	/* SSL_CTX_set_mode(ctx, mode); */
159
+	
160
+	/* using certificates (we don't allow anonymous ciphers => at least
161
+	 * the server must have a cert)*/
162
+	/* private key */
163
+	if (SSL_CTX_use_PrivateKey_file(default_ctx, tls_pkey_file,
164
+				SSL_FILETYPE_PEM)!=1){
165
+		LOG(L_ERR, "init_tls: failed to load private key from \"%s\"\n",
166
+				tls_pkey_file);
167
+		goto error_certs;
168
+	}
169
+	if (SSL_CTX_use_certificate_chain_file(default_ctx, tls_cert_file)!=1){
170
+		/* better than *_use_certificate_file 
171
+		 * see SSL_CTX_use_certificate(3)/Notes */
172
+		LOG(L_ERR, "init_tls: failed to load certificate from \"%s\"\n",
173
+					tls_cert_file);
174
+		goto error_certs;
175
+	}
176
+	/* check if private key corresponds to the loaded ceritficate */
177
+	if (SSL_CTX_check_private_key(default_ctx)!=1){
178
+		LOG(L_CRIT, "init_tls: private key \"%s\" does not match the"
179
+				" certificate file \"%s\"\n", tls_pkey_file, tls_cert_file);
180
+		goto error_certs;
181
+	}
182
+	
183
+	/* set session id context, usefull for reusing stored sessions */
184
+	/*
185
+	if (SSL_CTX_set_session_id_context(ctx, version, version_len)!=1){
186
+		LOG(L_CRIT, "init_tls: failed to set session id\n");
187
+		goto error;
188
+	}
189
+	*/
190
+	
191
+	/* set cert. verifications options */
192
+	/* verify peer if it has a cert (to fail for no cert. add 
193
+	 *  | SSL_VERIFY_FAIL_IF_NO_PEER_CERT ); forces the server to send
194
+	 *  a client certificate request */
195
+	SSL_CTX_set_verify(default_ctx, SSL_VERIFY_PEER | ( (tls_require_cert)?
196
+			SSL_VERIFY_FAIL_IF_NO_PEER_CERT:0 ), 0);
197
+	/* SSL_CTX_set_verify_depth(ctx, 2);  -- default 9 */
198
+	/* CA locations, list */
199
+	if (tls_ca_file){
200
+		if (SSL_CTX_load_verify_locations(default_ctx, tls_ca_file, 0 )!=1){
201
+			/* we don't support ca path, we load them only from files */
202
+			LOG(L_CRIT, "init_tls: error while processing CA locations\n");
203
+			goto error_certs;
204
+		}
205
+		SSL_CTX_set_client_CA_list(default_ctx, 
206
+									SSL_load_client_CA_file(tls_ca_file));
207
+		if (SSL_CTX_get_client_CA_list(default_ctx)==0){
208
+			LOG(L_CRIT, "init_tls: error setting client CA list from <%s>\n",
209
+						tls_ca_file);
210
+			goto error_certs;
211
+		}
212
+	}
213
+	
214
+	/* DH tmp key generation -- see DSA_generate_parameters,
215
+	 * SSL_CTX_set_tmp_dh, SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE */
216
+	
217
+	/* RSA tmp key generation => we don't care, we won't accept 
218
+	 * connection to export restricted applications and tls does not
219
+	 * allow a tmp key in another sitaution */
220
+	
221
+	return 0;
222
+error_certs:
223
+	/*
224
+	SSL_CTX_free(ctx);
225
+	ctx=0;
226
+	*/
227
+error:
228
+	tls_dump_errors("tls_init:");
229
+	return -1;
230
+}
231
+
232
+
233
+
234
+void destroy_tls()
235
+{
236
+	if(default_ctx){
237
+		DBG("destroy_tls...\n");
238
+		SSL_CTX_free(default_ctx);
239
+		ERR_free_strings();
240
+		default_ctx=0; 
241
+	}
242
+}
243
+
244
+#endif
0 245
new file mode 100644
... ...
@@ -0,0 +1,67 @@
1
+
2
+/*
3
+ * $Id$
4
+ *
5
+ * Copyright (C) 2001-2003 Fhg Fokus
6
+ *
7
+ * This file is part of ser, a free SIP server.
8
+ *
9
+ * ser is free software; you can redistribute it and/or modify
10
+ * it under the terms of the GNU General Public License as published by
11
+ * the Free Software Foundation; either version 2 of the License, or
12
+ * (at your option) any later version
13
+ *
14
+ * For a license to use the ser software under conditions
15
+ * other than those described here, or to purchase support for this
16
+ * software, please contact iptel.org by e-mail at the following addresses:
17
+ *    info@iptel.org
18
+ *
19
+ * ser is distributed in the hope that it will be useful,
20
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
21
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22
+ * GNU General Public License for more details.
23
+ *
24
+ * You should have received a copy of the GNU General Public License
25
+ * along with this program; if not, write to the Free Software
26
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
27
+ */
28
+/*
29
+ * tls initialization & cleanup functions
30
+ * 
31
+ * History:
32
+ * --------
33
+ *  2003-06-29  created by andrei
34
+ */
35
+#ifdef USE_TLS
36
+
37
+#ifndef tls_init_h
38
+#define tls_init_h
39
+
40
+#ifndef USE_TCP
41
+#error "TLS requires TCP support compiled-in, please" \
42
+        " add -DUSE_TCP to the Makefile.defs"
43
+#endif
44
+
45
+#ifndef SHM_MEM
46
+#error "shared memory support needed (add -DSHM_MEM to Makefile.defs)"
47
+#endif
48
+
49
+
50
+/* inits ser tls support
51
+ * returns 0 on success, <0 on error */
52
+int init_tls();
53
+
54
+/* cleans up */
55
+void destroy_tls();
56
+
57
+/* inits a sock_info structure with tls data
58
+ * (calls tcp_init for the tcp part)
59
+ * returns 0 on success, -1 on error */
60
+int tls_init(struct socket_info* sock_info);
61
+
62
+/* print the ssl error stack */
63
+void tls_dump_errors(char* s);
64
+
65
+
66
+#endif /* tls_init_h*/
67
+#endif /* USE_TLS*/