diff options
Diffstat (limited to 'util/net_help.c')
| -rw-r--r-- | util/net_help.c | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/util/net_help.c b/util/net_help.c index 6be5fcc3132a..64bd876dcbb1 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -45,8 +45,12 @@ #include "util/module.h" #include "util/regional.h" #include <fcntl.h> +#ifdef HAVE_OPENSSL_SSL_H #include <openssl/ssl.h> +#endif +#ifdef HAVE_OPENSSL_ERR_H #include <openssl/err.h> +#endif /** max length of an IP address (the address portion) that we allow */ #define MAX_ADDR_STRLEN 128 /* characters */ @@ -565,6 +569,7 @@ void sock_list_merge(struct sock_list** list, struct regional* region, void log_crypto_err(const char* str) { +#ifdef HAVE_SSL /* error:[error code]:[library name]:[function name]:[reason string] */ char buf[128]; unsigned long e; @@ -574,10 +579,14 @@ log_crypto_err(const char* str) ERR_error_string_n(e, buf, sizeof(buf)); log_err("and additionally crypto %s", buf); } +#else + (void)str; +#endif /* HAVE_SSL */ } void* listen_sslctx_create(char* key, char* pem, char* verifypem) { +#ifdef HAVE_SSL SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); if(!ctx) { log_crypto_err("could not SSL_CTX_new"); @@ -619,10 +628,15 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); } return ctx; +#else + (void)key; (void)pem; (void)verifypem; + return NULL; +#endif } void* connect_sslctx_create(char* key, char* pem, char* verifypem) { +#ifdef HAVE_SSL SSL_CTX* ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) { log_crypto_err("could not allocate SSL_CTX pointer"); @@ -662,10 +676,15 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); } return ctx; +#else + (void)key; (void)pem; (void)verifypem; + return NULL; +#endif } void* incoming_ssl_fd(void* sslctx, int fd) { +#ifdef HAVE_SSL SSL* ssl = SSL_new((SSL_CTX*)sslctx); if(!ssl) { log_crypto_err("could not SSL_new"); @@ -679,10 +698,15 @@ void* incoming_ssl_fd(void* sslctx, int fd) return NULL; } return ssl; +#else + (void)sslctx; (void)fd; + return NULL; +#endif } void* outgoing_ssl_fd(void* sslctx, int fd) { +#ifdef HAVE_SSL SSL* ssl = SSL_new((SSL_CTX*)sslctx); if(!ssl) { log_crypto_err("could not SSL_new"); @@ -696,4 +720,64 @@ void* outgoing_ssl_fd(void* sslctx, int fd) return NULL; } return ssl; +#else + (void)sslctx; (void)fd; + return NULL; +#endif +} + +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) +/** global lock list for openssl locks */ +static lock_basic_t *ub_openssl_locks = NULL; + +/** callback that gets thread id for openssl */ +static unsigned long +ub_crypto_id_cb(void) +{ + return (unsigned long)ub_thread_self(); } + +static void +ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file), + int ATTR_UNUSED(line)) +{ + if((mode&CRYPTO_LOCK)) { + lock_basic_lock(&ub_openssl_locks[type]); + } else { + lock_basic_unlock(&ub_openssl_locks[type]); + } +} +#endif /* OPENSSL_THREADS */ + +int ub_openssl_lock_init(void) +{ +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) + int i; + ub_openssl_locks = (lock_basic_t*)malloc( + sizeof(lock_basic_t)*CRYPTO_num_locks()); + if(!ub_openssl_locks) + return 0; + for(i=0; i<CRYPTO_num_locks(); i++) { + lock_basic_init(&ub_openssl_locks[i]); + } + CRYPTO_set_id_callback(&ub_crypto_id_cb); + CRYPTO_set_locking_callback(&ub_crypto_lock_cb); +#endif /* OPENSSL_THREADS */ + return 1; +} + +void ub_openssl_lock_delete(void) +{ +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) + int i; + if(!ub_openssl_locks) + return; + CRYPTO_set_id_callback(NULL); + CRYPTO_set_locking_callback(NULL); + for(i=0; i<CRYPTO_num_locks(); i++) { + lock_basic_destroy(&ub_openssl_locks[i]); + } + free(ub_openssl_locks); +#endif /* OPENSSL_THREADS */ +} + |