File: ssllib.c

package info (click to toggle)
rtpengine 13.5.1.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 13,676 kB
  • sloc: ansic: 86,764; perl: 59,422; python: 3,193; sh: 1,030; makefile: 693; asm: 211
file content (76 lines) | stat: -rw-r--r-- 1,949 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
#include "ssllib.h"
#include <openssl/ssl.h>
#include <time.h>
#include "auxlib.h"
#include "log.h"



#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MAC_CTX *rtpe_hmac_sha1_base;
#endif


#if OPENSSL_VERSION_NUMBER < 0x10100000L
static mutex_t *openssl_locks;

static void cb_openssl_threadid(CRYPTO_THREADID *tid) {
	pthread_t me;

	me = pthread_self();

	if (sizeof(me) == sizeof(void *))
		CRYPTO_THREADID_set_pointer(tid, (void *) me);
	else
		CRYPTO_THREADID_set_numeric(tid, (unsigned long) me);
}

static void cb_openssl_lock(int mode, int type, const char *file, int line) {
	if ((mode & CRYPTO_LOCK))
		mutex_lock(&openssl_locks[type]);
	else
		mutex_unlock(&openssl_locks[type]);
}

static void make_OpenSSL_thread_safe(void) {
	int i;

	openssl_locks = malloc(sizeof(*openssl_locks) * CRYPTO_num_locks());
	for (i = 0; i < CRYPTO_num_locks(); i++)
		mutex_init(&openssl_locks[i]);

	CRYPTO_THREADID_set_callback(cb_openssl_threadid);
	CRYPTO_set_locking_callback(cb_openssl_lock);
}
#endif


void rtpe_ssl_init(void) {
	ilog(LOG_INFO,"compile-time OpenSSL library: %s\n", OPENSSL_VERSION_TEXT);
	ilog(LOG_INFO,"run-time OpenSSL library: %s\n", OpenSSL_version(OPENSSL_VERSION));

#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
	SSL_library_init();
	SSL_load_error_strings();
	make_OpenSSL_thread_safe();
#endif

#if OPENSSL_VERSION_NUMBER >= 0x30000000L
	if(EVP_default_properties_is_fips_enabled(NULL) == 1) {
		ilog(LOG_INFO,"FIPS mode enabled in OpenSSL library\n");
	} else  {
		ilog(LOG_DEBUG,"FIPS mode not enabled in OpenSSL library\n");
	}

	EVP_MAC *rtpe_evp_hmac = EVP_MAC_fetch(NULL, "hmac", NULL);
	assert(rtpe_evp_hmac != NULL);

	rtpe_hmac_sha1_base = EVP_MAC_CTX_new(rtpe_evp_hmac);
	assert(rtpe_hmac_sha1_base != NULL);
	static const OSSL_PARAM params[2] = {
		OSSL_PARAM_utf8_string("digest", "sha-1", 5),
		OSSL_PARAM_END,
	};
	EVP_MAC_CTX_set_params(rtpe_hmac_sha1_base, params);
#endif
}