Review Board 1.7.16


Wrap OpenSSL library initialization to make it safe for loaded modules to also use OpenSSL.

Review Request #1006 - Created Nov. 11, 2010 and submitted

Kevin Fleming
trunk
Reviewers
asterisk-dev
Asterisk
During the devcon after AstriCon 2010, we got a report that using PostgreSQL from within Asterisk, when the PostgreSQL connections are configured to use SSL/TLS to connect to the database server, can cause random crashes and other bizarre behavior. The reporter said this was known to be an issue with some other packages as well (notably Kamailio), and had to do with both Asterisk and the PostgreSQL libraries assuming they "owned" the OpenSSL libraries in the process' memory space, and thus calling initialization code twice (or worse).

This patch addresses this problem by using dynamic linker functionality to *wrap* the real OpenSSL initialization functions (and some other dangerous ones) with versions that don't actually do anything, and then calling the real ones only *one* time during Asterisk startup. To make this work, the SSL functionality that is normally built into the main Asterisk binary now must be built into a dynamic library (libasteriskssl.so), which is installed into the standard dynamic library location on the system (this is *not* an Asterisk loadable module, just a regular dynamic library).

As part of this patch, the usage of ASTLIBDIR throughout the build system to refer to the directory where Asterisk loadable modules are installed was changed to ASTMODDIR (which matches how it is referred to in the source code and in asterisk.conf), and a new definition of ASTLIBDIR was created to point to the system's dynamic library directory.
Compiles and runs on Linux x86-64 with no apparent change in behavior. The Makefile bits to install libasteriskssl.so in the right place will probably have to be checked by Solaris, Darwin and *BSD users to get them right.

Diff revision 1

This is not the most recent revision of the diff. The latest diff is revision 3. See what's changed.

1 2 3
1 2 3

  1. /trunk/Makefile.moddir_rules: Loading...
  2. /trunk/Makefile: Loading...
  3. /trunk/configure.ac: Loading...
  4. /trunk/configure: Loading...
  5. /trunk/makeopts.in: Loading...
  6. /trunk/build_tools/make_defaults_h: Loading...
  7. /trunk/build_tools/mkpkgconfig: Loading...
  8. /trunk/main/Makefile: Loading...
  9. /trunk/main/ssl.c: Loading...
  10. /trunk/main/libasteriskssl.c: Loading...
/trunk/Makefile.moddir_rules
Revision 294735 New Change
1
#
1
#
2
# Asterisk -- A telephony toolkit for Linux.
2
# Asterisk -- A telephony toolkit for Linux.
3
# 
3
# 
4
# Makefile rules for subdirectories containing modules
4
# Makefile rules for subdirectories containing modules
5
#
5
#
6
# Copyright (C) 2006, Digium, Inc.
6
# Copyright (C) 2006, Digium, Inc.
7
#
7
#
8
# Kevin P. Fleming <kpfleming@digium.com>
8
# Kevin P. Fleming <kpfleming@digium.com>
9
#
9
#
10
# This program is free software, distributed under the terms of
10
# This program is free software, distributed under the terms of
11
# the GNU General Public License
11
# the GNU General Public License
12
#
12
#
13

    
   
13

   
14
# Makefile rules for building modules.
14
# Makefile rules for building modules.
15

    
   
15

   
16
# In most cases, we set target-specific variables for certain targets
16
# In most cases, we set target-specific variables for certain targets
17
# (remember that they apply recursively to prerequisites).
17
# (remember that they apply recursively to prerequisites).
18
# Also note that we can only set one variable per rule, so we have to
18
# Also note that we can only set one variable per rule, so we have to
19
# repeat the left hand side to set multiple variables.
19
# repeat the left hand side to set multiple variables.
20

    
   
20

   
21
ifeq ($(findstring LOADABLE_MODULES,$(MENUSELECT_CFLAGS)),)
21
ifeq ($(findstring LOADABLE_MODULES,$(MENUSELECT_CFLAGS)),)
22
  _ASTCFLAGS+=${GC_CFLAGS}
22
  _ASTCFLAGS+=${GC_CFLAGS}
23
endif
23
endif
24

    
   
24

   
25
ifneq ($(findstring STATIC_BUILD,$(MENUSELECT_CFLAGS)),)
25
ifneq ($(findstring STATIC_BUILD,$(MENUSELECT_CFLAGS)),)
26
  STATIC_BUILD=-static
26
  STATIC_BUILD=-static
27
endif
27
endif
28

    
   
28

   
29
include $(ASTTOPDIR)/Makefile.rules
29
include $(ASTTOPDIR)/Makefile.rules
30

    
   
30

   
31
# If MODULE_PREFIX is defined, use it to run the standard functions to set
31
# If MODULE_PREFIX is defined, use it to run the standard functions to set
32
# C_MODS, CC_MODS, LOADABLE_MODS and EMBEDDED_MODS.
32
# C_MODS, CC_MODS, LOADABLE_MODS and EMBEDDED_MODS.
33
# Each word of MODULE_PREFIX is a prefix for filenames that we consider
33
# Each word of MODULE_PREFIX is a prefix for filenames that we consider
34
# valid C or CC modules (eg. app, func ...). Note that the underscore
34
# valid C or CC modules (eg. app, func ...). Note that the underscore
35
# is added here, and does not need to be in MODULE_PREFIX
35
# is added here, and does not need to be in MODULE_PREFIX
36
#
36
#
37
# Use MODULE_EXCLUDE to specify additional modules to exclude.
37
# Use MODULE_EXCLUDE to specify additional modules to exclude.
38

    
   
38

   
39
ifneq ($(MODULE_PREFIX),)
39
ifneq ($(MODULE_PREFIX),)
40
    ALL_C_MODS:=
40
    ALL_C_MODS:=
41
    ALL_CC_MODS:=
41
    ALL_CC_MODS:=
42
    ALL_C_MODS+=$(foreach p,$(MODULE_PREFIX),$(patsubst %.c,%,$(wildcard $(p)_*.c)))
42
    ALL_C_MODS+=$(foreach p,$(MODULE_PREFIX),$(patsubst %.c,%,$(wildcard $(p)_*.c)))
43
    ALL_CC_MODS+=$(foreach p,$(MODULE_PREFIX),$(patsubst %.cc,%,$(wildcard $(p)_*.cc)))
43
    ALL_CC_MODS+=$(foreach p,$(MODULE_PREFIX),$(patsubst %.cc,%,$(wildcard $(p)_*.cc)))
44
endif
44
endif
45
 
45
 
46
C_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_C_MODS))
46
C_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_C_MODS))
47
CC_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_CC_MODS))
47
CC_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_CC_MODS))
48

    
   
48

   
49
ifneq ($(findstring $(MENUSELECT_CATEGORY),$(MENUSELECT_EMBED)),)
49
ifneq ($(findstring $(MENUSELECT_CATEGORY),$(MENUSELECT_EMBED)),)
50
    EMBEDDED_MODS:=$(C_MODS) $(CC_MODS)
50
    EMBEDDED_MODS:=$(C_MODS) $(CC_MODS)
51
else
51
else
52
    LOADABLE_MODS:=$(C_MODS) $(CC_MODS)
52
    LOADABLE_MODS:=$(C_MODS) $(CC_MODS)
53
endif
53
endif
54

    
   
54

   
55
# Both C++ and C++ sources need their module name in AST_MODULE
55
# Both C++ and C++ sources need their module name in AST_MODULE
56
# We also pass whatever _INCLUDE list is generated by menuselect
56
# We also pass whatever _INCLUDE list is generated by menuselect
57
# (they are stored in file 'makeopts'). This is also necessary
57
# (they are stored in file 'makeopts'). This is also necessary
58
# for components used to build modules, which can't be determined
58
# for components used to build modules, which can't be determined
59
# by the rules in this file, so the MOD_ASTCFLAGS definition
59
# by the rules in this file, so the MOD_ASTCFLAGS definition
60
# is used to collect the required flags for a module... which can
60
# is used to collect the required flags for a module... which can
61
# then be used any place they are required.
61
# then be used any place they are required.
62

    
   
62

   
63
MOD_ASTCFLAGS=-DAST_MODULE=\"$(1)\" $(MENUSELECT_OPTS_$(1):%=-D%) $(foreach dep,$(MENUSELECT_DEPENDS_$(1)),$(value $(dep)_INCLUDE))
63
MOD_ASTCFLAGS=-DAST_MODULE=\"$(1)\" $(MENUSELECT_OPTS_$(1):%=-D%) $(foreach dep,$(MENUSELECT_DEPENDS_$(1)),$(value $(dep)_INCLUDE))
64

    
   
64

   
65
$(addsuffix .oo,$(CC_MODS)) $(addsuffix .o,$(C_MODS)):	\
65
$(addsuffix .oo,$(CC_MODS)) $(addsuffix .o,$(C_MODS)):	\
66
	_ASTCFLAGS+=$(call MOD_ASTCFLAGS,$*)
66
	_ASTCFLAGS+=$(call MOD_ASTCFLAGS,$*)
67

    
   
67

   
68
ifeq ($(findstring $(OSARCH), mingw32 cygwin ),)
68
ifeq ($(findstring $(OSARCH), mingw32 cygwin ),)
69
   # don't define -fPIC on mingw32 and cygwin, it is the default
69
   # don't define -fPIC on mingw32 and cygwin, it is the default
70
   $(LOADABLE_MODS:%=%.so): _ASTCFLAGS+=-fPIC
70
   $(LOADABLE_MODS:%=%.so): _ASTCFLAGS+=-fPIC
71
endif
71
endif
72

    
   
72

   
73
# For loadable modules, pass _LIB and _LDFLAGS from menuselect.
73
# For loadable modules, pass _LIB and _LDFLAGS from menuselect.
74
$(LOADABLE_MODS:%=%.so): LIBS+=$(foreach dep,$(MENUSELECT_DEPENDS_$*),$(value $(dep)_LIB))
74
$(LOADABLE_MODS:%=%.so): LIBS+=$(foreach dep,$(MENUSELECT_DEPENDS_$*),$(value $(dep)_LIB))
75
$(LOADABLE_MODS:%=%.so): _ASTLDFLAGS+=$(foreach dep,$(MENUSELECT_DEPENDS_$*),$(value $(dep)_LDFLAGS))
75
$(LOADABLE_MODS:%=%.so): _ASTLDFLAGS+=$(foreach dep,$(MENUSELECT_DEPENDS_$*),$(value $(dep)_LDFLAGS))
76

    
   
76

   
77
$(EMBEDDED_MODS:%=%.o): _ASTCFLAGS+=-DEMBEDDED_MODULE=$*
77
$(EMBEDDED_MODS:%=%.o): _ASTCFLAGS+=-DEMBEDDED_MODULE=$*
78

    
   
78

   
79
$(addsuffix .so,$(filter $(LOADABLE_MODS),$(C_MODS))): %.so: %.o
79
$(addsuffix .so,$(filter $(LOADABLE_MODS),$(C_MODS))): %.so: %.o
80
$(addsuffix .so,$(filter $(LOADABLE_MODS),$(CC_MODS))): %.so: %.oo
80
$(addsuffix .so,$(filter $(LOADABLE_MODS),$(CC_MODS))): %.so: %.oo
81

    
   
81

   
82
modules.link: $(addsuffix .eo,$(filter $(EMBEDDED_MODS),$(C_MODS)))
82
modules.link: $(addsuffix .eo,$(filter $(EMBEDDED_MODS),$(C_MODS)))
83

    
   
83

   
84
.PHONY: clean uninstall _all moduleinfo makeopts
84
.PHONY: clean uninstall _all moduleinfo makeopts
85

    
   
85

   
86
ifneq ($(LOADABLE_MODS),)
86
ifneq ($(LOADABLE_MODS),)
87
_all: $(LOADABLE_MODS:%=%.so)
87
_all: $(LOADABLE_MODS:%=%.so)
88
ifneq ($(findstring $(OSARCH), mingw32 cygwin ),)
88
ifneq ($(findstring $(OSARCH), mingw32 cygwin ),)
89
  # linker options and extra libraries for cygwin
89
  # linker options and extra libraries for cygwin
90
  SOLINK=-Wl,--out-implib=lib$@.a -shared
90
  SOLINK=-Wl,--out-implib=lib$@.a -shared
91
  LIBS+=-L$(ASTTOPDIR)/main -lasterisk -L$(ASTTOPDIR)/res $($@_LIBS)
91
  LIBS+=-L$(ASTTOPDIR)/main -lasterisk -L$(ASTTOPDIR)/res $($@_LIBS)
92
  # additional libraries in res/
92
  # additional libraries in res/
93
endif
93
endif
94
endif
94
endif
95

    
   
95

   
96
ifneq ($(EMBEDDED_MODS),)
96
ifneq ($(EMBEDDED_MODS),)
97
_all: modules.link
97
_all: modules.link
98
__embed_ldscript:
98
__embed_ldscript:
99
	@echo "../$(SUBDIR)/modules.link"
99
	@echo "../$(SUBDIR)/modules.link"
100
__embed_ldflags:
100
__embed_ldflags:
101
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(C_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LDFLAGS))"
101
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(C_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LDFLAGS))"
102
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(CC_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LDFLAGS))"
102
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(CC_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LDFLAGS))"
103
__embed_libs:
103
__embed_libs:
104
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(C_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LIB))"
104
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(C_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LIB))"
105
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(CC_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LIB))"
105
	@echo "$(foreach mod,$(filter $(EMBEDDED_MODS),$(CC_MODS)),$(foreach dep,$(MENUSELECT_DEPENDS_$(mod)),$(dep)_LIB))"
106
else
106
else
107
__embed_ldscript:
107
__embed_ldscript:
108
__embed_ldflags:
108
__embed_ldflags:
109
__embed_libs:
109
__embed_libs:
110
endif
110
endif
111

    
   
111

   
112
modules.link:
112
modules.link:
113
	@rm -f $@
113
	@rm -f $@
114
	@for file in $(patsubst %,$(SUBDIR)/%,$(filter %.eo,$^)); do echo "INPUT (../$${file})" >> $@; done
114
	@for file in $(patsubst %,$(SUBDIR)/%,$(filter %.eo,$^)); do echo "INPUT (../$${file})" >> $@; done
115
	@for file in $(patsubst %,$(SUBDIR)/%,$(filter-out %.eo,$^)); do echo "INPUT (../$${file})" >> $@; done
115
	@for file in $(patsubst %,$(SUBDIR)/%,$(filter-out %.eo,$^)); do echo "INPUT (../$${file})" >> $@; done
116

    
   
116

   
117
clean::
117
clean::
118
	rm -f *.so *.o *.oo *.eo *.i *.ii
118
	rm -f *.so *.o *.oo *.eo *.i *.ii
119
	rm -f .*.d
119
	rm -f .*.d
120
	rm -f *.s *.i
120
	rm -f *.s *.i
121
	rm -f modules.link
121
	rm -f modules.link
122

    
   
122

   
123
install:: all
123
install:: all
124
	@echo "Installing modules from `basename $(CURDIR)`..."
124
	@echo "Installing modules from `basename $(CURDIR)`..."
125
	@for x in $(LOADABLE_MODS:%=%.so); do $(INSTALL) -m 755 $$x $(DESTDIR)$(MODULES_DIR) ; done
125
	@for x in $(LOADABLE_MODS:%=%.so); do $(INSTALL) -m 755 $$x $(DESTDIR)$(ASTMODDIR) ; done
126

    
   
126

   
127
uninstall::
127
uninstall::
128

    
   
128

   
129
dist-clean::
129
dist-clean::
130
	rm -f .*.moduleinfo .moduleinfo
130
	rm -f .*.moduleinfo .moduleinfo
131
	rm -f .*.makeopts .makeopts
131
	rm -f .*.makeopts .makeopts
132
	rm -f *.exports
132
	rm -f *.exports
133

    
   
133

   
134
.%.moduleinfo: %.c
134
.%.moduleinfo: %.c
135
	@echo "<member name=\"$*\" displayname=\"$(shell $(GREP) -e AST_MODULE_INFO $< | head -n 1 | cut -d '"' -f 2)\" remove_on_change=\"$(SUBDIR)/$*.o $(SUBDIR)/$*.so\">" > $@
135
	@echo "<member name=\"$*\" displayname=\"$(shell $(GREP) -e AST_MODULE_INFO $< | head -n 1 | cut -d '"' -f 2)\" remove_on_change=\"$(SUBDIR)/$*.o $(SUBDIR)/$*.so\">" > $@
136
	$(AWK) -f $(ASTTOPDIR)/build_tools/get_moduleinfo $< >> $@
136
	$(AWK) -f $(ASTTOPDIR)/build_tools/get_moduleinfo $< >> $@
137
	echo "</member>" >> $@
137
	echo "</member>" >> $@
138

    
   
138

   
139
.%.moduleinfo: %.cc
139
.%.moduleinfo: %.cc
140
	@echo "<member name=\"$*\" displayname=\"$(shell $(GREP) -e AST_MODULE_INFO $< | head -n 1 | cut -d '"' -f 2)\" remove_on_change=\"$(SUBDIR)/$*.oo $(SUBDIR)/$*.so\">" > $@
140
	@echo "<member name=\"$*\" displayname=\"$(shell $(GREP) -e AST_MODULE_INFO $< | head -n 1 | cut -d '"' -f 2)\" remove_on_change=\"$(SUBDIR)/$*.oo $(SUBDIR)/$*.so\">" > $@
141
	$(AWK) -f $(ASTTOPDIR)/build_tools/get_moduleinfo $< >> $@
141
	$(AWK) -f $(ASTTOPDIR)/build_tools/get_moduleinfo $< >> $@
142
	echo "</member>" >> $@
142
	echo "</member>" >> $@
143

    
   
143

   
144
.moduleinfo:: $(addsuffix .moduleinfo,$(addprefix .,$(ALL_C_MODS) $(ALL_CC_MODS)))
144
.moduleinfo:: $(addsuffix .moduleinfo,$(addprefix .,$(ALL_C_MODS) $(ALL_CC_MODS)))
145
	@echo "<category name=\"MENUSELECT_$(MENUSELECT_CATEGORY)\" displayname=\"$(MENUSELECT_DESCRIPTION)\" remove_on_change=\"$(SUBDIR)/modules.link\">" > $@
145
	@echo "<category name=\"MENUSELECT_$(MENUSELECT_CATEGORY)\" displayname=\"$(MENUSELECT_DESCRIPTION)\" remove_on_change=\"$(SUBDIR)/modules.link\">" > $@
146
	@cat $^ >> $@
146
	@cat $^ >> $@
147
	@echo "</category>" >> $@
147
	@echo "</category>" >> $@
148

    
   
148

   
149
moduleinfo: .moduleinfo
149
moduleinfo: .moduleinfo
150
	@cat $<
150
	@cat $<
151

    
   
151

   
152
.%.makeopts: %.c
152
.%.makeopts: %.c
153
	@$(AWK) -f $(ASTTOPDIR)/build_tools/get_makeopts $< > $@
153
	@$(AWK) -f $(ASTTOPDIR)/build_tools/get_makeopts $< > $@
154

    
   
154

   
155
.%.makeopts: %.cc
155
.%.makeopts: %.cc
156
	@$(AWK) -f $(ASTTOPDIR)/build_tools/get_makeopts $< > $@
156
	@$(AWK) -f $(ASTTOPDIR)/build_tools/get_makeopts $< > $@
157

    
   
157

   
158
.makeopts:: $(addsuffix .makeopts,$(addprefix .,$(ALL_C_MODS) $(ALL_CC_MODS)))
158
.makeopts:: $(addsuffix .makeopts,$(addprefix .,$(ALL_C_MODS) $(ALL_CC_MODS)))
159
	@cat $^ > $@
159
	@cat $^ > $@
160

    
   
160

   
161
makeopts: .makeopts
161
makeopts: .makeopts
162
	@cat $<
162
	@cat $<
163

    
   
163

   
164
ifneq ($(wildcard .*.d),)
164
ifneq ($(wildcard .*.d),)
165
   include .*.d
165
   include .*.d
166
endif
166
endif
/trunk/Makefile
Revision 294735 New Change
 
/trunk/configure.ac
Revision 294735 New Change
 
/trunk/configure
Revision UNKNOWN New Change
 
/trunk/makeopts.in
Revision 294735 New Change
 
/trunk/build_tools/make_defaults_h
Revision 294735 New Change
 
/trunk/build_tools/mkpkgconfig
Revision 294735 New Change
 
/trunk/main/Makefile
Revision 294735 New Change
 
/trunk/main/ssl.c
Revision 294735 New Change
 
/trunk/main/ssl.c
Revision 294683 New Change
 
  1. /trunk/Makefile.moddir_rules: Loading...
  2. /trunk/Makefile: Loading...
  3. /trunk/configure.ac: Loading...
  4. /trunk/configure: Loading...
  5. /trunk/makeopts.in: Loading...
  6. /trunk/build_tools/make_defaults_h: Loading...
  7. /trunk/build_tools/mkpkgconfig: Loading...
  8. /trunk/main/Makefile: Loading...
  9. /trunk/main/ssl.c: Loading...
  10. /trunk/main/libasteriskssl.c: Loading...

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.