switch_core_cert.c File Reference

#include <switch.h>
#include <switch_ssl.h>

Include dependency graph for switch_core_cert.c:

Go to the source code of this file.

Functions
static void	switch_ssl_ssl_lock_callback (int mode, int type, char *file, int line)
static unsigned long	switch_ssl_ssl_thread_id (void)
void	switch_ssl_init_ssl_locks (void)
void	switch_ssl_destroy_ssl_locks (void)
static const EVP_MD *	get_evp_by_name (const char *name)
int	switch_core_cert_verify (dtls_fingerprint_t *fp)
int	switch_core_cert_expand_fingerprint (dtls_fingerprint_t *fp, const char *str)
int	switch_core_cert_extract_fingerprint (X509 *x509, dtls_fingerprint_t *fp)
int	switch_core_cert_gen_fingerprint (const char *prefix, dtls_fingerprint_t *fp)
static int	mkcert (X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
int	switch_core_gen_certs (const char *prefix)

Variables
static switch_mutex_t **	ssl_mutexes
static switch_memory_pool_t *	ssl_pool = NULL
static int	ssl_count = 0

Function Documentation

static const EVP_MD* get_evp_by_name ( const char *  name )

static

Definition at line 96 of file switch_core_cert.c.

Referenced by switch_core_cert_extract_fingerprint().

{
        if (!strcasecmp(name, "md5")) return EVP_md5();
        if (!strcasecmp(name, "sha1")) return EVP_sha1();
        if (!strcasecmp(name, "sha-1")) return EVP_sha1();
        if (!strcasecmp(name, "sha-256")) return EVP_sha256();
        if (!strcasecmp(name, "sha-512")) return EVP_sha512();

        return NULL;
}

static int mkcert ( X509 **  x509p, EVP_PKEY **  pkeyp, int  bits, int  serial, int  days  )

static

Definition at line 336 of file switch_core_cert.c.

References switch_cache_db_handle::name, and switch_assert.

Referenced by switch_core_gen_certs().

{
        X509 *x;
        EVP_PKEY *pk;
        RSA *rsa;
        X509_NAME *name=NULL;
        
        switch_assert(pkeyp);
        switch_assert(x509p);

        if (*pkeyp == NULL) {
                if ((pk = EVP_PKEY_new()) == NULL) {
                        abort(); 
                }
        } else {
                pk = *pkeyp;
        }

        if (*x509p == NULL) {
                if ((x = X509_new()) == NULL) {
                        goto err;
                }
        } else {
                x = *x509p;
        }

        rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);

        if (!EVP_PKEY_assign_RSA(pk, rsa)) {
                abort();
                goto err;
        }

        rsa = NULL;

        X509_set_version(x, 0);
        ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
        X509_gmtime_adj(X509_get_notBefore(x), -(long)60*60*24*7);
        X509_gmtime_adj(X509_get_notAfter(x), (long)60*60*24*days);
        X509_set_pubkey(x, pk);

        name = X509_get_subject_name(x);

        /* This function creates and adds the entry, working out the
         * correct string type and performing checks on its length.
         * Normally we'd check the return value for errors...
         */
        X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)"US", -1, -1, 0);
        X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)"FreeSWITCH", -1, -1, 0);
                                                           

        /* Its self signed so set the issuer name to be the same as the
         * subject.
         */
        X509_set_issuer_name(x, name);

        if (!X509_sign(x, pk, EVP_sha1()))
                goto err;

        *x509p = x;
        *pkeyp = pk;
        return(1);
 err:
        return(0);
}

int switch_core_cert_expand_fingerprint	(	dtls_fingerprint_t *	fp,
		const char *	str
	)

Definition at line 152 of file switch_core_cert.c.

References MAX_FPLEN.

Referenced by switch_rtp_add_dtls().

{
        char *tmp = strdup(str);
        char *p = tmp;
        int i = 0;
        char *v;

        while ((v = strsep(&p, ":")) && (i != (MAX_FPLEN - 1))) {
                sscanf(v, "%02x", (uint32_t *) &fp->data[i++]);
        }
        
        free(tmp);

        return i;
}

int switch_core_cert_extract_fingerprint	(	X509 *	x509,
		dtls_fingerprint_t *	fp
	)

Definition at line 168 of file switch_core_cert.c.

References get_evp_by_name(), SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, and switch_log_printf().

Referenced by dtls_state_setup(), and switch_core_cert_gen_fingerprint().

{
        const EVP_MD *evp;
        unsigned int i, j;

        evp = get_evp_by_name(fp->type);
        
        if (X509_digest(x509, evp, fp->data, &fp->len) != 1 ||  fp->len <= 0) {
                switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "FP DIGEST ERR!\n");
                return -1;
        }

        for (i = 0, j = 0; i < fp->len; ++i, j += 3){
                sprintf((char*)&fp->str[j], (i == (fp->len - 1)) ? "%.2X" : "%.2X:", fp->data[i]);
        }
        *(&fp->str[fp->len * 3]) = '\0';

        return 0;
        
}

int switch_core_cert_gen_fingerprint	(	const char *	prefix,
		dtls_fingerprint_t *	fp
	)

Definition at line 189 of file switch_core_cert.c.

References switch_directories::certs_dir, SWITCH_CHANNEL_LOG, switch_core_cert_extract_fingerprint(), switch_file_exists(), SWITCH_GLOBAL_dirs, SWITCH_LOG_ERROR, switch_log_printf(), switch_mprintf(), SWITCH_PATH_SEPARATOR, and SWITCH_STATUS_SUCCESS.

Referenced by generate_local_fingerprint().

{
        X509* x509 = NULL;
        BIO* bio = NULL;
        int ret = 0;
        char *rsa;

        rsa = switch_mprintf("%s%s%s.pem", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);

        if (switch_file_exists(rsa, NULL) != SWITCH_STATUS_SUCCESS) {
                free(rsa);
                rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
        }

        if (!(bio = BIO_new(BIO_s_file()))) {
                switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "FP BIO ERR!\n");
                goto end;
        }
        
        if (BIO_read_filename(bio, rsa) != 1) {
                switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "FP FILE ERR!\n");
                goto end;
        }

        if (!(x509 = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
                switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "FP READ ERR!\n");
                goto end;
        }

        switch_core_cert_extract_fingerprint(x509, fp);
        
        ret = 1;

 end:

        if (bio) {
                BIO_free_all(bio);
        }

        if (x509) {
                X509_free(x509);
        }

        free(rsa);
        
        return ret;
}

int switch_core_cert_verify

(

dtls_fingerprint_t *

fp

)

Definition at line 133 of file switch_core_cert.c.

References MAX_FPLEN.

Referenced by dtls_state_setup().

{
        unsigned char fdata[MAX_FPLEN] = { 0 };
        char *tmp = strdup(fp->str);
        char *p = tmp;
        int i = 0;
        char *v;

        while ((v = strsep(&p, ":")) && (i != (MAX_FPLEN - 1))) {
                sscanf(v, "%02x", (uint32_t *) &fdata[i++]);
        }
        
        free(tmp);

        i = !memcmp(fdata, fp->data, i);

        return i;
}

int switch_core_gen_certs

(

const char *

prefix

)

Definition at line 240 of file switch_core_cert.c.

References switch_directories::certs_dir, mkcert(), switch_file_exists(), SWITCH_GLOBAL_dirs, switch_is_file_path(), switch_mprintf(), SWITCH_PATH_SEPARATOR, switch_safe_free, SWITCH_STATUS_SUCCESS, and switch_stristr().

Referenced by switch_core_media_init().

{
        //BIO *bio_err;
        X509 *x509 = NULL;
        EVP_PKEY *pkey = NULL;
        char *rsa = NULL, *pvt = NULL;
        FILE *fp;
        char *pem = NULL;

        if (switch_stristr(".pem", prefix)) {

                if (switch_is_file_path(prefix)) {
                        pem = strdup(prefix);
                } else {
                        pem = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
                }

                if (switch_file_exists(pem, NULL) == SWITCH_STATUS_SUCCESS) {
                        goto end;
                }
        } else {
                if (switch_is_file_path(prefix)) {
                        pvt = switch_mprintf("%s.key", prefix);
                        rsa = switch_mprintf("%s.crt", prefix);
                } else {
                        pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
                        rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
                }

                if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) {
                        goto end;
                }
        }

        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
                
        //bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
                
        mkcert(&x509, &pkey, 1024, 0, 36500);

        //RSA_print_fp(stdout, pkey->pkey.rsa, 0);
        //X509_print_fp(stdout, x509);

        if (pem) {
                if ((fp = fopen(pem, "w"))) {
                        PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
                        PEM_write_X509(fp, x509);
                        fclose(fp);
                }

        } else {
                if (pvt && (fp = fopen(pvt, "w"))) {
                        PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
                        fclose(fp);
                }
                
                if (rsa && (fp = fopen(rsa, "w"))) {
                        PEM_write_X509(fp, x509);
                        fclose(fp);
                }
        }

        X509_free(x509);
        EVP_PKEY_free(pkey);

#ifndef OPENSSL_NO_ENGINE
        ENGINE_cleanup();
#endif
        CRYPTO_cleanup_all_ex_data();

        //CRYPTO_mem_leaks(bio_err);
        //BIO_free(bio_err);


 end:

        switch_safe_free(pvt);
        switch_safe_free(rsa);
        switch_safe_free(pem);

        return(0);
}

void switch_ssl_destroy_ssl_locks

(

void

)

Definition at line 79 of file switch_core_cert.c.

References ssl_count, ssl_mutexes, and switch_mutex_destroy().

Referenced by switch_core_destroy().

{
        int i;

        if (ssl_count == 1) {
                CRYPTO_set_locking_callback(NULL);
                for (i = 0; i < CRYPTO_num_locks(); i++) {
                        if (ssl_mutexes[i]) {
                                switch_mutex_destroy(ssl_mutexes[i]);
                        }
                }

                OPENSSL_free(ssl_mutexes);
                ssl_count--;
        }
}

void switch_ssl_init_ssl_locks

(

void

)

Definition at line 54 of file switch_core_cert.c.

References ssl_count, ssl_mutexes, ssl_pool, switch_assert, switch_core_new_memory_pool, switch_mutex_init(), SWITCH_MUTEX_NESTED, switch_ssl_ssl_lock_callback(), and switch_ssl_ssl_thread_id().

Referenced by switch_core_init().

{

        int i, num;

        if (ssl_count == 0) {
                num = CRYPTO_num_locks();
                
                ssl_mutexes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(switch_mutex_t*));
                switch_assert(ssl_mutexes != NULL);

                switch_core_new_memory_pool(&ssl_pool);

                for (i = 0; i < num; i++) {
                        switch_mutex_init(&(ssl_mutexes[i]), SWITCH_MUTEX_NESTED, ssl_pool);
                        switch_assert(ssl_mutexes[i] != NULL);
                }

                CRYPTO_set_id_callback(switch_ssl_ssl_thread_id);
                CRYPTO_set_locking_callback((void (*)(int, int, const char*, int))switch_ssl_ssl_lock_callback);
        }

        ssl_count++;
}

static void switch_ssl_ssl_lock_callback ( int  mode, int  type, char *  file, int  line  )

inlinestatic

Definition at line 39 of file switch_core_cert.c.

References ssl_mutexes, switch_mutex_lock(), and switch_mutex_unlock().

Referenced by switch_ssl_init_ssl_locks().

{
        if (mode & CRYPTO_LOCK) {
                switch_mutex_lock(ssl_mutexes[type]);
        }
        else {
                switch_mutex_unlock(ssl_mutexes[type]);
        }
}

static unsigned long switch_ssl_ssl_thread_id ( void  )

inlinestatic

Definition at line 49 of file switch_core_cert.c.

References switch_thread_self().

Referenced by switch_ssl_init_ssl_locks().

{
        return (unsigned long) switch_thread_self();
}

Variable Documentation

int ssl_count = 0

static

Definition at line 37 of file switch_core_cert.c.

Referenced by switch_ssl_destroy_ssl_locks(), and switch_ssl_init_ssl_locks().

switch_mutex_t** ssl_mutexes

static

Definition at line 35 of file switch_core_cert.c.

Referenced by switch_ssl_destroy_ssl_locks(), switch_ssl_init_ssl_locks(), and switch_ssl_ssl_lock_callback().

switch_memory_pool_t* ssl_pool = NULL

static

Definition at line 36 of file switch_core_cert.c.

Referenced by switch_ssl_init_ssl_locks().