tls: sanitization of log macros

src/modules/tls/fixed_c_zlib.h

@@ -1,8 +1,8 @@
 /*
  * TLS module
- * 
+ *
  * This file contains modified zlib compression functions
- * originally part of crypto/comp/c_zlib.c from the openssl library 
+ * originally part of crypto/comp/c_zlib.c from the openssl library
  * (version 0.9.8a).
  * It's distributed under the same license as OpenSSL.
  *
@@ -15,15 +15,15 @@
  * Module: \ref tls
  *
  * This file contains modified zlib compression functions
- * originally part of crypto/comp/c_zlib.c from the openssl library 
+ * originally part of crypto/comp/c_zlib.c from the openssl library
  * (version 0.9.8a).
  *
- * The changes are: 
+ * The changes are:
  *   - proper zalloc and zfree initialization for the zlib compression
  *     methods (use OPENSSL_malloc & OPENSSL_free to construct zalloc/zfree)
  *   - zlib_stateful_ex_idx is now a macro, a pointer to int is alloc'ed now
- *    on init and zlib_stateful_ex_idx is now the contents of this pointer 
- *    (deref). This allows using compression from different processes (if 
+ *    on init and zlib_stateful_ex_idx is now the contents of this pointer
+ *    (deref). This allows using compression from different processes (if
  *    the OPENSSL_malloc's are initialized previously to a shared mem. using
  *    version).
  *  -- andrei
@@ -46,7 +46,7 @@
 static void* comp_calloc(void* foo, unsigned int no, unsigned int size)
 {
 	void *p;
-	
+
 	p=OPENSSL_malloc(no*size);
 	if (p)
 		memset(p, 0, no*size);
@@ -64,9 +64,9 @@ static void comp_free(void* foo, void* p)
 static int zlib_stateful_init(COMP_CTX *ctx);
 static void zlib_stateful_finish(COMP_CTX *ctx);
 static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
+		unsigned int olen, unsigned char *in, unsigned int ilen);
 static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
+		unsigned int olen, unsigned char *in, unsigned int ilen);
 
 
 static COMP_METHOD zlib_method={
@@ -78,20 +78,20 @@ static COMP_METHOD zlib_method={
 	zlib_stateful_expand_block,
 	NULL,
 	NULL,
-	};
+};
 
 
 struct zlib_state
-	{
+{
 	z_stream istream;
 	z_stream ostream;
-	};
+};
 
-static int* pzlib_stateful_ex_idx = 0; 
+static int* pzlib_stateful_ex_idx = 0;
 #define zlib_stateful_ex_idx (*pzlib_stateful_ex_idx)
 
 static void zlib_stateful_free_ex_data(void *obj, void *item,
-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp);
+		CRYPTO_EX_DATA *ad, int ind,long argl, void *argp);
 
 int fixed_c_zlib_init()
 {
@@ -103,7 +103,7 @@ int fixed_c_zlib_init()
 			CRYPTO_w_lock(CRYPTO_LOCK_COMP);
 			zlib_stateful_ex_idx =
 				CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-					0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
 			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
 			return 0;
 		} else return -1;
@@ -114,20 +114,21 @@ int fixed_c_zlib_init()
 
 
 static void zlib_stateful_free_ex_data(void *obj, void *item,
-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
-	{
+		CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
+{
 	struct zlib_state *state = (struct zlib_state *)item;
 	if (state)
-		{
-			inflateEnd(&state->istream);
-			deflateEnd(&state->ostream);
-			OPENSSL_free(state);
-		}
-	else LOG(L_CRIT, "WARNING: zlib_stateful_free_ex(%p, %p, %p, %d, %ld, %p)" ": cannot free, null item/state\n", obj, item, ad, ind, argl, argp);
+	{
+		inflateEnd(&state->istream);
+		deflateEnd(&state->ostream);
+		OPENSSL_free(state);
 	}
+	else LM_CRIT("WARNING: zlib_stateful_free_ex(%p, %p, %p, %d, %ld, %p)"
+			": cannot free, null item/state\n", obj, item, ad, ind, argl, argp);
+}
 
 static int zlib_stateful_init(COMP_CTX *ctx)
-	{
+{
 	int err;
 	struct zlib_state *state =
 		(struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
@@ -146,7 +147,7 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 	state->istream.avail_in = 0;
 	state->istream.avail_out = 0;
 	err = inflateInit_(&state->istream,
-		ZLIB_VERSION, sizeof(z_stream));
+			ZLIB_VERSION, sizeof(z_stream));
 	if (err != Z_OK)
 		goto err;
 	inflate_init=1;
@@ -159,7 +160,7 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 	state->ostream.avail_in = 0;
 	state->ostream.avail_out = 0;
 	err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION,
-		ZLIB_VERSION, sizeof(z_stream));
+			ZLIB_VERSION, sizeof(z_stream));
 	if (err != Z_OK)
 		goto err;
 	deflate_init=1;
@@ -167,16 +168,16 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data))
 		goto err;
 	if (zlib_stateful_ex_idx == -1)
-		{
+	{
 		CRYPTO_w_lock(CRYPTO_LOCK_COMP);
 		if (zlib_stateful_ex_idx == -1)
 			zlib_stateful_ex_idx =
 				CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-					0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
 		CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
 		if (zlib_stateful_ex_idx == -1)
 			goto err_ex_data;
-		}
+	}
 	if (!CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state))
 		goto err_ex_data;
 	return 1;
@@ -186,26 +187,26 @@ err:
 	if (state){
 		/* ctx->ex_data freed from outside */
 		if (inflate_init)
-				inflateEnd(&state->istream);
+			inflateEnd(&state->istream);
 		if (deflate_init)
-				deflateEnd(&state->ostream);
+			deflateEnd(&state->ostream);
 		OPENSSL_free(state);
 	}
 	return 0;
-	}
+}
 
 static void zlib_stateful_finish(COMP_CTX *ctx)
-	{
+{
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
-	}
+}
 
 static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
+		unsigned int olen, unsigned char *in, unsigned int ilen)
+{
 	int err = Z_OK;
 	struct zlib_state *state =
 		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
+				zlib_stateful_ex_idx);
 
 	if (state == NULL)
 		return -1;
@@ -220,20 +221,20 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
 		return -1;
 #ifdef DEBUG_ZLIB
 	fprintf(stderr,"compress(%4d)->%4d %s\n",
-		ilen,olen - state->ostream.avail_out,
-		(ilen != olen - state->ostream.avail_out)?"zlib":"clear");
+			ilen,olen - state->ostream.avail_out,
+			(ilen != olen - state->ostream.avail_out)?"zlib":"clear");
 #endif
 	return olen - state->ostream.avail_out;
-	}
+}
 
 static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
+		unsigned int olen, unsigned char *in, unsigned int ilen)
+{
 	int err = Z_OK;
 
 	struct zlib_state *state =
 		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
+				zlib_stateful_ex_idx);
 
 	if (state == NULL)
 		return 0;
@@ -248,10 +249,10 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
 		return -1;
 #ifdef DEBUG_ZLIB
 	fprintf(stderr,"expand(%4d)->%4d %s\n",
-		ilen,olen - state->istream.avail_out,
-		(ilen != olen - state->istream.avail_out)?"zlib":"clear");
+			ilen,olen - state->istream.avail_out,
+			(ilen != olen - state->istream.avail_out)?"zlib":"clear");
 #endif
 	return olen - state->istream.avail_out;
-	}
+}
 
 #endif /* TLS_FIX_ZLIB_COMPRESSION */

src/modules/tls/tls_init.c

@@ -77,7 +77,7 @@ static int tls_mod_initialized = 0;
  * (the openssl zlib compression uses the wrong malloc, see
  *  openssl #1468): 0.9.8-dev < version  <0.9.8e-beta1 */
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L  /* 0.9.8-dev */ && \
-		OPENSSL_VERSION_NUMBER <  0x00908051L  /* 0.9.8.e-beta1 */
+							  OPENSSL_VERSION_NUMBER <  0x00908051L  /* 0.9.8.e-beta1 */
 #    ifndef OPENSSL_NO_COMP
 #        warning "openssl zlib compression bug workaround enabled"
 #    endif
@@ -88,10 +88,10 @@ static int tls_mod_initialized = 0;
 #ifdef TLS_KSSL_WORKARROUND
 #if OPENSSL_VERSION_NUMBER < 0x00908050L
 #	warning "openssl lib compiled with kerberos support which introduces a bug\
- (wrong malloc/free used in kssl.c) -- attempting workaround"
+	(wrong malloc/free used in kssl.c) -- attempting workaround"
 #	warning "NOTE: if you don't link libssl staticaly don't try running the \
-compiled code on a system with a differently compiled openssl (it's safer \
-to compile on the  _target_ system)"
+	compiled code on a system with a differently compiled openssl (it's safer \
+			to compile on the  _target_ system)"
 #endif /* OPENSSL_VERSION_NUMBER */
 #endif /* TLS_KSSL_WORKARROUND */
 
@@ -216,8 +216,8 @@ static void* ser_malloc(size_t size, const char* file, int line)
 		/* ugly hack: keep the bt inside the alloc'ed fragment */
 		p=_shm_malloc(size+s, file, "via ser_malloc", line);
 		if (p==0){
-			LOG(L_CRIT, "tsl: ser_malloc(%d)[%s:%d]==null, bt: %s\n",
-						size, file, line, bt_buf);
+			LM_CRIT("tls - ser_malloc(%d)[%s:%d]==null, bt: %s\n",
+					size, file, line, bt_buf);
 		}else{
 			memcpy(p+size, bt_buf, s);
 			((struct qm_frag*)((char*)p-sizeof(struct qm_frag)))->func=
@@ -227,8 +227,7 @@ static void* ser_malloc(size_t size, const char* file, int line)
 	}else{
 		p=0;
 		backtrace2str(bt_buf, sizeof(bt_buf));
-		LOG(L_CRIT, "tsl: random ser_malloc(%d)[%s:%d]"
-				" returning null - bt: %s\n",
+		LM_CRIT("tls - random ser_malloc(%d)[%s:%d] returning null - bt: %s\n",
 				size, file, line, bt_buf);
 	}
 #endif
@@ -252,7 +251,7 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
 		s=backtrace2str(bt_buf, sizeof(bt_buf));
 		p=_shm_realloc(ptr, size+s, file, "via ser_realloc", line);
 		if (p==0){
-			LOG(L_CRIT, "tsl: ser_realloc(%p, %d)[%s:%d]==null, bt: %s\n",
+			LM_CRIT("tls - ser_realloc(%p, %d)[%s:%d]==null, bt: %s\n",
 					ptr, size, file, line, bt_buf);
 		}else{
 			memcpy(p+size, bt_buf, s);
@@ -263,9 +262,9 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
 	}else{
 		p=0;
 		backtrace2str(bt_buf, sizeof(bt_buf));
-		LOG(L_CRIT, "tsl: random ser_realloc(%p, %d)[%s:%d]"
-					" returning null - bt: %s\n", ptr, size, file, line,
-					bt_buf);
+		LM_CRIT("tls - random ser_realloc(%p, %d)[%s:%d]"
+				" returning null - bt: %s\n", ptr, size, file, line,
+				bt_buf);
 	}
 #endif
 	return p;
@@ -282,7 +281,7 @@ static void* ser_malloc(size_t size)
 
 static void* ser_realloc(void *ptr, size_t size)
 {
-		return shm_realloc(ptr, size);
+	return shm_realloc(ptr, size);
 }
 #else
 static void* ser_malloc(size_t size, const char *fname, int fline)
@@ -293,7 +292,7 @@ static void* ser_malloc(size_t size, const char *fname, int fline)
 
 static void* ser_realloc(void *ptr, size_t size, const char *fname, int fline)
 {
-		return shm_realloc(ptr, size);
+	return shm_realloc(ptr, size);
 }
 #endif
 
@@ -304,7 +303,8 @@ static void ser_free(void *ptr)
 {
 	/* The memory functions provided to openssl needs to behave like standard
 	 * memory functions, i.e. free(). Therefore, ser_free must accept NULL
-	 * pointers, see: http://openssl.6102.n7.nabble.com/Custom-free-routine-is-invoked-with-NULL-argument-in-openssl-1-0-1-td25937.html
+	 * pointers, see:
+	 * http://openssl.6102.n7.nabble.com/Custom-free-routine-is-invoked-with-NULL-argument-in-openssl-1-0-1-td25937.html
 	 * As shm_free() aborts on null pointers, we have to check for null pointer
 	 * here in the wrapper function.
 	 */
@@ -333,8 +333,8 @@ int tls_h_init_si(struct socket_info *si)
 	 */
 	ret = tcp_init(si);
 	if (ret != 0) {
-		ERR("Error while initializing TCP part of TLS socket %.*s:%d\n",
-			si->address_str.len, si->address_str.s, si->port_no);
+		LM_ERR("Error while initializing TCP part of TLS socket %.*s:%d\n",
+				si->address_str.len, si->address_str.s, si->port_no);
 		goto error;
 	}
 
@@ -490,11 +490,11 @@ static int init_tls_compression(void)
 #	endif
 	comp_methods = SSL_COMP_get_compression_methods();
 	if (comp_methods == 0) {
-		LOG(L_INFO, "tls: init_tls: compression support disabled in the"
-					" openssl lib\n");
+		LM_INFO("compression support disabled in the"
+				" openssl lib\n");
 		goto end; /* nothing to do, exit */
 	} else if (cfg_get(tls, tls_cfg, disable_compression)){
-		LOG(L_INFO, "tls: init_tls: disabling compression...\n");
+		LM_INFO("disabling compression...\n");
 		sk_SSL_COMP_zero(comp_methods);
 	}else{
 		ssl_version=SSLeay();
@@ -510,10 +510,10 @@ static int init_tls_compression(void)
 			zlib_comp = 0;
 			for (r = 0; r < n; r++) {
 				zlib_comp = sk_SSL_COMP_value(comp_methods, r);
-				DBG("tls: init_tls: found compression method %p id %d\n",
+				LM_DBG("found compression method %p id %d\n",
 						zlib_comp, zlib_comp->id);
 				if (zlib_comp->id == SSL_COMP_ZLIB_IDX) {
-					DBG("tls: init_tls: found zlib compression (%d)\n",
+					LM_DBG("found zlib compression (%d)\n",
 							SSL_COMP_ZLIB_IDX);
 					break /* found */;
 				} else {
@@ -521,16 +521,15 @@ static int init_tls_compression(void)
 				}
 			}
 			if (zlib_comp == 0) {
-				LOG(L_INFO, "tls: init_tls: no openssl zlib compression "
-							"found\n");
+				LM_INFO("no openssl zlib compression found\n");
 			}else{
-				LOG(L_WARN, "tls: init_tls: detected openssl lib with "
-							"known zlib compression bug: \"%s\" (0x%08lx)\n",
-							SSLeay_version(SSLEAY_VERSION), ssl_version);
+				LM_WARN("detected openssl lib with "
+						"known zlib compression bug: \"%s\" (0x%08lx)\n",
+						SSLeay_version(SSLEAY_VERSION), ssl_version);
 #	ifdef TLS_FIX_ZLIB_COMPRESSION
-				LOG(L_WARN, "tls: init_tls: enabling openssl zlib compression "
-							"bug workaround (replacing zlib COMP method with "
-							"our own version)\n");
+				LM_WARN("enabling openssl zlib compression "
+						"bug workaround (replacing zlib COMP method with "
+						"our own version)\n");
 				/* hack: make sure that the CRYPTO_EX_INDEX_COMP class is empty
 				 * and it does not contain any free_ex_data from the
 				 * built-in zlib. This can happen if the current openssl
@@ -543,7 +542,7 @@ static int init_tls_compression(void)
 				CRYPTO_cleanup_all_ex_data();
 
 				if (fixed_c_zlib_init() != 0) {
-					LOG(L_CRIT, "tls: init_tls: BUG: failed to initialize zlib"
+					LM_CRIT("BUG: failed to initialize zlib"
 							" compression fix, disabling compression...\n");
 					sk_SSL_COMP_zero(comp_methods); /* delete compression */
 					goto end;
@@ -551,8 +550,7 @@ static int init_tls_compression(void)
 				/* "fix" it */
 				zlib_comp->method = &zlib_method;
 #	else
-				LOG(L_WARN, "tls: init_tls: disabling openssl zlib "
-							"compression \n");
+				LM_WARN("disabling openssl zlib compression \n");
 				zlib_comp=sk_SSL_COMP_delete(comp_methods, r);
 				if (zlib_comp)
 					OPENSSL_free(zlib_comp);
@@ -592,11 +590,12 @@ int tls_pre_init(void)
 #else
 	if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
 #endif
-		ERR("Unable to set the memory allocation functions\n");
+		LM_ERR("Unable to set the memory allocation functions\n");
 		CRYPTO_get_mem_functions(&mf, &rf, &ff);
-		ERR("libssl current mem functions - m: %p r: %p f: %p\n", mf, rf, ff);
-		ERR("Be sure tls module is loaded before any other module using libssl"
-				" (can be loaded first to be safe)\n");
+		LM_ERR("libssl current mem functions - m: %p r: %p f: %p\n",
+					mf, rf, ff);
+		LM_ERR("Be sure tls module is loaded before any other module using"
+				" libssl (can be loaded first to be safe)\n");
 		return -1;
 	}
 
@@ -618,7 +617,7 @@ int tls_mod_pre_init_h(void)
 		LM_DBG("already mod pre-initialized\n");
 		return 0;
 	}
-	DBG("preparing tls env for modules initialization\n");
+	LM_DBG("preparing tls env for modules initialization\n");
 	SSL_library_init();
 	SSL_load_error_strings();
 	tls_mod_preinitialized=1;
@@ -649,10 +648,10 @@ int init_tls_h(void)
 		LM_DBG("already initialized\n");
 		return 0;
 	}
-	DBG("initializing tls system\n");
+	LM_DBG("initializing tls system\n");
 
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
-	WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
+	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
 #endif
 	ssl_version=SSLeay();
 	/* check if version have the same major minor and fix level
@@ -660,22 +659,22 @@ int init_tls_h(void)
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
 	 *   0x00090705f == 0.9.7e release */
 	if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){
-		LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library "
-				"version is too different from the library the Kamailio tls module "
-				"was compiled with: installed \"%s\" (0x%08lx), compiled "
-				"\"%s\" (0x%08lx).\n"
+		LM_CRIT("installed openssl library"
+				" version is too different from the library the " NAME " tls"
+				" module was compiled with: installed \"%s\" (0x%08lx),"
+				" compiled \"%s\" (0x%08lx).\n"
 				" Please make sure a compatible version is used"
 				" (tls_force_run in kamailio.cfg will override this check)\n",
 				SSLeay_version(SSLEAY_VERSION), ssl_version,
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
 		if (cfg_get(tls, tls_cfg, force_run))
-			LOG(L_WARN, "tls: init_tls_h: tls_force_run turned on, ignoring "
-						" openssl version mismatch\n");
+			LM_WARN("tls_force_run turned on, ignoring "
+					" openssl version mismatch\n");
 		else
 			return -1; /* safer to exit */
 	}
 
-/* check kerberos support using compile flags only for version < 1.1.0 */
+	/* check kerberos support using compile flags only for version < 1.1.0 */
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
 
 #ifdef TLS_KERBEROS_SUPPORT
@@ -702,51 +701,51 @@ int init_tls_h(void)
 		if (strstr(lib_cflags, "-DKRB5_"))
 			lib_kerberos=1;
 	}
-	LOG(L_INFO, "tls: _init_tls_h:  compiled  with  openssl  version "
-				"\"%s\" (0x%08lx), kerberos support: %s, compression: %s\n",
-				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER,
-				kerberos_support?"on":"off", comp_support?"on":"off");
-	LOG(L_INFO, "tls: init_tls_h: installed openssl library version "
-				"\"%s\" (0x%08lx), kerberos support: %s, "
-				" zlib compression: %s"
-				"\n %s\n",
-				SSLeay_version(SSLEAY_VERSION), ssl_version,
-				(lib_kerberos==1)?"on":(lib_kerberos==0)?"off":"unknown",
-				(lib_zlib==1)?"on":(lib_zlib==0)?"off":"unknown",
-				SSLeay_version(SSLEAY_CFLAGS));
+	LM_INFO("compiled  with  openssl  version "
+			"\"%s\" (0x%08lx), kerberos support: %s, compression: %s\n",
+			OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER,
+			kerberos_support?"on":"off", comp_support?"on":"off");
+	LM_INFO("installed openssl library version "
+			"\"%s\" (0x%08lx), kerberos support: %s, "
+			" zlib compression: %s"
+			"\n %s\n",
+			SSLeay_version(SSLEAY_VERSION), ssl_version,
+			(lib_kerberos==1)?"on":(lib_kerberos==0)?"off":"unknown",
+			(lib_zlib==1)?"on":(lib_zlib==0)?"off":"unknown",
+			SSLeay_version(SSLEAY_CFLAGS));
 	if (lib_kerberos!=kerberos_support){
 		if (lib_kerberos!=-1){
-			LOG(L_CRIT, "ERROR: tls: init_tls_h: openssl compile options"
-						" mismatch: library has kerberos support"
-						" %s and Kamailio tls %s (unstable configuration)\n"
-						" (tls_force_run in kamailio.cfg will override this"
-						" check)\n",
-						lib_kerberos?"enabled":"disabled",
-						kerberos_support?"enabled":"disabled"
-				);
+			LM_CRIT("openssl compile options"
+					" mismatch: library has kerberos support"
+					" %s and Kamailio tls %s (unstable configuration)\n"
+					" (tls_force_run in " NAME ".cfg will override this"
+					" check)\n",
+					lib_kerberos?"enabled":"disabled",
+					kerberos_support?"enabled":"disabled"
+			   );
 			if (cfg_get(tls, tls_cfg, force_run))
-				LOG(L_WARN, "tls: init_tls_h: tls_force_run turned on, "
+				LM_WARN("tls_force_run turned on, "
 						"ignoring kerberos support mismatch\n");
 			else
 				return -1; /* exit, is safer */
 		}else{
-			LOG(L_WARN, "WARNING: tls: init_tls_h: openssl  compile options"
-						" missing -- cannot detect if kerberos support is"
-						" enabled. Possible unstable configuration\n");
+			LM_WARN("openssl  compile options"
+					" missing -- cannot detect if kerberos support is"
+					" enabled. Possible unstable configuration\n");
 		}
 	}
 
-	#ifdef TLS_KSSL_WORKARROUND
+#ifdef TLS_KSSL_WORKARROUND
 	/* if openssl compiled with kerberos support, and openssl < 0.9.8e-dev
 	 * or openssl between 0.9.9-dev and 0.9.9-beta1 apply workaround for
 	 * openssl bug #1467 */
 	if (ssl_version < 0x00908050L ||
 			(ssl_version >= 0x00909000L && ssl_version < 0x00909001L)){
 		openssl_kssl_malloc_bug=1;
-		LOG(L_WARN, "tls: init_tls_h: openssl kerberos malloc bug detected, "
-			" kerberos support will be disabled...\n");
+		LM_WARN("openssl kerberos malloc bug detected, "
+				" kerberos support will be disabled...\n");
 	}
-	#endif
+#endif
 
 #endif /* libssl version < 1.1.0 (OPENSSL_VERSION_NUMBER < 0x010100000L) */
 
@@ -764,16 +763,17 @@ int init_tls_h(void)
 	}else
 		low_mem_threshold2*=1024; /* KB */
 	if ((low_mem_threshold1==0) || (low_mem_threshold2==0))
-		LOG(L_WARN, "tls: openssl bug #1491 (crash/mem leaks on low memory)"
-					" workarround disabled\n");
+	:w
+	 LM_WARN("tls: openssl bug #1491 (crash/mem leaks on low memory)"
+				" workarround disabled\n");
 	else
-		LOG(L_WARN, "tls: openssl bug #1491 (crash/mem leaks on low memory)"
+		LM_WARN("openssl bug #1491 (crash/mem leaks on low memory)"
 				" workaround enabled (on low memory tls operations will fail"
 				" preemptively) with free memory thresholds %d and %d bytes\n",
 				low_mem_threshold1, low_mem_threshold2);
 
 	if (shm_available()==(unsigned long)(-1)){
-		LOG(L_WARN, "tls: Kamailio is compiled without MALLOC_STATS support:"
+		LM_WARN(NAME " is compiled without MALLOC_STATS support:"
 				" the workaround for low mem. openssl bugs will _not_ "
 				"work\n");
 		low_mem_threshold1=0;
@@ -781,10 +781,10 @@ int init_tls_h(void)
 	}
 	if ((low_mem_threshold1 != cfg_get(tls, tls_cfg, low_mem_threshold1))
 			|| (low_mem_threshold2
-					!= cfg_get(tls, tls_cfg, low_mem_threshold2))) {
+				!= cfg_get(tls, tls_cfg, low_mem_threshold2))) {
 		/* ugly hack to set the initial values for the mem tresholds */
 		if (cfg_register_ctx(&cfg_ctx, 0)) {
-			ERR("failed to register cfg context\n");
+			LM_ERR("failed to register cfg context\n");
 			return -1;
 		}
 		tls_grp.s = "tls";
@@ -792,16 +792,18 @@ int init_tls_h(void)
 		s.s = "low_mem_threshold1";
 		s.len = strlen(s.s);
 		if (low_mem_threshold1 != cfg_get(tls, tls_cfg, low_mem_threshold1) &&
-				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s, low_mem_threshold1)) {
-			ERR("failed to set tls.low_mem_threshold1 to %d\n",
+				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s,
+					low_mem_threshold1)) {
+			LM_ERR("failed to set tls.low_mem_threshold1 to %d\n",
 					low_mem_threshold1);
 			return -1;
 		}
 		s.s = "low_mem_threshold2";
 		s.len = strlen(s.s);
 		if (low_mem_threshold2 != cfg_get(tls, tls_cfg, low_mem_threshold2) &&
-				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s, low_mem_threshold2)) {
-			ERR("failed to set tls.low_mem_threshold1 to %d\n",
+				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s,
+					low_mem_threshold2)) {
+			LM_ERR("failed to set tls.low_mem_threshold1 to %d\n",
 					low_mem_threshold2);
 			return -1;
 		}
@@ -826,7 +828,7 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
 	d = cfg->srv_list;
 	while(d) {
 		if (d->ip.len && !find_si(&d->ip, d->port, PROTO_TLS)) {
-			ERR("%s: No listening socket found\n", tls_domain_str(d));
+			LM_ERR("%s: No listening socket found\n", tls_domain_str(d));
 			return -1;
 		}
 		d = d->next;
@@ -840,7 +842,7 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
  */
 void destroy_tls_h(void)
 {
-	DBG("tls module final tls destroy\n");
+	LM_DBG("tls module final tls destroy\n");
 	if(tls_mod_preinitialized > 0)
 		ERR_free_strings();
 	/* TODO: free all the ctx'es */
@@ -850,7 +852,7 @@ void destroy_tls_h(void)
 #if OPENSSL_VERSION_NUMBER >= 0x010100000L
 	/* explicit execution of libssl cleanup to avoid being executed again
 	 * by atexit(), when shm is gone */
-	DBG("executing openssl v1.1+ cleanup\n");
+	LM_DBG("executing openssl v1.1+ cleanup\n");
 	OPENSSL_cleanup();
 #endif
 }

src/modules/tls/tls_mod.c

@@ -270,24 +270,24 @@ static int mod_init(void)
 	int method;
 
 	if (tls_disable){
-		LOG(L_WARN, "tls support is disabled "
+		LM_WARN("tls support is disabled "
 				"(set enable_tls=1 in the config to enable it)\n");
 		return 0;
 	}
 	if (fix_tls_cfg(&default_tls_cfg) < 0 ) {
-		ERR("initial tls configuration fixup failed\n");
+		LM_ERR("initial tls configuration fixup failed\n");
 		return -1;
 	}
 	/* declare configuration */
 	if (cfg_declare("tls", tls_cfg_def, &default_tls_cfg,
 							cfg_sizeof(tls), (void **)&tls_cfg)) {
-		ERR("failed to register the configuration\n");
+		LM_ERR("failed to register the configuration\n");
 		return -1;
 	}
 	/* Convert tls_method parameter to integer */
 	method = tls_parse_method(&cfg_get(tls, tls_cfg, method));
 	if (method < 0) {
-		ERR("Invalid tls_method parameter value\n");
+		LM_ERR("Invalid tls_method parameter value\n");
 		return -1;
 	}
 	/* fill mod_params */
@@ -305,7 +305,7 @@ static int mod_init(void)
 	tls_domains_cfg =
 			(tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*));
 	if (!tls_domains_cfg) {
-		ERR("Not enough shared memory left\n");
+		LM_ERR("Not enough shared memory left\n");
 		goto error;
 	}
 	*tls_domains_cfg = NULL;
@@ -313,7 +313,7 @@ static int mod_init(void)
 	register_select_table(tls_sel);
 	/* register the rpc interface */
 	if (rpc_register_array(tls_rpc)!=0) {
-		LOG(L_ERR, "failed to register RPC commands\n");
+		LM_ERR("failed to register RPC commands\n");
 		goto error;
 	}
 
@@ -321,7 +321,7 @@ static int mod_init(void)
 
 	tls_domains_cfg_lock = lock_alloc();
 	if (tls_domains_cfg_lock == 0) {
-		ERR("Unable to create TLS configuration lock\n");
+		LM_ERR("Unable to create TLS configuration lock\n");
 		goto error;
 	}
 	if (lock_init(tls_domains_cfg_lock) == 0) {
@@ -330,7 +330,7 @@ static int mod_init(void)
 		goto error;
 	}
 	if (tls_ct_wq_init() < 0) {
-		ERR("Unable to initialize TLS buffering\n");
+		LM_ERR("Unable to initialize TLS buffering\n");
 		goto error;
 	}
 	if (cfg_get(tls, tls_cfg, config_file).s) {
@@ -396,23 +396,23 @@ static int ki_is_peer_verified(sip_msg_t* msg)
 	long ssl_verify;
 	X509 *x509_cert;
 
-	DBG("started...\n");
+	LM_DBG("started...\n");
 	if (msg->rcv.proto != PROTO_TLS) {
-		ERR("proto != TLS --> peer can't be verified, return -1\n");
+		LM_ERR("proto != TLS --> peer can't be verified, return -1\n");
 		return -1;
 	}
 
-	DBG("trying to find TCP connection of received message...\n");
+	LM_DBG("trying to find TCP connection of received message...\n");
 
 	c = tcpconn_get(msg->rcv.proto_reserved1, 0, 0, 0,
 					cfg_get(tls, tls_cfg, con_lifetime));
 	if (!c) {
-		ERR("connection no longer exits\n");
+		LM_ERR("connection no longer exits\n");
 		return -1;
 	}
 
 	if(c->type != PROTO_TLS) {
-		ERR("Connection found but is not TLS\n");
+		LM_ERR("Connection found but is not TLS\n");
 		tcpconn_put(c);
 		return -1;
 	}
@@ -479,7 +479,7 @@ static sr_kemi_t sr_kemi_tls_exports[] = {
 int mod_register(char *path, int *dlflags, void *p1, void *p2)
 {
 	if (tls_disable) {
-		LOG(L_WARN, "tls support is disabled "
+		LM_WARN("tls support is disabled "
 				"(set enable_tls=1 in the config to enable it)\n");
 		return 0;
 	}

src/modules/tls/tls_verify.c

@@ -1,4 +1,4 @@
-/* 
+/*
  * TLS module
  *
  * Copyright (C) 2005 iptelorg GmbH
@@ -31,22 +31,23 @@
 #define VERIFY_DEPTH_S 3
 
 /* This callback is called during each verification process,
-at each step during the chain of certificates (this function
-is not the certificate_verification one!). */
+   at each step during the chain of certificates (this function
+   is not the certificate_verification one!). */
 int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) {
 	char buf[256];
 	X509 *err_cert;
 	int err, depth;
 
 	depth = X509_STORE_CTX_get_error_depth(ctx);
-	DBG("verify_callback: depth = %d\n",depth);
+	LM_DBG("tls init - depth = %d\n",depth);
 	if ( depth > VERIFY_DEPTH_S ) {
-		LOG(L_NOTICE, "tls_init: verify_callback: cert chain too long ( depth > VERIFY_DEPTH_S)\n");
+		LM_NOTICE("tls init - cert chain too long ( depth > VERIFY_DEPTH_S)\n");
 		pre_verify_ok=0;
 	}
 
 	if( pre_verify_ok ) {
-		LOG(L_NOTICE, "tls_init: verify_callback: preverify is good: verify return: %d\n", pre_verify_ok);
+		LM_NOTICE("tls init - preverify is good: verify return: %d\n",
+				pre_verify_ok);
 		return pre_verify_ok;
 	}
 
@@ -54,75 +55,75 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) {
 	err = X509_STORE_CTX_get_error(ctx);
 	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
 
-	LOG(L_NOTICE, "tls_init: verify_callback: subject = %s\n", buf);
-	LOG(L_NOTICE, "tls_init: verify_callback: verify error - num=%d:%s\n", err,
+	LM_NOTICE("tls init - subject = %s\n", buf);
+	LM_NOTICE("tls init - verify error - num=%d:%s\n", err,
 			X509_verify_cert_error_string(err));
-	LOG(L_NOTICE, "tls_init: verify_callback: error code is %d (depth: %d)\n",
+	LM_NOTICE("tls init - error code is %d (depth: %d)\n",
 			err, depth);
 
 	switch (err) {
 		case X509_V_OK:
-			LOG(L_NOTICE, "tls_init: verify_callback: all ok\n");
+			LM_NOTICE("tls init - all ok\n");
 			break;
 		case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
 			X509_NAME_oneline(X509_get_issuer_name(err_cert),buf,sizeof buf);
-			LOG(L_NOTICE, "tls_init: verify_callback: issuer= %s\n",buf);
+			LM_NOTICE("tls init - issuer= %s\n",buf);
 			break;
 
 		case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
 		case X509_V_ERR_CERT_NOT_YET_VALID:
-			LOG(L_NOTICE, "tls_init: verify_callback: notBefore\n");
+			LM_NOTICE("tls init - notBefore\n");
 			break;
 
 		case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
 		case X509_V_ERR_CERT_HAS_EXPIRED:
-			LOG(L_NOTICE, "tls_init: verify_callback: notAfter\n");
+			LM_NOTICE("tls init - notAfter\n");
 			break;
 
 		case X509_V_ERR_CERT_SIGNATURE_FAILURE:
 		case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-			LOG(L_NOTICE, "tls_init: verify_callback: unable to decrypt cert signature\n");
+			LM_NOTICE("tls init - unable to decrypt cert signature\n");
 			break;
 
 		case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-			LOG(L_NOTICE, "tls_init: verify_callback: unable to decode issuer public key\n");
+			LM_NOTICE("tls init - unable to decode issuer public key\n");
 			break;
 
 		case X509_V_ERR_OUT_OF_MEM:
-			ERR("tls_init: verify_callback: Out of memory \n");
+			LM_ERR("tls init - Out of memory \n");
 			break;
 
 		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
 		case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-			LOG(L_NOTICE, "tls_init: verify_callback: Self signed certificate issue\n");
+			LM_NOTICE("tls init - Self signed certificate issue\n");
 			break;
 
 		case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-			LOG(L_NOTICE, "tls_init: verify_callback: certificate chain too long\n");
+			LM_NOTICE("tls init - certificate chain too long\n");
 			break;
 		case X509_V_ERR_INVALID_CA:
-			LOG(L_NOTICE, "tls_init: verify_callback: invalid CA\n");
+			LM_NOTICE("tls init - invalid CA\n");
 			break;
 		case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-			LOG(L_NOTICE, "tls_init: verify_callback: path length exceeded\n");
+			LM_NOTICE("tls init - path length exceeded\n");
 			break;
 		case X509_V_ERR_INVALID_PURPOSE:
-			LOG(L_NOTICE, "tls_init: verify_callback: invalid purpose\n");
+			LM_NOTICE("tls init - invalid purpose\n");
 			break;
 		case X509_V_ERR_CERT_UNTRUSTED:
-			LOG(L_NOTICE, "tls_init: verify_callback: certificate untrusted\n");
+			LM_NOTICE("tls init - certificate untrusted\n");
 			break;
 		case X509_V_ERR_CERT_REJECTED:
-			LOG(L_NOTICE, "tls_init: verify_callback: certificate rejected\n");
+			LM_NOTICE("tls init - certificate rejected\n");
 			break;
 
 		default:
-			LOG(L_NOTICE, "tls_init: verify_callback: something wrong with the"
+			LM_NOTICE("tls init - something wrong with the"
 					" cert ... error code is %d (check x509_vfy.h)\n",
 					err);
 			break;
 	}
 
-	LOG(L_NOTICE, "tls_init: verify_callback: verify return:%d\n", pre_verify_ok);
+	LM_NOTICE("tls init - verify return: %d\n", pre_verify_ok);
 	return(pre_verify_ok);
 }