forked from hasufell/hasufell-repository
Merge remote-tracking branch 'tombriden/python-sipsimple_openssl-1.1'
This commit is contained in:
commit
b14860cebf
@ -0,0 +1,234 @@
|
||||
Upstream: Yes (pjsip)
|
||||
Source: Backported from https://trac.pjsip.org/repos/browser/pjproject/trunk
|
||||
|
||||
---
|
||||
deps/pjsip/aconfigure | 22 ++++++------
|
||||
deps/pjsip/aconfigure.ac | 4 +--
|
||||
deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c | 47 +++++++++++++++++++++----
|
||||
3 files changed, 53 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/deps/pjsip/aconfigure b/deps/pjsip/aconfigure
|
||||
index 530dbc3d..c413760b 100644
|
||||
--- a/deps/pjsip/aconfigure
|
||||
+++ b/deps/pjsip/aconfigure
|
||||
@@ -6352,7 +6352,7 @@ if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :
|
||||
fi
|
||||
|
||||
|
||||
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ERR_load_BIO_strings in -lcrypto" >&5
|
||||
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ERR_load_BIO_strings in -lcrypto" >&5
|
||||
$as_echo_n "checking for ERR_load_BIO_strings in -lcrypto... " >&6; }
|
||||
if ${ac_cv_lib_crypto_ERR_load_BIO_strings+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
@@ -6392,9 +6392,9 @@ if test "x$ac_cv_lib_crypto_ERR_load_BIO_strings" = xyes; then :
|
||||
libcrypto_present=1 && LIBS="-lcrypto $LIBS"
|
||||
fi
|
||||
|
||||
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_library_init in -lssl" >&5
|
||||
-$as_echo_n "checking for SSL_library_init in -lssl... " >&6; }
|
||||
-if ${ac_cv_lib_ssl_SSL_library_init+:} false; then :
|
||||
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5
|
||||
+$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; }
|
||||
+if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
@@ -6408,27 +6408,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
-char SSL_library_init ();
|
||||
+char SSL_CTX_new ();
|
||||
int
|
||||
main ()
|
||||
{
|
||||
-return SSL_library_init ();
|
||||
+return SSL_CTX_new ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
- ac_cv_lib_ssl_SSL_library_init=yes
|
||||
+ ac_cv_lib_ssl_SSL_CTX_new=yes
|
||||
else
|
||||
- ac_cv_lib_ssl_SSL_library_init=no
|
||||
+ ac_cv_lib_ssl_SSL_CTX_new=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_library_init" >&5
|
||||
-$as_echo "$ac_cv_lib_ssl_SSL_library_init" >&6; }
|
||||
-if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then :
|
||||
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5
|
||||
+$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; }
|
||||
+if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then :
|
||||
libssl_present=1 && LIBS="-lssl $LIBS"
|
||||
fi
|
||||
|
||||
diff --git a/deps/pjsip/aconfigure.ac b/deps/pjsip/aconfigure.ac
|
||||
index 89ff674e..54c65ad3 100644
|
||||
--- a/deps/pjsip/aconfigure.ac
|
||||
+++ b/deps/pjsip/aconfigure.ac
|
||||
@@ -935,8 +935,8 @@ AC_ARG_ENABLE(ssl,
|
||||
AC_SUBST(libssl_present)
|
||||
AC_SUBST(libcrypto_present)
|
||||
AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
|
||||
- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
|
||||
- AC_CHECK_LIB(ssl,SSL_library_init,[libssl_present=1 && LIBS="-lssl $LIBS"])
|
||||
+ AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
|
||||
+ AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
|
||||
if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
|
||||
AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
|
||||
# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
|
||||
diff --git a/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c b/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c
|
||||
index 926512ba..705ed63d 100644
|
||||
--- a/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c
|
||||
+++ b/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c
|
||||
@@ -43,15 +43,31 @@
|
||||
/*
|
||||
* Include OpenSSL headers
|
||||
*/
|
||||
+#include <openssl/asn1.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
|
||||
+#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+# define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */
|
||||
+# define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
|
||||
+# define M_ASN1_STRING_length(x) ASN1_STRING_length(x)
|
||||
+# if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT >= 0x10100000L
|
||||
+# define X509_get_notBefore(x) X509_get0_notBefore(x)
|
||||
+# define X509_get_notAfter(x) X509_get0_notAfter(x)
|
||||
+# endif
|
||||
+#else
|
||||
+# define SSL_CIPHER_get_id(c) (c)->id
|
||||
+# define SSL_set_session(ssl, s) (ssl)->session = (s)
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
#ifdef _MSC_VER
|
||||
# pragma comment( lib, "libeay32")
|
||||
# pragma comment( lib, "ssleay32")
|
||||
+# pragma comment( lib, "crypt32")
|
||||
#endif
|
||||
|
||||
|
||||
@@ -319,8 +335,12 @@ static pj_status_t init_openssl(void)
|
||||
pj_assert(status == PJ_SUCCESS);
|
||||
|
||||
/* Init OpenSSL lib */
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
+#else
|
||||
+ OPENSSL_init_ssl(0, NULL);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER < 0x009080ffL
|
||||
/* This is now synonym of SSL_library_init() */
|
||||
OpenSSL_add_all_algorithms();
|
||||
@@ -334,6 +354,7 @@ static pj_status_t init_openssl(void)
|
||||
STACK_OF(SSL_CIPHER) *sk_cipher;
|
||||
unsigned i, n;
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
meth = (SSL_METHOD*)SSLv23_server_method();
|
||||
if (!meth)
|
||||
meth = (SSL_METHOD*)TLSv1_server_method();
|
||||
@@ -345,6 +366,12 @@ static pj_status_t init_openssl(void)
|
||||
if (!meth)
|
||||
meth = (SSL_METHOD*)SSLv2_server_method();
|
||||
#endif
|
||||
+
|
||||
+#else
|
||||
+ /* Specific version methods are deprecated in 1.1.0 */
|
||||
+ meth = (SSL_METHOD*)TLS_method();
|
||||
+#endif
|
||||
+
|
||||
pj_assert(meth);
|
||||
|
||||
ctx=SSL_CTX_new(meth);
|
||||
@@ -361,7 +388,7 @@ static pj_status_t init_openssl(void)
|
||||
const SSL_CIPHER *c;
|
||||
c = sk_SSL_CIPHER_value(sk_cipher,i);
|
||||
openssl_ciphers[i].id = (pj_ssl_cipher)
|
||||
- (pj_uint32_t)c->id & 0x00FFFFFF;
|
||||
+ (pj_uint32_t)SSL_CIPHER_get_id(c) & 0x00FFFFFF;
|
||||
openssl_ciphers[i].name = SSL_CIPHER_get_name(c);
|
||||
}
|
||||
|
||||
@@ -526,6 +553,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
|
||||
ssock->param.proto = PJ_SSL_SOCK_PROTO_SSL23;
|
||||
|
||||
/* Determine SSL method to use */
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
switch (ssock->param.proto) {
|
||||
case PJ_SSL_SOCK_PROTO_TLS1:
|
||||
ssl_method = (SSL_METHOD*)TLSv1_method();
|
||||
@@ -541,6 +569,10 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
+#else
|
||||
+ /* Specific version methods are deprecated in 1.1.0 */
|
||||
+ ssl_method = (SSL_METHOD*)TLS_method();
|
||||
+#endif
|
||||
|
||||
if (!ssl_method) {
|
||||
ssl_method = (SSL_METHOD*)SSLv23_method();
|
||||
@@ -869,7 +901,8 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock)
|
||||
const SSL_CIPHER *c;
|
||||
c = sk_SSL_CIPHER_value(sk_cipher, j);
|
||||
if (ssock->param.ciphers[i] == (pj_ssl_cipher)
|
||||
- ((pj_uint32_t)c->id & 0x00FFFFFF))
|
||||
+ ((pj_uint32_t)SSL_CIPHER_get_id(c) &
|
||||
+ 0x00FFFFFF))
|
||||
{
|
||||
const char *c_name;
|
||||
|
||||
@@ -994,7 +1027,7 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x,
|
||||
pj_bool_t update_needed;
|
||||
char buf[512];
|
||||
pj_uint8_t serial_no[64] = {0}; /* should be >= sizeof(ci->serial_no) */
|
||||
- pj_uint8_t *q;
|
||||
+ const pj_uint8_t *q;
|
||||
unsigned len;
|
||||
GENERAL_NAMES *names = NULL;
|
||||
|
||||
@@ -1004,7 +1037,7 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x,
|
||||
X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf));
|
||||
|
||||
/* Get serial no */
|
||||
- q = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x));
|
||||
+ q = (const pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x));
|
||||
len = M_ASN1_STRING_length(X509_get_serialNumber(x));
|
||||
if (len > sizeof(ci->serial_no))
|
||||
len = sizeof(ci->serial_no);
|
||||
@@ -1075,8 +1108,8 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x,
|
||||
type = PJ_SSL_CERT_NAME_URI;
|
||||
break;
|
||||
case GEN_IPADD:
|
||||
- p = ASN1_STRING_data(name->d.ip);
|
||||
- len = ASN1_STRING_length(name->d.ip);
|
||||
+ p = (unsigned char*)M_ASN1_STRING_data(name->d.ip);
|
||||
+ len = M_ASN1_STRING_length(name->d.ip);
|
||||
type = PJ_SSL_CERT_NAME_IP;
|
||||
break;
|
||||
default:
|
||||
@@ -2300,7 +2333,7 @@ PJ_DEF(pj_status_t) pj_ssl_sock_get_info (pj_ssl_sock_t *ssock,
|
||||
|
||||
/* Current cipher */
|
||||
cipher = SSL_get_current_cipher(ssock->ossl_ssl);
|
||||
- info->cipher = (cipher->id & 0x00FFFFFF);
|
||||
+ info->cipher = (SSL_CIPHER_get_id(cipher) & 0x00FFFFFF);
|
||||
|
||||
/* Remote address */
|
||||
pj_sockaddr_cp(&info->remote_addr, &ssock->rem_addr);
|
||||
--
|
||||
2.19.2
|
||||
|
||||
@ -0,0 +1,273 @@
|
||||
Upstream: Patch Submitted
|
||||
|
||||
|
||||
commit 7ec01af311d21e339208c68d03c1430c8b210073
|
||||
Author: Tom Briden <tom@decompile.me.uk>
|
||||
Date: Wed Nov 28 17:51:41 2018 +0000
|
||||
|
||||
zsrtp: Add support for openssl-1.1
|
||||
|
||||
diff --git a/deps/pjsip/third_party/zsrtp/include/openssl_compat.h b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
|
||||
new file mode 100644
|
||||
index 00000000..cf2e8179
|
||||
--- /dev/null
|
||||
+++ b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
|
||||
@@ -0,0 +1,22 @@
|
||||
+#ifndef _OPENSSL_COMPAT
|
||||
+#define _OPENSSL_COMPAT
|
||||
+
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
||||
+static HMAC_CTX *HMAC_CTX_new(void)
|
||||
+{
|
||||
+ HMAC_CTX *ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(*ctx));
|
||||
+ if (ctx != NULL)
|
||||
+ HMAC_CTX_init(ctx);
|
||||
+ return ctx;
|
||||
+}
|
||||
+
|
||||
+static void HMAC_CTX_free(HMAC_CTX *ctx)
|
||||
+{
|
||||
+ if (ctx != NULL) {
|
||||
+ HMAC_CTX_cleanup(ctx);
|
||||
+ OPENSSL_free(ctx);
|
||||
+ }
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
+#endif
|
||||
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
|
||||
index 6cdb6b14..605285dd 100644
|
||||
--- a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
|
||||
+++ b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
|
||||
@@ -37,6 +37,8 @@
|
||||
#include <openssl/hmac.h>
|
||||
#include <crypto/hmac.h>
|
||||
|
||||
+#include <openssl_compat.h>
|
||||
+
|
||||
#if defined(__APPLE__)
|
||||
# pragma GCC diagnostic push
|
||||
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||
@@ -55,23 +57,21 @@ void hmac_sha1( uint8_t* key, int32_t key_length,
|
||||
const uint8_t* data_chunks[],
|
||||
uint32_t data_chunck_length[],
|
||||
uint8_t* mac, int32_t* mac_length ) {
|
||||
- HMAC_CTX ctx;
|
||||
- HMAC_CTX_init(&ctx);
|
||||
- HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL);
|
||||
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
||||
+ HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
|
||||
while (*data_chunks) {
|
||||
- HMAC_Update(&ctx, *data_chunks, *data_chunck_length);
|
||||
+ HMAC_Update(ctx, *data_chunks, *data_chunck_length);
|
||||
data_chunks ++;
|
||||
data_chunck_length ++;
|
||||
}
|
||||
- HMAC_Final(&ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
|
||||
- HMAC_CTX_cleanup(&ctx);
|
||||
+ HMAC_Final(ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
|
||||
+ HMAC_CTX_free(ctx);
|
||||
}
|
||||
|
||||
void* createSha1HmacContext(uint8_t* key, int32_t key_length)
|
||||
{
|
||||
- HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX));
|
||||
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
||||
|
||||
- HMAC_CTX_init(ctx);
|
||||
HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
|
||||
return ctx;
|
||||
}
|
||||
@@ -80,7 +80,11 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength)
|
||||
{
|
||||
HMAC_CTX *pctx = (HMAC_CTX*)ctx;
|
||||
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
||||
HMAC_CTX_init(pctx);
|
||||
+#else
|
||||
+ HMAC_CTX_reset(pctx);
|
||||
+#endif
|
||||
HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL);
|
||||
return pctx;
|
||||
}
|
||||
@@ -112,8 +116,7 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[],
|
||||
void freeSha1HmacContext(void* ctx)
|
||||
{
|
||||
if (ctx) {
|
||||
- HMAC_CTX_cleanup((HMAC_CTX*)ctx);
|
||||
- free(ctx);
|
||||
+ HMAC_CTX_free((HMAC_CTX*)ctx);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
|
||||
index 0953ad5c..2dd6f807 100644
|
||||
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
|
||||
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
|
||||
@@ -38,6 +38,8 @@
|
||||
#include <openssl/hmac.h>
|
||||
#include <crypto/hmac256.h>
|
||||
|
||||
+#include "openssl_compat.h"
|
||||
+
|
||||
#if defined(__APPLE__)
|
||||
# pragma GCC diagnostic push
|
||||
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||
@@ -58,17 +60,16 @@ void hmac_sha256(uint8_t* key, uint32_t key_length,
|
||||
uint8_t* mac, uint32_t* mac_length )
|
||||
{
|
||||
unsigned int tmp;
|
||||
- HMAC_CTX ctx;
|
||||
- HMAC_CTX_init( &ctx );
|
||||
- HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );
|
||||
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
||||
+ HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL );
|
||||
while( *data_chunks ){
|
||||
- HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
|
||||
+ HMAC_Update( ctx, *data_chunks, *data_chunck_length );
|
||||
data_chunks ++;
|
||||
data_chunck_length ++;
|
||||
}
|
||||
- HMAC_Final( &ctx, mac, &tmp);
|
||||
+ HMAC_Final( ctx, mac, &tmp);
|
||||
*mac_length = tmp;
|
||||
- HMAC_CTX_cleanup( &ctx );
|
||||
+ HMAC_CTX_free( ctx );
|
||||
}
|
||||
|
||||
#if defined(__APPLE__)
|
||||
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
|
||||
index f1dd5abc..28191f4c 100644
|
||||
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
|
||||
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
|
||||
@@ -38,6 +38,8 @@
|
||||
#include <openssl/hmac.h>
|
||||
#include <zrtp/crypto/hmac256.h>
|
||||
|
||||
+#include "openssl_compat.h"
|
||||
+
|
||||
#if defined(__APPLE__)
|
||||
# pragma GCC diagnostic push
|
||||
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||
@@ -56,17 +58,16 @@ void hmac_sha384(uint8_t* key, uint32_t key_length,
|
||||
uint8_t* mac, uint32_t* mac_length )
|
||||
{
|
||||
unsigned int tmp;
|
||||
- HMAC_CTX ctx;
|
||||
- HMAC_CTX_init( &ctx );
|
||||
- HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL );
|
||||
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
||||
+ HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL );
|
||||
while( *data_chunks ){
|
||||
- HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
|
||||
+ HMAC_Update( ctx, *data_chunks, *data_chunck_length );
|
||||
data_chunks ++;
|
||||
data_chunck_length ++;
|
||||
}
|
||||
- HMAC_Final( &ctx, mac, &tmp);
|
||||
+ HMAC_Final( ctx, mac, &tmp);
|
||||
*mac_length = tmp;
|
||||
- HMAC_CTX_cleanup( &ctx );
|
||||
+ HMAC_CTX_free( ctx );
|
||||
}
|
||||
|
||||
#if defined(__APPLE__)
|
||||
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
|
||||
index 2623d2a3..76089951 100644
|
||||
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
|
||||
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
|
||||
@@ -223,24 +223,35 @@ ZrtpDH::ZrtpDH(const char* type) {
|
||||
}
|
||||
|
||||
DH* tmpCtx = NULL;
|
||||
+ BIGNUM *p = NULL;
|
||||
+ BIGNUM* priv_key = NULL;
|
||||
+ BIGNUM *g = BN_new();
|
||||
switch (pkType) {
|
||||
case DH2K:
|
||||
case DH3K:
|
||||
ctx = static_cast<void*>(DH_new());
|
||||
tmpCtx = static_cast<DH*>(ctx);
|
||||
- tmpCtx->g = BN_new();
|
||||
- BN_set_word(tmpCtx->g, DH_GENERATOR_2);
|
||||
+ BN_set_word(g, DH_GENERATOR_2);
|
||||
|
||||
if (pkType == DH2K) {
|
||||
- tmpCtx->p = BN_dup(bnP2048);
|
||||
+ p = BN_dup(bnP2048);
|
||||
RAND_bytes(random, 32);
|
||||
- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
|
||||
+ priv_key = BN_bin2bn(random, 32, NULL);
|
||||
}
|
||||
else if (pkType == DH3K) {
|
||||
- tmpCtx->p = BN_dup(bnP3072);
|
||||
+ p = BN_dup(bnP3072);
|
||||
RAND_bytes(random, 64);
|
||||
- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
|
||||
+ priv_key = BN_bin2bn(random, 32, NULL);
|
||||
}
|
||||
+
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
||||
+ tmpCtx->g = g;
|
||||
+ tmpCtx->p = p;
|
||||
+ tmpCtx->priv_key = priv_key;
|
||||
+#else
|
||||
+ DH_set0_pqg(tmpCtx, p, NULL, g);
|
||||
+ DH_set0_key(tmpCtx, NULL, priv_key);
|
||||
+#endif
|
||||
break;
|
||||
|
||||
case EC25:
|
||||
@@ -274,11 +285,16 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
|
||||
if (pkType == DH2K || pkType == DH3K) {
|
||||
DH* tmpCtx = static_cast<DH*>(ctx);
|
||||
|
||||
+ BIGNUM* pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
||||
if (tmpCtx->pub_key != NULL) {
|
||||
- BN_free(tmpCtx->pub_key);
|
||||
+ BN_free(tmpCtx->pub_key);
|
||||
}
|
||||
- tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
|
||||
- return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx);
|
||||
+ tmpCtx->pub_key = pub_key;
|
||||
+#else
|
||||
+ DH_set0_key(tmpCtx, pub_key, NULL);
|
||||
+#endif
|
||||
+ return DH_compute_key(secret, pub_key, tmpCtx);
|
||||
}
|
||||
if (pkType == EC25 || pkType == EC38) {
|
||||
uint8_t buffer[100];
|
||||
@@ -323,8 +339,15 @@ int32_t ZrtpDH::getDhSize() const
|
||||
|
||||
int32_t ZrtpDH::getPubKeySize() const
|
||||
{
|
||||
- if (pkType == DH2K || pkType == DH3K)
|
||||
- return BN_num_bytes(static_cast<DH*>(ctx)->pub_key);
|
||||
+ if (pkType == DH2K || pkType == DH3K){
|
||||
+ const BIGNUM* pub_key;
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
||||
+ pub_key = static_cast<DH*>(ctx)->pub_key;
|
||||
+#else
|
||||
+ DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
|
||||
+#endif
|
||||
+ return BN_num_bytes(pub_key);
|
||||
+ }
|
||||
|
||||
if (pkType == EC25 || pkType == EC38)
|
||||
return EC_POINT_point2oct(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
|
||||
@@ -343,7 +366,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const
|
||||
if (prepend > 0) {
|
||||
memset(buf, 0, prepend);
|
||||
}
|
||||
- return BN_bn2bin(static_cast<DH*>(ctx)->pub_key, buf + prepend);
|
||||
+ const BIGNUM* pub_key;
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
||||
+ pub_key = static_cast<DH*>(ctx)->pub_key;
|
||||
+#else
|
||||
+ DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
|
||||
+#endif
|
||||
+ return BN_bn2bin(pub_key, buf + prepend);
|
||||
}
|
||||
if (pkType == EC25 || pkType == EC38) {
|
||||
uint8_t buffer[100];
|
||||
@ -49,6 +49,8 @@ DEPENDENCIES="
|
||||
DEFAULT_SRC_PREPARE_PATCHES=(
|
||||
"${FILES}"/${PNV}-fix-build.patch
|
||||
"${FILES}"/${PNV}-pjmedia-ffmpeg-fix.patch
|
||||
"${FILES}"/${PN}-support-openssl-1.1_01.patch
|
||||
"${FILES}"/${PN}-support-openssl-1.1_02.patch
|
||||
-p0 "${FILES}"/${PNV}-pjmedia-openh264-1.6.patch
|
||||
)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user