forked from hasufell/hasufell-repository
274 lines
9.3 KiB
Diff
274 lines
9.3 KiB
Diff
Upstream: Patch Submitted
|
|
|
|
|
|
commit 7ec01af311d21e339208c68d03c1430c8b210073
|
|
Author: Tom Briden <tom@decompile.me.uk>
|
|
Date: Wed Nov 28 17:51:41 2018 +0000
|
|
|
|
zsrtp: Add support for openssl-1.1
|
|
|
|
diff --git a/deps/pjsip/third_party/zsrtp/include/openssl_compat.h b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
|
|
new file mode 100644
|
|
index 00000000..cf2e8179
|
|
--- /dev/null
|
|
+++ b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
|
|
@@ -0,0 +1,22 @@
|
|
+#ifndef _OPENSSL_COMPAT
|
|
+#define _OPENSSL_COMPAT
|
|
+
|
|
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
|
+static HMAC_CTX *HMAC_CTX_new(void)
|
|
+{
|
|
+ HMAC_CTX *ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(*ctx));
|
|
+ if (ctx != NULL)
|
|
+ HMAC_CTX_init(ctx);
|
|
+ return ctx;
|
|
+}
|
|
+
|
|
+static void HMAC_CTX_free(HMAC_CTX *ctx)
|
|
+{
|
|
+ if (ctx != NULL) {
|
|
+ HMAC_CTX_cleanup(ctx);
|
|
+ OPENSSL_free(ctx);
|
|
+ }
|
|
+}
|
|
+#endif
|
|
+
|
|
+#endif
|
|
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
|
|
index 6cdb6b14..605285dd 100644
|
|
--- a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
|
|
+++ b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
|
|
@@ -37,6 +37,8 @@
|
|
#include <openssl/hmac.h>
|
|
#include <crypto/hmac.h>
|
|
|
|
+#include <openssl_compat.h>
|
|
+
|
|
#if defined(__APPLE__)
|
|
# pragma GCC diagnostic push
|
|
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
|
@@ -55,23 +57,21 @@ void hmac_sha1( uint8_t* key, int32_t key_length,
|
|
const uint8_t* data_chunks[],
|
|
uint32_t data_chunck_length[],
|
|
uint8_t* mac, int32_t* mac_length ) {
|
|
- HMAC_CTX ctx;
|
|
- HMAC_CTX_init(&ctx);
|
|
- HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL);
|
|
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
|
+ HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
|
|
while (*data_chunks) {
|
|
- HMAC_Update(&ctx, *data_chunks, *data_chunck_length);
|
|
+ HMAC_Update(ctx, *data_chunks, *data_chunck_length);
|
|
data_chunks ++;
|
|
data_chunck_length ++;
|
|
}
|
|
- HMAC_Final(&ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
|
|
- HMAC_CTX_cleanup(&ctx);
|
|
+ HMAC_Final(ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
|
|
+ HMAC_CTX_free(ctx);
|
|
}
|
|
|
|
void* createSha1HmacContext(uint8_t* key, int32_t key_length)
|
|
{
|
|
- HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX));
|
|
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
|
|
|
- HMAC_CTX_init(ctx);
|
|
HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
|
|
return ctx;
|
|
}
|
|
@@ -80,7 +80,11 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength)
|
|
{
|
|
HMAC_CTX *pctx = (HMAC_CTX*)ctx;
|
|
|
|
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
|
HMAC_CTX_init(pctx);
|
|
+#else
|
|
+ HMAC_CTX_reset(pctx);
|
|
+#endif
|
|
HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL);
|
|
return pctx;
|
|
}
|
|
@@ -112,8 +116,7 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[],
|
|
void freeSha1HmacContext(void* ctx)
|
|
{
|
|
if (ctx) {
|
|
- HMAC_CTX_cleanup((HMAC_CTX*)ctx);
|
|
- free(ctx);
|
|
+ HMAC_CTX_free((HMAC_CTX*)ctx);
|
|
}
|
|
}
|
|
|
|
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
|
|
index 0953ad5c..2dd6f807 100644
|
|
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
|
|
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
|
|
@@ -38,6 +38,8 @@
|
|
#include <openssl/hmac.h>
|
|
#include <crypto/hmac256.h>
|
|
|
|
+#include "openssl_compat.h"
|
|
+
|
|
#if defined(__APPLE__)
|
|
# pragma GCC diagnostic push
|
|
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
|
@@ -58,17 +60,16 @@ void hmac_sha256(uint8_t* key, uint32_t key_length,
|
|
uint8_t* mac, uint32_t* mac_length )
|
|
{
|
|
unsigned int tmp;
|
|
- HMAC_CTX ctx;
|
|
- HMAC_CTX_init( &ctx );
|
|
- HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );
|
|
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
|
+ HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL );
|
|
while( *data_chunks ){
|
|
- HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
|
|
+ HMAC_Update( ctx, *data_chunks, *data_chunck_length );
|
|
data_chunks ++;
|
|
data_chunck_length ++;
|
|
}
|
|
- HMAC_Final( &ctx, mac, &tmp);
|
|
+ HMAC_Final( ctx, mac, &tmp);
|
|
*mac_length = tmp;
|
|
- HMAC_CTX_cleanup( &ctx );
|
|
+ HMAC_CTX_free( ctx );
|
|
}
|
|
|
|
#if defined(__APPLE__)
|
|
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
|
|
index f1dd5abc..28191f4c 100644
|
|
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
|
|
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
|
|
@@ -38,6 +38,8 @@
|
|
#include <openssl/hmac.h>
|
|
#include <zrtp/crypto/hmac256.h>
|
|
|
|
+#include "openssl_compat.h"
|
|
+
|
|
#if defined(__APPLE__)
|
|
# pragma GCC diagnostic push
|
|
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
|
@@ -56,17 +58,16 @@ void hmac_sha384(uint8_t* key, uint32_t key_length,
|
|
uint8_t* mac, uint32_t* mac_length )
|
|
{
|
|
unsigned int tmp;
|
|
- HMAC_CTX ctx;
|
|
- HMAC_CTX_init( &ctx );
|
|
- HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL );
|
|
+ HMAC_CTX* ctx = HMAC_CTX_new();
|
|
+ HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL );
|
|
while( *data_chunks ){
|
|
- HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
|
|
+ HMAC_Update( ctx, *data_chunks, *data_chunck_length );
|
|
data_chunks ++;
|
|
data_chunck_length ++;
|
|
}
|
|
- HMAC_Final( &ctx, mac, &tmp);
|
|
+ HMAC_Final( ctx, mac, &tmp);
|
|
*mac_length = tmp;
|
|
- HMAC_CTX_cleanup( &ctx );
|
|
+ HMAC_CTX_free( ctx );
|
|
}
|
|
|
|
#if defined(__APPLE__)
|
|
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
|
|
index 2623d2a3..76089951 100644
|
|
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
|
|
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
|
|
@@ -223,24 +223,35 @@ ZrtpDH::ZrtpDH(const char* type) {
|
|
}
|
|
|
|
DH* tmpCtx = NULL;
|
|
+ BIGNUM *p = NULL;
|
|
+ BIGNUM* priv_key = NULL;
|
|
+ BIGNUM *g = BN_new();
|
|
switch (pkType) {
|
|
case DH2K:
|
|
case DH3K:
|
|
ctx = static_cast<void*>(DH_new());
|
|
tmpCtx = static_cast<DH*>(ctx);
|
|
- tmpCtx->g = BN_new();
|
|
- BN_set_word(tmpCtx->g, DH_GENERATOR_2);
|
|
+ BN_set_word(g, DH_GENERATOR_2);
|
|
|
|
if (pkType == DH2K) {
|
|
- tmpCtx->p = BN_dup(bnP2048);
|
|
+ p = BN_dup(bnP2048);
|
|
RAND_bytes(random, 32);
|
|
- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
|
|
+ priv_key = BN_bin2bn(random, 32, NULL);
|
|
}
|
|
else if (pkType == DH3K) {
|
|
- tmpCtx->p = BN_dup(bnP3072);
|
|
+ p = BN_dup(bnP3072);
|
|
RAND_bytes(random, 64);
|
|
- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
|
|
+ priv_key = BN_bin2bn(random, 32, NULL);
|
|
}
|
|
+
|
|
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
|
+ tmpCtx->g = g;
|
|
+ tmpCtx->p = p;
|
|
+ tmpCtx->priv_key = priv_key;
|
|
+#else
|
|
+ DH_set0_pqg(tmpCtx, p, NULL, g);
|
|
+ DH_set0_key(tmpCtx, NULL, priv_key);
|
|
+#endif
|
|
break;
|
|
|
|
case EC25:
|
|
@@ -274,11 +285,16 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
|
|
if (pkType == DH2K || pkType == DH3K) {
|
|
DH* tmpCtx = static_cast<DH*>(ctx);
|
|
|
|
+ BIGNUM* pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
|
|
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
|
if (tmpCtx->pub_key != NULL) {
|
|
- BN_free(tmpCtx->pub_key);
|
|
+ BN_free(tmpCtx->pub_key);
|
|
}
|
|
- tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
|
|
- return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx);
|
|
+ tmpCtx->pub_key = pub_key;
|
|
+#else
|
|
+ DH_set0_key(tmpCtx, pub_key, NULL);
|
|
+#endif
|
|
+ return DH_compute_key(secret, pub_key, tmpCtx);
|
|
}
|
|
if (pkType == EC25 || pkType == EC38) {
|
|
uint8_t buffer[100];
|
|
@@ -323,8 +339,15 @@ int32_t ZrtpDH::getDhSize() const
|
|
|
|
int32_t ZrtpDH::getPubKeySize() const
|
|
{
|
|
- if (pkType == DH2K || pkType == DH3K)
|
|
- return BN_num_bytes(static_cast<DH*>(ctx)->pub_key);
|
|
+ if (pkType == DH2K || pkType == DH3K){
|
|
+ const BIGNUM* pub_key;
|
|
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
|
+ pub_key = static_cast<DH*>(ctx)->pub_key;
|
|
+#else
|
|
+ DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
|
|
+#endif
|
|
+ return BN_num_bytes(pub_key);
|
|
+ }
|
|
|
|
if (pkType == EC25 || pkType == EC38)
|
|
return EC_POINT_point2oct(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
|
|
@@ -343,7 +366,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const
|
|
if (prepend > 0) {
|
|
memset(buf, 0, prepend);
|
|
}
|
|
- return BN_bn2bin(static_cast<DH*>(ctx)->pub_key, buf + prepend);
|
|
+ const BIGNUM* pub_key;
|
|
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
|
|
+ pub_key = static_cast<DH*>(ctx)->pub_key;
|
|
+#else
|
|
+ DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
|
|
+#endif
|
|
+ return BN_bn2bin(pub_key, buf + prepend);
|
|
}
|
|
if (pkType == EC25 || pkType == EC38) {
|
|
uint8_t buffer[100];
|