From 13d8406bd3712457efe1e9c86f2d94c91ff460a8 Mon Sep 17 00:00:00 2001 From: Tom Briden Date: Wed, 28 Nov 2018 18:45:03 +0000 Subject: [PATCH] python-sipsimple: add patches to support openssl-1.1 --- ...hon-sipsimple-support-openssl-1.1_01.patch | 234 +++++++++++++++ ...hon-sipsimple-support-openssl-1.1_02.patch | 273 ++++++++++++++++++ .../python-sipsimple-3.1.1.exheres-0 | 2 + 3 files changed, 509 insertions(+) create mode 100644 packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_01.patch create mode 100644 packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_02.patch diff --git a/packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_01.patch b/packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_01.patch new file mode 100644 index 0000000..6175200 --- /dev/null +++ b/packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_01.patch @@ -0,0 +1,234 @@ +Upstream: Yes (pjsip) +Source: Backported from https://trac.pjsip.org/repos/browser/pjproject/trunk + +--- + deps/pjsip/aconfigure | 22 ++++++------ + deps/pjsip/aconfigure.ac | 4 +-- + deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c | 47 +++++++++++++++++++++---- + 3 files changed, 53 insertions(+), 20 deletions(-) + +diff --git a/deps/pjsip/aconfigure b/deps/pjsip/aconfigure +index 530dbc3d..c413760b 100644 +--- a/deps/pjsip/aconfigure ++++ b/deps/pjsip/aconfigure +@@ -6352,7 +6352,7 @@ if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : + fi + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ERR_load_BIO_strings in -lcrypto" >&5 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ERR_load_BIO_strings in -lcrypto" >&5 + $as_echo_n "checking for ERR_load_BIO_strings in -lcrypto... " >&6; } + if ${ac_cv_lib_crypto_ERR_load_BIO_strings+:} false; then : + $as_echo_n "(cached) " >&6 +@@ -6392,9 +6392,9 @@ if test "x$ac_cv_lib_crypto_ERR_load_BIO_strings" = xyes; then : + libcrypto_present=1 && LIBS="-lcrypto $LIBS" + fi + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_library_init in -lssl" >&5 +-$as_echo_n "checking for SSL_library_init in -lssl... " >&6; } +-if ${ac_cv_lib_ssl_SSL_library_init+:} false; then : ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5 ++$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; } ++if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then : + $as_echo_n "(cached) " >&6 + else + ac_check_lib_save_LIBS=$LIBS +@@ -6408,27 +6408,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + #ifdef __cplusplus + extern "C" + #endif +-char SSL_library_init (); ++char SSL_CTX_new (); + int + main () + { +-return SSL_library_init (); ++return SSL_CTX_new (); + ; + return 0; + } + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : +- ac_cv_lib_ssl_SSL_library_init=yes ++ ac_cv_lib_ssl_SSL_CTX_new=yes + else +- ac_cv_lib_ssl_SSL_library_init=no ++ ac_cv_lib_ssl_SSL_CTX_new=no + fi + rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_library_init" >&5 +-$as_echo "$ac_cv_lib_ssl_SSL_library_init" >&6; } +-if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then : ++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5 ++$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; } ++if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : + libssl_present=1 && LIBS="-lssl $LIBS" + fi + +diff --git a/deps/pjsip/aconfigure.ac b/deps/pjsip/aconfigure.ac +index 89ff674e..54c65ad3 100644 +--- a/deps/pjsip/aconfigure.ac ++++ b/deps/pjsip/aconfigure.ac +@@ -935,8 +935,8 @@ AC_ARG_ENABLE(ssl, + AC_SUBST(libssl_present) + AC_SUBST(libcrypto_present) + AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1]) +- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) +- AC_CHECK_LIB(ssl,SSL_library_init,[libssl_present=1 && LIBS="-lssl $LIBS"]) ++ AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) ++ AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"]) + if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then + AC_MSG_RESULT([OpenSSL library found, SSL support enabled]) + # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK +diff --git a/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c b/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c +index 926512ba..705ed63d 100644 +--- a/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c ++++ b/deps/pjsip/pjlib/src/pj/ssl_sock_ossl.c +@@ -43,15 +43,31 @@ + /* + * Include OpenSSL headers + */ ++#include + #include + #include + #include + #include + + ++#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */ ++# define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x) ++# define M_ASN1_STRING_length(x) ASN1_STRING_length(x) ++# if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT >= 0x10100000L ++# define X509_get_notBefore(x) X509_get0_notBefore(x) ++# define X509_get_notAfter(x) X509_get0_notAfter(x) ++# endif ++#else ++# define SSL_CIPHER_get_id(c) (c)->id ++# define SSL_set_session(ssl, s) (ssl)->session = (s) ++#endif ++ ++ + #ifdef _MSC_VER + # pragma comment( lib, "libeay32") + # pragma comment( lib, "ssleay32") ++# pragma comment( lib, "crypt32") + #endif + + +@@ -319,8 +335,12 @@ static pj_status_t init_openssl(void) + pj_assert(status == PJ_SUCCESS); + + /* Init OpenSSL lib */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_library_init(); + SSL_load_error_strings(); ++#else ++ OPENSSL_init_ssl(0, NULL); ++#endif + #if OPENSSL_VERSION_NUMBER < 0x009080ffL + /* This is now synonym of SSL_library_init() */ + OpenSSL_add_all_algorithms(); +@@ -334,6 +354,7 @@ static pj_status_t init_openssl(void) + STACK_OF(SSL_CIPHER) *sk_cipher; + unsigned i, n; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + meth = (SSL_METHOD*)SSLv23_server_method(); + if (!meth) + meth = (SSL_METHOD*)TLSv1_server_method(); +@@ -345,6 +366,12 @@ static pj_status_t init_openssl(void) + if (!meth) + meth = (SSL_METHOD*)SSLv2_server_method(); + #endif ++ ++#else ++ /* Specific version methods are deprecated in 1.1.0 */ ++ meth = (SSL_METHOD*)TLS_method(); ++#endif ++ + pj_assert(meth); + + ctx=SSL_CTX_new(meth); +@@ -361,7 +388,7 @@ static pj_status_t init_openssl(void) + const SSL_CIPHER *c; + c = sk_SSL_CIPHER_value(sk_cipher,i); + openssl_ciphers[i].id = (pj_ssl_cipher) +- (pj_uint32_t)c->id & 0x00FFFFFF; ++ (pj_uint32_t)SSL_CIPHER_get_id(c) & 0x00FFFFFF; + openssl_ciphers[i].name = SSL_CIPHER_get_name(c); + } + +@@ -526,6 +553,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) + ssock->param.proto = PJ_SSL_SOCK_PROTO_SSL23; + + /* Determine SSL method to use */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + switch (ssock->param.proto) { + case PJ_SSL_SOCK_PROTO_TLS1: + ssl_method = (SSL_METHOD*)TLSv1_method(); +@@ -541,6 +569,10 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) + #endif + break; + } ++#else ++ /* Specific version methods are deprecated in 1.1.0 */ ++ ssl_method = (SSL_METHOD*)TLS_method(); ++#endif + + if (!ssl_method) { + ssl_method = (SSL_METHOD*)SSLv23_method(); +@@ -869,7 +901,8 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) + const SSL_CIPHER *c; + c = sk_SSL_CIPHER_value(sk_cipher, j); + if (ssock->param.ciphers[i] == (pj_ssl_cipher) +- ((pj_uint32_t)c->id & 0x00FFFFFF)) ++ ((pj_uint32_t)SSL_CIPHER_get_id(c) & ++ 0x00FFFFFF)) + { + const char *c_name; + +@@ -994,7 +1027,7 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x, + pj_bool_t update_needed; + char buf[512]; + pj_uint8_t serial_no[64] = {0}; /* should be >= sizeof(ci->serial_no) */ +- pj_uint8_t *q; ++ const pj_uint8_t *q; + unsigned len; + GENERAL_NAMES *names = NULL; + +@@ -1004,7 +1037,7 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x, + X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf)); + + /* Get serial no */ +- q = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x)); ++ q = (const pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x)); + len = M_ASN1_STRING_length(X509_get_serialNumber(x)); + if (len > sizeof(ci->serial_no)) + len = sizeof(ci->serial_no); +@@ -1075,8 +1108,8 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x, + type = PJ_SSL_CERT_NAME_URI; + break; + case GEN_IPADD: +- p = ASN1_STRING_data(name->d.ip); +- len = ASN1_STRING_length(name->d.ip); ++ p = (unsigned char*)M_ASN1_STRING_data(name->d.ip); ++ len = M_ASN1_STRING_length(name->d.ip); + type = PJ_SSL_CERT_NAME_IP; + break; + default: +@@ -2300,7 +2333,7 @@ PJ_DEF(pj_status_t) pj_ssl_sock_get_info (pj_ssl_sock_t *ssock, + + /* Current cipher */ + cipher = SSL_get_current_cipher(ssock->ossl_ssl); +- info->cipher = (cipher->id & 0x00FFFFFF); ++ info->cipher = (SSL_CIPHER_get_id(cipher) & 0x00FFFFFF); + + /* Remote address */ + pj_sockaddr_cp(&info->remote_addr, &ssock->rem_addr); +-- +2.19.2 + diff --git a/packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_02.patch b/packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_02.patch new file mode 100644 index 0000000..edab29d --- /dev/null +++ b/packages/dev-python/python-sipsimple/files/python-sipsimple-support-openssl-1.1_02.patch @@ -0,0 +1,273 @@ +Upstream: Patch Submitted + + +commit 7ec01af311d21e339208c68d03c1430c8b210073 +Author: Tom Briden +Date: Wed Nov 28 17:51:41 2018 +0000 + + zsrtp: Add support for openssl-1.1 + +diff --git a/deps/pjsip/third_party/zsrtp/include/openssl_compat.h b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h +new file mode 100644 +index 00000000..cf2e8179 +--- /dev/null ++++ b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h +@@ -0,0 +1,22 @@ ++#ifndef _OPENSSL_COMPAT ++#define _OPENSSL_COMPAT ++ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) ++static HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(*ctx)); ++ if (ctx != NULL) ++ HMAC_CTX_init(ctx); ++ return ctx; ++} ++ ++static void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ if (ctx != NULL) { ++ HMAC_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } ++} ++#endif ++ ++#endif +diff --git a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp +index 6cdb6b14..605285dd 100644 +--- a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp ++++ b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp +@@ -37,6 +37,8 @@ + #include + #include + ++#include ++ + #if defined(__APPLE__) + # pragma GCC diagnostic push + # pragma GCC diagnostic ignored "-Wdeprecated-declarations" +@@ -55,23 +57,21 @@ void hmac_sha1( uint8_t* key, int32_t key_length, + const uint8_t* data_chunks[], + uint32_t data_chunck_length[], + uint8_t* mac, int32_t* mac_length ) { +- HMAC_CTX ctx; +- HMAC_CTX_init(&ctx); +- HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL); ++ HMAC_CTX* ctx = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); + while (*data_chunks) { +- HMAC_Update(&ctx, *data_chunks, *data_chunck_length); ++ HMAC_Update(ctx, *data_chunks, *data_chunck_length); + data_chunks ++; + data_chunck_length ++; + } +- HMAC_Final(&ctx, mac, reinterpret_cast(mac_length)); +- HMAC_CTX_cleanup(&ctx); ++ HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); ++ HMAC_CTX_free(ctx); + } + + void* createSha1HmacContext(uint8_t* key, int32_t key_length) + { +- HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX)); ++ HMAC_CTX* ctx = HMAC_CTX_new(); + +- HMAC_CTX_init(ctx); + HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); + return ctx; + } +@@ -80,7 +80,11 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength) + { + HMAC_CTX *pctx = (HMAC_CTX*)ctx; + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) + HMAC_CTX_init(pctx); ++#else ++ HMAC_CTX_reset(pctx); ++#endif + HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL); + return pctx; + } +@@ -112,8 +116,7 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[], + void freeSha1HmacContext(void* ctx) + { + if (ctx) { +- HMAC_CTX_cleanup((HMAC_CTX*)ctx); +- free(ctx); ++ HMAC_CTX_free((HMAC_CTX*)ctx); + } + } + +diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp +index 0953ad5c..2dd6f807 100644 +--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp ++++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp +@@ -38,6 +38,8 @@ + #include + #include + ++#include "openssl_compat.h" ++ + #if defined(__APPLE__) + # pragma GCC diagnostic push + # pragma GCC diagnostic ignored "-Wdeprecated-declarations" +@@ -58,17 +60,16 @@ void hmac_sha256(uint8_t* key, uint32_t key_length, + uint8_t* mac, uint32_t* mac_length ) + { + unsigned int tmp; +- HMAC_CTX ctx; +- HMAC_CTX_init( &ctx ); +- HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL ); ++ HMAC_CTX* ctx = HMAC_CTX_new(); ++ HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL ); + while( *data_chunks ){ +- HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); ++ HMAC_Update( ctx, *data_chunks, *data_chunck_length ); + data_chunks ++; + data_chunck_length ++; + } +- HMAC_Final( &ctx, mac, &tmp); ++ HMAC_Final( ctx, mac, &tmp); + *mac_length = tmp; +- HMAC_CTX_cleanup( &ctx ); ++ HMAC_CTX_free( ctx ); + } + + #if defined(__APPLE__) +diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp +index f1dd5abc..28191f4c 100644 +--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp ++++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp +@@ -38,6 +38,8 @@ + #include + #include + ++#include "openssl_compat.h" ++ + #if defined(__APPLE__) + # pragma GCC diagnostic push + # pragma GCC diagnostic ignored "-Wdeprecated-declarations" +@@ -56,17 +58,16 @@ void hmac_sha384(uint8_t* key, uint32_t key_length, + uint8_t* mac, uint32_t* mac_length ) + { + unsigned int tmp; +- HMAC_CTX ctx; +- HMAC_CTX_init( &ctx ); +- HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); ++ HMAC_CTX* ctx = HMAC_CTX_new(); ++ HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL ); + while( *data_chunks ){ +- HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); ++ HMAC_Update( ctx, *data_chunks, *data_chunck_length ); + data_chunks ++; + data_chunck_length ++; + } +- HMAC_Final( &ctx, mac, &tmp); ++ HMAC_Final( ctx, mac, &tmp); + *mac_length = tmp; +- HMAC_CTX_cleanup( &ctx ); ++ HMAC_CTX_free( ctx ); + } + + #if defined(__APPLE__) +diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp +index 2623d2a3..76089951 100644 +--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp ++++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp +@@ -223,24 +223,35 @@ ZrtpDH::ZrtpDH(const char* type) { + } + + DH* tmpCtx = NULL; ++ BIGNUM *p = NULL; ++ BIGNUM* priv_key = NULL; ++ BIGNUM *g = BN_new(); + switch (pkType) { + case DH2K: + case DH3K: + ctx = static_cast(DH_new()); + tmpCtx = static_cast(ctx); +- tmpCtx->g = BN_new(); +- BN_set_word(tmpCtx->g, DH_GENERATOR_2); ++ BN_set_word(g, DH_GENERATOR_2); + + if (pkType == DH2K) { +- tmpCtx->p = BN_dup(bnP2048); ++ p = BN_dup(bnP2048); + RAND_bytes(random, 32); +- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); ++ priv_key = BN_bin2bn(random, 32, NULL); + } + else if (pkType == DH3K) { +- tmpCtx->p = BN_dup(bnP3072); ++ p = BN_dup(bnP3072); + RAND_bytes(random, 64); +- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); ++ priv_key = BN_bin2bn(random, 32, NULL); + } ++ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) ++ tmpCtx->g = g; ++ tmpCtx->p = p; ++ tmpCtx->priv_key = priv_key; ++#else ++ DH_set0_pqg(tmpCtx, p, NULL, g); ++ DH_set0_key(tmpCtx, NULL, priv_key); ++#endif + break; + + case EC25: +@@ -274,11 +285,16 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { + if (pkType == DH2K || pkType == DH3K) { + DH* tmpCtx = static_cast(ctx); + ++ BIGNUM* pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) + if (tmpCtx->pub_key != NULL) { +- BN_free(tmpCtx->pub_key); ++ BN_free(tmpCtx->pub_key); + } +- tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); +- return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); ++ tmpCtx->pub_key = pub_key; ++#else ++ DH_set0_key(tmpCtx, pub_key, NULL); ++#endif ++ return DH_compute_key(secret, pub_key, tmpCtx); + } + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[100]; +@@ -323,8 +339,15 @@ int32_t ZrtpDH::getDhSize() const + + int32_t ZrtpDH::getPubKeySize() const + { +- if (pkType == DH2K || pkType == DH3K) +- return BN_num_bytes(static_cast(ctx)->pub_key); ++ if (pkType == DH2K || pkType == DH3K){ ++ const BIGNUM* pub_key; ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) ++ pub_key = static_cast(ctx)->pub_key; ++#else ++ DH_get0_key(static_cast(ctx), &pub_key, NULL); ++#endif ++ return BN_num_bytes(pub_key); ++ } + + if (pkType == EC25 || pkType == EC38) + return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), +@@ -343,7 +366,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const + if (prepend > 0) { + memset(buf, 0, prepend); + } +- return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); ++ const BIGNUM* pub_key; ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) ++ pub_key = static_cast(ctx)->pub_key; ++#else ++ DH_get0_key(static_cast(ctx), &pub_key, NULL); ++#endif ++ return BN_bn2bin(pub_key, buf + prepend); + } + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[100]; diff --git a/packages/dev-python/python-sipsimple/python-sipsimple-3.1.1.exheres-0 b/packages/dev-python/python-sipsimple/python-sipsimple-3.1.1.exheres-0 index 6655ea4..a0c0bc0 100644 --- a/packages/dev-python/python-sipsimple/python-sipsimple-3.1.1.exheres-0 +++ b/packages/dev-python/python-sipsimple/python-sipsimple-3.1.1.exheres-0 @@ -49,6 +49,8 @@ DEPENDENCIES=" DEFAULT_SRC_PREPARE_PATCHES=( "${FILES}"/${PNV}-fix-build.patch "${FILES}"/${PNV}-pjmedia-ffmpeg-fix.patch + "${FILES}"/${PN}-support-openssl-1.1_01.patch + "${FILES}"/${PN}-support-openssl-1.1_02.patch -p0 "${FILES}"/${PNV}-pjmedia-openh264-1.6.patch )