Upstream: Patch Submitted
commit 7ec01af311d21e339208c68d03c1430c8b210073
Author: Tom Briden <tom@decompile.me.uk>
Date: Wed Nov 28 17:51:41 2018 +0000
zsrtp: Add support for openssl-1.1
diff --git a/deps/pjsip/third_party/zsrtp/include/openssl_compat.h b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
new file mode 100644
index 00000000..cf2e8179
--- /dev/null
+++ b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
@@ -0,0 +1,22 @@
+#ifndef _OPENSSL_COMPAT
+#define _OPENSSL_COMPAT
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(*ctx));
+ if (ctx != NULL)
+ HMAC_CTX_init(ctx);
+ return ctx;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx != NULL) {
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+#endif
+
+#endif
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
index 6cdb6b14..605285dd 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
@@ -37,6 +37,8 @@
#include <openssl/hmac.h>
#include <crypto/hmac.h>
+#include <openssl_compat.h>
+
#if defined(__APPLE__)
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@@ -55,23 +57,21 @@ void hmac_sha1( uint8_t* key, int32_t key_length,
const uint8_t* data_chunks[],
uint32_t data_chunck_length[],
uint8_t* mac, int32_t* mac_length ) {
- HMAC_CTX ctx;
- HMAC_CTX_init(&ctx);
- HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL);
+ HMAC_CTX* ctx = HMAC_CTX_new();
+ HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
while (*data_chunks) {
- HMAC_Update(&ctx, *data_chunks, *data_chunck_length);
+ HMAC_Update(ctx, *data_chunks, *data_chunck_length);
data_chunks ++;
data_chunck_length ++;
}
- HMAC_Final(&ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
- HMAC_CTX_cleanup(&ctx);
+ HMAC_Final(ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
+ HMAC_CTX_free(ctx);
}
void* createSha1HmacContext(uint8_t* key, int32_t key_length)
{
- HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX));
+ HMAC_CTX* ctx = HMAC_CTX_new();
- HMAC_CTX_init(ctx);
HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
return ctx;
}
@@ -80,7 +80,11 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength)
{
HMAC_CTX *pctx = (HMAC_CTX*)ctx;
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
HMAC_CTX_init(pctx);
+#else
+ HMAC_CTX_reset(pctx);
+#endif
HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL);
return pctx;
}
@@ -112,8 +116,7 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[],
void freeSha1HmacContext(void* ctx)
{
if (ctx) {
- HMAC_CTX_cleanup((HMAC_CTX*)ctx);
- free(ctx);
+ HMAC_CTX_free((HMAC_CTX*)ctx);
}
}
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
index 0953ad5c..2dd6f807 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
@@ -38,6 +38,8 @@
#include <openssl/hmac.h>
#include <crypto/hmac256.h>
+#include "openssl_compat.h"
+
#if defined(__APPLE__)
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@@ -58,17 +60,16 @@ void hmac_sha256(uint8_t* key, uint32_t key_length,
uint8_t* mac, uint32_t* mac_length )
{
unsigned int tmp;
- HMAC_CTX ctx;
- HMAC_CTX_init( &ctx );
- HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );
+ HMAC_CTX* ctx = HMAC_CTX_new();
+ HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL );
while( *data_chunks ){
- HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
+ HMAC_Update( ctx, *data_chunks, *data_chunck_length );
data_chunks ++;
data_chunck_length ++;
}
- HMAC_Final( &ctx, mac, &tmp);
+ HMAC_Final( ctx, mac, &tmp);
*mac_length = tmp;
- HMAC_CTX_cleanup( &ctx );
+ HMAC_CTX_free( ctx );
}
#if defined(__APPLE__)
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
index f1dd5abc..28191f4c 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
@@ -38,6 +38,8 @@
#include <openssl/hmac.h>
#include <zrtp/crypto/hmac256.h>
+#include "openssl_compat.h"
+
#if defined(__APPLE__)
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@@ -56,17 +58,16 @@ void hmac_sha384(uint8_t* key, uint32_t key_length,
uint8_t* mac, uint32_t* mac_length )
{
unsigned int tmp;
- HMAC_CTX ctx;
- HMAC_CTX_init( &ctx );
- HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL );
+ HMAC_CTX* ctx = HMAC_CTX_new();
+ HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL );
while( *data_chunks ){
- HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
+ HMAC_Update( ctx, *data_chunks, *data_chunck_length );
data_chunks ++;
data_chunck_length ++;
}
- HMAC_Final( &ctx, mac, &tmp);
+ HMAC_Final( ctx, mac, &tmp);
*mac_length = tmp;
- HMAC_CTX_cleanup( &ctx );
+ HMAC_CTX_free( ctx );
}
#if defined(__APPLE__)
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
index 2623d2a3..76089951 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
@@ -223,24 +223,35 @@ ZrtpDH::ZrtpDH(const char* type) {
}
DH* tmpCtx = NULL;
+ BIGNUM *p = NULL;
+ BIGNUM* priv_key = NULL;
+ BIGNUM *g = BN_new();
switch (pkType) {
case DH2K:
case DH3K:
ctx = static_cast<void*>(DH_new());
tmpCtx = static_cast<DH*>(ctx);
- tmpCtx->g = BN_new();
- BN_set_word(tmpCtx->g, DH_GENERATOR_2);
+ BN_set_word(g, DH_GENERATOR_2);
if (pkType == DH2K) {
- tmpCtx->p = BN_dup(bnP2048);
+ p = BN_dup(bnP2048);
RAND_bytes(random, 32);
- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
+ priv_key = BN_bin2bn(random, 32, NULL);
}
else if (pkType == DH3K) {
- tmpCtx->p = BN_dup(bnP3072);
+ p = BN_dup(bnP3072);
RAND_bytes(random, 64);
- tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
+ priv_key = BN_bin2bn(random, 32, NULL);
}
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+ tmpCtx->g = g;
+ tmpCtx->p = p;
+ tmpCtx->priv_key = priv_key;
+#else
+ DH_set0_pqg(tmpCtx, p, NULL, g);
+ DH_set0_key(tmpCtx, NULL, priv_key);
+#endif
break;
case EC25:
@@ -274,11 +285,16 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
if (pkType == DH2K || pkType == DH3K) {
DH* tmpCtx = static_cast<DH*>(ctx);
+ BIGNUM* pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
if (tmpCtx->pub_key != NULL) {
- BN_free(tmpCtx->pub_key);
+ BN_free(tmpCtx->pub_key);
}
- tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
- return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx);
+ tmpCtx->pub_key = pub_key;
+#else
+ DH_set0_key(tmpCtx, pub_key, NULL);
+#endif
+ return DH_compute_key(secret, pub_key, tmpCtx);
}
if (pkType == EC25 || pkType == EC38) {
uint8_t buffer[100];
@@ -323,8 +339,15 @@ int32_t ZrtpDH::getDhSize() const
int32_t ZrtpDH::getPubKeySize() const
{
- if (pkType == DH2K || pkType == DH3K)
- return BN_num_bytes(static_cast<DH*>(ctx)->pub_key);
+ if (pkType == DH2K || pkType == DH3K){
+ const BIGNUM* pub_key;
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+ pub_key = static_cast<DH*>(ctx)->pub_key;
+#else
+ DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
+#endif
+ return BN_num_bytes(pub_key);
+ }
if (pkType == EC25 || pkType == EC38)
return EC_POINT_point2oct(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
@@ -343,7 +366,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const
if (prepend > 0) {
memset(buf, 0, prepend);
}
- return BN_bn2bin(static_cast<DH*>(ctx)->pub_key, buf + prepend);
+ const BIGNUM* pub_key;
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+ pub_key = static_cast<DH*>(ctx)->pub_key;
+#else
+ DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
+#endif
+ return BN_bn2bin(pub_key, buf + prepend);
}
if (pkType == EC25 || pkType == EC38) {
uint8_t buffer[100];