Upstream: Patch Submitted


commit 7ec01af311d21e339208c68d03c1430c8b210073
Author: Tom Briden <tom@decompile.me.uk>
Date:   Wed Nov 28 17:51:41 2018 +0000

    zsrtp: Add support for openssl-1.1

diff --git a/deps/pjsip/third_party/zsrtp/include/openssl_compat.h b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
new file mode 100644
index 00000000..cf2e8179
--- /dev/null
+++ b/deps/pjsip/third_party/zsrtp/include/openssl_compat.h
@@ -0,0 +1,22 @@
+#ifndef _OPENSSL_COMPAT
+#define _OPENSSL_COMPAT
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+   HMAC_CTX *ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(*ctx));
+   if (ctx != NULL)
+       HMAC_CTX_init(ctx);
+   return ctx;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+   if (ctx != NULL) {
+       HMAC_CTX_cleanup(ctx);
+       OPENSSL_free(ctx);
+   }
+}
+#endif
+
+#endif
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
index 6cdb6b14..605285dd 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/srtp/crypto/openssl/hmac.cpp
@@ -37,6 +37,8 @@
 #include <openssl/hmac.h>
 #include <crypto/hmac.h>
 
+#include <openssl_compat.h>
+
 #if defined(__APPLE__)
 #  pragma GCC diagnostic push
 #  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@@ -55,23 +57,21 @@ void hmac_sha1( uint8_t* key, int32_t key_length,
                 const uint8_t* data_chunks[],
                 uint32_t data_chunck_length[],
                 uint8_t* mac, int32_t* mac_length ) {
-    HMAC_CTX ctx;
-    HMAC_CTX_init(&ctx);
-    HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL);
+    HMAC_CTX* ctx = HMAC_CTX_new();
+    HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
     while (*data_chunks) {
-        HMAC_Update(&ctx, *data_chunks, *data_chunck_length);
+        HMAC_Update(ctx, *data_chunks, *data_chunck_length);
         data_chunks ++;
         data_chunck_length ++;
     }
-    HMAC_Final(&ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
-    HMAC_CTX_cleanup(&ctx);
+    HMAC_Final(ctx, mac, reinterpret_cast<uint32_t*>(mac_length));
+    HMAC_CTX_free(ctx);
 }
 
 void* createSha1HmacContext(uint8_t* key, int32_t key_length)
 {
-    HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX));
+    HMAC_CTX* ctx = HMAC_CTX_new();
 
-    HMAC_CTX_init(ctx);
     HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL);
     return ctx;
 }
@@ -80,7 +80,11 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength)
 {
     HMAC_CTX *pctx = (HMAC_CTX*)ctx;
 
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
     HMAC_CTX_init(pctx);
+#else
+    HMAC_CTX_reset(pctx);
+#endif
     HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL);
     return pctx;
 }
@@ -112,8 +116,7 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[],
 void freeSha1HmacContext(void* ctx)
 {
     if (ctx) {
-        HMAC_CTX_cleanup((HMAC_CTX*)ctx);
-        free(ctx);
+        HMAC_CTX_free((HMAC_CTX*)ctx);
     }
 }
 
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
index 0953ad5c..2dd6f807 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac256.cpp
@@ -38,6 +38,8 @@
 #include <openssl/hmac.h>
 #include <crypto/hmac256.h>
 
+#include "openssl_compat.h"
+
 #if defined(__APPLE__)
 #  pragma GCC diagnostic push
 #  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@@ -58,17 +60,16 @@ void hmac_sha256(uint8_t* key, uint32_t key_length,
                  uint8_t* mac, uint32_t* mac_length )
 {
     unsigned int tmp;
-    HMAC_CTX ctx;
-    HMAC_CTX_init( &ctx );
-    HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );
+    HMAC_CTX* ctx = HMAC_CTX_new();
+    HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL );
     while( *data_chunks ){
-      HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
+      HMAC_Update( ctx, *data_chunks, *data_chunck_length );
       data_chunks ++;
       data_chunck_length ++;
     }
-    HMAC_Final( &ctx, mac, &tmp);
+    HMAC_Final( ctx, mac, &tmp);
     *mac_length = tmp;
-    HMAC_CTX_cleanup( &ctx );
+    HMAC_CTX_free( ctx );
 }
 
 #if defined(__APPLE__)
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
index f1dd5abc..28191f4c 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/hmac384.cpp
@@ -38,6 +38,8 @@
 #include <openssl/hmac.h>
 #include <zrtp/crypto/hmac256.h>
 
+#include "openssl_compat.h"
+
 #if defined(__APPLE__)
 #  pragma GCC diagnostic push
 #  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@@ -56,17 +58,16 @@ void hmac_sha384(uint8_t* key, uint32_t key_length,
                  uint8_t* mac, uint32_t* mac_length )
 {
     unsigned int tmp;
-    HMAC_CTX ctx;
-    HMAC_CTX_init( &ctx );
-    HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL );
+    HMAC_CTX* ctx = HMAC_CTX_new();
+    HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL );
     while( *data_chunks ){
-      HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
+      HMAC_Update( ctx, *data_chunks, *data_chunck_length );
       data_chunks ++;
       data_chunck_length ++;
     }
-    HMAC_Final( &ctx, mac, &tmp);
+    HMAC_Final( ctx, mac, &tmp);
     *mac_length = tmp;
-    HMAC_CTX_cleanup( &ctx );
+    HMAC_CTX_free( ctx );
 }
 
 #if defined(__APPLE__)
diff --git a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
index 2623d2a3..76089951 100644
--- a/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
+++ b/deps/pjsip/third_party/zsrtp/zrtp/zrtp/crypto/openssl/zrtpDH.cpp
@@ -223,24 +223,35 @@ ZrtpDH::ZrtpDH(const char* type) {
     }
 
     DH* tmpCtx = NULL;
+    BIGNUM *p = NULL;
+    BIGNUM* priv_key = NULL;
+    BIGNUM *g = BN_new();
     switch (pkType) {
     case DH2K:
     case DH3K:
         ctx = static_cast<void*>(DH_new());
         tmpCtx = static_cast<DH*>(ctx);
-        tmpCtx->g = BN_new();
-        BN_set_word(tmpCtx->g, DH_GENERATOR_2);
+        BN_set_word(g, DH_GENERATOR_2);
 
         if (pkType == DH2K) {
-            tmpCtx->p = BN_dup(bnP2048);
+            p = BN_dup(bnP2048);
             RAND_bytes(random, 32);
-            tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
+            priv_key = BN_bin2bn(random, 32, NULL);
         }
         else if (pkType == DH3K) {
-            tmpCtx->p = BN_dup(bnP3072);
+            p = BN_dup(bnP3072);
             RAND_bytes(random, 64);
-            tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
+            priv_key = BN_bin2bn(random, 32, NULL);
         }
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+        tmpCtx->g = g;
+        tmpCtx->p = p;
+        tmpCtx->priv_key = priv_key;
+#else
+        DH_set0_pqg(tmpCtx, p, NULL, g);
+        DH_set0_key(tmpCtx, NULL, priv_key);
+#endif
         break;
 
     case EC25:
@@ -274,11 +285,16 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
     if (pkType == DH2K || pkType == DH3K) {
         DH* tmpCtx = static_cast<DH*>(ctx);
 
+        BIGNUM* pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
         if (tmpCtx->pub_key != NULL) {
-            BN_free(tmpCtx->pub_key);
+          BN_free(tmpCtx->pub_key);
         }
-        tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
-        return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx);
+        tmpCtx->pub_key = pub_key;
+#else
+        DH_set0_key(tmpCtx, pub_key, NULL);
+#endif
+        return DH_compute_key(secret, pub_key, tmpCtx);
     }
     if (pkType == EC25 || pkType == EC38) {
         uint8_t buffer[100];
@@ -323,8 +339,15 @@ int32_t ZrtpDH::getDhSize() const
 
 int32_t ZrtpDH::getPubKeySize() const
 {
-    if (pkType == DH2K || pkType == DH3K)
-        return BN_num_bytes(static_cast<DH*>(ctx)->pub_key);
+    if (pkType == DH2K || pkType == DH3K){
+        const BIGNUM* pub_key;
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+        pub_key = static_cast<DH*>(ctx)->pub_key;
+#else
+        DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
+#endif
+        return BN_num_bytes(pub_key);
+    }
 
     if (pkType == EC25 || pkType == EC38)
         return EC_POINT_point2oct(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
@@ -343,7 +366,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const
         if (prepend > 0) {
             memset(buf, 0, prepend);
         }
-        return BN_bn2bin(static_cast<DH*>(ctx)->pub_key, buf + prepend);
+        const BIGNUM* pub_key;
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
+        pub_key = static_cast<DH*>(ctx)->pub_key;
+#else
+        DH_get0_key(static_cast<DH*>(ctx), &pub_key, NULL);
+#endif
+        return BN_bn2bin(pub_key, buf + prepend);
     }
     if (pkType == EC25 || pkType == EC38) {
         uint8_t buffer[100];