[Core] OpenSSL 3 support
This commit is contained in:
jpfox156
GitHub
parent
0f445e1ddd
commit
00818e7b25
|
|
@ -74,7 +74,16 @@
|
||||||
#if (defined(HAVE_LIBMD5) || defined(HAVE_LIBMD) || defined(HAVE_MD5INIT))
|
#if (defined(HAVE_LIBMD5) || defined(HAVE_LIBMD) || defined(HAVE_MD5INIT))
|
||||||
#include <md5.h>
|
#include <md5.h>
|
||||||
#elif defined(HAVE_LIBCRYPTO)
|
#elif defined(HAVE_LIBCRYPTO)
|
||||||
#include <openssl/md5.h>
|
#ifndef OPENSSL_VERSION_NUMBER
|
||||||
|
#include <openssl/opensslv.h>
|
||||||
|
#endif
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||||
|
#include <openssl/md5.h>
|
||||||
|
#else
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#endif
|
||||||
|
#else
|
||||||
|
#include <apr_md5.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef WIN32
|
#ifndef WIN32
|
||||||
|
|
@ -1174,11 +1183,24 @@ SWITCH_DECLARE(switch_status_t) switch_md5(unsigned char digest[SWITCH_MD5_DIGES
|
||||||
|
|
||||||
return SWITCH_STATUS_SUCCESS;
|
return SWITCH_STATUS_SUCCESS;
|
||||||
#elif defined(HAVE_LIBCRYPTO)
|
#elif defined(HAVE_LIBCRYPTO)
|
||||||
MD5_CTX md5_context;
|
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||||
|
MD5_CTX md5_context;
|
||||||
|
|
||||||
MD5_Init(&md5_context);
|
MD5_Init(&md5_context);
|
||||||
MD5_Update(&md5_context, input, inputLen);
|
MD5_Update(&md5_context, input, inputLen);
|
||||||
MD5_Final(digest, &md5_context);
|
MD5_Final(digest, &md5_context);
|
||||||
|
#else
|
||||||
|
EVP_MD_CTX *md5_context;
|
||||||
|
|
||||||
|
/* MD5_Init */
|
||||||
|
md5_context = EVP_MD_CTX_new();
|
||||||
|
EVP_DigestInit_ex(md5_context, EVP_md5(), NULL);
|
||||||
|
/* MD5_Update */
|
||||||
|
EVP_DigestUpdate(md5_context, input, inputLen);
|
||||||
|
/* MD5_Final */
|
||||||
|
EVP_DigestFinal_ex(md5_context, digest, NULL);
|
||||||
|
EVP_MD_CTX_free(md5_context);
|
||||||
|
#endif
|
||||||
|
|
||||||
return SWITCH_STATUS_SUCCESS;
|
return SWITCH_STATUS_SUCCESS;
|
||||||
#else
|
#else
|
||||||
|
|
|
||||||
|
|
@ -287,7 +287,10 @@ SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix)
|
||||||
|
|
||||||
//bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
|
//bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||||
|
|
||||||
mkcert(&x509, &pkey, 4096, 0, 36500);
|
if (!mkcert(&x509, &pkey, 4096, 0, 36500)) {
|
||||||
|
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Certificate generation failed\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
|
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
|
||||||
//X509_print_fp(stdout, x509);
|
//X509_print_fp(stdout, x509);
|
||||||
|
|
@ -410,7 +413,9 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
||||||
{
|
{
|
||||||
X509 *x;
|
X509 *x;
|
||||||
EVP_PKEY *pk;
|
EVP_PKEY *pk;
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||||
RSA *rsa;
|
RSA *rsa;
|
||||||
|
#endif
|
||||||
X509_NAME *name=NULL;
|
X509_NAME *name=NULL;
|
||||||
|
|
||||||
switch_assert(pkeyp);
|
switch_assert(pkeyp);
|
||||||
|
|
@ -432,7 +437,26 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
||||||
x = *x509p;
|
x = *x509p;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||||
|
{
|
||||||
|
EVP_PKEY_CTX *ctx;
|
||||||
|
|
||||||
|
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
|
||||||
|
/* Setup the key context */
|
||||||
|
if ((!ctx) || (EVP_PKEY_keygen_init(ctx) <= 0) || (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0)) {
|
||||||
|
abort();
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Generate key */
|
||||||
|
if (EVP_PKEY_generate(ctx, &pk) <= 0) {
|
||||||
|
abort();
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
EVP_PKEY_CTX_free(ctx);
|
||||||
|
}
|
||||||
|
#elif OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
rsa = RSA_new();
|
rsa = RSA_new();
|
||||||
{
|
{
|
||||||
static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
|
static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
|
||||||
|
|
@ -449,11 +473,13 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
||||||
rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
|
rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||||
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
|
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
|
||||||
abort();
|
abort();
|
||||||
}
|
}
|
||||||
|
|
||||||
rsa = NULL;
|
rsa = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
X509_set_version(x, 2);
|
X509_set_version(x, 2);
|
||||||
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
|
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
|
||||||
|
|
@ -476,13 +502,21 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
||||||
*/
|
*/
|
||||||
X509_set_issuer_name(x, name);
|
X509_set_issuer_name(x, name);
|
||||||
|
|
||||||
if (!X509_sign(x, pk, EVP_sha1()))
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||||
|
if (!X509_sign(x, pk, EVP_sha256())) {
|
||||||
|
#else
|
||||||
|
if (!X509_sign(x, pk, EVP_sha1())) {
|
||||||
|
#endif
|
||||||
goto err;
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
*x509p = x;
|
*x509p = x;
|
||||||
*pkeyp = pk;
|
*pkeyp = pk;
|
||||||
|
|
||||||
return(1);
|
return(1);
|
||||||
err:
|
err:
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3643,7 +3643,11 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
|
||||||
const SSL_METHOD *ssl_method;
|
const SSL_METHOD *ssl_method;
|
||||||
SSL_CTX *ssl_ctx;
|
SSL_CTX *ssl_ctx;
|
||||||
BIO *bio;
|
BIO *bio;
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||||
|
EVP_PKEY *dh_pk;
|
||||||
|
#else
|
||||||
DH *dh;
|
DH *dh;
|
||||||
|
#endif
|
||||||
switch_status_t status = SWITCH_STATUS_SUCCESS;
|
switch_status_t status = SWITCH_STATUS_SUCCESS;
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
||||||
|
|
@ -3723,13 +3727,21 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
|
||||||
switch_assert(dtls->ssl_ctx);
|
switch_assert(dtls->ssl_ctx);
|
||||||
|
|
||||||
bio = BIO_new_file(dtls->pem, "r");
|
bio = BIO_new_file(dtls->pem, "r");
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||||
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||||
BIO_free(bio);
|
BIO_free(bio);
|
||||||
if (dh) {
|
if (dh) {
|
||||||
SSL_CTX_set_tmp_dh(dtls->ssl_ctx, dh);
|
SSL_CTX_set_tmp_dh(dtls->ssl_ctx, dh);
|
||||||
DH_free(dh);
|
DH_free(dh);
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
if((dh_pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)) != NULL) {
|
||||||
|
SSL_CTX_set0_tmp_dh_pkey(dtls->ssl_ctx, dh_pk);
|
||||||
|
EVP_PKEY_free(dh_pk);
|
||||||
|
}
|
||||||
|
|
||||||
|
BIO_free(bio);
|
||||||
|
#endif
|
||||||
SSL_CTX_set_mode(dtls->ssl_ctx, SSL_MODE_AUTO_RETRY);
|
SSL_CTX_set_mode(dtls->ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||||
|
|
||||||
//SSL_CTX_set_verify(dtls->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
//SSL_CTX_set_verify(dtls->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue