diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update index 951671267f..5b7da58dcf 100644 --- a/libs/sofia-sip/.update +++ b/libs/sofia-sip/.update @@ -1 +1 @@ -Wed Jun 21 08:51:26 CDT 2017 +Mon Jun 26 14:53:11 CDT 2017 diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c index c872336b0b..958d2e76b7 100644 --- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c +++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c @@ -505,7 +505,7 @@ tls_t *tls_init_master(tls_issues_t *ti) return NULL; } - RAND_pseudo_bytes(sessionId, sizeof(sessionId)); + RAND_bytes(sessionId, sizeof(sessionId)); if (!SSL_CTX_set_session_id_context(tls->ctx, (void*) sessionId, @@ -516,7 +516,11 @@ tls_t *tls_init_master(tls_issues_t *ti) if (ti->CAfile != NULL) { SSL_CTX_set_client_CA_list(tls->ctx, SSL_load_client_CA_file(ti->CAfile)); - if (tls->ctx->client_CA == NULL) +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + if (SSL_CTX_get_client_CA_list(tls->ctx) == NULL) +#else + if (tls->ctx->client_CA == NULL) +#endif tls_log_errors(3, "tls_init_master", 0); } diff --git a/src/mod/endpoints/mod_rtmp/handshake.h b/src/mod/endpoints/mod_rtmp/handshake.h index f33ad9fd08..19c77810b0 100644 --- a/src/mod/endpoints/mod_rtmp/handshake.h +++ b/src/mod/endpoints/mod_rtmp/handshake.h @@ -42,9 +42,15 @@ #if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH) #error Your OpenSSL is too old, need 0.9.8 or newer with SHA256 #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0) #define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len) #define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx) +#else +#define HMAC_setup(ctx, key, len)ctx=HMAC_CTX_new(); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0) +#define HMAC_crunch(ctx, buf, len)HMAC_Update(ctx, buf, len) +#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_free(ctx) +#endif #define FP10 #define RTMP_SIG_SIZE 1536 @@ -152,8 +158,12 @@ static getoff *digoff[] = {GetDigestOffset1, GetDigestOffset2}; static void HMACsha256(const uint8_t *message, size_t messageLen, const uint8_t *key, size_t keylen, uint8_t *digest) { unsigned int digestLen; +#if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX ctx; - +#else + HMAC_CTX *ctx; +#endif + HMAC_setup(ctx, key, (int)keylen); HMAC_crunch(ctx, message, messageLen); HMAC_finish(ctx, digest, digestLen); diff --git a/src/switch_core_cert.c b/src/switch_core_cert.c index cf259dd2b8..1083a70332 100644 --- a/src/switch_core_cert.c +++ b/src/switch_core_cert.c @@ -359,7 +359,22 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days x = *x509p; } +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + rsa = RSA_new(); + { + static const BN_ULONG ULONG_RSA_F4 = RSA_F4; + BIGNUM* BN_value_RSA_F4 = BN_new(); + if (!BN_value_RSA_F4) { + abort(); + goto err; + } + BN_set_word(BN_value_RSA_F4,ULONG_RSA_F4); + RSA_generate_key_ex(rsa, bits, BN_value_RSA_F4, NULL); + BN_free(BN_value_RSA_F4); + } +#else rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL); +#endif if (!EVP_PKEY_assign_RSA(pk, rsa)) { abort(); diff --git a/src/switch_rtp.c b/src/switch_rtp.c index 760b9122e6..0586ca2ab3 100644 --- a/src/switch_rtp.c +++ b/src/switch_rtp.c @@ -3284,10 +3284,18 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx) //////////// +#if OPENSSL_VERSION_NUMBER < 0x10100000L static BIO_METHOD dtls_bio_filter_methods; +#else +static BIO_METHOD *dtls_bio_filter_methods; +#endif BIO_METHOD *BIO_dtls_filter(void) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L return(&dtls_bio_filter_methods); +#else + return(dtls_bio_filter_methods); +#endif } typedef struct packet_list_s { @@ -3320,10 +3328,16 @@ static int dtls_bio_filter_new(BIO *bio) { switch_mutex_init(&filter->mutex, SWITCH_MUTEX_NESTED, filter->pool); /* Set the BIO as initialized */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L bio->init = 1; bio->ptr = filter; bio->flags = 0; - +#else + BIO_set_init(bio, 1); + BIO_set_data(bio, filter); + BIO_clear_flags(bio, ~0); +#endif + return 1; } @@ -3335,7 +3349,11 @@ static int dtls_bio_filter_free(BIO *bio) { } /* Get rid of the filter state */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L filter = (dtls_bio_filter *)bio->ptr; +#else + filter = (dtls_bio_filter *)BIO_get_data(bio); +#endif if (filter != NULL) { switch_memory_pool_t *pool = filter->pool; @@ -3344,9 +3362,15 @@ static int dtls_bio_filter_free(BIO *bio) { filter = NULL; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L bio->ptr = NULL; bio->init = 0; bio->flags = 0; +#else + BIO_set_init(bio, 0); + BIO_set_data(bio, NULL); + BIO_clear_flags(bio, ~0); +#endif return 1; } @@ -3356,11 +3380,20 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "dtls_bio_filter_write: %p, %d\n", (void *)in, inl); /* Forward data to the write BIO */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L ret = BIO_write(bio->next_bio, in, inl); +#else + ret = BIO_write(BIO_next(bio), in, inl); +#endif + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, " -- %ld\n", ret); /* Keep track of the packet, as we'll advertize them one by one after a pending check */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L filter = (dtls_bio_filter *)bio->ptr; +#else + filter = (dtls_bio_filter *)BIO_get_data(bio); +#endif if (filter != NULL) { packet_list_t *node; @@ -3391,7 +3424,11 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) { } static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L dtls_bio_filter *filter = (dtls_bio_filter *)bio->ptr; +#else + dtls_bio_filter *filter = (dtls_bio_filter *)BIO_get_data(bio); +#endif switch(cmd) { case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: @@ -3438,6 +3475,7 @@ static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) { return 0; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L static BIO_METHOD dtls_bio_filter_methods = { BIO_TYPE_FILTER, "DTLS filter", @@ -3450,7 +3488,9 @@ static BIO_METHOD dtls_bio_filter_methods = { dtls_bio_filter_free, NULL }; - +#else +static BIO_METHOD *dtls_bio_filter_methods = NULL; +#endif /////////// @@ -3598,7 +3638,11 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d dtls->ca = switch_core_sprintf(rtp_session->pool, "%s%sca-bundle.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR); +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLS_server_method() : DTLS_client_method()); +#else dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method()); +#endif switch_assert(dtls->ssl_ctx); bio = BIO_new_file(dtls->pem, "r"); @@ -3659,7 +3703,17 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d dtls->ssl = SSL_new(dtls->ssl_ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L dtls->filter_bio = BIO_new(BIO_dtls_filter()); +#else + dtls_bio_filter_methods = BIO_meth_new(BIO_TYPE_FILTER | BIO_get_new_index(), "DTLS filter"); + BIO_meth_set_write(dtls_bio_filter_methods, dtls_bio_filter_write); + BIO_meth_set_ctrl(dtls_bio_filter_methods, dtls_bio_filter_ctrl); + BIO_meth_set_create(dtls_bio_filter_methods, dtls_bio_filter_new); + BIO_meth_set_destroy(dtls_bio_filter_methods, dtls_bio_filter_free); + dtls->filter_bio = BIO_new(dtls_bio_filter_methods); +#endif + switch_assert(dtls->filter_bio); BIO_push(dtls->filter_bio, dtls->write_bio);