kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FS-9785: changes to support newer openssl

This commit is contained in:
Mike Jerris 2017-06-26 14:53:39 -05:00
parent b1237ffef4
commit d8fcb60155
5 changed files with 89 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/sofia-sip/.update
View File

@ -1 +1 @@
Wed Jun 21 08:51:26 CDT 2017 Mon Jun 26 14:53:11 CDT 2017

8
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
View File

@ -505,7 +505,7 @@ tls_t *tls_init_master(tls_issues_t *ti)
return NULL; return NULL;
} }
RAND_pseudo_bytes(sessionId, sizeof(sessionId)); RAND_bytes(sessionId, sizeof(sessionId));
if (!SSL_CTX_set_session_id_context(tls->ctx, if (!SSL_CTX_set_session_id_context(tls->ctx,
(void*) sessionId, (void*) sessionId,
@ -516,7 +516,11 @@ tls_t *tls_init_master(tls_issues_t *ti)
if (ti->CAfile != NULL) { if (ti->CAfile != NULL) {
SSL_CTX_set_client_CA_list(tls->ctx, SSL_CTX_set_client_CA_list(tls->ctx,
SSL_load_client_CA_file(ti->CAfile)); SSL_load_client_CA_file(ti->CAfile));
if (tls->ctx->client_CA == NULL) #if OPENSSL_VERSION_NUMBER >= 0x10100000
if (SSL_CTX_get_client_CA_list(tls->ctx) == NULL)
#else
if (tls->ctx->client_CA == NULL)
#endif
tls_log_errors(3, "tls_init_master", 0); tls_log_errors(3, "tls_init_master", 0);
} }

12
src/mod/endpoints/mod_rtmp/handshake.h
View File

@ -42,9 +42,15 @@
#if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH) #if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH)
#error Your OpenSSL is too old, need 0.9.8 or newer with SHA256 #error Your OpenSSL is too old, need 0.9.8 or newer with SHA256
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0) #define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0)
#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len) #define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len)
#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx) #define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
#else
#define HMAC_setup(ctx, key, len)ctx=HMAC_CTX_new(); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0)
#define HMAC_crunch(ctx, buf, len)HMAC_Update(ctx, buf, len)
#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_free(ctx)
#endif
#define FP10 #define FP10
#define RTMP_SIG_SIZE 1536 #define RTMP_SIG_SIZE 1536
@ -152,8 +158,12 @@ static getoff *digoff[] = {GetDigestOffset1, GetDigestOffset2};
static void HMACsha256(const uint8_t *message, size_t messageLen, const uint8_t *key, size_t keylen, uint8_t *digest) static void HMACsha256(const uint8_t *message, size_t messageLen, const uint8_t *key, size_t keylen, uint8_t *digest)
{ {
unsigned int digestLen; unsigned int digestLen;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX ctx; HMAC_CTX ctx;
#else
HMAC_CTX *ctx;
#endif
HMAC_setup(ctx, key, (int)keylen); HMAC_setup(ctx, key, (int)keylen);
HMAC_crunch(ctx, message, messageLen); HMAC_crunch(ctx, message, messageLen);
HMAC_finish(ctx, digest, digestLen); HMAC_finish(ctx, digest, digestLen);

15
src/switch_core_cert.c
View File

@ -359,7 +359,22 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
x = *x509p; x = *x509p;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10100000
rsa = RSA_new();
{
static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
BIGNUM* BN_value_RSA_F4 = BN_new();
if (!BN_value_RSA_F4) {
abort();
goto err;
}
BN_set_word(BN_value_RSA_F4,ULONG_RSA_F4);
RSA_generate_key_ex(rsa, bits, BN_value_RSA_F4, NULL);
BN_free(BN_value_RSA_F4);
}
#else
rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL); rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
#endif
if (!EVP_PKEY_assign_RSA(pk, rsa)) { if (!EVP_PKEY_assign_RSA(pk, rsa)) {
abort(); abort();

58
src/switch_rtp.c
View File

@ -3284,10 +3284,18 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx)
//////////// ////////////
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static BIO_METHOD dtls_bio_filter_methods; static BIO_METHOD dtls_bio_filter_methods;
#else
static BIO_METHOD *dtls_bio_filter_methods;
#endif
BIO_METHOD *BIO_dtls_filter(void) { BIO_METHOD *BIO_dtls_filter(void) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
return(&dtls_bio_filter_methods); return(&dtls_bio_filter_methods);
#else
return(dtls_bio_filter_methods);
#endif
} }
typedef struct packet_list_s { typedef struct packet_list_s {
@ -3320,10 +3328,16 @@ static int dtls_bio_filter_new(BIO *bio) {
switch_mutex_init(&filter->mutex, SWITCH_MUTEX_NESTED, filter->pool); switch_mutex_init(&filter->mutex, SWITCH_MUTEX_NESTED, filter->pool);
/* Set the BIO as initialized */ /* Set the BIO as initialized */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
bio->init = 1; bio->init = 1;
bio->ptr = filter; bio->ptr = filter;
bio->flags = 0; bio->flags = 0;
#else
BIO_set_init(bio, 1);
BIO_set_data(bio, filter);
BIO_clear_flags(bio, ~0);
#endif
return 1; return 1;
} }
@ -3335,7 +3349,11 @@ static int dtls_bio_filter_free(BIO *bio) {
} }
/* Get rid of the filter state */ /* Get rid of the filter state */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
filter = (dtls_bio_filter *)bio->ptr; filter = (dtls_bio_filter *)bio->ptr;
#else
filter = (dtls_bio_filter *)BIO_get_data(bio);
#endif
if (filter != NULL) { if (filter != NULL) {
switch_memory_pool_t *pool = filter->pool; switch_memory_pool_t *pool = filter->pool;
@ -3344,9 +3362,15 @@ static int dtls_bio_filter_free(BIO *bio) {
filter = NULL; filter = NULL;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
bio->ptr = NULL; bio->ptr = NULL;
bio->init = 0; bio->init = 0;
bio->flags = 0; bio->flags = 0;
#else
BIO_set_init(bio, 0);
BIO_set_data(bio, NULL);
BIO_clear_flags(bio, ~0);
#endif
return 1; return 1;
} }
@ -3356,11 +3380,20 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "dtls_bio_filter_write: %p, %d\n", (void *)in, inl); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "dtls_bio_filter_write: %p, %d\n", (void *)in, inl);
/* Forward data to the write BIO */ /* Forward data to the write BIO */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ret = BIO_write(bio->next_bio, in, inl); ret = BIO_write(bio->next_bio, in, inl);
#else
ret = BIO_write(BIO_next(bio), in, inl);
#endif
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, " -- %ld\n", ret); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, " -- %ld\n", ret);
/* Keep track of the packet, as we'll advertize them one by one after a pending check */ /* Keep track of the packet, as we'll advertize them one by one after a pending check */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
filter = (dtls_bio_filter *)bio->ptr; filter = (dtls_bio_filter *)bio->ptr;
#else
filter = (dtls_bio_filter *)BIO_get_data(bio);
#endif
if (filter != NULL) { if (filter != NULL) {
packet_list_t *node; packet_list_t *node;
@ -3391,7 +3424,11 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
} }
static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) { static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
dtls_bio_filter *filter = (dtls_bio_filter *)bio->ptr; dtls_bio_filter *filter = (dtls_bio_filter *)bio->ptr;
#else
dtls_bio_filter *filter = (dtls_bio_filter *)BIO_get_data(bio);
#endif
switch(cmd) { switch(cmd) {
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
@ -3438,6 +3475,7 @@ static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
return 0; return 0;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static BIO_METHOD dtls_bio_filter_methods = { static BIO_METHOD dtls_bio_filter_methods = {
BIO_TYPE_FILTER, BIO_TYPE_FILTER,
"DTLS filter", "DTLS filter",
@ -3450,7 +3488,9 @@ static BIO_METHOD dtls_bio_filter_methods = {
dtls_bio_filter_free, dtls_bio_filter_free,
NULL NULL
}; };
#else
static BIO_METHOD *dtls_bio_filter_methods = NULL;
#endif
/////////// ///////////
@ -3598,7 +3638,11 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
dtls->ca = switch_core_sprintf(rtp_session->pool, "%s%sca-bundle.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR); dtls->ca = switch_core_sprintf(rtp_session->pool, "%s%sca-bundle.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR);
#if OPENSSL_VERSION_NUMBER >= 0x10100000
dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLS_server_method() : DTLS_client_method());
#else
dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method()); dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method());
#endif
switch_assert(dtls->ssl_ctx); switch_assert(dtls->ssl_ctx);
bio = BIO_new_file(dtls->pem, "r"); bio = BIO_new_file(dtls->pem, "r");
@ -3659,7 +3703,17 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
dtls->ssl = SSL_new(dtls->ssl_ctx); dtls->ssl = SSL_new(dtls->ssl_ctx);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
dtls->filter_bio = BIO_new(BIO_dtls_filter()); dtls->filter_bio = BIO_new(BIO_dtls_filter());
#else
dtls_bio_filter_methods = BIO_meth_new(BIO_TYPE_FILTER | BIO_get_new_index(), "DTLS filter");
BIO_meth_set_write(dtls_bio_filter_methods, dtls_bio_filter_write);
BIO_meth_set_ctrl(dtls_bio_filter_methods, dtls_bio_filter_ctrl);
BIO_meth_set_create(dtls_bio_filter_methods, dtls_bio_filter_new);
BIO_meth_set_destroy(dtls_bio_filter_methods, dtls_bio_filter_free);
dtls->filter_bio = BIO_new(dtls_bio_filter_methods);
#endif
switch_assert(dtls->filter_bio); switch_assert(dtls->filter_bio);
BIO_push(dtls->filter_bio, dtls->write_bio); BIO_push(dtls->filter_bio, dtls->write_bio);