replace some deprecated OpenSSL calls

diff --git a/player.c b/player.c
index 9d52c6ec445486a7057d909f575d53edfff9ccf5..86837da65ddd870afd08f17ac213d9e83162c2cb 100644 (file)
--- a/player.c
+++ b/player.c
@@ -57,7 +57,13 @@
 #endif
 
 #ifdef CONFIG_OPENSSL
-#include <openssl/aes.h>
+#include <openssl/bio.h> // needed for BIO_new_mem_buf
+// #include <openssl/buffer.h>
+#include <openssl/aes.h> // needed for older AES stuff
+#include <openssl/err.h> // needed for ERR_error_string, ERR_get_error
+#include <openssl/evp.h> // needed for EVP_PKEY_CTX_new, EVP_PKEY_sign_init, EVP_PKEY_sign
+#include <openssl/pem.h> // needed for PEM_read_bio_RSAPrivateKey, EVP_PKEY_CTX_set_rsa_padding
+#include <openssl/rsa.h> // needed for EVP_PKEY_CTX_set_rsa_padding
 #endif
 
 #ifdef CONFIG_SOXR
@@ -190,6 +196,41 @@ void unencrypted_packet_decode(unsigned char *packet, int length, short *dest, i
   }
 }
 
+#ifdef CONFIG_OPENSSL
+// Thanks to
+// https://stackoverflow.com/questions/27558625/how-do-i-use-aes-cbc-encrypt-128-openssl-properly-in-ubuntu
+// for inspiration. Changed to a 128-bit key and no padding.
+
+int openssl_aes_decrypt_cbc(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,
+                unsigned char *iv, unsigned char *plaintext) {
+  EVP_CIPHER_CTX *ctx;
+  int len;
+  int plaintext_len = 0;
+  ctx = EVP_CIPHER_CTX_new();
+  if (ctx != NULL) {
+    if (EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv) == 1) {
+      EVP_CIPHER_CTX_set_padding(ctx, 0); // no padding -- always returns 1
+      // no need to allow space for padding in the output, as padding is disabled
+      if (EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len) == 1) {
+        plaintext_len = len;
+        if (EVP_DecryptFinal_ex(ctx, plaintext + len, &len) == 1) {
+          plaintext_len += len;
+        } else {
+          debug(1, "EVP_DecryptFinal_ex error \"%s\".", ERR_error_string(ERR_get_error(), NULL));
+        }
+      } else {
+        debug(1, "EVP_DecryptUpdate error \"%s\".", ERR_error_string(ERR_get_error(), NULL));
+      }
+    } else {
+      debug(1, "EVP_DecryptInit_ex error \"%s\".", ERR_error_string(ERR_get_error(), NULL));
+    }
+    EVP_CIPHER_CTX_free(ctx);
+  } else {
+    debug(1, "EVP_CIPHER_CTX_new error \"%s\".", ERR_error_string(ERR_get_error(), NULL));
+  }
+  return plaintext_len;
+}
+#endif
 int audio_packet_decode(short *dest, int *destlen, uint8_t *buf, int len, rtsp_conn_info *conn) {
   // parameters: where the decoded stuff goes, its length in samples,
   // the incoming packet, the length of the incoming packet in bytes
@@ -218,7 +259,7 @@ int audio_packet_decode(short *dest, int *destlen, uint8_t *buf, int len, rtsp_c
     aes_crypt_cbc(&conn->dctx, AES_DECRYPT, aeslen, iv, buf, packet);
 #endif
 #ifdef CONFIG_OPENSSL
-    AES_cbc_encrypt(buf, packet, aeslen, &conn->aes, iv, AES_DECRYPT);
+    openssl_aes_decrypt_cbc(buf, aeslen, conn->stream.aeskey, iv, packet);
 #endif
     memcpy(packet + aeslen, buf + aeslen, len - aeslen);
     unencrypted_packet_decode(packet, len, dest, &outsize, maximum_possible_outsize, conn);
@@ -1923,10 +1964,6 @@ void *player_thread_func(void *arg) {
     memset(&conn->dctx, 0, sizeof(aes_context));
     aes_setkey_dec(&conn->dctx, conn->stream.aeskey, 128);
 #endif
-
-#ifdef CONFIG_OPENSSL
-    AES_set_decrypt_key(conn->stream.aeskey, 128, &conn->aes);
-#endif
   }
 
   conn->timestamp_epoch = 0; // indicate that the next timestamp will be the first one.

diff --git a/player.h b/player.h
index a35b54e6104cbd87aa3c8f2b28ffe0c515b24d8d..55f77e2e6923194b06dcffa1596b014cacf6a9f6 100644 (file)
--- a/player.h
+++ b/player.h
@@ -246,10 +246,6 @@ typedef struct {
   aes_context dctx;
 #endif
 
-#ifdef CONFIG_OPENSSL
-  AES_KEY aes;
-#endif
-
   int amountStuffed;
 
   int32_t framesProcessedInThisEpoch;