FS-9785: changes to support newer openssl

diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index 951671267f9f660ae1bb52d071de29ee251f6136..5b7da58dcfc478dc095b0243ae8e723c27b744f6 100644 (file)
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Wed Jun 21 08:51:26 CDT 2017
+Mon Jun 26 14:53:11 CDT 2017

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
index c872336b0b5e2e9e153453fe3eb69a1186f31f65..958d2e76b7de5d766022e1292af539af1fc6eec7 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -505,7 +505,7 @@ tls_t *tls_init_master(tls_issues_t *ti)
     return NULL;
   }
 
-  RAND_pseudo_bytes(sessionId, sizeof(sessionId));
+  RAND_bytes(sessionId, sizeof(sessionId));
 
   if (!SSL_CTX_set_session_id_context(tls->ctx,
                                  (void*) sessionId,
@@ -516,7 +516,11 @@ tls_t *tls_init_master(tls_issues_t *ti)
   if (ti->CAfile != NULL) {
     SSL_CTX_set_client_CA_list(tls->ctx,
                                SSL_load_client_CA_file(ti->CAfile));
-    if (tls->ctx->client_CA == NULL)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+       if (SSL_CTX_get_client_CA_list(tls->ctx) == NULL)
+#else
+       if (tls->ctx->client_CA == NULL)
+#endif
       tls_log_errors(3, "tls_init_master", 0);
   }
 

diff --git a/src/mod/endpoints/mod_rtmp/handshake.h b/src/mod/endpoints/mod_rtmp/handshake.h
index f33ad9fd085d1480e77446d2bd30ed6d6a756f5a..19c77810b00ae8b994840b70bf612bb8572fd269 100644 (file)
--- a/src/mod/endpoints/mod_rtmp/handshake.h
+++ b/src/mod/endpoints/mod_rtmp/handshake.h
@@ -42,9 +42,15 @@
 #if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH)
 #error Your OpenSSL is too old, need 0.9.8 or newer with SHA256
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define HMAC_setup(ctx, key, len)      HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0)
 #define HMAC_crunch(ctx, buf, len)     HMAC_Update(&ctx, buf, len)
 #define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
+#else
+#define HMAC_setup(ctx, key, len)ctx=HMAC_CTX_new(); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0)
+#define HMAC_crunch(ctx, buf, len)HMAC_Update(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_free(ctx)
+#endif
 
 #define FP10
 #define RTMP_SIG_SIZE 1536
@@ -152,8 +158,12 @@ static getoff *digoff[] = {GetDigestOffset1, GetDigestOffset2};
 static void HMACsha256(const uint8_t *message, size_t messageLen, const uint8_t *key, size_t keylen, uint8_t *digest)
 {
        unsigned int digestLen;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        HMAC_CTX ctx;
-
+#else
+       HMAC_CTX *ctx;
+#endif
+       
        HMAC_setup(ctx, key, (int)keylen);
        HMAC_crunch(ctx, message, messageLen);
        HMAC_finish(ctx, digest, digestLen);

diff --git a/src/switch_core_cert.c b/src/switch_core_cert.c
index cf259dd2b8c48ddf8200cd32765894c8933ba461..1083a70332c9f007691f686118b19263e0af6ec3 100644 (file)
--- a/src/switch_core_cert.c
+++ b/src/switch_core_cert.c
@@ -359,7 +359,22 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
                x = *x509p;
        }
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+       rsa = RSA_new();
+       {
+               static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
+               BIGNUM* BN_value_RSA_F4 = BN_new();
+               if (!BN_value_RSA_F4) {
+                       abort();
+                       goto err;
+               }
+               BN_set_word(BN_value_RSA_F4,ULONG_RSA_F4);
+               RSA_generate_key_ex(rsa, bits, BN_value_RSA_F4, NULL);
+               BN_free(BN_value_RSA_F4);
+       }
+#else
        rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
+#endif
 
        if (!EVP_PKEY_assign_RSA(pk, rsa)) {
                abort();

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 760b9122e68421dbba41a1b4216646a4cc5503d2..0586ca2ab32f2d06d1fa176d4dca745b2b8ee53a 100644 (file)
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3284,10 +3284,18 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx)
 
 ////////////
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static BIO_METHOD dtls_bio_filter_methods;
+#else
+static BIO_METHOD *dtls_bio_filter_methods;
+#endif
 
 BIO_METHOD *BIO_dtls_filter(void) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L       
        return(&dtls_bio_filter_methods);
+#else
+       return(dtls_bio_filter_methods);
+#endif
 }
 
 typedef struct packet_list_s {
@@ -3320,10 +3328,16 @@ static int dtls_bio_filter_new(BIO *bio) {
        switch_mutex_init(&filter->mutex, SWITCH_MUTEX_NESTED, filter->pool);
  
        /* Set the BIO as initialized */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        bio->init = 1;
        bio->ptr = filter;
        bio->flags = 0;
- 
+#else
+       BIO_set_init(bio, 1);
+       BIO_set_data(bio, filter);
+       BIO_clear_flags(bio, ~0);
+#endif
+       
        return 1;
 }
  
@@ -3335,7 +3349,11 @@ static int dtls_bio_filter_free(BIO *bio) {
        }
  
        /* Get rid of the filter state */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        filter = (dtls_bio_filter *)bio->ptr;
+#else
+       filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
 
        if (filter != NULL) {
                switch_memory_pool_t *pool = filter->pool;
@@ -3344,9 +3362,15 @@ static int dtls_bio_filter_free(BIO *bio) {
                filter = NULL;
        }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        bio->ptr = NULL;
        bio->init = 0;
        bio->flags = 0;
+#else
+       BIO_set_init(bio, 0);
+       BIO_set_data(bio, NULL);
+       BIO_clear_flags(bio, ~0);
+#endif
        return 1;
 }
  
@@ -3356,11 +3380,20 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
        
        switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "dtls_bio_filter_write: %p, %d\n", (void *)in, inl);
        /* Forward data to the write BIO */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        ret = BIO_write(bio->next_bio, in, inl);
+#else
+       ret = BIO_write(BIO_next(bio), in, inl);
+#endif
+       
        switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "  -- %ld\n", ret);
  
        /* Keep track of the packet, as we'll advertize them one by one after a pending check */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        filter = (dtls_bio_filter *)bio->ptr;
+#else
+       filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
 
        if (filter != NULL) {
                packet_list_t *node;
@@ -3391,7 +3424,11 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
 }
  
 static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        dtls_bio_filter *filter = (dtls_bio_filter *)bio->ptr;
+#else
+       dtls_bio_filter *filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
 
        switch(cmd) {
        case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
@@ -3438,6 +3475,7 @@ static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
        return 0;
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static BIO_METHOD dtls_bio_filter_methods = {
        BIO_TYPE_FILTER,
        "DTLS filter",
@@ -3450,7 +3488,9 @@ static BIO_METHOD dtls_bio_filter_methods = {
        dtls_bio_filter_free,
        NULL
 };
-
+#else
+static BIO_METHOD *dtls_bio_filter_methods = NULL;
+#endif
 
 ///////////
 
@@ -3598,7 +3638,11 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 
        dtls->ca = switch_core_sprintf(rtp_session->pool, "%s%sca-bundle.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+       dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLS_server_method() : DTLS_client_method());
+#else
        dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method());
+#endif
        switch_assert(dtls->ssl_ctx);
 
        bio = BIO_new_file(dtls->pem, "r");
@@ -3659,7 +3703,17 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 
        dtls->ssl = SSL_new(dtls->ssl_ctx);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        dtls->filter_bio = BIO_new(BIO_dtls_filter());
+#else
+       dtls_bio_filter_methods = BIO_meth_new(BIO_TYPE_FILTER | BIO_get_new_index(), "DTLS filter");
+       BIO_meth_set_write(dtls_bio_filter_methods, dtls_bio_filter_write);
+       BIO_meth_set_ctrl(dtls_bio_filter_methods, dtls_bio_filter_ctrl);
+       BIO_meth_set_create(dtls_bio_filter_methods, dtls_bio_filter_new);
+       BIO_meth_set_destroy(dtls_bio_filter_methods, dtls_bio_filter_free);
+       dtls->filter_bio = BIO_new(dtls_bio_filter_methods);
+#endif
+
        switch_assert(dtls->filter_bio);
 
        BIO_push(dtls->filter_bio, dtls->write_bio);