From 1d5668d7935c737b9e51fe6bc9cd521a21006311 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Thu, 29 Dec 2016 13:04:28 -0500 Subject: [PATCH] compile fixes for openssl >= 1.1.0 Change-Id: I815c89dde5b6e85b9887dcaf04c25f0a45dcfd5c --- daemon/crypto.c | 59 +++++++++++++++++++++++++++++++++++++++---------- daemon/dtls.c | 4 ++++ daemon/main.c | 10 +++++++-- daemon/stun.c | 26 +++++++++++++++------- 4 files changed, 77 insertions(+), 22 deletions(-) diff --git a/daemon/crypto.c b/daemon/crypto.c index 008d5fe0d..e70949eb7 100644 --- a/daemon/crypto.c +++ b/daemon/crypto.c @@ -260,15 +260,26 @@ done: } static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char *key, const unsigned char *iv) { - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; unsigned char block[16]; int len; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL); - aes_ctr_128(out, in, &ctx, iv); - EVP_EncryptFinal_ex(&ctx, block, &len); - EVP_CIPHER_CTX_cleanup(&ctx); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ctx = EVP_CIPHER_CTX_new(); +#else + EVP_CIPHER_CTX ctx_s; + ctx = &ctx_s; + EVP_CIPHER_CTX_init(ctx); +#endif + EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, NULL); + aes_ctr_128(out, in, ctx, iv); + EVP_EncryptFinal_ex(ctx, block, &len); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + EVP_CIPHER_CTX_free(ctx); +#else + EVP_CIPHER_CTX_cleanup(ctx); +#endif } /* rfc 3711 section 4.3.1 and 4.3.3 @@ -463,15 +474,27 @@ static int aes_f8_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, /* rfc 3711, sections 4.2 and 4.2.1 */ static int hmac_sha1_rtp(struct crypto_context *c, char *out, str *in, u_int64_t index) { unsigned char hmac[20]; - HMAC_CTX hc; u_int32_t roc; + HMAC_CTX *hc; + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + hc = HMAC_CTX_new(); +#else + HMAC_CTX hc_s; + HMAC_CTX_init(&hc_s); + hc = &hc_s; +#endif - HMAC_Init(&hc, c->session_auth_key, c->params.crypto_suite->srtp_auth_key_len, EVP_sha1()); - HMAC_Update(&hc, (unsigned char *) in->s, in->len); + HMAC_Init_ex(hc, c->session_auth_key, c->params.crypto_suite->srtp_auth_key_len, EVP_sha1(), NULL); + HMAC_Update(hc, (unsigned char *) in->s, in->len); roc = htonl((index & 0xffffffff0000ULL) >> 16); - HMAC_Update(&hc, (unsigned char *) &roc, sizeof(roc)); - HMAC_Final(&hc, hmac, NULL); - HMAC_CTX_cleanup(&hc); + HMAC_Update(hc, (unsigned char *) &roc, sizeof(roc)); + HMAC_Final(hc, hmac, NULL); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(hc); +#else + HMAC_CTX_cleanup(hc); +#endif assert(sizeof(hmac) >= c->params.crypto_suite->srtp_auth_tag); memcpy(out, hmac, c->params.crypto_suite->srtp_auth_tag); @@ -495,8 +518,12 @@ static int hmac_sha1_rtcp(struct crypto_context *c, char *out, str *in) { static int aes_cm_session_key_init(struct crypto_context *c) { evp_session_key_cleanup(c); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + c->session_key_ctx[0] = EVP_CIPHER_CTX_new(); +#else c->session_key_ctx[0] = g_slice_alloc(sizeof(EVP_CIPHER_CTX)); EVP_CIPHER_CTX_init(c->session_key_ctx[0]); +#endif EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_128_ecb(), NULL, (unsigned char *) c->session_key, NULL); return 0; @@ -522,8 +549,12 @@ static int aes_f8_session_key_init(struct crypto_context *c) { for (i = 0; i < k_e_len; i++) m[i] ^= key[i]; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + c->session_key_ctx[1] = EVP_CIPHER_CTX_new(); +#else c->session_key_ctx[1] = g_slice_alloc(sizeof(EVP_CIPHER_CTX)); EVP_CIPHER_CTX_init(c->session_key_ctx[1]); +#endif EVP_EncryptInit_ex(c->session_key_ctx[1], EVP_aes_128_ecb(), NULL, m, NULL); return 0; @@ -538,8 +569,12 @@ static int evp_session_key_cleanup(struct crypto_context *c) { continue; EVP_EncryptFinal_ex(c->session_key_ctx[i], block, &len); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + EVP_CIPHER_CTX_free(c->session_key_ctx[i]); +#else EVP_CIPHER_CTX_cleanup(c->session_key_ctx[i]); g_slice_free1(sizeof(EVP_CIPHER_CTX), c->session_key_ctx[i]); +#endif c->session_key_ctx[i] = NULL; } diff --git a/daemon/dtls.c b/daemon/dtls.c index c5f062233..33d3e925c 100644 --- a/daemon/dtls.c +++ b/daemon/dtls.c @@ -488,7 +488,11 @@ int dtls_connection_init(struct packet_stream *ps, int active, struct dtls_cert dtls_connection_cleanup(d); } +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + d->ssl_ctx = SSL_CTX_new(active ? DTLS_client_method() : DTLS_server_method()); +#else d->ssl_ctx = SSL_CTX_new(active ? DTLSv1_client_method() : DTLSv1_server_method()); +#endif if (!d->ssl_ctx) goto error; diff --git a/daemon/main.c b/daemon/main.c index 95ca595f1..32698170d 100644 --- a/daemon/main.c +++ b/daemon/main.c @@ -43,8 +43,6 @@ struct main_context { -static mutex_t *openssl_locks; - static GQueue interfaces = G_QUEUE_INIT; static GQueue keyspaces = G_QUEUE_INIT; static endpoint_t tcp_listen_ep; @@ -448,6 +446,9 @@ static void options(int *argc, char ***argv) { } +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static mutex_t *openssl_locks; + static void cb_openssl_threadid(CRYPTO_THREADID *tid) { pthread_t me; @@ -476,6 +477,11 @@ static void make_OpenSSL_thread_safe(void) { CRYPTO_THREADID_set_callback(cb_openssl_threadid); CRYPTO_set_locking_callback(cb_openssl_lock); } +#else +static void make_OpenSSL_thread_safe(void) { + ; +} +#endif static void early_init() { diff --git a/daemon/stun.c b/daemon/stun.c index 2b52746cc..a236f0e98 100644 --- a/daemon/stun.c +++ b/daemon/stun.c @@ -328,17 +328,27 @@ static void fingerprint(struct msghdr *mh, struct fingerprint *fp) { static void __integrity(struct iovec *iov, int iov_cnt, str *pwd, char *digest) { int i; - HMAC_CTX ctx; - - HMAC_CTX_init(&ctx); + HMAC_CTX *ctx; + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ctx = HMAC_CTX_new(); +#else + HMAC_CTX ctx_s; + HMAC_CTX_init(&ctx_s); + ctx = &ctx_s; +#endif /* do we need to SASLprep here? */ - HMAC_Init(&ctx, pwd->s, pwd->len, EVP_sha1()); + HMAC_Init_ex(ctx, pwd->s, pwd->len, EVP_sha1(), NULL); for (i = 0; i < iov_cnt; i++) - HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len); - - HMAC_Final(&ctx, (void *) digest, NULL); - HMAC_CTX_cleanup(&ctx); + HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len); + + HMAC_Final(ctx, (void *) digest, NULL); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(ctx); +#else + HMAC_CTX_cleanup(ctx); +#endif } static void integrity(struct msghdr *mh, struct msg_integrity *mi, str *pwd) {