FS-9785: changes to support newer openssl

d8fcb601 · Mike Jerris · b1237ffe · d8fcb601 · d8fcb601 · d8fcb601
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
-Wed Jun 21 08:51:26 CDT 2017
+Mon Jun 26 14:53:11 CDT 2017
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -505,7 +505,7 @@ tls_t *tls_init_master(tls_issues_t *ti)
    return NULL;
  }
-  RAND_pseudo_bytes(sessionId, sizeof(sessionId));
+  RAND_bytes(sessionId, sizeof(sessionId));
  if (!SSL_CTX_set_session_id_context(tls->ctx,
                                 (void*) sessionId,
@@ -516,7 +516,11 @@ tls_t *tls_init_master(tls_issues_t *ti)
  if (ti->CAfile != NULL) {
    SSL_CTX_set_client_CA_list(tls->ctx,
                               SSL_load_client_CA_file(ti->CAfile));
-    if (tls->ctx->client_CA == NULL)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+	if (SSL_CTX_get_client_CA_list(tls->ctx) == NULL)
+#else
+	if (tls->ctx->client_CA == NULL)
+#endif
      tls_log_errors(3, "tls_init_master", 0);
  }

--- a/src/mod/endpoints/mod_rtmp/handshake.h
+++ b/src/mod/endpoints/mod_rtmp/handshake.h
@@ -42,9 +42,15 @@
 #if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH)
 #error Your OpenSSL is too old, need 0.9.8 or newer with SHA256
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define HMAC_setup(ctx, key, len)	HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0)
 #define HMAC_crunch(ctx, buf, len)	HMAC_Update(&ctx, buf, len)
 #define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
+#else
+#define HMAC_setup(ctx, key, len)ctx=HMAC_CTX_new(); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0)
+#define HMAC_crunch(ctx, buf, len)HMAC_Update(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_free(ctx)
+#endif
 #define FP10
 #define RTMP_SIG_SIZE 1536
@@ -152,8 +158,12 @@ static getoff *digoff[] = {GetDigestOffset1, GetDigestOffset2};
 static void HMACsha256(const uint8_t *message, size_t messageLen, const uint8_t *key, size_t keylen, uint8_t *digest)
 {
 	unsigned int digestLen;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	HMAC_CTX ctx;
+#else
+	HMAC_CTX *ctx;
+#endif
 	HMAC_setup(ctx, key, (int)keylen);
 	HMAC_crunch(ctx, message, messageLen);
 	HMAC_finish(ctx, digest, digestLen);

--- a/src/switch_core_cert.c
+++ b/src/switch_core_cert.c
@@ -359,7 +359,22 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
 		x = *x509p;
 	}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+	rsa = RSA_new();
+	{
+		static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
+		BIGNUM* BN_value_RSA_F4 = BN_new();
+		if (!BN_value_RSA_F4) {
+			abort();
+			goto err;
+		}
+		BN_set_word(BN_value_RSA_F4,ULONG_RSA_F4);
+		RSA_generate_key_ex(rsa, bits, BN_value_RSA_F4, NULL);
+		BN_free(BN_value_RSA_F4);
+	}
+#else
 	rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
+#endif
 	if (!EVP_PKEY_assign_RSA(pk, rsa)) {
 		abort();

--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3284,10 +3284,18 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx)
 ////////////
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static BIO_METHOD dtls_bio_filter_methods;
+#else
+static BIO_METHOD *dtls_bio_filter_methods;
+#endif
 BIO_METHOD *BIO_dtls_filter(void) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L	
 	return(&dtls_bio_filter_methods);
+#else
+	return(dtls_bio_filter_methods);
+#endif
 }
 typedef struct packet_list_s {
@@ -3320,10 +3328,16 @@ static int dtls_bio_filter_new(BIO *bio) {
 	switch_mutex_init(&filter->mutex, SWITCH_MUTEX_NESTED, filter->pool);
 	/* Set the BIO as initialized */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	bio->init = 1;
 	bio->ptr = filter;
 	bio->flags = 0;
+#else
+	BIO_set_init(bio, 1);
+	BIO_set_data(bio, filter);
+	BIO_clear_flags(bio, ~0);
+#endif
 	return 1;
 }
@@ -3335,7 +3349,11 @@ static int dtls_bio_filter_free(BIO *bio) {
 	}
 	/* Get rid of the filter state */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	filter = (dtls_bio_filter *)bio->ptr;
+#else
+	filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
 	if (filter != NULL) {
 		switch_memory_pool_t *pool = filter->pool;
@@ -3344,9 +3362,15 @@ static int dtls_bio_filter_free(BIO *bio) {
 		filter = NULL;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	bio->ptr = NULL;
 	bio->init = 0;
 	bio->flags = 0;
+#else
+	BIO_set_init(bio, 0);
+	BIO_set_data(bio, NULL);
+	BIO_clear_flags(bio, ~0);
+#endif
 	return 1;
 }
@@ -3356,11 +3380,20 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
 	switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "dtls_bio_filter_write: %p, %d\n", (void *)in, inl);
 	/* Forward data to the write BIO */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ret = BIO_write(bio->next_bio, in, inl);
+#else
+	ret = BIO_write(BIO_next(bio), in, inl);
+#endif
 	switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "  -- %ld\n", ret);
 	/* Keep track of the packet, as we'll advertize them one by one after a pending check */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	filter = (dtls_bio_filter *)bio->ptr;
+#else
+	filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
 	if (filter != NULL) {
 		packet_list_t *node;
@@ -3391,7 +3424,11 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
 }
 static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	dtls_bio_filter *filter = (dtls_bio_filter *)bio->ptr;
+#else
+	dtls_bio_filter *filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
 	switch(cmd) {
 	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
@@ -3438,6 +3475,7 @@ static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
 	return 0;
 }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static BIO_METHOD dtls_bio_filter_methods = {
 	BIO_TYPE_FILTER,
 	"DTLS filter",
@@ -3450,7 +3488,9 @@ static BIO_METHOD dtls_bio_filter_methods = {
 	dtls_bio_filter_free,
 	NULL
 };
+#else
+static BIO_METHOD *dtls_bio_filter_methods = NULL;
+#endif
 ///////////
@@ -3598,7 +3638,11 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 	dtls->ca = switch_core_sprintf(rtp_session->pool, "%s%sca-bundle.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+	dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLS_server_method() : DTLS_client_method());
+#else
 	dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method());
+#endif
 	switch_assert(dtls->ssl_ctx);
 	bio = BIO_new_file(dtls->pem, "r");
@@ -3659,7 +3703,17 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 	dtls->ssl = SSL_new(dtls->ssl_ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	dtls->filter_bio = BIO_new(BIO_dtls_filter());
+#else
+	dtls_bio_filter_methods = BIO_meth_new(BIO_TYPE_FILTER | BIO_get_new_index(), "DTLS filter");
+	BIO_meth_set_write(dtls_bio_filter_methods, dtls_bio_filter_write);
+	BIO_meth_set_ctrl(dtls_bio_filter_methods, dtls_bio_filter_ctrl);
+	BIO_meth_set_create(dtls_bio_filter_methods, dtls_bio_filter_new);
+	BIO_meth_set_destroy(dtls_bio_filter_methods, dtls_bio_filter_free);
+	dtls->filter_bio = BIO_new(dtls_bio_filter_methods);
+#endif
 	switch_assert(dtls->filter_bio);
 	BIO_push(dtls->filter_bio, dtls->write_bio);