compile fixes for openssl >= 1.1.0

Change-Id: I815c89dde5b6e85b9887dcaf04c25f0a45dcfd5c
10 years ago · 1d5668d793
parent 2b72fdec73
commit 1d5668d793
4 changed files with 77 additions and 22 deletions
--- a/daemon/crypto.c
+++ b/daemon/crypto.c
@ -260,15 +260,26 @@ done:
 }

 static void aes_ctr_128_no_ctx(unsigned char *out, str *in, const unsigned char *key, const unsigned char *iv) {
-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx;
 	unsigned char block[16];
 	int len;

-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL);
-	aes_ctr_128(out, in, &ctx, iv);
-	EVP_EncryptFinal_ex(&ctx, block, &len);
-	EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	ctx = EVP_CIPHER_CTX_new();
+#else
+	EVP_CIPHER_CTX ctx_s;
+	ctx = &ctx_s;
+	EVP_CIPHER_CTX_init(ctx);
+#endif
+	EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, NULL);
+	aes_ctr_128(out, in, ctx, iv);
+	EVP_EncryptFinal_ex(ctx, block, &len);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	EVP_CIPHER_CTX_free(ctx);
+#else
+	EVP_CIPHER_CTX_cleanup(ctx);
+#endif
 }

 /* rfc 3711 section 4.3.1 and 4.3.3
@ -463,15 +474,27 @@ static int aes_f8_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r,
 /* rfc 3711, sections 4.2 and 4.2.1 */
 static int hmac_sha1_rtp(struct crypto_context *c, char *out, str *in, u_int64_t index) {
 	unsigned char hmac[20];
-	HMAC_CTX hc;
 	u_int32_t roc;
+	HMAC_CTX *hc;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	hc = HMAC_CTX_new();
+#else
+	HMAC_CTX hc_s;
+	HMAC_CTX_init(&hc_s);
+	hc = &hc_s;
+#endif

-	HMAC_Init(&hc, c->session_auth_key, c->params.crypto_suite->srtp_auth_key_len, EVP_sha1());
-	HMAC_Update(&hc, (unsigned char *) in->s, in->len);
+	HMAC_Init_ex(hc, c->session_auth_key, c->params.crypto_suite->srtp_auth_key_len, EVP_sha1(), NULL);
+	HMAC_Update(hc, (unsigned char *) in->s, in->len);
 	roc = htonl((index & 0xffffffff0000ULL) >> 16);
-	HMAC_Update(&hc, (unsigned char *) &roc, sizeof(roc));
-	HMAC_Final(&hc, hmac, NULL);
-	HMAC_CTX_cleanup(&hc);
+	HMAC_Update(hc, (unsigned char *) &roc, sizeof(roc));
+	HMAC_Final(hc, hmac, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	HMAC_CTX_free(hc);
+#else
+	HMAC_CTX_cleanup(hc);
+#endif

 	assert(sizeof(hmac) >= c->params.crypto_suite->srtp_auth_tag);
 	memcpy(out, hmac, c->params.crypto_suite->srtp_auth_tag);
@ -495,8 +518,12 @@ static int hmac_sha1_rtcp(struct crypto_context *c, char *out, str *in) {
 static int aes_cm_session_key_init(struct crypto_context *c) {
 	evp_session_key_cleanup(c);

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	c->session_key_ctx[0] = EVP_CIPHER_CTX_new();
+#else
 	c->session_key_ctx[0] = g_slice_alloc(sizeof(EVP_CIPHER_CTX));
 	EVP_CIPHER_CTX_init(c->session_key_ctx[0]);
+#endif
 	EVP_EncryptInit_ex(c->session_key_ctx[0], EVP_aes_128_ecb(), NULL,
 			(unsigned char *) c->session_key, NULL);
 	return 0;
@ -522,8 +549,12 @@ static int aes_f8_session_key_init(struct crypto_context *c) {
 	for (i = 0; i < k_e_len; i++)
 		m[i] ^= key[i];

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	c->session_key_ctx[1] = EVP_CIPHER_CTX_new();
+#else
 	c->session_key_ctx[1] = g_slice_alloc(sizeof(EVP_CIPHER_CTX));
 	EVP_CIPHER_CTX_init(c->session_key_ctx[1]);
+#endif
 	EVP_EncryptInit_ex(c->session_key_ctx[1], EVP_aes_128_ecb(), NULL, m, NULL);

 	return 0;
@ -538,8 +569,12 @@ static int evp_session_key_cleanup(struct crypto_context *c) {
 			continue;

 		EVP_EncryptFinal_ex(c->session_key_ctx[i], block, &len);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		EVP_CIPHER_CTX_free(c->session_key_ctx[i]);
+#else
 		EVP_CIPHER_CTX_cleanup(c->session_key_ctx[i]);
 		g_slice_free1(sizeof(EVP_CIPHER_CTX), c->session_key_ctx[i]);
+#endif
 		c->session_key_ctx[i] = NULL;
 	}

--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@ -488,7 +488,11 @@ int dtls_connection_init(struct packet_stream *ps, int active, struct dtls_cert
 		dtls_connection_cleanup(d);
 	}

+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+	d->ssl_ctx = SSL_CTX_new(active ? DTLS_client_method() : DTLS_server_method());
+#else
 	d->ssl_ctx = SSL_CTX_new(active ? DTLSv1_client_method() : DTLSv1_server_method());
+#endif
 	if (!d->ssl_ctx)
 		goto error;

--- a/daemon/main.c
+++ b/daemon/main.c
@ -43,8 +43,6 @@ struct main_context {



-static mutex_t *openssl_locks;
-
 static GQueue interfaces = G_QUEUE_INIT;
 static GQueue keyspaces = G_QUEUE_INIT;
 static endpoint_t tcp_listen_ep;
@ -448,6 +446,9 @@ static void options(int *argc, char ***argv) {
 }


+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static mutex_t *openssl_locks;
+
 static void cb_openssl_threadid(CRYPTO_THREADID *tid) {
 	pthread_t me;

@ -476,6 +477,11 @@ static void make_OpenSSL_thread_safe(void) {
 	CRYPTO_THREADID_set_callback(cb_openssl_threadid);
 	CRYPTO_set_locking_callback(cb_openssl_lock);
 }
+#else
+static void make_OpenSSL_thread_safe(void) {
+	;
+}
+#endif


 static void early_init() {
--- a/daemon/stun.c
+++ b/daemon/stun.c
@ -328,17 +328,27 @@ static void fingerprint(struct msghdr *mh, struct fingerprint *fp) {

 static void __integrity(struct iovec *iov, int iov_cnt, str *pwd, char *digest) {
 	int i;
-	HMAC_CTX ctx;
-
-	HMAC_CTX_init(&ctx);
+	HMAC_CTX *ctx;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	ctx = HMAC_CTX_new();
+#else
+	HMAC_CTX ctx_s;
+	HMAC_CTX_init(&ctx_s);
+	ctx = &ctx_s;
+#endif
 	/* do we need to SASLprep here? */
-	HMAC_Init(&ctx, pwd->s, pwd->len, EVP_sha1());
+	HMAC_Init_ex(ctx, pwd->s, pwd->len, EVP_sha1(), NULL);

 	for (i = 0; i < iov_cnt; i++)
-		HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
-
-	HMAC_Final(&ctx, (void *) digest, NULL);
-	HMAC_CTX_cleanup(&ctx);
+		HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len);
+
+	HMAC_Final(ctx, (void *) digest, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	HMAC_CTX_free(ctx);
+#else
+	HMAC_CTX_cleanup(ctx);
+#endif
 }

 static void integrity(struct msghdr *mh, struct msg_integrity *mi, str *pwd) {