[Core] OpenSSL 3 support
This commit is contained in:
jpfox156
GitHub
parent
0f445e1ddd
commit
00818e7b25
|
|
@ -74,7 +74,16 @@
|
|||
#if (defined(HAVE_LIBMD5) || defined(HAVE_LIBMD) || defined(HAVE_MD5INIT))
|
||||
#include <md5.h>
|
||||
#elif defined(HAVE_LIBCRYPTO)
|
||||
#include <openssl/md5.h>
|
||||
#ifndef OPENSSL_VERSION_NUMBER
|
||||
#include <openssl/opensslv.h>
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||
#include <openssl/md5.h>
|
||||
#else
|
||||
#include <openssl/evp.h>
|
||||
#endif
|
||||
#else
|
||||
#include <apr_md5.h>
|
||||
#endif
|
||||
|
||||
#ifndef WIN32
|
||||
|
|
@ -1174,11 +1183,24 @@ SWITCH_DECLARE(switch_status_t) switch_md5(unsigned char digest[SWITCH_MD5_DIGES
|
|||
|
||||
return SWITCH_STATUS_SUCCESS;
|
||||
#elif defined(HAVE_LIBCRYPTO)
|
||||
MD5_CTX md5_context;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||
MD5_CTX md5_context;
|
||||
|
||||
MD5_Init(&md5_context);
|
||||
MD5_Update(&md5_context, input, inputLen);
|
||||
MD5_Final(digest, &md5_context);
|
||||
MD5_Init(&md5_context);
|
||||
MD5_Update(&md5_context, input, inputLen);
|
||||
MD5_Final(digest, &md5_context);
|
||||
#else
|
||||
EVP_MD_CTX *md5_context;
|
||||
|
||||
/* MD5_Init */
|
||||
md5_context = EVP_MD_CTX_new();
|
||||
EVP_DigestInit_ex(md5_context, EVP_md5(), NULL);
|
||||
/* MD5_Update */
|
||||
EVP_DigestUpdate(md5_context, input, inputLen);
|
||||
/* MD5_Final */
|
||||
EVP_DigestFinal_ex(md5_context, digest, NULL);
|
||||
EVP_MD_CTX_free(md5_context);
|
||||
#endif
|
||||
|
||||
return SWITCH_STATUS_SUCCESS;
|
||||
#else
|
||||
|
|
|
|||
|
|
@ -287,7 +287,10 @@ SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix)
|
|||
|
||||
//bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
|
||||
mkcert(&x509, &pkey, 4096, 0, 36500);
|
||||
if (!mkcert(&x509, &pkey, 4096, 0, 36500)) {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Certificate generation failed\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
|
||||
//X509_print_fp(stdout, x509);
|
||||
|
|
@ -410,7 +413,9 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
|||
{
|
||||
X509 *x;
|
||||
EVP_PKEY *pk;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||
RSA *rsa;
|
||||
#endif
|
||||
X509_NAME *name=NULL;
|
||||
|
||||
switch_assert(pkeyp);
|
||||
|
|
@ -432,7 +437,26 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
|||
x = *x509p;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||
{
|
||||
EVP_PKEY_CTX *ctx;
|
||||
|
||||
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
|
||||
/* Setup the key context */
|
||||
if ((!ctx) || (EVP_PKEY_keygen_init(ctx) <= 0) || (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0)) {
|
||||
abort();
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Generate key */
|
||||
if (EVP_PKEY_generate(ctx, &pk) <= 0) {
|
||||
abort();
|
||||
goto err;
|
||||
}
|
||||
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
}
|
||||
#elif OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||
rsa = RSA_new();
|
||||
{
|
||||
static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
|
||||
|
|
@ -449,11 +473,13 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
|||
rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
|
||||
abort();
|
||||
}
|
||||
|
||||
rsa = NULL;
|
||||
#endif
|
||||
|
||||
X509_set_version(x, 2);
|
||||
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
|
||||
|
|
@ -476,13 +502,21 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
|
|||
*/
|
||||
X509_set_issuer_name(x, name);
|
||||
|
||||
if (!X509_sign(x, pk, EVP_sha1()))
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||
if (!X509_sign(x, pk, EVP_sha256())) {
|
||||
#else
|
||||
if (!X509_sign(x, pk, EVP_sha1())) {
|
||||
#endif
|
||||
goto err;
|
||||
}
|
||||
|
||||
*x509p = x;
|
||||
*pkeyp = pk;
|
||||
|
||||
return(1);
|
||||
err:
|
||||
err:
|
||||
ERR_print_errors_fp(stdout);
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3643,7 +3643,11 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
|
|||
const SSL_METHOD *ssl_method;
|
||||
SSL_CTX *ssl_ctx;
|
||||
BIO *bio;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||
EVP_PKEY *dh_pk;
|
||||
#else
|
||||
DH *dh;
|
||||
#endif
|
||||
switch_status_t status = SWITCH_STATUS_SUCCESS;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
||||
|
|
@ -3723,13 +3727,21 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
|
|||
switch_assert(dtls->ssl_ctx);
|
||||
|
||||
bio = BIO_new_file(dtls->pem, "r");
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000
|
||||
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||
BIO_free(bio);
|
||||
if (dh) {
|
||||
SSL_CTX_set_tmp_dh(dtls->ssl_ctx, dh);
|
||||
DH_free(dh);
|
||||
}
|
||||
#else
|
||||
if((dh_pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)) != NULL) {
|
||||
SSL_CTX_set0_tmp_dh_pkey(dtls->ssl_ctx, dh_pk);
|
||||
EVP_PKEY_free(dh_pk);
|
||||
}
|
||||
|
||||
BIO_free(bio);
|
||||
#endif
|
||||
SSL_CTX_set_mode(dtls->ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||
|
||||
//SSL_CTX_set_verify(dtls->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
||||
|
|
|
|||
Loading…
Reference in New Issue