From dc75a0410dbd165c2d80c6a79dcb29d80e1867b2 Mon Sep 17 00:00:00 2001 From: JuS Date: Tue, 27 Aug 2019 00:17:13 +0200 Subject: [PATCH 01/15] Path to support openssl versions >=1.1.0. --- ...r-OpenSSL-1.1.0.-Lots-of-structure-t.patch | 310 ++++++++++++++++++ 1 file changed, 310 insertions(+) create mode 100644 0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch diff --git a/0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch b/0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch new file mode 100644 index 00000000..6e2a0e7b --- /dev/null +++ b/0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch @@ -0,0 +1,310 @@ +From deb9018638389b88e3d87b565180e103ba31a800 Mon Sep 17 00:00:00 2001 +From: [REDACTED] <[redacted]@[redacted]> +Date: Tue, 27 Aug 2019 00:08:45 +0200 +Subject: [PATCH] Added support for OpenSSL >= 1.1.0. Lots of structure types + were hidden and became opaque pointers. + +--- + srtp/CryptoContext.h | 4 +++ + srtp/crypto/openssl/hmac.cpp | 43 ++++++++++++++++++++++++------ + zrtp/crypto/openssl/hmac256.cpp | 18 +++++++++++++ + zrtp/crypto/openssl/hmac384.cpp | 22 +++++++++++++-- + zrtp/crypto/openssl/zrtpDH.cpp | 47 +++++++++++++++++++++++++++++++-- + 5 files changed, 122 insertions(+), 12 deletions(-) + +diff --git a/srtp/CryptoContext.h b/srtp/CryptoContext.h +index 7962af1..10fe2ea 100644 +--- a/srtp/CryptoContext.h ++++ b/srtp/CryptoContext.h +@@ -421,7 +421,11 @@ private: + typedef union _hmacCtx { + SkeinCtx_t hmacSkeinCtx; + #ifdef ZRTP_OPENSSL ++ #if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX hmacSha1Ctx; ++ #else ++ HMAC_CTX * hmacSha1Ctx; ++ #endif + #else + hmacSha1Context hmacSha1Ctx; + #endif +diff --git a/srtp/crypto/openssl/hmac.cpp b/srtp/crypto/openssl/hmac.cpp +index 93a6d0d..f0f22fe 100644 +--- a/srtp/crypto/openssl/hmac.cpp ++++ b/srtp/crypto/openssl/hmac.cpp +@@ -50,23 +50,42 @@ void hmac_sha1( uint8_t* key, int32_t key_length, + const uint8_t* data_chunks[], + uint32_t data_chunck_length[], + uint8_t* mac, int32_t* mac_length ) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX ctx; + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL); ++#else ++ HMAC_CTX* ctx; ++ ctx = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); ++#endif + while (*data_chunks) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Update(&ctx, *data_chunks, *data_chunck_length); ++#else ++ HMAC_Update(ctx, *data_chunks, *data_chunck_length); ++#endif + data_chunks ++; + data_chunck_length ++; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Final(&ctx, mac, reinterpret_cast(mac_length)); + HMAC_CTX_cleanup(&ctx); ++#else ++ HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); ++ HMAC_CTX_free( ctx ); ++#endif + } + + void* createSha1HmacContext(uint8_t* key, int32_t key_length) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX)); + + HMAC_CTX_init(ctx); ++#else ++ HMAC_CTX* ctx = HMAC_CTX_new(); ++#endif + HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); + return ctx; + } +@@ -75,7 +94,11 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength) + { + HMAC_CTX *pctx = (HMAC_CTX*)ctx; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_init(pctx); ++#else ++ HMAC_CTX_reset(pctx); ++#endif + HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL); + return pctx; + } +@@ -85,9 +108,9 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data, uint32_t data_length, + { + HMAC_CTX* pctx = (HMAC_CTX*)ctx; + +- HMAC_Init_ex(pctx, NULL, 0, NULL, NULL ); +- HMAC_Update(pctx, data, data_length ); +- HMAC_Final(pctx, mac, reinterpret_cast(mac_length) ); ++ HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); ++ HMAC_Update( pctx, data, data_length ); ++ HMAC_Final( pctx, mac, reinterpret_cast(mac_length) ); + } + + void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[], +@@ -95,19 +118,23 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[], + { + HMAC_CTX* pctx = (HMAC_CTX*)ctx; + +- HMAC_Init_ex(pctx, NULL, 0, NULL, NULL ); ++ HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); + while (*data) { +- HMAC_Update(pctx, *data, *data_length); ++ HMAC_Update( pctx, *data, *data_length ); + data++; + data_length++; + } +- HMAC_Final(pctx, mac, reinterpret_cast(mac_length) ); ++ HMAC_Final( pctx, mac, reinterpret_cast(mac_length) ); + } + + void freeSha1HmacContext(void* ctx) + { + if (ctx) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup((HMAC_CTX*)ctx); +- free(ctx); ++ free(ctx); ++#else ++ HMAC_CTX_free((HMAC_CTX*)ctx); ++#endif + } +-} +\ No newline at end of file ++} +diff --git a/zrtp/crypto/openssl/hmac256.cpp b/zrtp/crypto/openssl/hmac256.cpp +index 40e4e82..6f5cf0e 100644 +--- a/zrtp/crypto/openssl/hmac256.cpp ++++ b/zrtp/crypto/openssl/hmac256.cpp +@@ -53,15 +53,33 @@ void hmac_sha256(uint8_t* key, uint32_t key_length, + uint8_t* mac, uint32_t* mac_length ) + { + unsigned int tmp; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX ctx; + HMAC_CTX_init( &ctx ); + HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL ); ++#else ++ HMAC_CTX * ctx; ++ ctx = HMAC_CTX_new(); ++ HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL ); ++#endif + while( *data_chunks ){ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); ++#else ++ HMAC_Update( ctx, *data_chunks, *data_chunck_length ); ++#endif + data_chunks ++; + data_chunck_length ++; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Final( &ctx, mac, &tmp); ++#else ++ HMAC_Final( ctx, mac, &tmp); ++#endif + *mac_length = tmp; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup( &ctx ); ++#else ++ HMAC_CTX_free( ctx ); ++#endif + } +diff --git a/zrtp/crypto/openssl/hmac384.cpp b/zrtp/crypto/openssl/hmac384.cpp +index 2511ce5..7445f25 100644 +--- a/zrtp/crypto/openssl/hmac384.cpp ++++ b/zrtp/crypto/openssl/hmac384.cpp +@@ -51,15 +51,33 @@ void hmac_sha384(uint8_t* key, uint32_t key_length, + uint8_t* mac, uint32_t* mac_length ) + { + unsigned int tmp; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX ctx; +- HMAC_CTX_init( &ctx ); +- HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); ++ HMAC_CTX_init( &ctx ); ++ HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); ++#else ++ HMAC_CTX * ctx; ++ ctx = HMAC_CTX_new(); ++ HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL ); ++#endif + while( *data_chunks ){ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); ++#else ++ HMAC_Update( ctx, *data_chunks, *data_chunck_length ); ++#endif + data_chunks ++; + data_chunck_length ++; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Final( &ctx, mac, &tmp); ++#else ++ HMAC_Final( ctx, mac, &tmp); ++#endif + *mac_length = tmp; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup( &ctx ); ++#else ++ HMAC_CTX_free( ctx ); ++#endif + } +diff --git a/zrtp/crypto/openssl/zrtpDH.cpp b/zrtp/crypto/openssl/zrtpDH.cpp +index 78cf60a..0c6e298 100644 +--- a/zrtp/crypto/openssl/zrtpDH.cpp ++++ b/zrtp/crypto/openssl/zrtpDH.cpp +@@ -223,18 +223,41 @@ ZrtpDH::ZrtpDH(const char* type) { + case DH3K: + ctx = static_cast(DH_new()); + tmpCtx = static_cast(ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmpCtx->g = BN_new(); + BN_set_word(tmpCtx->g, DH_GENERATOR_2); ++#else ++ { ++ BIGNUM* g = BN_new(); ++ BN_set_word(g, DH_GENERATOR_2); ++#endif + + if (pkType == DH2K) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmpCtx->p = BN_dup(bnP2048); ++#else ++ DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); ++#endif + RAND_bytes(random, 32); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); ++#else ++ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); ++#endif + } + else if (pkType == DH3K) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmpCtx->p = BN_dup(bnP3072); ++#else ++ DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); ++#endif + RAND_bytes(random, 64); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); ++#else ++ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); ++ } ++#endif + } + break; + +@@ -269,11 +292,18 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { + if (pkType == DH2K || pkType == DH3K) { + DH* tmpCtx = static_cast(ctx); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (tmpCtx->pub_key != NULL) { + BN_free(tmpCtx->pub_key); + } + tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); + return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); ++#else ++ DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); ++ BIGNUM* pub_key; ++ DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); ++ return DH_compute_key(secret, pub_key, tmpCtx); ++#endif + } + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[200]; +@@ -321,8 +351,15 @@ int32_t ZrtpDH::getDhSize() const + + int32_t ZrtpDH::getPubKeySize() const + { +- if (pkType == DH2K || pkType == DH3K) +- return BN_num_bytes(static_cast(ctx)->pub_key); ++ if (pkType == DH2K || pkType == DH3K) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return BN_num_bytes(static_cast(ctx)->pub_key); ++#else ++ BIGNUM* pub_key; ++ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); ++ return BN_num_bytes(pub_key); ++#endif ++ } + + if (pkType == EC25 || pkType == EC38) + return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), +@@ -341,7 +378,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const + if (prepend > 0) { + memset(buf, 0, prepend); + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); ++#else ++ BIGNUM* pub_key; ++ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); ++ return BN_bn2bin(pub_key, buf + prepend); ++#endif + } + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[200]; +-- +2.20.1 ([Redacted] Git-117) + From d3a1a4bfa938e63ae0559304a5af1cf6d83b0c1f Mon Sep 17 00:00:00 2001 From: JuS Date: Thu, 29 Aug 2019 18:15:22 +0200 Subject: [PATCH 02/15] Fix for OpenSSL >= 1.1.0 - Double pointer and OpenSSL API issue - Also fixed indentation to be spaces, not tabs --- srtp/CryptoContext.h | 8 +-- srtp/crypto/hmac.h | 4 ++ srtp/crypto/openssl/hmac.cpp | 83 ++++++++++++---------- zrtp/crypto/openssl/hmac256.cpp | 18 ++--- zrtp/crypto/openssl/hmac384.cpp | 22 +++--- zrtp/crypto/openssl/zrtpDH.cpp | 122 ++++++++++++++++---------------- 6 files changed, 133 insertions(+), 124 deletions(-) diff --git a/srtp/CryptoContext.h b/srtp/CryptoContext.h index 10fe2eae..d03bd66f 100644 --- a/srtp/CryptoContext.h +++ b/srtp/CryptoContext.h @@ -421,11 +421,11 @@ class CryptoContext { typedef union _hmacCtx { SkeinCtx_t hmacSkeinCtx; #ifdef ZRTP_OPENSSL - #if OPENSSL_VERSION_NUMBER < 0x10100000L + #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX hmacSha1Ctx; - #else - HMAC_CTX * hmacSha1Ctx; - #endif + #else + HMAC_CTX * hmacSha1Ctx; + #endif #else hmacSha1Context hmacSha1Ctx; #endif diff --git a/srtp/crypto/hmac.h b/srtp/crypto/hmac.h index 9dbc05dd..1b31f148 100644 --- a/srtp/crypto/hmac.h +++ b/srtp/crypto/hmac.h @@ -134,7 +134,11 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length); * Lenght of the MAC key in bytes * @return Returns a pointer to the initialized context. */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); +#else +void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length); +#endif /** * Compute SHA1 HMAC. diff --git a/srtp/crypto/openssl/hmac.cpp b/srtp/crypto/openssl/hmac.cpp index f0f22feb..9abd873c 100644 --- a/srtp/crypto/openssl/hmac.cpp +++ b/srtp/crypto/openssl/hmac.cpp @@ -1,20 +1,20 @@ /* - Copyright (C) 2010 Werner Dittmann - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - + Copyright (C) 2010 Werner Dittmann + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * In addition, as a special exception, the copyright holders give * permission to link the code of portions of this program with the * OpenSSL library under certain conditions as described in each @@ -47,23 +47,23 @@ void hmac_sha1(uint8_t * key, int32_t key_length, } void hmac_sha1( uint8_t* key, int32_t key_length, - const uint8_t* data_chunks[], - uint32_t data_chunck_length[], - uint8_t* mac, int32_t* mac_length ) { + const uint8_t* data_chunks[], + uint32_t data_chunck_length[], + uint8_t* mac, int32_t* mac_length ) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL); #else - HMAC_CTX* ctx; - ctx = HMAC_CTX_new(); - HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); + HMAC_CTX* ctx; + ctx = HMAC_CTX_new(); + HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); #endif while (*data_chunks) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_Update(&ctx, *data_chunks, *data_chunck_length); #else - HMAC_Update(ctx, *data_chunks, *data_chunck_length); + HMAC_Update(ctx, *data_chunks, *data_chunck_length); #endif data_chunks ++; data_chunck_length ++; @@ -72,8 +72,8 @@ void hmac_sha1( uint8_t* key, int32_t key_length, HMAC_Final(&ctx, mac, reinterpret_cast(mac_length)); HMAC_CTX_cleanup(&ctx); #else - HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); - HMAC_CTX_free( ctx ); + HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); + HMAC_CTX_free( ctx ); #endif } @@ -81,43 +81,48 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX)); - + HMAC_CTX_init(ctx); #else - HMAC_CTX* ctx = HMAC_CTX_new(); + HMAC_CTX* ctx = HMAC_CTX_new(); #endif HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); return ctx; } -void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength) +#if OPENSSL_VERSION_NUMBER < 0x10100000L +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLenght) { HMAC_CTX *pctx = (HMAC_CTX*)ctx; - -#if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_init(pctx); -#else - HMAC_CTX_reset(pctx); -#endif HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL); return pctx; } +#else +void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t keyLength) +{ + HMAC_CTX **pctx = (HMAC_CTX**)ctx; + *pctx = HMAC_CTX_new(); + HMAC_Init_ex(*pctx, key, keyLength, EVP_sha1(), NULL); + return *pctx; +} +#endif void hmacSha1Ctx(void* ctx, const uint8_t* data, uint32_t data_length, - uint8_t* mac, int32_t* mac_length) + uint8_t* mac, int32_t* mac_length) { HMAC_CTX* pctx = (HMAC_CTX*)ctx; - + HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); HMAC_Update( pctx, data, data_length ); HMAC_Final( pctx, mac, reinterpret_cast(mac_length) ); } void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[], - uint8_t* mac, int32_t* mac_length ) + uint8_t* mac, int32_t* mac_length ) { HMAC_CTX* pctx = (HMAC_CTX*)ctx; - + HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); while (*data) { HMAC_Update( pctx, *data, *data_length ); @@ -132,9 +137,9 @@ void freeSha1HmacContext(void* ctx) if (ctx) { #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup((HMAC_CTX*)ctx); - free(ctx); + free(ctx); #else - HMAC_CTX_free((HMAC_CTX*)ctx); + HMAC_CTX_free((HMAC_CTX*)ctx); #endif } } diff --git a/zrtp/crypto/openssl/hmac256.cpp b/zrtp/crypto/openssl/hmac256.cpp index 6f5cf0ee..61c25dae 100644 --- a/zrtp/crypto/openssl/hmac256.cpp +++ b/zrtp/crypto/openssl/hmac256.cpp @@ -58,28 +58,28 @@ void hmac_sha256(uint8_t* key, uint32_t key_length, HMAC_CTX_init( &ctx ); HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL ); #else - HMAC_CTX * ctx; - ctx = HMAC_CTX_new(); - HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL ); + HMAC_CTX * ctx; + ctx = HMAC_CTX_new(); + HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL ); #endif while( *data_chunks ){ #if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); #else - HMAC_Update( ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( ctx, *data_chunks, *data_chunck_length ); #endif - data_chunks ++; - data_chunck_length ++; + data_chunks ++; + data_chunck_length ++; } #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_Final( &ctx, mac, &tmp); #else - HMAC_Final( ctx, mac, &tmp); + HMAC_Final( ctx, mac, &tmp); #endif *mac_length = tmp; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup( &ctx ); #else - HMAC_CTX_free( ctx ); + HMAC_CTX_free( ctx ); #endif } diff --git a/zrtp/crypto/openssl/hmac384.cpp b/zrtp/crypto/openssl/hmac384.cpp index 7445f25a..26fbfefc 100644 --- a/zrtp/crypto/openssl/hmac384.cpp +++ b/zrtp/crypto/openssl/hmac384.cpp @@ -53,31 +53,31 @@ void hmac_sha384(uint8_t* key, uint32_t key_length, unsigned int tmp; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX ctx; - HMAC_CTX_init( &ctx ); - HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); + HMAC_CTX_init( &ctx ); + HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); #else - HMAC_CTX * ctx; - ctx = HMAC_CTX_new(); - HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL ); + HMAC_CTX * ctx; + ctx = HMAC_CTX_new(); + HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL ); #endif while( *data_chunks ){ #if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); #else - HMAC_Update( ctx, *data_chunks, *data_chunck_length ); + HMAC_Update( ctx, *data_chunks, *data_chunck_length ); #endif - data_chunks ++; - data_chunck_length ++; + data_chunks ++; + data_chunck_length ++; } #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_Final( &ctx, mac, &tmp); #else - HMAC_Final( ctx, mac, &tmp); + HMAC_Final( ctx, mac, &tmp); #endif *mac_length = tmp; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup( &ctx ); #else - HMAC_CTX_free( ctx ); + HMAC_CTX_free( ctx ); #endif } diff --git a/zrtp/crypto/openssl/zrtpDH.cpp b/zrtp/crypto/openssl/zrtpDH.cpp index 0c6e2984..061edd88 100644 --- a/zrtp/crypto/openssl/zrtpDH.cpp +++ b/zrtp/crypto/openssl/zrtpDH.cpp @@ -224,74 +224,74 @@ ZrtpDH::ZrtpDH(const char* type) { ctx = static_cast(DH_new()); tmpCtx = static_cast(ctx); #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->g = BN_new(); - BN_set_word(tmpCtx->g, DH_GENERATOR_2); + tmpCtx->g = BN_new(); + BN_set_word(tmpCtx->g, DH_GENERATOR_2); #else - { - BIGNUM* g = BN_new(); - BN_set_word(g, DH_GENERATOR_2); + { + BIGNUM* g = BN_new(); + BN_set_word(g, DH_GENERATOR_2); #endif - - if (pkType == DH2K) { + + if (pkType == DH2K) { #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->p = BN_dup(bnP2048); + tmpCtx->p = BN_dup(bnP2048); #else - DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); + DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); #endif - RAND_bytes(random, 32); + RAND_bytes(random, 32); #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); + tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); #else - DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); + DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); #endif - } - else if (pkType == DH3K) { + } + else if (pkType == DH3K) { #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->p = BN_dup(bnP3072); + tmpCtx->p = BN_dup(bnP3072); #else - DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); + DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); #endif - RAND_bytes(random, 64); + RAND_bytes(random, 64); #if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); + tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); #else - DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); - } + DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); + } #endif } - break; - - case EC25: - ctx = static_cast(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); - break; - case EC38: - ctx = static_cast(EC_KEY_new_by_curve_name(NID_secp384r1)); - break; + break; + + case EC25: + ctx = static_cast(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + break; + case EC38: + ctx = static_cast(EC_KEY_new_by_curve_name(NID_secp384r1)); + break; } } ZrtpDH::~ZrtpDH() { if (ctx == NULL) return; - + switch (pkType) { - case DH2K: - case DH3K: - DH_free(static_cast(ctx)); - break; - - case EC25: - case EC38: - EC_KEY_free(static_cast(ctx)); - break; + case DH2K: + case DH3K: + DH_free(static_cast(ctx)); + break; + + case EC25: + case EC38: + EC_KEY_free(static_cast(ctx)); + break; } } int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { - + if (pkType == DH2K || pkType == DH3K) { DH* tmpCtx = static_cast(ctx); - + #if OPENSSL_VERSION_NUMBER < 0x10100000L if (tmpCtx->pub_key != NULL) { BN_free(tmpCtx->pub_key); @@ -299,10 +299,10 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); #else - DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); - BIGNUM* pub_key; - DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); - return DH_compute_key(secret, pub_key, tmpCtx); + DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); + BIGNUM* pub_key; + DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); + return DH_compute_key(secret, pub_key, tmpCtx); #endif } if (pkType == EC25 || pkType == EC38) { @@ -312,13 +312,13 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { if (len+1 > sizeof(buffer)) { return -1; } - + buffer[0] = POINT_CONVERSION_UNCOMPRESSED; memcpy(buffer+1, pubKeyBytes, len); EC_POINT* point = EC_POINT_new(EC_KEY_get0_group(static_cast(ctx))); EC_POINT_oct2point(EC_KEY_get0_group(static_cast(ctx)), - point, buffer, len+1, NULL); + point, buffer, len+1, NULL); ret = ECDH_compute_key(secret, getDhSize(), point, static_cast(ctx), NULL); EC_POINT_free(point); return ret; @@ -330,7 +330,7 @@ int32_t ZrtpDH::generatePublicKey() { if (pkType == DH2K || pkType == DH3K) return DH_generate_key(static_cast(ctx)); - + if (pkType == EC25 || pkType == EC38) return EC_KEY_generate_key(static_cast(ctx)); return 0; @@ -340,38 +340,38 @@ int32_t ZrtpDH::getDhSize() const { if (pkType == DH2K || pkType == DH3K) return DH_size(static_cast(ctx)); - + if (pkType == EC25) return 32; if (pkType == EC38) return 48; - + return 0; } int32_t ZrtpDH::getPubKeySize() const { - if (pkType == DH2K || pkType == DH3K) { + if (pkType == DH2K || pkType == DH3K) { #if OPENSSL_VERSION_NUMBER < 0x10100000L - return BN_num_bytes(static_cast(ctx)->pub_key); + return BN_num_bytes(static_cast(ctx)->pub_key); #else - BIGNUM* pub_key; - DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); - return BN_num_bytes(pub_key); + BIGNUM* pub_key; + DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); + return BN_num_bytes(pub_key); #endif - } - + } + if (pkType == EC25 || pkType == EC38) return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), EC_KEY_get0_public_key(static_cast(ctx)), POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL) - 1; return 0; - + } int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const { - + if (pkType == DH2K || pkType == DH3K) { // get len of pub_key, prepend with zeros to DH size int32_t prepend = getDhSize() - getPubKeySize(); @@ -381,9 +381,9 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const #if OPENSSL_VERSION_NUMBER < 0x10100000L return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); #else - BIGNUM* pub_key; - DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); - return BN_bn2bin(pub_key, buf + prepend); + BIGNUM* pub_key; + DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); + return BN_bn2bin(pub_key, buf + prepend); #endif } if (pkType == EC25 || pkType == EC38) { From df72411809fc1140d35857adc20908f3ef324385 Mon Sep 17 00:00:00 2001 From: JuS Date: Thu, 29 Aug 2019 18:49:59 +0200 Subject: [PATCH 03/15] If ZRTP_OPENSSL is not defined, ... ... OPENSSL_VERSION_NUMBER won't be defined so it'll take the second "initializeSha1HmacContext(void **, ...)" function which won't match. This commit tries to fix that issue. --- srtp/crypto/hmac.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/srtp/crypto/hmac.h b/srtp/crypto/hmac.h index 1b31f148..3ef61693 100644 --- a/srtp/crypto/hmac.h +++ b/srtp/crypto/hmac.h @@ -134,11 +134,22 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length); * Lenght of the MAC key in bytes * @return Returns a pointer to the initialized context. */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); -#else + +/** + * Initialize a SHA1 HMAC context. + * + * An application uses this context to create several HMAC with the same key. + * + * @param ctx + * Pointer to initialized SHA1 HMAC context + * @param key + * The MAC key. + * @param key_length + * Lenght of the MAC key in bytes + * @return Returns a pointer to the initialized context. + */ void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length); -#endif /** * Compute SHA1 HMAC. From 67f51fc7357247e664872620f17c40993cfc5014 Mon Sep 17 00:00:00 2001 From: JuS Date: Thu, 29 Aug 2019 22:38:11 +0200 Subject: [PATCH 04/15] Removed OpenSSL version checking macros for initializeSha1HmacContext --- srtp/crypto/openssl/hmac.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/srtp/crypto/openssl/hmac.cpp b/srtp/crypto/openssl/hmac.cpp index 9abd873c..7461620b 100644 --- a/srtp/crypto/openssl/hmac.cpp +++ b/srtp/crypto/openssl/hmac.cpp @@ -90,7 +90,7 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length) return ctx; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L + void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLenght) { HMAC_CTX *pctx = (HMAC_CTX*)ctx; @@ -98,7 +98,7 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLenght) HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL); return pctx; } -#else + void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t keyLength) { HMAC_CTX **pctx = (HMAC_CTX**)ctx; @@ -106,7 +106,7 @@ void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t keyLength) HMAC_Init_ex(*pctx, key, keyLength, EVP_sha1(), NULL); return *pctx; } -#endif + void hmacSha1Ctx(void* ctx, const uint8_t* data, uint32_t data_length, uint8_t* mac, int32_t* mac_length) From a51fa1fcb54e0f66252fe51f0cc3b62f7b041850 Mon Sep 17 00:00:00 2001 From: JuS Date: Wed, 25 Sep 2019 17:26:55 +0200 Subject: [PATCH 05/15] Attempt to fix undefined symbols error --- srtp/crypto/hmac.cpp | 1 + srtp/crypto/hmac.h | 10 +++++++++- srtp/crypto/openssl/hmac.cpp | 23 +++++++++++++++++------ 3 files changed, 27 insertions(+), 7 deletions(-) diff --git a/srtp/crypto/hmac.cpp b/srtp/crypto/hmac.cpp index 3730a9b8..5070c4de 100644 --- a/srtp/crypto/hmac.cpp +++ b/srtp/crypto/hmac.cpp @@ -148,6 +148,7 @@ void* createSha1HmacContext(uint8_t* key, int32_t keyLength) void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength) { + puts("!!! Not using OpenSSL for initializeSha1HmacContext"); hmacSha1Context *pctx = (hmacSha1Context*)ctx; hmacSha1Init(pctx, key, keyLength); diff --git a/srtp/crypto/hmac.h b/srtp/crypto/hmac.h index 3ef61693..ef3c94b8 100644 --- a/srtp/crypto/hmac.h +++ b/srtp/crypto/hmac.h @@ -134,7 +134,7 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length); * Lenght of the MAC key in bytes * @return Returns a pointer to the initialized context. */ -void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); +// void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); /** * Initialize a SHA1 HMAC context. @@ -149,7 +149,15 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); * Lenght of the MAC key in bytes * @return Returns a pointer to the initialized context. */ +// void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); +#else +// We still need to provide both the double- and single-pointer functions for CryptoContext.cpp and CryptoContextCtrl.cpp void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length); +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length); +#endif /** * Compute SHA1 HMAC. diff --git a/srtp/crypto/openssl/hmac.cpp b/srtp/crypto/openssl/hmac.cpp index 7461620b..e86aa55a 100644 --- a/srtp/crypto/openssl/hmac.cpp +++ b/srtp/crypto/openssl/hmac.cpp @@ -90,23 +90,34 @@ void* createSha1HmacContext(uint8_t* key, int32_t key_length) return ctx; } - -void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLenght) +#if OPENSSL_VERSION_NUMBER < 0x10100000L +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length) { HMAC_CTX *pctx = (HMAC_CTX*)ctx; HMAC_CTX_init(pctx); - HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL); + HMAC_Init_ex(pctx, key, key_length, EVP_sha1(), NULL); return pctx; } -void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t keyLength) +#else +// We still need to provide both the double- and single-pointer functions. +void* initializeSha1HmacContext(void** ctx, uint8_t* key, int32_t key_length) { HMAC_CTX **pctx = (HMAC_CTX**)ctx; - *pctx = HMAC_CTX_new(); - HMAC_Init_ex(*pctx, key, keyLength, EVP_sha1(), NULL); + *pctx = HMAC_CTX_new(); // correct (!) + HMAC_Init_ex(*pctx, key, key_length, EVP_sha1(), NULL); return *pctx; } +void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t key_length) +{ + HMAC_CTX *pctx = (HMAC_CTX*)ctx; + pctx = HMAC_CTX_new(); + HMAC_Init_ex(pctx, key, key_length, EVP_sha1(), NULL); + return pctx; +} +#endif + void hmacSha1Ctx(void* ctx, const uint8_t* data, uint32_t data_length, uint8_t* mac, int32_t* mac_length) From bffdf2a587d3e389136a631a82be2a7376877b8f Mon Sep 17 00:00:00 2001 From: JuS Date: Wed, 25 Sep 2019 19:05:51 +0200 Subject: [PATCH 06/15] Attempt to fix memory access at runtime at 0x0. --- srtp/crypto/openssl/hmac.cpp | 2 +- zrtp/crypto/openssl/hmac256.cpp | 2 +- zrtp/crypto/openssl/hmac384.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/srtp/crypto/openssl/hmac.cpp b/srtp/crypto/openssl/hmac.cpp index e86aa55a..7ea0ea15 100644 --- a/srtp/crypto/openssl/hmac.cpp +++ b/srtp/crypto/openssl/hmac.cpp @@ -73,7 +73,7 @@ void hmac_sha1( uint8_t* key, int32_t key_length, HMAC_CTX_cleanup(&ctx); #else HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); - HMAC_CTX_free( ctx ); + HMAC_CTX_reset( ctx ); #endif } diff --git a/zrtp/crypto/openssl/hmac256.cpp b/zrtp/crypto/openssl/hmac256.cpp index 61c25dae..98990e41 100644 --- a/zrtp/crypto/openssl/hmac256.cpp +++ b/zrtp/crypto/openssl/hmac256.cpp @@ -80,6 +80,6 @@ void hmac_sha256(uint8_t* key, uint32_t key_length, #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup( &ctx ); #else - HMAC_CTX_free( ctx ); + HMAC_CTX_reset( ctx ); #endif } diff --git a/zrtp/crypto/openssl/hmac384.cpp b/zrtp/crypto/openssl/hmac384.cpp index 26fbfefc..e7268945 100644 --- a/zrtp/crypto/openssl/hmac384.cpp +++ b/zrtp/crypto/openssl/hmac384.cpp @@ -78,6 +78,6 @@ void hmac_sha384(uint8_t* key, uint32_t key_length, #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup( &ctx ); #else - HMAC_CTX_free( ctx ); + HMAC_CTX_reset( ctx ); #endif } From b7ba48e84bf766bacbe295b2c2ade4fc3f082b4d Mon Sep 17 00:00:00 2001 From: JuS Date: Wed, 25 Sep 2019 23:33:01 +0200 Subject: [PATCH 07/15] Attempt to fix 0x0 memory read. --- zrtp/crypto/openssl/zrtpDH.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/zrtp/crypto/openssl/zrtpDH.cpp b/zrtp/crypto/openssl/zrtpDH.cpp index 061edd88..320f0938 100644 --- a/zrtp/crypto/openssl/zrtpDH.cpp +++ b/zrtp/crypto/openssl/zrtpDH.cpp @@ -299,9 +299,9 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); #else - DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); - BIGNUM* pub_key; - DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); + BIGNUM* pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); + DH_set0_key(tmpCtx, pub_key, NULL); + // DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); return DH_compute_key(secret, pub_key, tmpCtx); #endif } From a569a0c2add2b440898a92372400f62bee29d026 Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 14:15:23 +0200 Subject: [PATCH 08/15] Added debug output --- zrtp/ZIDCacheFile.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index 11e733d8..e55a94d9 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -68,6 +68,8 @@ void ZIDCacheFile::createZIDFile(char* name) { if (fwrite(rec.getRecordData(), rec.getRecordLength(), 1, zidFile) < 1) ++errors; fflush(zidFile); + } else { + puts("ZIDCacheFile::createZIDFile error: zidFile is zero, file could not be created."); } } From 416ba0980a88f2201dbb9fc5a5216fb9f52cfd95 Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 14:44:43 +0200 Subject: [PATCH 09/15] Added debug output --- zrtp/ZIDCacheFile.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index e55a94d9..124cf0cc 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -69,7 +69,7 @@ void ZIDCacheFile::createZIDFile(char* name) { ++errors; fflush(zidFile); } else { - puts("ZIDCacheFile::createZIDFile error: zidFile is zero, file could not be created."); + fputs("ZIDCacheFile::createZIDFile error: zidFile is zero, file could not be created.", stderr); } } @@ -108,6 +108,8 @@ void ZIDCacheFile::checkDoMigration(char* name) { return; } fdOld = fopen(fn.c_str(), "rb"); // reopen old format in read only mode + if (fdOld == NULL) + fputs("ZIDCacheFile::checkDoMigration error: fdOld fopen failed", stderr); // Get first record from old file - is the own ZID fseek(fdOld, 0L, SEEK_SET); @@ -121,6 +123,7 @@ void ZIDCacheFile::checkDoMigration(char* name) { } zidFile = fopen(name, "wb+"); // create new format file in binary r/w mode if (zidFile == NULL) { + fputs("ZIDCacheFile::checkDoMigration error: zidFile fopen failed", stderr); fclose(fdOld); return; } From bf87e95a5bed481e8c3d2b2d5417bcca8763cee3 Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 15:06:55 +0200 Subject: [PATCH 10/15] Added further debug output --- zrtp/ZIDCacheFile.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index 124cf0cc..563f463b 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -210,6 +210,8 @@ ZIDRecord *ZIDCacheFile::getRecord(unsigned char *zid) { ZIDRecordFile *zidRecord = new ZIDRecordFile(); // set read pointer behind first record ( + fprintf(stderr, "ZIDCacheFile::getRecord info: zidFile: %p", zidFile); + fprintf(stderr, "ZIDCacheFile::getRecord info: zidRecord->getRecordLength(): %i", zidRecord->getRecordLength()); fseek(zidFile, zidRecord->getRecordLength(), SEEK_SET); do { From f0cf60a4c53120e156ded1802269d33d73537a5c Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 15:33:19 +0200 Subject: [PATCH 11/15] More debug output --- zrtp/ZIDCacheDb.cpp | 2 ++ zrtp/ZIDCacheFile.cpp | 4 ++++ zrtp/ZrtpCWrapper.cpp | 4 +++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/zrtp/ZIDCacheDb.cpp b/zrtp/ZIDCacheDb.cpp index 579bfb8c..0d09f888 100644 --- a/zrtp/ZIDCacheDb.cpp +++ b/zrtp/ZIDCacheDb.cpp @@ -60,6 +60,7 @@ int ZIDCacheDb::open(char* name) { cacheOps.readLocalZid(zidFile, associatedZid, NULL, errorBuffer); else { cacheOps.closeCache(zidFile); + fprintf(stderr, "ZIDCacheDb::open info: zidFile set to NULL\n"); zidFile = NULL; } @@ -70,6 +71,7 @@ void ZIDCacheDb::close() { if (zidFile != NULL) { cacheOps.closeCache(zidFile); + fprintf(stderr, "ZIDCacheDb::close info: zidFile set to NULL\n"); zidFile = NULL; } } diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index 563f463b..2a59857b 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -96,6 +96,7 @@ void ZIDCacheFile::checkDoMigration(char* name) { return; } fclose(zidFile); // close old ZID file + fprintf(stderr, "ZIDCacheFile::checkDoMigration info: zidFile set to NULL\n"); zidFile = NULL; // create save file name, rename and re-open @@ -181,11 +182,13 @@ int ZIDCacheFile::open(char* name) { fseek(zidFile, 0L, SEEK_SET); if (fread(rec.getRecordData(), rec.getRecordLength(), 1, zidFile) != 1) { fclose(zidFile); + fprintf(stderr, "ZIDCacheFile::open 1 info: zidFile set to NULL\n"); zidFile = NULL; return -1; } if (!rec.isOwnZIDRecord()) { fclose(zidFile); + fprintf(stderr, "ZIDCacheFile::open 2 info: zidFile set to NULL\n"); zidFile = NULL; return -1; } @@ -199,6 +202,7 @@ void ZIDCacheFile::close() { if (zidFile != NULL) { fclose(zidFile); + fprintf(stderr, "ZIDCacheFile::close info: zidFile set to NULL\n"); zidFile = NULL; } } diff --git a/zrtp/ZrtpCWrapper.cpp b/zrtp/ZrtpCWrapper.cpp index 556a509a..8f306064 100644 --- a/zrtp/ZrtpCWrapper.cpp +++ b/zrtp/ZrtpCWrapper.cpp @@ -54,7 +54,8 @@ void zrtp_initializeZrtpEngine(ZrtpContext* zrtpContext, } // Initialize ZID file (cache) and get my own ZID - zrtp_initZidFile(zidFilename); + int32_t res = zrtp_initZidFile(zidFilename); + fprintf(stderr, "ZrtpCWrapper.cpp void zrtp_initializeZrtpEngine() info: zrtp_initZidFile() result: %i\n", res); const unsigned char* myZid = getZidCacheInstance()->getZid(); zrtpContext->zrtpEngine = new ZRtp((uint8_t*)myZid, zrtpContext->zrtpCallback, @@ -90,6 +91,7 @@ static int32_t zrtp_initZidFile(const char* zidFilename) { fname = baseDir + std::string("GNUccRTP.zid"); zidFilename = fname.c_str(); } + fprintf(stderr, "ZrtpCWrapper.cpp: int32_t zrtp_initZidFile() info: zf->open() zidFilename: %s\n", zidFilename); return zf->open((char *)zidFilename); } return 0; From 10ef9bee407b97cb010e3b5ed88c61ed988ebb79 Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 16:57:16 +0200 Subject: [PATCH 12/15] Added some important comments to help debugging --- zrtp/ZIDCacheFile.cpp | 14 ++++++++++++-- zrtp/ZrtpCWrapper.cpp | 2 +- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index 2a59857b..d4c582e6 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -29,6 +29,15 @@ #include #endif +#ifdef __APPLE__ + #if TARGET_IPHONE_SIMULATOR || TARGET_OS_IPHONE // iOS Simulator or iOS device + #include + #elif TARGET_OS_MAC // Other kinds of Mac OS + #else + #error "Unknown Apple platform" + #endif +#endif + #include #include @@ -55,7 +64,7 @@ ZIDCache* getZidCacheInstance() { void ZIDCacheFile::createZIDFile(char* name) { - zidFile = fopen(name, "wb+"); + zidFile = fopen(name, "wb+"); //! This is not allowed on iOS // New file, generate an associated random ZID and save // it as first record if (zidFile != NULL) { @@ -69,7 +78,8 @@ void ZIDCacheFile::createZIDFile(char* name) { ++errors; fflush(zidFile); } else { - fputs("ZIDCacheFile::createZIDFile error: zidFile is zero, file could not be created.", stderr); + //! This fails (zidFile == NULL) + fprintf(stderr, "ZIDCacheFile::createZIDFile error: zidFile is null, file could not be created\n"); } } diff --git a/zrtp/ZrtpCWrapper.cpp b/zrtp/ZrtpCWrapper.cpp index 8f306064..6f3e181e 100644 --- a/zrtp/ZrtpCWrapper.cpp +++ b/zrtp/ZrtpCWrapper.cpp @@ -54,7 +54,7 @@ void zrtp_initializeZrtpEngine(ZrtpContext* zrtpContext, } // Initialize ZID file (cache) and get my own ZID - int32_t res = zrtp_initZidFile(zidFilename); + int32_t res = zrtp_initZidFile(zidFilename); //! res is -1 fprintf(stderr, "ZrtpCWrapper.cpp void zrtp_initializeZrtpEngine() info: zrtp_initZidFile() result: %i\n", res); const unsigned char* myZid = getZidCacheInstance()->getZid(); From 29f6e7b9f906c396a50ec9ae864081b8a2f10394 Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 17:14:42 +0200 Subject: [PATCH 13/15] Removed the apple ifdefs --- zrtp/ZIDCacheFile.cpp | 9 --------- 1 file changed, 9 deletions(-) diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index d4c582e6..dcab151a 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -29,15 +29,6 @@ #include #endif -#ifdef __APPLE__ - #if TARGET_IPHONE_SIMULATOR || TARGET_OS_IPHONE // iOS Simulator or iOS device - #include - #elif TARGET_OS_MAC // Other kinds of Mac OS - #else - #error "Unknown Apple platform" - #endif -#endif - #include #include From 8eb3ddb562dd01af9d266cf2ad2de2bf264d8ab7 Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 18:42:38 +0200 Subject: [PATCH 14/15] Removed debug output --- zrtp/ZIDCacheDb.cpp | 2 -- zrtp/ZIDCacheFile.cpp | 13 +------------ zrtp/ZrtpCWrapper.cpp | 4 +--- 3 files changed, 2 insertions(+), 17 deletions(-) diff --git a/zrtp/ZIDCacheDb.cpp b/zrtp/ZIDCacheDb.cpp index 0d09f888..579bfb8c 100644 --- a/zrtp/ZIDCacheDb.cpp +++ b/zrtp/ZIDCacheDb.cpp @@ -60,7 +60,6 @@ int ZIDCacheDb::open(char* name) { cacheOps.readLocalZid(zidFile, associatedZid, NULL, errorBuffer); else { cacheOps.closeCache(zidFile); - fprintf(stderr, "ZIDCacheDb::open info: zidFile set to NULL\n"); zidFile = NULL; } @@ -71,7 +70,6 @@ void ZIDCacheDb::close() { if (zidFile != NULL) { cacheOps.closeCache(zidFile); - fprintf(stderr, "ZIDCacheDb::close info: zidFile set to NULL\n"); zidFile = NULL; } } diff --git a/zrtp/ZIDCacheFile.cpp b/zrtp/ZIDCacheFile.cpp index dcab151a..420bbda4 100644 --- a/zrtp/ZIDCacheFile.cpp +++ b/zrtp/ZIDCacheFile.cpp @@ -55,7 +55,7 @@ ZIDCache* getZidCacheInstance() { void ZIDCacheFile::createZIDFile(char* name) { - zidFile = fopen(name, "wb+"); //! This is not allowed on iOS + zidFile = fopen(name, "wb+"); // New file, generate an associated random ZID and save // it as first record if (zidFile != NULL) { @@ -68,9 +68,6 @@ void ZIDCacheFile::createZIDFile(char* name) { if (fwrite(rec.getRecordData(), rec.getRecordLength(), 1, zidFile) < 1) ++errors; fflush(zidFile); - } else { - //! This fails (zidFile == NULL) - fprintf(stderr, "ZIDCacheFile::createZIDFile error: zidFile is null, file could not be created\n"); } } @@ -97,7 +94,6 @@ void ZIDCacheFile::checkDoMigration(char* name) { return; } fclose(zidFile); // close old ZID file - fprintf(stderr, "ZIDCacheFile::checkDoMigration info: zidFile set to NULL\n"); zidFile = NULL; // create save file name, rename and re-open @@ -110,8 +106,6 @@ void ZIDCacheFile::checkDoMigration(char* name) { return; } fdOld = fopen(fn.c_str(), "rb"); // reopen old format in read only mode - if (fdOld == NULL) - fputs("ZIDCacheFile::checkDoMigration error: fdOld fopen failed", stderr); // Get first record from old file - is the own ZID fseek(fdOld, 0L, SEEK_SET); @@ -183,13 +177,11 @@ int ZIDCacheFile::open(char* name) { fseek(zidFile, 0L, SEEK_SET); if (fread(rec.getRecordData(), rec.getRecordLength(), 1, zidFile) != 1) { fclose(zidFile); - fprintf(stderr, "ZIDCacheFile::open 1 info: zidFile set to NULL\n"); zidFile = NULL; return -1; } if (!rec.isOwnZIDRecord()) { fclose(zidFile); - fprintf(stderr, "ZIDCacheFile::open 2 info: zidFile set to NULL\n"); zidFile = NULL; return -1; } @@ -203,7 +195,6 @@ void ZIDCacheFile::close() { if (zidFile != NULL) { fclose(zidFile); - fprintf(stderr, "ZIDCacheFile::close info: zidFile set to NULL\n"); zidFile = NULL; } } @@ -215,8 +206,6 @@ ZIDRecord *ZIDCacheFile::getRecord(unsigned char *zid) { ZIDRecordFile *zidRecord = new ZIDRecordFile(); // set read pointer behind first record ( - fprintf(stderr, "ZIDCacheFile::getRecord info: zidFile: %p", zidFile); - fprintf(stderr, "ZIDCacheFile::getRecord info: zidRecord->getRecordLength(): %i", zidRecord->getRecordLength()); fseek(zidFile, zidRecord->getRecordLength(), SEEK_SET); do { diff --git a/zrtp/ZrtpCWrapper.cpp b/zrtp/ZrtpCWrapper.cpp index 6f3e181e..c28a1188 100644 --- a/zrtp/ZrtpCWrapper.cpp +++ b/zrtp/ZrtpCWrapper.cpp @@ -54,8 +54,7 @@ void zrtp_initializeZrtpEngine(ZrtpContext* zrtpContext, } // Initialize ZID file (cache) and get my own ZID - int32_t res = zrtp_initZidFile(zidFilename); //! res is -1 - fprintf(stderr, "ZrtpCWrapper.cpp void zrtp_initializeZrtpEngine() info: zrtp_initZidFile() result: %i\n", res); + int32_t res = zrtp_initZidFile(zidFilename); const unsigned char* myZid = getZidCacheInstance()->getZid(); zrtpContext->zrtpEngine = new ZRtp((uint8_t*)myZid, zrtpContext->zrtpCallback, @@ -91,7 +90,6 @@ static int32_t zrtp_initZidFile(const char* zidFilename) { fname = baseDir + std::string("GNUccRTP.zid"); zidFilename = fname.c_str(); } - fprintf(stderr, "ZrtpCWrapper.cpp: int32_t zrtp_initZidFile() info: zf->open() zidFilename: %s\n", zidFilename); return zf->open((char *)zidFilename); } return 0; From d98872151150bbe98ef2ec660e0078f6696aa5c2 Mon Sep 17 00:00:00 2001 From: JuS Date: Sat, 28 Sep 2019 19:11:48 +0200 Subject: [PATCH 15/15] Removed outdated patch --- ...r-OpenSSL-1.1.0.-Lots-of-structure-t.patch | 310 ------------------ 1 file changed, 310 deletions(-) delete mode 100644 0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch diff --git a/0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch b/0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch deleted file mode 100644 index 6e2a0e7b..00000000 --- a/0001-Added-support-for-OpenSSL-1.1.0.-Lots-of-structure-t.patch +++ /dev/null @@ -1,310 +0,0 @@ -From deb9018638389b88e3d87b565180e103ba31a800 Mon Sep 17 00:00:00 2001 -From: [REDACTED] <[redacted]@[redacted]> -Date: Tue, 27 Aug 2019 00:08:45 +0200 -Subject: [PATCH] Added support for OpenSSL >= 1.1.0. Lots of structure types - were hidden and became opaque pointers. - ---- - srtp/CryptoContext.h | 4 +++ - srtp/crypto/openssl/hmac.cpp | 43 ++++++++++++++++++++++++------ - zrtp/crypto/openssl/hmac256.cpp | 18 +++++++++++++ - zrtp/crypto/openssl/hmac384.cpp | 22 +++++++++++++-- - zrtp/crypto/openssl/zrtpDH.cpp | 47 +++++++++++++++++++++++++++++++-- - 5 files changed, 122 insertions(+), 12 deletions(-) - -diff --git a/srtp/CryptoContext.h b/srtp/CryptoContext.h -index 7962af1..10fe2ea 100644 ---- a/srtp/CryptoContext.h -+++ b/srtp/CryptoContext.h -@@ -421,7 +421,11 @@ private: - typedef union _hmacCtx { - SkeinCtx_t hmacSkeinCtx; - #ifdef ZRTP_OPENSSL -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX hmacSha1Ctx; -+ #else -+ HMAC_CTX * hmacSha1Ctx; -+ #endif - #else - hmacSha1Context hmacSha1Ctx; - #endif -diff --git a/srtp/crypto/openssl/hmac.cpp b/srtp/crypto/openssl/hmac.cpp -index 93a6d0d..f0f22fe 100644 ---- a/srtp/crypto/openssl/hmac.cpp -+++ b/srtp/crypto/openssl/hmac.cpp -@@ -50,23 +50,42 @@ void hmac_sha1( uint8_t* key, int32_t key_length, - const uint8_t* data_chunks[], - uint32_t data_chunck_length[], - uint8_t* mac, int32_t* mac_length ) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX ctx; - HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, key, key_length, EVP_sha1(), NULL); -+#else -+ HMAC_CTX* ctx; -+ ctx = HMAC_CTX_new(); -+ HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); -+#endif - while (*data_chunks) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Update(&ctx, *data_chunks, *data_chunck_length); -+#else -+ HMAC_Update(ctx, *data_chunks, *data_chunck_length); -+#endif - data_chunks ++; - data_chunck_length ++; - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Final(&ctx, mac, reinterpret_cast(mac_length)); - HMAC_CTX_cleanup(&ctx); -+#else -+ HMAC_Final(ctx, mac, reinterpret_cast(mac_length)); -+ HMAC_CTX_free( ctx ); -+#endif - } - - void* createSha1HmacContext(uint8_t* key, int32_t key_length) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX* ctx = (HMAC_CTX*)malloc(sizeof(HMAC_CTX)); - - HMAC_CTX_init(ctx); -+#else -+ HMAC_CTX* ctx = HMAC_CTX_new(); -+#endif - HMAC_Init_ex(ctx, key, key_length, EVP_sha1(), NULL); - return ctx; - } -@@ -75,7 +94,11 @@ void* initializeSha1HmacContext(void* ctx, uint8_t* key, int32_t keyLength) - { - HMAC_CTX *pctx = (HMAC_CTX*)ctx; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_init(pctx); -+#else -+ HMAC_CTX_reset(pctx); -+#endif - HMAC_Init_ex(pctx, key, keyLength, EVP_sha1(), NULL); - return pctx; - } -@@ -85,9 +108,9 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data, uint32_t data_length, - { - HMAC_CTX* pctx = (HMAC_CTX*)ctx; - -- HMAC_Init_ex(pctx, NULL, 0, NULL, NULL ); -- HMAC_Update(pctx, data, data_length ); -- HMAC_Final(pctx, mac, reinterpret_cast(mac_length) ); -+ HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); -+ HMAC_Update( pctx, data, data_length ); -+ HMAC_Final( pctx, mac, reinterpret_cast(mac_length) ); - } - - void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[], -@@ -95,19 +118,23 @@ void hmacSha1Ctx(void* ctx, const uint8_t* data[], uint32_t data_length[], - { - HMAC_CTX* pctx = (HMAC_CTX*)ctx; - -- HMAC_Init_ex(pctx, NULL, 0, NULL, NULL ); -+ HMAC_Init_ex( pctx, NULL, 0, NULL, NULL ); - while (*data) { -- HMAC_Update(pctx, *data, *data_length); -+ HMAC_Update( pctx, *data, *data_length ); - data++; - data_length++; - } -- HMAC_Final(pctx, mac, reinterpret_cast(mac_length) ); -+ HMAC_Final( pctx, mac, reinterpret_cast(mac_length) ); - } - - void freeSha1HmacContext(void* ctx) - { - if (ctx) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_cleanup((HMAC_CTX*)ctx); -- free(ctx); -+ free(ctx); -+#else -+ HMAC_CTX_free((HMAC_CTX*)ctx); -+#endif - } --} -\ No newline at end of file -+} -diff --git a/zrtp/crypto/openssl/hmac256.cpp b/zrtp/crypto/openssl/hmac256.cpp -index 40e4e82..6f5cf0e 100644 ---- a/zrtp/crypto/openssl/hmac256.cpp -+++ b/zrtp/crypto/openssl/hmac256.cpp -@@ -53,15 +53,33 @@ void hmac_sha256(uint8_t* key, uint32_t key_length, - uint8_t* mac, uint32_t* mac_length ) - { - unsigned int tmp; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX ctx; - HMAC_CTX_init( &ctx ); - HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL ); -+#else -+ HMAC_CTX * ctx; -+ ctx = HMAC_CTX_new(); -+ HMAC_Init_ex( ctx, key, key_length, EVP_sha256(), NULL ); -+#endif - while( *data_chunks ){ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); -+#else -+ HMAC_Update( ctx, *data_chunks, *data_chunck_length ); -+#endif - data_chunks ++; - data_chunck_length ++; - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Final( &ctx, mac, &tmp); -+#else -+ HMAC_Final( ctx, mac, &tmp); -+#endif - *mac_length = tmp; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_cleanup( &ctx ); -+#else -+ HMAC_CTX_free( ctx ); -+#endif - } -diff --git a/zrtp/crypto/openssl/hmac384.cpp b/zrtp/crypto/openssl/hmac384.cpp -index 2511ce5..7445f25 100644 ---- a/zrtp/crypto/openssl/hmac384.cpp -+++ b/zrtp/crypto/openssl/hmac384.cpp -@@ -51,15 +51,33 @@ void hmac_sha384(uint8_t* key, uint32_t key_length, - uint8_t* mac, uint32_t* mac_length ) - { - unsigned int tmp; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX ctx; -- HMAC_CTX_init( &ctx ); -- HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); -+ HMAC_CTX_init( &ctx ); -+ HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL ); -+#else -+ HMAC_CTX * ctx; -+ ctx = HMAC_CTX_new(); -+ HMAC_Init_ex( ctx, key, key_length, EVP_sha384(), NULL ); -+#endif - while( *data_chunks ){ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); -+#else -+ HMAC_Update( ctx, *data_chunks, *data_chunck_length ); -+#endif - data_chunks ++; - data_chunck_length ++; - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_Final( &ctx, mac, &tmp); -+#else -+ HMAC_Final( ctx, mac, &tmp); -+#endif - *mac_length = tmp; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_cleanup( &ctx ); -+#else -+ HMAC_CTX_free( ctx ); -+#endif - } -diff --git a/zrtp/crypto/openssl/zrtpDH.cpp b/zrtp/crypto/openssl/zrtpDH.cpp -index 78cf60a..0c6e298 100644 ---- a/zrtp/crypto/openssl/zrtpDH.cpp -+++ b/zrtp/crypto/openssl/zrtpDH.cpp -@@ -223,18 +223,41 @@ ZrtpDH::ZrtpDH(const char* type) { - case DH3K: - ctx = static_cast(DH_new()); - tmpCtx = static_cast(ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->g = BN_new(); - BN_set_word(tmpCtx->g, DH_GENERATOR_2); -+#else -+ { -+ BIGNUM* g = BN_new(); -+ BN_set_word(g, DH_GENERATOR_2); -+#endif - - if (pkType == DH2K) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->p = BN_dup(bnP2048); -+#else -+ DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); -+#endif - RAND_bytes(random, 32); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); -+#else -+ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); -+#endif - } - else if (pkType == DH3K) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->p = BN_dup(bnP3072); -+#else -+ DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); -+#endif - RAND_bytes(random, 64); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->priv_key = BN_bin2bn(random, 32, NULL); -+#else -+ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); -+ } -+#endif - } - break; - -@@ -269,11 +292,18 @@ int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) { - if (pkType == DH2K || pkType == DH3K) { - DH* tmpCtx = static_cast(ctx); - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (tmpCtx->pub_key != NULL) { - BN_free(tmpCtx->pub_key); - } - tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL); - return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); -+#else -+ DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); -+ BIGNUM* pub_key; -+ DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); -+ return DH_compute_key(secret, pub_key, tmpCtx); -+#endif - } - if (pkType == EC25 || pkType == EC38) { - uint8_t buffer[200]; -@@ -321,8 +351,15 @@ int32_t ZrtpDH::getDhSize() const - - int32_t ZrtpDH::getPubKeySize() const - { -- if (pkType == DH2K || pkType == DH3K) -- return BN_num_bytes(static_cast(ctx)->pub_key); -+ if (pkType == DH2K || pkType == DH3K) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ return BN_num_bytes(static_cast(ctx)->pub_key); -+#else -+ BIGNUM* pub_key; -+ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); -+ return BN_num_bytes(pub_key); -+#endif -+ } - - if (pkType == EC25 || pkType == EC38) - return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), -@@ -341,7 +378,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const - if (prepend > 0) { - memset(buf, 0, prepend); - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); -+#else -+ BIGNUM* pub_key; -+ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); -+ return BN_bn2bin(pub_key, buf + prepend); -+#endif - } - if (pkType == EC25 || pkType == EC38) { - uint8_t buffer[200]; --- -2.20.1 ([Redacted] Git-117) -