mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
Replace openssl from l-1.0.1f to 1.10e (#774)
DUe to API breakchange, add a wrapper for backward compatibility
This commit is contained in:
HungMingWu
winlin
parent
695ceeab48
commit
01d5e4da17
9 changed files with 106 additions and 43 deletions
|
|
@ -159,6 +159,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
#define ERROR_RTSP_AUDIO_CONFIG 2047
|
||||
#define ERROR_RTMP_STREAM_NOT_FOUND 2048
|
||||
#define ERROR_RTMP_CLIENT_NOT_FOUND 2049
|
||||
#define ERROR_OpenSslCreateHMAC 2050
|
||||
//
|
||||
// system control message,
|
||||
// not an error, but special control logic.
|
||||
|
|
|
|||
|
|
@ -44,6 +44,66 @@ using namespace _srs_internal;
|
|||
// for openssl_generate_key
|
||||
#include <openssl/dh.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
static HMAC_CTX *HMAC_CTX_new(void)
|
||||
{
|
||||
HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof(*ctx));
|
||||
if (ctx != NULL)
|
||||
HMAC_CTX_init(ctx);
|
||||
return ctx;
|
||||
}
|
||||
static void HMAC_CTX_free(HMAC_CTX *ctx)
|
||||
{
|
||||
if (ctx != NULL) {
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
free(ctx);
|
||||
}
|
||||
}
|
||||
|
||||
static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
|
||||
{
|
||||
if (pub_key != NULL)
|
||||
*pub_key = dh->pub_key;
|
||||
if (priv_key != NULL)
|
||||
*priv_key = dh->priv_key;
|
||||
}
|
||||
|
||||
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
||||
{
|
||||
/* If the fields p and g in d are NULL, the corresponding input
|
||||
* parameters MUST be non-NULL. q may remain NULL.
|
||||
*/
|
||||
if ((dh->p == NULL && p == NULL)
|
||||
|| (dh->g == NULL && g == NULL))
|
||||
return 0;
|
||||
|
||||
if (p != NULL) {
|
||||
BN_free(dh->p);
|
||||
dh->p = p;
|
||||
}
|
||||
if (q != NULL) {
|
||||
BN_free(dh->q);
|
||||
dh->q = q;
|
||||
}
|
||||
if (g != NULL) {
|
||||
BN_free(dh->g);
|
||||
dh->g = g;
|
||||
}
|
||||
|
||||
if (q != NULL) {
|
||||
dh->length = BN_num_bits(q);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int DH_set_length(DH *dh, long length)
|
||||
{
|
||||
dh->length = length;
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
namespace _srs_internal
|
||||
{
|
||||
// 68bytes FMS key which is used to sign the sever packet.
|
||||
|
|
@ -112,18 +172,21 @@ namespace _srs_internal
|
|||
}
|
||||
} else {
|
||||
// use key-data to digest.
|
||||
HMAC_CTX ctx;
|
||||
|
||||
HMAC_CTX *ctx = HMAC_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
ret = ERROR_OpenSslCreateHMAC;
|
||||
return ret;
|
||||
}
|
||||
// @remark, if no key, use EVP_Digest to digest,
|
||||
// for instance, in python, hashlib.sha256(data).digest().
|
||||
HMAC_CTX_init(&ctx);
|
||||
if (HMAC_Init_ex(&ctx, temp_key, key_size, EVP_sha256(), NULL) < 0) {
|
||||
if (HMAC_Init_ex(ctx, temp_key, key_size, EVP_sha256(), NULL) < 0) {
|
||||
ret = ERROR_OpenSslSha256Init;
|
||||
HMAC_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = do_openssl_HMACsha256(&ctx, data, data_size, temp_digest, &digest_size);
|
||||
HMAC_CTX_cleanup(&ctx);
|
||||
ret = do_openssl_HMACsha256(ctx, data, data_size, temp_digest, &digest_size);
|
||||
HMAC_CTX_free(ctx);
|
||||
|
||||
if (ret != ERROR_SUCCESS) {
|
||||
return ret;
|
||||
|
|
@ -159,14 +222,6 @@ namespace _srs_internal
|
|||
void SrsDH::close()
|
||||
{
|
||||
if (pdh != NULL) {
|
||||
if (pdh->p != NULL) {
|
||||
BN_free(pdh->p);
|
||||
pdh->p = NULL;
|
||||
}
|
||||
if (pdh->g != NULL) {
|
||||
BN_free(pdh->g);
|
||||
pdh->g = NULL;
|
||||
}
|
||||
DH_free(pdh);
|
||||
pdh = NULL;
|
||||
}
|
||||
|
|
@ -182,7 +237,9 @@ namespace _srs_internal
|
|||
}
|
||||
|
||||
if (ensure_128bytes_public_key) {
|
||||
int32_t key_size = BN_num_bytes(pdh->pub_key);
|
||||
const BIGNUM *pub_key = NULL;
|
||||
DH_get0_key(pdh, &pub_key, NULL);
|
||||
int32_t key_size = BN_num_bytes(pub_key);
|
||||
if (key_size != 128) {
|
||||
srs_warn("regenerate 128B key, current=%dB", key_size);
|
||||
continue;
|
||||
|
|
@ -201,13 +258,15 @@ namespace _srs_internal
|
|||
|
||||
// copy public key to bytes.
|
||||
// sometimes, the key_size is 127, seems ok.
|
||||
int32_t key_size = BN_num_bytes(pdh->pub_key);
|
||||
const BIGNUM *pub_key = NULL;
|
||||
DH_get0_key(pdh, &pub_key, NULL);
|
||||
int32_t key_size = BN_num_bytes(pub_key);
|
||||
srs_assert(key_size > 0);
|
||||
|
||||
// maybe the key_size is 127, but dh will write all 128bytes pkey,
|
||||
// so, donot need to set/initialize the pkey.
|
||||
// @see https://github.com/ossrs/srs/issues/165
|
||||
key_size = BN_bn2bin(pdh->pub_key, (unsigned char*)pkey);
|
||||
key_size = BN_bn2bin(pub_key, (unsigned char*)pkey);
|
||||
srs_assert(key_size > 0);
|
||||
|
||||
// output the size of public key.
|
||||
|
|
@ -266,28 +325,31 @@ namespace _srs_internal
|
|||
}
|
||||
|
||||
//2. Create his internal p and g
|
||||
if ((pdh->p = BN_new()) == NULL) {
|
||||
BIGNUM *p, *g;
|
||||
if ((p = BN_new()) == NULL) {
|
||||
ret = ERROR_OpenSslCreateP;
|
||||
return ret;
|
||||
}
|
||||
if ((pdh->g = BN_new()) == NULL) {
|
||||
if ((g = BN_new()) == NULL) {
|
||||
ret = ERROR_OpenSslCreateG;
|
||||
BN_free(p);
|
||||
return ret;
|
||||
}
|
||||
|
||||
DH_set0_pqg(pdh, p, NULL, g);
|
||||
|
||||
//3. initialize p and g, @see ./test/ectest.c:260
|
||||
if (!BN_hex2bn(&pdh->p, RFC2409_PRIME_1024)) {
|
||||
if (!BN_hex2bn(&p, RFC2409_PRIME_1024)) {
|
||||
ret = ERROR_OpenSslParseP1024;
|
||||
return ret;
|
||||
}
|
||||
// @see ./test/bntest.c:1764
|
||||
if (!BN_set_word(pdh->g, 2)) {
|
||||
if (!BN_set_word(g, 2)) {
|
||||
ret = ERROR_OpenSslSetG;
|
||||
return ret;
|
||||
}
|
||||
|
||||
// 4. Set the key length
|
||||
pdh->length = bits_count;
|
||||
DH_set_length(pdh, bits_count);
|
||||
|
||||
// 5. Generate private and public key
|
||||
// @see ./test/dhtest.c:152
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue