Control: tags -1 + patch
The attached patch fixes the build with openssl 1.1 in sid.
Two points for review:
* The memory debug looks wrong anyway; the functions afaik only make
things worse unless you call the right function at shutdown, which
is commented out in-tree as it is right now. I sugest that removing
them entirely may be better. I've left the patch with partial
replacements.
* there doesn't seem to be any point to zeroing out flags in the dwrap
custom BIO (left commented out: bi->flags = 0;).
Many of the compile errors in the original log have been fixed by
openssl themselves, e.g. the locking callbacks are totally pointless
now, but have been left as noop macros so the code can continue to
compile.
Everything else is very non-controversial trivial API updates.
The tests pass, but I didn't actually try the built package.
Chris.
commit c6f905aacbbab4344958b9aea67dce106e01c419
Author: Chris West (Faux) <[email protected]>
Date: Mon Jul 31 16:54:06 2017 +0000
fix build on libssl-dev 1.1
diff --git a/resiprocate-1.11.0~beta5/debian/control b/resiprocate-1.11.0~beta5/debian/control
index 266b810..fe171a3 100644
--- a/resiprocate-1.11.0~beta5/debian/control
+++ b/resiprocate-1.11.0~beta5/debian/control
@@ -3,7 +3,7 @@ Section: libs
Priority: extra
Maintainer: Debian VoIP Team <[email protected]>
Uploaders: Daniel Pocock <[email protected]>
-Build-Depends: debhelper (>= 9.0.0), gperf, libasio-dev, libboost-dev, libc-ares-dev (>= 1.6.0), libdb++-dev, libpopt-dev, libssl1.0-dev (>= 1.0.0) | libssl-dev (<< 1.1), perl, default-libmysqlclient-dev, libpq-dev, libradcli-dev, libcppunit-dev, autotools-dev, libpcre3-dev, dpkg-dev (>= 1.16.1~), libsipxtapi-dev (>= 3.3.0~test15) [linux-any], libsrtp-dev [linux-any], libcajun-dev, python-cxx-dev, dh-autoreconf, pkg-config, libtelepathy-qt5-dev (>= 0.9.6.1), libgloox-dev (>= 1.0.17), vim-common, libqpid-proton-cpp-dev
+Build-Depends: debhelper (>= 9.0.0), gperf, libasio-dev, libboost-dev, libc-ares-dev (>= 1.6.0), libdb++-dev, libpopt-dev, libssl-dev, perl, default-libmysqlclient-dev, libpq-dev, libradcli-dev, libcppunit-dev, autotools-dev, libpcre3-dev, dpkg-dev (>= 1.16.1~), libsipxtapi-dev (>= 3.3.0~test15) [linux-any], libsrtp-dev [linux-any], libcajun-dev, python-cxx-dev, dh-autoreconf, pkg-config, libtelepathy-qt5-dev (>= 0.9.6.1), libgloox-dev (>= 1.0.17), vim-common, libqpid-proton-cpp-dev
Homepage: http://www.resiprocate.org/
Standards-Version: 3.9.8
Vcs-Git: git://anonscm.debian.org/pkg-voip/resiprocate.git
@@ -25,7 +25,7 @@ Description: reSIProcate SIP stack - shared libraries
Package: libresiprocate-1.11-dev
Section: libdevel
Architecture: any
-Depends: libresiprocate-1.11 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, libc-ares-dev, libssl1.0-dev | libssl-dev (<< 1.1), libradcli-dev
+Depends: libresiprocate-1.11 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, libc-ares-dev, libssl-dev, libradcli-dev
Provides: libresiprocate-dev
Conflicts: libresiprocate-dev, libresiprocate-1.8-dev
Replaces: libresiprocate-dev, libresiprocate-1.8-dev, repro (<< 1:1.11.0~beta1-2)
diff --git a/resiprocate-1.11.0~beta5/reTurn/AsyncTlsSocketBase.cxx b/resiprocate-1.11.0~beta5/reTurn/AsyncTlsSocketBase.cxx
index af45cec..1053f4e 100644
--- a/resiprocate-1.11.0~beta5/reTurn/AsyncTlsSocketBase.cxx
+++ b/resiprocate-1.11.0~beta5/reTurn/AsyncTlsSocketBase.cxx
@@ -231,9 +231,9 @@ AsyncTlsSocketBase::validateServerCertificateHostname()
ASN1_STRING* s = X509_NAME_ENTRY_get_data(entry);
resip_assert( s );
- int t = M_ASN1_STRING_type(s);
- int l = M_ASN1_STRING_length(s);
- unsigned char* d = M_ASN1_STRING_data(s);
+ int t = ASN1_STRING_type(s);
+ int l = ASN1_STRING_length(s);
+ unsigned char* d = ASN1_STRING_data(s);
resip::Data name(d,l);
DebugLog( << "got x509 string type=" << t << " len="<< l << " data=" << d );
resip_assert( name.size() == (unsigned)l );
diff --git a/resiprocate-1.11.0~beta5/reTurn/client/TurnTlsSocket.cxx b/resiprocate-1.11.0~beta5/reTurn/client/TurnTlsSocket.cxx
index a84d0ba..3103096 100644
--- a/resiprocate-1.11.0~beta5/reTurn/client/TurnTlsSocket.cxx
+++ b/resiprocate-1.11.0~beta5/reTurn/client/TurnTlsSocket.cxx
@@ -176,9 +176,9 @@ TurnTlsSocket::validateServerCertificateHostname(const std::string& hostname)
ASN1_STRING* s = X509_NAME_ENTRY_get_data(entry);
resip_assert( s );
- int t = M_ASN1_STRING_type(s);
- int l = M_ASN1_STRING_length(s);
- unsigned char* d = M_ASN1_STRING_data(s);
+ int t = ASN1_STRING_type(s);
+ int l = ASN1_STRING_length(s);
+ unsigned char* d = ASN1_STRING_data(s);
resip::Data name(d,l);
DebugLog( << "got x509 string type=" << t << " len="<< l << " data=" << d );
resip_assert( name.size() == (unsigned)l );
diff --git a/resiprocate-1.11.0~beta5/reflow/dtls_wrapper/bf_dwrap.c b/resiprocate-1.11.0~beta5/reflow/dtls_wrapper/bf_dwrap.c
index 42b1e7d..7bcad1f 100644
--- a/resiprocate-1.11.0~beta5/reflow/dtls_wrapper/bf_dwrap.c
+++ b/resiprocate-1.11.0~beta5/reflow/dtls_wrapper/bf_dwrap.c
@@ -21,20 +21,6 @@ static int dwrap_gets(BIO *b, char *buf, int size);
static long dwrap_ctrl(BIO *b, int cmd, long num, void *ptr);
static long dwrap_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
-static BIO_METHOD methods_dwrap=
-{
- BIO_TYPE_DWRAP,
- "dtls_wrapper",
- dwrap_write,
- dwrap_read,
- dwrap_puts,
- dwrap_gets,
- dwrap_ctrl,
- dwrap_new,
- dwrap_free,
- dwrap_callback_ctrl
-};
-
typedef struct BIO_F_DWRAP_CTX_
{
int dgram_timer_exp;
@@ -43,19 +29,28 @@ typedef struct BIO_F_DWRAP_CTX_
BIO_METHOD *BIO_f_dwrap(void)
{
- return(&methods_dwrap);
+ BIO_METHOD *meth = BIO_meth_new(BIO_TYPE_DWRAP, "dtls_wrapper");
+ BIO_meth_set_write(meth, dwrap_write);
+ BIO_meth_set_read(meth, dwrap_read);
+ BIO_meth_set_puts(meth, dwrap_puts);
+ BIO_meth_set_gets(meth, dwrap_gets);
+ BIO_meth_set_ctrl(meth, dwrap_ctrl);
+ BIO_meth_set_create(meth, dwrap_new);
+ BIO_meth_set_destroy(meth, dwrap_free);
+ BIO_meth_set_callback_ctrl(meth, dwrap_callback_ctrl);
+ return meth;
}
static int dwrap_new(BIO *bi)
{
- BIO_F_DWRAP_CTX *ctx=OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
+ BIO_F_DWRAP_CTX *ctx=OPENSSL_malloc(sizeof(BIO_F_DWRAP_CTX));
if(!ctx) return(0);
- memset(ctx,0,sizeof(BIO_F_BUFFER_CTX));
+ memset(ctx,0,sizeof(BIO_F_DWRAP_CTX));
- bi->init=1;
- bi->ptr=(char *)ctx;
- bi->flags=0;
+ BIO_set_init(bi, 1);
+ BIO_set_data(bi, ctx);
+ // bi->flags=0;
return 1;
}
@@ -76,7 +71,7 @@ static int dwrap_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b);
- ret=BIO_read(b->next_bio,out,outl);
+ ret=BIO_read(BIO_next(b),out,outl);
if(ret<=0)
BIO_copy_next_retry(b);
@@ -88,7 +83,7 @@ static int dwrap_write(BIO *b, const char *in, int inl)
{
if(!b || !in || (inl<=0)) return 0;
- return BIO_write(b->next_bio,in,inl);
+ return BIO_write(BIO_next(b),in,inl);
}
static int dwrap_puts(BIO *b, const char *in)
@@ -110,7 +105,7 @@ static long dwrap_ctrl(BIO *b, int cmd, long num, void *ptr)
long ret;
BIO_F_DWRAP_CTX *ctx;
- ctx=b->ptr;
+ ctx=BIO_get_data(b);
switch(cmd){
case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
@@ -128,7 +123,7 @@ static long dwrap_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=1;
break;
default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ ret=BIO_ctrl(BIO_next(b),cmd,num,ptr);
break;
}
@@ -139,7 +134,7 @@ static long dwrap_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
{
long ret;
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+ ret=BIO_callback_ctrl(BIO_next(b),cmd,fp);
return ret;
}
diff --git a/resiprocate-1.11.0~beta5/resip/stack/ssl/DtlsTransport.cxx b/resiprocate-1.11.0~beta5/resip/stack/ssl/DtlsTransport.cxx
index 62cb9d0..8e1a4e7 100644
--- a/resiprocate-1.11.0~beta5/resip/stack/ssl/DtlsTransport.cxx
+++ b/resiprocate-1.11.0~beta5/resip/stack/ssl/DtlsTransport.cxx
@@ -227,14 +227,13 @@ DtlsTransport::_read( FdSet& fdset )
rbio = BIO_new_mem_buf( buffer, len ) ;
BIO_set_mem_eof_return( rbio, -1 ) ;
- ssl->rbio = rbio ;
+ SSL_set0_rbio(ssl, rbio) ;
len = SSL_read( ssl, pt, UdpTransport::MaxBufferSize ) ;
int err = SSL_get_error( ssl, len ) ;
/* done with the rbio */
- BIO_free( ssl->rbio ) ;
- ssl->rbio = mDummyBio ;
+ SSL_set0_rbio( ssl, mDummyBio ) ;
delete [] buffer ;
buffer = 0 ;
@@ -696,7 +695,7 @@ DtlsTransport::_cleanupConnectionState( SSL *ssl, struct sockaddr_in peer )
* SSL_free decrements the ref-count for mDummyBio by 1, so
* add 1 to the ref-count to make sure it does not get free'd
*/
- CRYPTO_add(&mDummyBio->references, 1, CRYPTO_LOCK_BIO);
+ BIO_up_ref(mDummyBio);
SSL_shutdown(ssl);
SSL_free(ssl) ;
mDtlsConnections.erase(peer) ;
diff --git a/resiprocate-1.11.0~beta5/resip/stack/ssl/Security.cxx b/resiprocate-1.11.0~beta5/resip/stack/ssl/Security.cxx
index c2efb56..23ca59d 100644
--- a/resiprocate-1.11.0~beta5/resip/stack/ssl/Security.cxx
+++ b/resiprocate-1.11.0~beta5/resip/stack/ssl/Security.cxx
@@ -115,7 +115,7 @@ verifyCallback(int iInCode, X509_STORE_CTX *pInStore)
snprintf(cBuf2, 500, ", depth=%d %s\n", iDepth, cBuf1);
if(!iInCode)
{
- ErrLog(<< "Error when verifying peer's chain of certificates: " << X509_verify_cert_error_string(pInStore->error) << cBuf2 );
+ ErrLog(<< "Error when verifying peer's chain of certificates: " << X509_verify_cert_error_string(X509_STORE_CTX_get_error(pInStore)) << cBuf2 );
DebugLog(<<"additional validation checks may have failed but only one is ever logged - please check peer certificate carefully");
}
@@ -1815,16 +1815,16 @@ BaseSecurity::computeIdentity( const Data& signerDomain, const Data& in ) const
EVP_PKEY* pKey = k->second;
resip_assert( pKey );
-
- if ( pKey->type != EVP_PKEY_RSA )
+
+ RSA* rsa = EVP_PKEY_get1_RSA(pKey);
+
+ if ( !rsa )
{
- ErrLog( << "Private key (type=" << pKey->type <<"for "
+ ErrLog( << "Private key for "
<< signerDomain << " is not of type RSA" );
throw Exception("No RSA private key when computing identity",__FILE__,__LINE__);
}
- resip_assert( pKey->type == EVP_PKEY_RSA );
- RSA* rsa = EVP_PKEY_get1_RSA(pKey);
unsigned char result[4096];
int resultSize = sizeof(result);
@@ -1920,8 +1920,8 @@ BaseSecurity::checkIdentity( const Data& signerDomain, const Data& in, const Dat
EVP_PKEY* pKey = X509_get_pubkey( cert );
resip_assert( pKey );
- resip_assert( pKey->type == EVP_PKEY_RSA );
RSA* rsa = EVP_PKEY_get1_RSA(pKey);
+ resip_assert( rsa );
#if 1
int ret = RSA_verify(NID_sha256, (unsigned char *)hashRes.data(),
@@ -2620,9 +2620,9 @@ BaseSecurity::getCertNames(X509 *cert, std::list<PeerName> &peerNames,
ASN1_STRING* s = X509_NAME_ENTRY_get_data(entry);
resip_assert( s );
- int t = M_ASN1_STRING_type(s);
- int l = M_ASN1_STRING_length(s);
- unsigned char* d = M_ASN1_STRING_data(s);
+ int t = ASN1_STRING_type(s);
+ int l = ASN1_STRING_length(s);
+ unsigned char* d = ASN1_STRING_data(s);
Data name(d,l);
DebugLog( << "got x509 string type=" << t << " len="<< l << " data=" << d );
resip_assert( name.size() == (unsigned)l );
@@ -2964,7 +2964,7 @@ BaseSecurity::matchHostNameWithWildcards(const Data& certificateName, const Data
bool
BaseSecurity::isSelfSigned(const X509 *cert)
{
- int iRet = X509_NAME_cmp(cert->cert_info->issuer, cert->cert_info->subject);
+ int iRet = X509_NAME_cmp(X509_get_issuer_name(cert), X509_get_subject_name(cert));
return (iRet == 0);
}
diff --git a/resiprocate-1.11.0~beta5/resip/stack/test/testSecurity.cxx b/resiprocate-1.11.0~beta5/resip/stack/test/testSecurity.cxx
index 7db6d44..161d661 100644
--- a/resiprocate-1.11.0~beta5/resip/stack/test/testSecurity.cxx
+++ b/resiprocate-1.11.0~beta5/resip/stack/test/testSecurity.cxx
@@ -69,11 +69,11 @@ class HashThread : public ThreadIf
if( 0 == pDigest)
return;
- EVP_MD_CTX cCtx;
- EVP_DigestInit(&cCtx, pDigest);
- EVP_DigestUpdate(&cCtx, pBuf, strlen(pBuf));
- EVP_DigestFinal(&cCtx, MD5_digest, &iDigest);
- EVP_MD_CTX_cleanup(&cCtx);
+ EVP_MD_CTX *cCtx = EVP_MD_CTX_new();
+ EVP_DigestInit(cCtx, pDigest);
+ EVP_DigestUpdate(cCtx, pBuf, strlen(pBuf));
+ EVP_DigestFinal(cCtx, MD5_digest, &iDigest);
+ EVP_MD_CTX_free(cCtx);
// cout << "Your digest is: " << MD5_digest << endl;
#else
diff --git a/resiprocate-1.11.0~beta5/rutil/ssl/OpenSSLInit.cxx b/resiprocate-1.11.0~beta5/rutil/ssl/OpenSSLInit.cxx
index 59ae360..310666b 100644
--- a/resiprocate-1.11.0~beta5/rutil/ssl/OpenSSLInit.cxx
+++ b/resiprocate-1.11.0~beta5/rutil/ssl/OpenSSLInit.cxx
@@ -66,8 +66,7 @@ OpenSSLInit::OpenSSLInit()
CRYPTO_set_dynlock_lock_callback(::resip_OpenSSLInit_dynLockFunction);
#endif
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
SSL_library_init();
