LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15807 Commits
1 Branch
46 MiB
Tree: b95f19207e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b95f19207e'
${ noResults }
openwrt-packages-dist/multimedia/crtmpserver/patches/090-openssl-1.1-compat.patch

494 lines
14 KiB
Raw Normal View History

crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
crtmpserver: add compatibility with openssl 1.1 Patched to compile with openssl 1.1, and also added -std=gnu++03 to allow compilation with gcc 7. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
crtmpserver: Update to official git repo The previous source location was an SVN mirror from long ago. This one is from the author himself. Reduced overall patch count. A lot of them are no longer necessary. Switched back to libstdcpp as the necessary uclibc++ changes are not being merged. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
 
  1. --- a/sources/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h

  2. +++ b/sources/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h

  3. @@ -30,7 +30,7 @@ namespace app_applestreamingclient {

  4.  	private:
  5.  		IOBuffer _tempBuffer;
  6.  		IOBuffer _inputBuffer;
  7. -		EVP_CIPHER_CTX _decContex;

  8. +		EVP_CIPHER_CTX *_decContex;

  9.  		bool _lastChunk;
  10.  		uint8_t *_pIV;
  11.  		uint8_t *_pKey;
  12. --- a/sources/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp

  13. +++ b/sources/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp

  14. @@ -31,13 +31,12 @@ InboundAESProtocol::InboundAESProtocol()

  15.  	memset(_pIV, 0, 16);
  16.  	_pKey = new uint8_t[16];
  17.  	memset(_pKey, 0, 16);
  18. -	memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));

  19. +	_decContex = EVP_CIPHER_CTX_new();

  20.  	_totalDecrypted = 0;
  21.  }
  22.  
  23.  InboundAESProtocol::~InboundAESProtocol() {
  24. -	EVP_CIPHER_CTX_cleanup(&_decContex);

  25. -	memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));

  26. +	EVP_CIPHER_CTX_free(_decContex);

  27.  	delete[] _pIV;
  28.  	delete[] _pKey;
  29.  }
  30. @@ -60,11 +59,9 @@ bool InboundAESProtocol::Initialize(Variant &parameters) {

  31.  	_inputBuffer.IgnoreAll();
  32.  	_tempBuffer.IgnoreAll();
  33.  
  34. -	EVP_CIPHER_CTX_cleanup(&_decContex);

  35. -	memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));

  36. -	EVP_CIPHER_CTX_init(&_decContex);

  37. -	EVP_DecryptInit_ex(&_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV);

  38. -	EVP_CIPHER_CTX_set_padding(&_decContex, 0);

  39. +	EVP_CIPHER_CTX_reset(_decContex);

  40. +	EVP_DecryptInit_ex(_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV);

  41. +	EVP_CIPHER_CTX_set_padding(_decContex, 0);

  42.  
  43.  	return true;
  44.  }
  45. @@ -105,14 +102,14 @@ bool InboundAESProtocol::SignalInputData(IOBuffer &buffer) {

  46.  	int decryptedFinalSize = 0;
  47.  	uint32_t padding = 0;
  48.  
  49. -	EVP_DecryptUpdate(&_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize);

  50. +	EVP_DecryptUpdate(_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize);

  51.  	_totalDecrypted += decryptedSize;
  52.  
  53.  	//6. Decrypt leftovers
  54.  	bool transferCompleted = false;
  55.  	if (((HTTPBufferProtocol *) GetFarProtocol())->TransferCompleted()) {
  56.  		transferCompleted = true;
  57. -		EVP_DecryptFinal_ex(&_decContex,

  58. +		EVP_DecryptFinal_ex(_decContex,

  59.  				pTempData + decryptedSize,
  60.  				&decryptedFinalSize);
  61.  		_totalDecrypted += decryptedFinalSize;
  62. --- a/sources/common/include/utils/misc/crypto.h

  63. +++ b/sources/common/include/utils/misc/crypto.h

  64. @@ -33,6 +33,7 @@

  65.  #include <openssl/aes.h>
  66.  #include <openssl/engine.h>
  67.  #include <openssl/conf.h>
  68. +#include "utils/misc/libcrypto-compat.h"

  69.  
  70.  /*!
  71.  	@class DHWrapper
  72. @@ -83,7 +84,7 @@ public:

  73.  	bool CopySharedKey(uint8_t *pDst, int32_t dstLength);
  74.  private:
  75.  	void Cleanup();
  76. -	bool CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength);

  77. +	bool CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength);

  78.  };
  79.  
  80.  DLLEXP void InitRC4Encryption(uint8_t *secretKey, uint8_t *pubKeyIn, uint8_t *pubKeyOut,
  81. --- /dev/null

  82. +++ b/sources/common/include/utils/misc/libcrypto-compat.h

  83. @@ -0,0 +1,26 @@

  84. +#ifndef LIBCRYPTO_COMPAT_H

  85. +#define LIBCRYPTO_COMPAT_H

  86. +

  87. +#include <openssl/opensslv.h>

  88. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  89. +

  90. +#include <openssl/bn.h>

  91. +#include <openssl/dh.h>

  92. +#include <openssl/evp.h>

  93. +#include <openssl/hmac.h>

  94. +

  95. +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);

  96. +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);

  97. +int DH_set_length(DH *dh, long length);

  98. +

  99. +EVP_MD_CTX *EVP_MD_CTX_new(void);

  100. +void EVP_MD_CTX_free(EVP_MD_CTX *ctx);

  101. +#define EVP_MD_CTX_reset EVP_MD_CTX_cleanup

  102. +

  103. +HMAC_CTX *HMAC_CTX_new(void);

  104. +void HMAC_CTX_free(HMAC_CTX *ctx);

  105. +#define HMAC_CTX_reset HMAC_CTX_cleanup

  106. +

  107. +#endif /* OPENSSL_VERSION_NUMBER */

  108. +

  109. +#endif /* LIBCRYPTO_COMPAT_H */

  110. --- a/sources/common/src/utils/misc/crypto.cpp

  111. +++ b/sources/common/src/utils/misc/crypto.cpp

  112. @@ -35,6 +35,7 @@ DHWrapper::~DHWrapper() {

  113.  }
  114.  
  115.  bool DHWrapper::Initialize() {
  116. +	BIGNUM *p = NULL, *g = NULL;

  117.  	Cleanup();
  118.  
  119.  	//1. Create the DH
  120. @@ -46,42 +47,53 @@ bool DHWrapper::Initialize() {

  121.  	}
  122.  
  123.  	//2. Create his internal p and g
  124. -	_pDH->p = BN_new();

  125. -	if (_pDH->p == NULL) {

  126. +	p = BN_new();

  127. +	if (p == NULL) {

  128.  		FATAL("Unable to create p");
  129. -		Cleanup();

  130. -		return false;

  131. +		goto return_error;

  132.  	}
  133. -	_pDH->g = BN_new();

  134. -	if (_pDH->g == NULL) {

  135. +	g = BN_new();

  136. +	if (g == NULL) {

  137.  		FATAL("Unable to create g");
  138. -		Cleanup();

  139. -		return false;

  140. +		goto return_error;

  141.  	}
  142.  
  143.  	//3. initialize p, g and key length
  144. -	if (BN_hex2bn(&_pDH->p, P1024) == 0) {

  145. +	if (BN_hex2bn(&p, P1024) == 0) {

  146.  		FATAL("Unable to parse P1024");
  147. -		Cleanup();

  148. -		return false;

  149. +		goto return_error;

  150.  	}
  151. -	if (BN_set_word(_pDH->g, 2) != 1) {

  152. +	if (BN_set_word(g, 2) != 1) {

  153.  		FATAL("Unable to set g");
  154. -		Cleanup();

  155. -		return false;

  156. +		goto return_error;

  157. +	}

  158. +

  159. +	//4. Set internal p and g

  160. +	if (DH_set0_pqg(_pDH, p, NULL, g) != 1) {

  161. +		FATAL("Unable to set internal p and g");

  162. +		goto return_error;

  163.  	}
  164. +	p = g = NULL;

  165.  
  166. -	//4. Set the key length

  167. -	_pDH->length = _bitsCount;

  168. +	//5. Set the key length

  169. +	if (DH_set_length(_pDH, _bitsCount) != 1) {

  170. +		FATAL("Unable to set length");

  171. +		goto return_error;

  172. +	}

  173.  
  174. -	//5. Generate private and public key

  175. +	//6. Generate private and public key

  176.  	if (DH_generate_key(_pDH) != 1) {
  177.  		FATAL("Unable to generate DH public/private keys");
  178. -		Cleanup();

  179. -		return false;

  180. +		goto return_error;

  181.  	}
  182.  
  183.  	return true;
  184. +

  185. +return_error:

  186. +	if (p != NULL) BN_free(p);

  187. +	if (g != NULL) BN_free(g);

  188. +	Cleanup();

  189. +	return false;

  190.  }
  191.  
  192.  bool DHWrapper::CopyPublicKey(uint8_t *pDst, int32_t dstLength) {
  193. @@ -90,7 +102,9 @@ bool DHWrapper::CopyPublicKey(uint8_t *pDst, int32_t dstLength) {

  194.  		return false;
  195.  	}
  196.  
  197. -	return CopyKey(_pDH->pub_key, pDst, dstLength);

  198. +	const BIGNUM *pub_key;

  199. +	DH_get0_key(_pDH, &pub_key, NULL);

  200. +	return CopyKey(pub_key, pDst, dstLength);

  201.  }
  202.  
  203.  bool DHWrapper::CopyPrivateKey(uint8_t *pDst, int32_t dstLength) {
  204. @@ -99,7 +113,9 @@ bool DHWrapper::CopyPrivateKey(uint8_t *pDst, int32_t dstLength) {

  205.  		return false;
  206.  	}
  207.  
  208. -	return CopyKey(_pDH->priv_key, pDst, dstLength);

  209. +	const BIGNUM *priv_key;

  210. +	DH_get0_key(_pDH, NULL, &priv_key);

  211. +	return CopyKey(priv_key, pDst, dstLength);

  212.  }
  213.  
  214.  bool DHWrapper::CreateSharedKey(uint8_t *pPeerPublicKey, int32_t length) {
  215. @@ -153,14 +169,6 @@ bool DHWrapper::CopySharedKey(uint8_t *pDst, int32_t dstLength) {

  216.  
  217.  void DHWrapper::Cleanup() {
  218.  	if (_pDH != NULL) {
  219. -		if (_pDH->p != NULL) {

  220. -			BN_free(_pDH->p);

  221. -			_pDH->p = NULL;

  222. -		}

  223. -		if (_pDH->g != NULL) {

  224. -			BN_free(_pDH->g);

  225. -			_pDH->g = NULL;

  226. -		}

  227.  		DH_free(_pDH);
  228.  		_pDH = NULL;
  229.  	}
  230. @@ -177,7 +185,7 @@ void DHWrapper::Cleanup() {

  231.  	}
  232.  }
  233.  
  234. -bool DHWrapper::CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) {

  235. +bool DHWrapper::CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) {

  236.  	int32_t keySize = BN_num_bytes(pNum);
  237.  	if ((keySize <= 0) || (dstLength <= 0) || (keySize > dstLength)) {
  238.  		FATAL("CopyPublicKey failed due to either invalid DH state or invalid call");
  239. @@ -197,20 +205,21 @@ void InitRC4Encryption(uint8_t *secretKey, uint8_t *pubKeyIn, uint8_t *pubKeyOut

  240.  	uint8_t digest[SHA256_DIGEST_LENGTH];
  241.  	unsigned int digestLen = 0;
  242.  
  243. -	HMAC_CTX ctx;

  244. -	HMAC_CTX_init(&ctx);

  245. -	HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);

  246. -	HMAC_Update(&ctx, pubKeyIn, 128);

  247. -	HMAC_Final(&ctx, digest, &digestLen);

  248. -	HMAC_CTX_cleanup(&ctx);

  249. +	HMAC_CTX *ctx;

  250. +	ctx = HMAC_CTX_new();

  251. +	if (ctx == NULL)

  252. +		return;

  253. +	HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0);

  254. +	HMAC_Update(ctx, pubKeyIn, 128);

  255. +	HMAC_Final(ctx, digest, &digestLen);

  256. +	HMAC_CTX_reset(ctx);

  257.  
  258.  	RC4_set_key(rc4keyOut, 16, digest);
  259.  
  260. -	HMAC_CTX_init(&ctx);

  261. -	HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);

  262. -	HMAC_Update(&ctx, pubKeyOut, 128);

  263. -	HMAC_Final(&ctx, digest, &digestLen);

  264. -	HMAC_CTX_cleanup(&ctx);

  265. +	HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0);

  266. +	HMAC_Update(ctx, pubKeyOut, 128);

  267. +	HMAC_Final(ctx, digest, &digestLen);

  268. +	HMAC_CTX_free(ctx);

  269.  
  270.  	RC4_set_key(rc4keyIn, 16, digest);
  271.  }
  272. @@ -220,14 +229,17 @@ string md5(string source, bool textResult) {

  273.  }
  274.  
  275.  string md5(uint8_t *pBuffer, uint32_t length, bool textResult) {
  276. -	EVP_MD_CTX mdctx;

  277. +	EVP_MD_CTX *mdctx;

  278.  	unsigned char md_value[EVP_MAX_MD_SIZE];
  279.  	unsigned int md_len;
  280.  
  281. -	EVP_DigestInit(&mdctx, EVP_md5());

  282. -	EVP_DigestUpdate(&mdctx, pBuffer, length);

  283. -	EVP_DigestFinal_ex(&mdctx, md_value, &md_len);

  284. -	EVP_MD_CTX_cleanup(&mdctx);

  285. +	mdctx = EVP_MD_CTX_new();

  286. +	if (mdctx == NULL)

  287. +		return "";

  288. +	EVP_DigestInit(mdctx, EVP_md5());

  289. +	EVP_DigestUpdate(mdctx, pBuffer, length);

  290. +	EVP_DigestFinal_ex(mdctx, md_value, &md_len);

  291. +	EVP_MD_CTX_free(mdctx);

  292.  
  293.  	if (textResult) {
  294.  		string result = "";
  295. @@ -259,12 +271,12 @@ void HMACsha256(const void *pData, uint32_t dataLength,

  296.  		const void *pKey, uint32_t keyLength, void *pResult) {
  297.  	unsigned int digestLen;
  298.  
  299. -	HMAC_CTX ctx;

  300. -	HMAC_CTX_init(&ctx);

  301. -	HMAC_Init_ex(&ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL);

  302. -	HMAC_Update(&ctx, (unsigned char *) pData, dataLength);

  303. -	HMAC_Final(&ctx, (unsigned char *) pResult, &digestLen);

  304. -	HMAC_CTX_cleanup(&ctx);

  305. +	HMAC_CTX *ctx;

  306. +	ctx = HMAC_CTX_new();

  307. +	HMAC_Init_ex(ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL);

  308. +	HMAC_Update(ctx, (unsigned char *) pData, dataLength);

  309. +	HMAC_Final(ctx, (unsigned char *) pResult, &digestLen);

  310. +	HMAC_CTX_free(ctx);

  311.  
  312.  	o_assert(digestLen == 32);
  313.  }
  314. @@ -397,8 +409,8 @@ string unhex(const uint8_t *pBuffer, uint32_t length) {

  315.  }
  316.  
  317.  void CleanupSSL() {
  318. -#ifndef NO_SSL_ENGINE_CLEANUP

  319. -	ERR_remove_state(0);

  320. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  321. +	ERR_remove_thread_state(NULL);

  322.  	ENGINE_cleanup();
  323.  	CONF_modules_unload(1);
  324.  	ERR_free_strings();
  325. --- /dev/null

  326. +++ b/sources/common/src/utils/misc/libcrypto-compat.cpp

  327. @@ -0,0 +1,90 @@

  328. +/*

  329. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

  330. + *

  331. + * Licensed under the OpenSSL license (the "License").  You may not use

  332. + * this file except in compliance with the License.  You can obtain a copy

  333. + * in the file LICENSE in the source distribution or at

  334. + * https://www.openssl.org/source/license.html

  335. + */

  336. +

  337. +#include "utils/misc/libcrypto-compat.h"

  338. +

  339. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  340. +

  341. +#include <string.h>

  342. +

  343. +static void *OPENSSL_zalloc(size_t num)

  344. +{

  345. +    void *ret = OPENSSL_malloc(num);

  346. +

  347. +    if (ret != NULL)

  348. +        memset(ret, 0, num);

  349. +    return ret;

  350. +}

  351. +

  352. +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)

  353. +{

  354. +    /* If the fields p and g in d are NULL, the corresponding input

  355. +     * parameters MUST be non-NULL.  q may remain NULL.

  356. +     */

  357. +    if ((dh->p == NULL && p == NULL)

  358. +        || (dh->g == NULL && g == NULL))

  359. +        return 0;

  360. +

  361. +    if (p != NULL) {

  362. +        BN_free(dh->p);

  363. +        dh->p = p;

  364. +    }

  365. +    if (q != NULL) {

  366. +        BN_free(dh->q);

  367. +        dh->q = q;

  368. +    }

  369. +    if (g != NULL) {

  370. +        BN_free(dh->g);

  371. +        dh->g = g;

  372. +    }

  373. +

  374. +    if (q != NULL) {

  375. +        dh->length = BN_num_bits(q);

  376. +    }

  377. +

  378. +    return 1;

  379. +}

  380. +

  381. +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)

  382. +{

  383. +    if (pub_key != NULL)

  384. +        *pub_key = dh->pub_key;

  385. +    if (priv_key != NULL)

  386. +        *priv_key = dh->priv_key;

  387. +}

  388. +

  389. +int DH_set_length(DH *dh, long length)

  390. +{

  391. +    dh->length = length;

  392. +    return 1;

  393. +}

  394. +

  395. +EVP_MD_CTX *EVP_MD_CTX_new(void)

  396. +{

  397. +    return (EVP_MD_CTX *)OPENSSL_zalloc(sizeof(EVP_MD_CTX));

  398. +}

  399. +

  400. +void EVP_MD_CTX_free(EVP_MD_CTX *ctx)

  401. +{

  402. +    EVP_MD_CTX_cleanup(ctx);

  403. +    OPENSSL_free(ctx);

  404. +}

  405. +

  406. +HMAC_CTX *HMAC_CTX_new(void)

  407. +{

  408. +    return (HMAC_CTX *)OPENSSL_zalloc(sizeof(HMAC_CTX));

  409. +}

  410. +

  411. +void HMAC_CTX_free(HMAC_CTX *ctx)

  412. +{

  413. +    HMAC_CTX_cleanup(ctx);

  414. +    OPENSSL_free(ctx);

  415. +}

  416. +

  417. +#endif /* OPENSSL_VERSION_NUMBER */

  418. --- a/sources/thelib/src/protocols/ssl/basesslprotocol.cpp

  419. +++ b/sources/thelib/src/protocols/ssl/basesslprotocol.cpp

  420. @@ -43,6 +43,7 @@ BaseSSLProtocol::~BaseSSLProtocol() {

  421.  bool BaseSSLProtocol::Initialize(Variant &parameters) {
  422.  	//1. Initialize the SSL library
  423.  	if (!_libraryInitialized) {
  424. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  425.  		//3. This is the first time we use the library. So we have to
  426.  		//initialize it first
  427.  		SSL_library_init();
  428. @@ -55,6 +56,7 @@ bool BaseSSLProtocol::Initialize(Variant &parameters) {

  429.  		OpenSSL_add_all_algorithms();
  430.  		OpenSSL_add_all_ciphers();
  431.  		OpenSSL_add_all_digests();
  432. +#endif

  433.  
  434.  		//initialize the random numbers generator
  435.  		InitRandGenerator();
  436. @@ -211,6 +213,7 @@ string BaseSSLProtocol::GetSSLErrors() {

  437.  
  438.  string BaseSSLProtocol::DumpBIO(BIO *pBIO) {
  439.  	string formatString;
  440. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  441.  	formatString = "method: %p\n";
  442.  	formatString += "callback: %p\n";
  443.  	formatString += "cb_arg: %p\n";
  444. @@ -240,6 +243,39 @@ string BaseSSLProtocol::DumpBIO(BIO *pBIO) {

  445.  			pBIO->references,
  446.  			(int64_t) pBIO->num_read,
  447.  			(int64_t) pBIO->num_write);
  448. +#else

  449. +// Some of these are problematic in openssl >= 1.1, since

  450. +// the BIO struct is opaque.

  451. +	formatString = "method: %s\n";

  452. +	formatString += "callback: %p\n";

  453. +	formatString += "cb_arg: %p\n";

  454. +	formatString += "init: %d\n";

  455. +	formatString += "shutdown: %d\n";

  456. +	formatString += "flags: %d\n";

  457. +	formatString += "retry_reason: %d\n";

  458. +	formatString += "num: %d\n";

  459. +	formatString += "ptr: %p\n";

  460. +	formatString += "next_bio: %p\n";

  461. +	formatString += "prev_bio: %s\n";

  462. +	formatString += "references: %s\n";

  463. +	formatString += "num_read: %"PRId64"\n";

  464. +	formatString += "num_write: %"PRId64;

  465. +	return format(STR(formatString),

  466. +			BIO_method_name(pBIO),

  467. +			BIO_get_callback(pBIO),

  468. +			BIO_get_callback_arg(pBIO),

  469. +			BIO_get_init(pBIO),

  470. +			BIO_get_shutdown(pBIO),

  471. +			BIO_get_flags(pBIO),

  472. +			BIO_get_retry_reason(pBIO),

  473. +			BIO_get_fd(pBIO, NULL),

  474. +			BIO_get_data(pBIO),

  475. +			BIO_next(pBIO),

  476. +			"unknown", //prev_bio

  477. +			"unknown", //references

  478. +			BIO_number_read(pBIO),

  479. +			BIO_number_written(pBIO));

  480. +#endif

  481.  }
  482.  
  483.  void BaseSSLProtocol::InitRandGenerator() {
  484. --- a/sources/thelib/src/protocols/ssl/outboundsslprotocol.cpp

  485. +++ b/sources/thelib/src/protocols/ssl/outboundsslprotocol.cpp

  486. @@ -33,7 +33,7 @@ bool OutboundSSLProtocol::InitGlobalContext(Variant &parameters) {

  487.  	_pGlobalSSLContext = _pGlobalContexts[hash];
  488.  	if (_pGlobalSSLContext == NULL) {
  489.  		//2. prepare the global ssl context
  490. -		_pGlobalSSLContext = SSL_CTX_new(TLSv1_method());

  491. +		_pGlobalSSLContext = SSL_CTX_new(SSLv23_method());

  492.  		if (_pGlobalSSLContext == NULL) {
  493.  			FATAL("Unable to create global SSL context");
  494.  			return false;