basic OpenSSL 1.1.0 support

src/apps/common/apputils.h

@@ -90,7 +90,7 @@ extern int IS_TURN_SERVER;
 
 #endif
 
-#if defined(TURN_NO_DTLS) || !defined(DTLS_CTRL_LISTEN)
+#if (defined(TURN_NO_DTLS) || !defined(DTLS_CTRL_LISTEN)) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
 
 	#define DTLS_SUPPORTED 0
 	#define DTLSv1_2_SUPPORTED 0

src/apps/relay/mainrelay.c

@@ -2096,7 +2096,8 @@ static char some_buffer[65536];
 static pthread_mutex_t mutex_buf[256];
 static int mutex_buf_initialized = 0;
 
-static void locking_function(int mode, int n, const char *file, int line) {
+void coturn_locking_function(int mode, int n, const char *file, int line);
+void coturn_locking_function(int mode, int n, const char *file, int line) {
   UNUSED_ARG(file);
   UNUSED_ARG(line);
   if(mutex_buf_initialized && (n < CRYPTO_num_locks())) {
@@ -2108,12 +2109,15 @@ static void locking_function(int mode, int n, const char *file, int line) {
 }
 
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-static void id_function(CRYPTO_THREADID *ctid)
+void coturn_id_function(CRYPTO_THREADID *ctid);
+void coturn_id_function(CRYPTO_THREADID *ctid)
 {
+	UNUSED_ARG(ctid);
     CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
 }
 #else
-static unsigned long id_function(void)
+unsigned long coturn_id_function(void);
+unsigned long coturn_id_function(void)
 {
     return (unsigned long)pthread_self();
 }
@@ -2136,12 +2140,12 @@ static int THREAD_setup(void) {
 	mutex_buf_initialized = 1;
 
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-	CRYPTO_THREADID_set_callback(id_function);
+	CRYPTO_THREADID_set_callback(coturn_id_function);
 #else
-	CRYPTO_set_id_callback(id_function);
+	CRYPTO_set_id_callback(coturn_id_function);
 #endif
 
-	CRYPTO_set_locking_callback(locking_function);
+	CRYPTO_set_locking_callback(coturn_locking_function);
 #endif
 
 	return 1;
@@ -2230,9 +2234,9 @@ static void adjust_key_file_names(void)
 	if(turn_params.dh_file[0])
 		adjust_key_file_name(turn_params.dh_file,"DH key",0);
 }
-
 static DH *get_dh566(void) {
 
+
 	unsigned char dh566_p[] = {
 					0x36,0x53,0xA8,0x9C,0x3C,0xF1,0xD1,0x1B,0x2D,0xA2,0x64,0xDE,
 					0x59,0x3B,0xE3,0x8C,0x27,0x74,0xC2,0xBE,0x9B,0x6D,0x56,0xE7,
@@ -2252,9 +2256,13 @@ static DH *get_dh566(void) {
 
 	if ((dh = DH_new()) == NULL )
 		return (NULL );
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL );
 	dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL );
 	if ((dh->p == NULL )|| (dh->g == NULL)){ DH_free(dh); return(NULL);}
+#else
+	DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL ), NULL, BN_bin2bn(dh566_g, sizeof(dh566_g), NULL ));
+#endif
 	return (dh);
 }
 
@@ -2286,9 +2294,13 @@ static DH *get_dh1066(void) {
 
 	if ((dh = DH_new()) == NULL )
 		return (NULL );
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL );
 	dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL );
 	if ((dh->p == NULL )|| (dh->g == NULL)){ DH_free(dh); return(NULL);}
+#else
+	DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL ), NULL, BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL ));
+#endif
 	return (dh);
 }
 
@@ -2333,9 +2345,13 @@ static DH *get_dh2066(void) {
 
 	if ((dh = DH_new()) == NULL )
 		return (NULL );
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL );
 	dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL );
 	if ((dh->p == NULL )|| (dh->g == NULL)){ DH_free(dh); return(NULL);}
+#else
+	DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL ), NULL, BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL ));
+#endif
 	return (dh);
 }
 
@@ -2494,7 +2510,9 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol)
 
 		if(set_auto_curve) {
 #if SSL_SESSION_ECDH_AUTO_SUPPORTED
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 			SSL_CTX_set_ecdh_auto(ctx,1);
+#endif
 #endif
 			set_auto_curve = 0;
 		}

src/apps/relay/ns_ioalib_engine_impl.c

@@ -1419,6 +1419,7 @@ static void ssl_info_callback(SSL *ssl, int where, int ret) {
     UNUSED_ARG(ssl);
     UNUSED_ARG(where);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
     if (0 != (where & SSL_CB_HANDSHAKE_START)) {
     	ioa_socket_handle s = (ioa_socket_handle)SSL_get_app_data(ssl);
@@ -1436,6 +1437,7 @@ static void ssl_info_callback(SSL *ssl, int where, int ret) {
     	}
     }
 #endif
+#endif
 }
 
 typedef void (*ssl_info_callback_t)(const SSL *ssl,int type,int val);
@@ -1856,7 +1858,11 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve
 	BIO* rbio = BIO_new_mem_buf(buffer, old_buffer_len);
 	BIO_set_mem_eof_return(rbio, -1);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ssl->rbio = rbio;
+#else
+	SSL_set0_rbio(ssl,rbio);
+#endif
 
 	int if1 = SSL_is_init_finished(ssl);
 
@@ -1949,7 +1955,11 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve
 	}
 
 	BIO_free(rbio);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ssl->rbio = NULL;
+#else
+	SSL_set0_rbio(ssl,NULL);
+#endif
 
 	return ret;
 }

src/client/ns_turn_msg.c

@@ -176,37 +176,63 @@ int stun_produce_integrity_key_str(u08bits *uname, u08bits *realm, u08bits *upwd
 	str[strl]=0;
 
 	if(shatype == SHATYPE_SHA256) {
-#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
 		unsigned int keylen = 0;
+#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		EVP_MD_CTX ctx;
 		EVP_DigestInit(&ctx,EVP_sha256());
 		EVP_DigestUpdate(&ctx,str,strl);
 		EVP_DigestFinal(&ctx,key,&keylen);
 		EVP_MD_CTX_cleanup(&ctx);
+#else
+		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+		EVP_DigestInit(ctx,EVP_sha256());
+		EVP_DigestUpdate(ctx,str,strl);
+		EVP_DigestFinal(ctx,key,&keylen);
+		EVP_MD_CTX_free(ctx);
+#endif
 #else
 		fprintf(stderr,"SHA256 is not supported\n");
 		return -1;
 #endif
 	} else if(shatype == SHATYPE_SHA384) {
 #if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		unsigned int keylen = 0;
 		EVP_MD_CTX ctx;
 		EVP_DigestInit(&ctx,EVP_sha384());
 		EVP_DigestUpdate(&ctx,str,strl);
 		EVP_DigestFinal(&ctx,key,&keylen);
 		EVP_MD_CTX_cleanup(&ctx);
+#else
+		unsigned int keylen = 0;
+		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+		EVP_DigestInit(ctx,EVP_sha384());
+		EVP_DigestUpdate(ctx,str,strl);
+		EVP_DigestFinal(ctx,key,&keylen);
+		EVP_MD_CTX_free(ctx);
+#endif
 #else
 		fprintf(stderr,"SHA384 is not supported\n");
 		return -1;
 #endif
 	} else if(shatype == SHATYPE_SHA512) {
 #if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		unsigned int keylen = 0;
 		EVP_MD_CTX ctx;
 		EVP_DigestInit(&ctx,EVP_sha512());
 		EVP_DigestUpdate(&ctx,str,strl);
 		EVP_DigestFinal(&ctx,key,&keylen);
 		EVP_MD_CTX_cleanup(&ctx);
+#else
+		unsigned int keylen = 0;
+		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+		EVP_DigestInit(ctx,EVP_sha512());
+		EVP_DigestUpdate(ctx,str,strl);
+		EVP_DigestFinal(ctx,key,&keylen);
+		EVP_MD_CTX_free(ctx);
+#endif
 #else
 		fprintf(stderr,"SHA512 is not supported\n");
 		return -1;
@@ -253,6 +279,7 @@ static void generate_enc_password(const char* pwd, char *result, const unsigned
 	result[3+PWD_SALT_SIZE+PWD_SALT_SIZE]='$';
 	unsigned char* out = (unsigned char*)(result+3+PWD_SALT_SIZE+PWD_SALT_SIZE+1);
 	{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		EVP_MD_CTX ctx;
 #if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
 		EVP_DigestInit(&ctx,EVP_sha256());
@@ -268,6 +295,23 @@ static void generate_enc_password(const char* pwd, char *result, const unsigned
 			readable_string(hash,out,keylen);
 		}
 		EVP_MD_CTX_cleanup(&ctx);
+#else
+		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
+		EVP_DigestInit(ctx,EVP_sha256());
+#else
+		EVP_DigestInit(ctx,EVP_sha1());
+#endif
+		EVP_DigestUpdate(ctx,salt,PWD_SALT_SIZE);
+		EVP_DigestUpdate(ctx,pwd,strlen(pwd));
+		{
+			unsigned char hash[129];
+			unsigned int keylen = 0;
+			EVP_DigestFinal(ctx,hash,&keylen);
+			readable_string(hash,out,keylen);
+		}
+		EVP_MD_CTX_free(ctx);
+#endif
 	}
 }
 
@@ -2400,21 +2444,26 @@ static int encode_oauth_token_gcm(const u08bits *server_name, encoded_oauth_toke
 		if(!cipher)
 			return -1;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		EVP_CIPHER_CTX ctx;
-		EVP_CIPHER_CTX_init(&ctx);
+		EVP_CIPHER_CTX *ctxp = &ctx;
+#else
+		EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new();
+#endif
+		EVP_CIPHER_CTX_init(ctxp);
 
 		/* Initialize the encryption operation. */
-		if(1 != EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
+		if(1 != EVP_EncryptInit_ex(ctxp, cipher, NULL, NULL, NULL))
 			return -1;
 
-		EVP_CIPHER_CTX_set_padding(&ctx,1);
+		EVP_CIPHER_CTX_set_padding(ctxp,1);
 
 		/* Set IV length if default 12 bytes (96 bits) is not appropriate */
-		if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, OAUTH_GCM_NONCE_SIZE, NULL))
+		if(1 != EVP_CIPHER_CTX_ctrl(ctxp, EVP_CTRL_GCM_SET_IVLEN, OAUTH_GCM_NONCE_SIZE, NULL))
 			return -1;
 
 		/* Initialize key and IV */
-		if(1 != EVP_EncryptInit_ex(&ctx, NULL, NULL, (const unsigned char *)key->as_rs_key, nonce))
+		if(1 != EVP_EncryptInit_ex(ctxp, NULL, NULL, (const unsigned char *)key->as_rs_key, nonce))
 			return -1;
 
 		int outl=0;
@@ -2423,7 +2472,7 @@ static int encode_oauth_token_gcm(const u08bits *server_name, encoded_oauth_toke
 		/* Provide any AAD data. This can be called zero or more times as
 		 * required
 		 */
-		if(1 != my_EVP_EncryptUpdate(&ctx, NULL, &outl, server_name, (int)sn_len))
+		if(1 != my_EVP_EncryptUpdate(ctxp, NULL, &outl, server_name, (int)sn_len))
 			return -1;
 
 		outl=0;
@@ -2433,19 +2482,23 @@ static int encode_oauth_token_gcm(const u08bits *server_name, encoded_oauth_toke
 		unsigned char *start_field = orig_field + OAUTH_GCM_NONCE_SIZE + 2;
 		len -= OAUTH_GCM_NONCE_SIZE + 2;
 
-		if(1 != my_EVP_EncryptUpdate(&ctx, encoded_field, &outl, start_field, (int)len))
+		if(1 != my_EVP_EncryptUpdate(ctxp, encoded_field, &outl, start_field, (int)len))
 			return -1;
 
 		int tmp_outl = 0;
-		EVP_EncryptFinal_ex(&ctx, encoded_field + outl, &tmp_outl);
+		EVP_EncryptFinal_ex(ctxp, encoded_field + outl, &tmp_outl);
 		outl += tmp_outl;
 
-		EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, OAUTH_GCM_TAG_SIZE, encoded_field + outl);
+		EVP_CIPHER_CTX_ctrl(ctxp, EVP_CTRL_GCM_GET_TAG, OAUTH_GCM_TAG_SIZE, encoded_field + outl);
 		outl += OAUTH_GCM_TAG_SIZE;
 
 		etoken->size = 2 + OAUTH_GCM_NONCE_SIZE + outl;
 
-		EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+		EVP_CIPHER_CTX_cleanup(ctxp);
+#else
+		EVP_CIPHER_CTX_free(ctxp);
+#endif
 
 		return 0;
 	}
@@ -2483,10 +2536,15 @@ static int decode_oauth_token_gcm(const u08bits *server_name, const encoded_oaut
 			return -1;
 		}
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+		EVP_CIPHER_CTX *ctxp = &ctx;
 		EVP_CIPHER_CTX ctx;
-		EVP_CIPHER_CTX_init(&ctx);
+#else
+		EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new();
+#endif
+		EVP_CIPHER_CTX_init(ctxp);
 		/* Initialize the decryption operation. */
-		if(1 != EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL)) {
+		if(1 != EVP_DecryptInit_ex(ctxp, cipher, NULL, NULL, NULL)) {
 			OAUTH_ERROR("%s: Cannot initialize decryption\n",__FUNCTION__);
 			return -1;
 		}
@@ -2494,20 +2552,20 @@ static int decode_oauth_token_gcm(const u08bits *server_name, const encoded_oaut
 		//EVP_CIPHER_CTX_set_padding(&ctx,1);
 
 		/* Set IV length if default 12 bytes (96 bits) is not appropriate */
-		if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, nonce_len, NULL)) {
+		if(1 != EVP_CIPHER_CTX_ctrl(ctxp, EVP_CTRL_GCM_SET_IVLEN, nonce_len, NULL)) {
 			OAUTH_ERROR("%s: Cannot set nonce length\n",__FUNCTION__);
 			return -1;
 		}
 
 		/* Initialize key and IV */
-		if(1 != EVP_DecryptInit_ex(&ctx, NULL, NULL, (const unsigned char *)key->as_rs_key, nonce)) {
+		if(1 != EVP_DecryptInit_ex(ctxp, NULL, NULL, (const unsigned char *)key->as_rs_key, nonce)) {
 			OAUTH_ERROR("%s: Cannot set nonce\n",__FUNCTION__);
 			return -1;
 		}
 
 		/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
 		  +         * required the tag before any AAD or ciphertext */
-		EVP_CIPHER_CTX_ctrl (&ctx, EVP_CTRL_GCM_SET_TAG, OAUTH_GCM_TAG_SIZE, tag);
+		EVP_CIPHER_CTX_ctrl (ctxp, EVP_CTRL_GCM_SET_TAG, OAUTH_GCM_TAG_SIZE, tag);
 
 		int outl=0;
 		size_t sn_len = strlen((const char*)server_name);
@@ -2515,24 +2573,32 @@ static int decode_oauth_token_gcm(const u08bits *server_name, const encoded_oaut
 		/* Provide any AAD data. This can be called zero or more times as
 		 * required
 		 */
-		if(1 != my_EVP_DecryptUpdate(&ctx, NULL, &outl, server_name, (int)sn_len)) {
+		if(1 != my_EVP_DecryptUpdate(ctxp, NULL, &outl, server_name, (int)sn_len)) {
 			OAUTH_ERROR("%s: Cannot decrypt update server_name: %s, len=%d\n",__FUNCTION__,server_name,(int)sn_len);
 			return -1;
 		}
-		if(1 != my_EVP_DecryptUpdate(&ctx, decoded_field, &outl, encoded_field, (int)encoded_field_size)) {
+		if(1 != my_EVP_DecryptUpdate(ctxp, decoded_field, &outl, encoded_field, (int)encoded_field_size)) {
 			OAUTH_ERROR("%s: Cannot decrypt update\n",__FUNCTION__);
 			return -1;
 		}
 
 		int tmp_outl = 0;
-		if(EVP_DecryptFinal_ex(&ctx, decoded_field + outl, &tmp_outl)<1) {
-			EVP_CIPHER_CTX_cleanup(&ctx);
+		if(EVP_DecryptFinal_ex(ctxp, decoded_field + outl, &tmp_outl)<1) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+			EVP_CIPHER_CTX_cleanup(ctxp);
+#else
+			EVP_CIPHER_CTX_free(ctxp);
+#endif
 			OAUTH_ERROR("%s: token integrity check failed\n",__FUNCTION__);
 			return -1;
 		}
 		outl += tmp_outl;
 
-		EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+			EVP_CIPHER_CTX_cleanup(ctxp);
+#else
+			EVP_CIPHER_CTX_free(ctxp);
+#endif
 
 		size_t len = 0;