diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 99ace59c3..0148ba86e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -10,7 +10,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ 'ubuntu:16.04', 'ubuntu:18.04', 'ubuntu:20.04', 'ubuntu:22.04' ] + os: [ 'ubuntu:18.04', 'ubuntu:20.04', 'ubuntu:22.04' ] runs-on: ubuntu-latest container: ${{ matrix.os }} steps: diff --git a/src/apps/common/apputils.h b/src/apps/common/apputils.h index 509033731..ed391a537 100644 --- a/src/apps/common/apputils.h +++ b/src/apps/common/apputils.h @@ -56,13 +56,7 @@ extern int IS_TURN_SERVER; /* ALPN */ -#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L) - -#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION #define ALPN_SUPPORTED 1 -#else -#define ALPN_SUPPORTED 0 -#endif /* TLS */ @@ -96,7 +90,7 @@ extern int IS_TURN_SERVER; #endif -#if defined(TURN_NO_DTLS) || (!defined(DTLS_CTRL_LISTEN) && (OPENSSL_VERSION_NUMBER < 0x10100000L)) +#if defined(TURN_NO_DTLS) #define DTLS_SUPPORTED 0 #define DTLSv1_2_SUPPORTED 0 @@ -113,11 +107,7 @@ extern int IS_TURN_SERVER; #endif -#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION #define SSL_SESSION_ECDH_AUTO_SUPPORTED 1 -#else -#define SSL_SESSION_ECDH_AUTO_SUPPORTED 0 -#endif /////////// SSL ////////////////////////// diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c index 615ff314a..35c4ca8b7 100644 --- a/src/apps/relay/dbdrivers/dbd_mysql.c +++ b/src/apps/relay/dbdrivers/dbd_mysql.c @@ -107,12 +107,8 @@ char *decryptPassword(char *in, const unsigned char *mykey) { init_ctr(&state, iv); memset(outdata, '\0', sizeof(outdata)); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L CRYPTO_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num, (block128_f)AES_encrypt); -#else - AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); -#endif strcat(last, (char *)outdata); out = (char *)malloc(sizeof(char) * strlen(last)); diff --git a/src/apps/relay/dtls_listener.c b/src/apps/relay/dtls_listener.c index 2847c8ca0..ffce0263c 100644 --- a/src/apps/relay/dtls_listener.c +++ b/src/apps/relay/dtls_listener.c @@ -201,12 +201,7 @@ static int generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie return 1; } -static int verify_cookie(SSL *ssl, -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - const -#endif - unsigned char *cookie, - unsigned int cookie_len) { +static int verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len) { unsigned int resultlength = 0; unsigned char result[COOKIE_SECRET_LENGTH]; @@ -284,14 +279,8 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty SSL_set_bio(connecting_ssl, NULL, wbio); SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS -#endif -#else #if defined(SSL_OP_NO_RENEGOTIATION) | SSL_OP_NO_RENEGOTIATION -#endif #endif ); SSL_set_max_cert_list(connecting_ssl, 655350); @@ -557,14 +546,8 @@ static int create_new_connected_udp_socket(dtls_listener_relay_server_type *serv SSL_set_bio(connecting_ssl, NULL, wbio); SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS -#endif -#else #if defined(SSL_OP_NO_RENEGOTIATION) | SSL_OP_NO_RENEGOTIATION -#endif #endif ); diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index cf370ec8a..e4856eb7f 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -40,10 +40,6 @@ #define MAX_TRIES 3 #endif -#if (!defined OPENSSL_VERSION_1_1_1) -#define OPENSSL_VERSION_1_1_1 0x10101000L -#endif - ////// TEMPORARY data ////////// static int use_lt_credentials = 0; @@ -1724,12 +1720,8 @@ void encrypt_aes_128(unsigned char *in, const unsigned char *mykey) { struct ctr_state state; init_ctr(&state, iv); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L CRYPTO_ctr128_encrypt(in, out, strlen((char *)in), &key, state.ivec, state.ecount, &state.num, (block128_f)AES_encrypt); -#else - AES_ctr128_encrypt(in, out, strlen((char *)in), &key, state.ivec, state.ecount, &state.num); -#endif totalSize += strlen((char *)in); size = strlen((char *)in); @@ -1821,12 +1813,8 @@ void decrypt_aes_128(char *in, const unsigned char *mykey) { init_ctr(&state, iv); memset(outdata, '\0', sizeof(outdata)); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L CRYPTO_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num, (block128_f)AES_encrypt); -#else - AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); -#endif strcat(last, (char *)outdata); printf("%s\n", last); @@ -3349,65 +3337,10 @@ int main(int argc, char **argv) { ////////// OpenSSL locking //////////////////////////////////////// #if defined(OPENSSL_THREADS) -#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 - -// array larger than anything that OpenSSL may need: -static TURN_MUTEX_DECLARE(mutex_buf[256]); -static int mutex_buf_initialized = 0; - -void coturn_locking_function(int mode, int n, const char *file, int line); -void coturn_locking_function(int mode, int n, const char *file, int line) { - UNUSED_ARG(file); - UNUSED_ARG(line); - if (mutex_buf_initialized && (n < CRYPTO_num_locks())) { - if (mode & CRYPTO_LOCK) { - TURN_MUTEX_LOCK(&(mutex_buf[n])); - } else { - TURN_MUTEX_UNLOCK(&(mutex_buf[n])); - } - } -} - -void coturn_id_function(CRYPTO_THREADID *ctid); -void coturn_id_function(CRYPTO_THREADID *ctid) { - UNUSED_ARG(ctid); - CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self()); -} - -static int THREAD_setup(void) { - int i; - for (i = 0; i < CRYPTO_num_locks(); i++) { - TURN_MUTEX_INIT(&(mutex_buf[i])); - } - - mutex_buf_initialized = 1; - CRYPTO_THREADID_set_callback(coturn_id_function); - CRYPTO_set_locking_callback(coturn_locking_function); - return 1; -} - -int THREAD_cleanup(void) { - int i; - - if (!mutex_buf_initialized) { - return 0; - } - - CRYPTO_THREADID_set_callback(NULL); - CRYPTO_set_locking_callback(NULL); - for (i = 0; i < CRYPTO_num_locks(); i++) { - TURN_MUTEX_DESTROY(&(mutex_buf[i])); - } - - mutex_buf_initialized = 0; - return 1; -} -#else static int THREAD_setup(void) { return 1; } int THREAD_cleanup(void); int THREAD_cleanup(void) { return 1; } -#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */ #endif /* defined(OPENSSL_THREADS) */ static void adjust_key_file_name(char *fn, const char *file_title, int critical) { @@ -3483,16 +3416,7 @@ static DH *get_dh566(void) { if ((dh = DH_new()) == NULL) { return (NULL); } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL); - dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { - DH_free(dh); - return (NULL); - } -#else DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL), NULL, BN_bin2bn(dh566_g, sizeof(dh566_g), NULL)); -#endif return (dh); } @@ -3520,16 +3444,7 @@ static DH *get_dh1066(void) { if ((dh = DH_new()) == NULL) { return (NULL); } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL); - dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { - DH_free(dh); - return (NULL); - } -#else DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL), NULL, BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL)); -#endif return (dh); } @@ -3566,16 +3481,7 @@ static DH *get_dh2066(void) { if ((dh = DH_new()) == NULL) { return (NULL); } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL); - dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { - DH_free(dh); - return (NULL); - } -#else DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL), NULL, BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL)); -#endif return (dh); } @@ -3738,11 +3644,6 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho } if (set_auto_curve) { -#if SSL_SESSION_ECDH_AUTO_SUPPORTED -#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_CTX_set_ecdh_auto(ctx, 1); -#endif -#endif set_auto_curve = 0; } } @@ -3895,22 +3796,6 @@ static void openssl_load_certificates(void) { TURN_MUTEX_LOCK(&turn_params.tls_mutex); if (!turn_params.no_tls) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - set_ctx(&turn_params.tls_ctx, "TLS", TLSv1_2_server_method()); /*openssl-1.0.2 version specific API */ - if (turn_params.no_tlsv1) { - SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1); - } -#if TLSv1_1_SUPPORTED - if (turn_params.no_tlsv1_1) { - SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1_1); - } -#if TLSv1_2_SUPPORTED - if (turn_params.no_tlsv1_2) { - SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1_2); - } -#endif -#endif -#else // OPENSSL_VERSION_NUMBER < 0x10100000L set_ctx(&turn_params.tls_ctx, "TLS", TLS_server_method()); if (turn_params.no_tlsv1) { SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_1_VERSION); @@ -3923,31 +3808,13 @@ static void openssl_load_certificates(void) { SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_3_VERSION); } #endif -#endif // OPENSSL_VERSION_NUMBER < 0x10100000L TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS cipher suite: %s\n", turn_params.cipher_list); } if (!turn_params.no_dtls) { #if !DTLS_SUPPORTED TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "ERROR: DTLS is not supported.\n"); -#elif OPENSSL_VERSION_NUMBER < 0x10000000L - TURN_LOG_FUNC( - TURN_LOG_LEVEL_WARNING, - "WARNING: TURN Server was compiled with rather old OpenSSL version, DTLS may not be working correctly.\n"); -#else -#if OPENSSL_VERSION_NUMBER < 0x10100000L // before openssl-1.1.0 no version independent API -#if DTLSv1_2_SUPPORTED - set_ctx(&turn_params.dtls_ctx, "DTLS", DTLSv1_2_server_method()); // openssl-1.0.2 - if (turn_params.no_tlsv1_2) { - SSL_CTX_set_options(turn_params.dtls_ctx, SSL_OP_NO_DTLSv1_2); - } #else - set_ctx(&turn_params.dtls_ctx, "DTLS", DTLSv1_server_method()); // < openssl-1.0.2 -#endif - if (turn_params.no_tlsv1 || turn_params.no_tlsv1_1) { - SSL_CTX_set_options(turn_params.dtls_ctx, SSL_OP_NO_DTLSv1); - } -#else // OPENSSL_VERSION_NUMBER < 0x10100000L set_ctx(&turn_params.dtls_ctx, "DTLS", DTLS_server_method()); if (turn_params.no_tlsv1 || turn_params.no_tlsv1_1) { SSL_CTX_set_min_proto_version(turn_params.dtls_ctx, DTLS1_2_VERSION); @@ -3955,7 +3822,6 @@ static void openssl_load_certificates(void) { if (turn_params.no_tlsv1_2) { SSL_CTX_set_max_proto_version(turn_params.dtls_ctx, DTLS1_VERSION); } -#endif // OPENSSL_VERSION_NUMBER < 0x10100000L setup_dtls_callbacks(turn_params.dtls_ctx); TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS cipher suite: %s\n", turn_params.cipher_list); #endif diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index ae7811408..686ea6ee1 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -87,9 +87,7 @@ #include #include -#if OPENSSL_VERSION_NUMBER >= 0x10100000L #include -#endif #if !defined(TURN_NO_SYSTEMD) #include diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index 95ba7bd41..6f2ebd6c6 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -33,8 +33,7 @@ #include "ns_turn_ioalib.h" //////////// Backward compatibility with OpenSSL 1.0.x ////////////// -#if (OPENSSL_VERSION_NUMBER < 0x10100001L || \ - (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3040000fL)) +#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3040000fL #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX) #endif diff --git a/src/apps/relay/ns_ioalib_engine_impl.c b/src/apps/relay/ns_ioalib_engine_impl.c index 6b5d1c8df..c233f6c10 100644 --- a/src/apps/relay/ns_ioalib_engine_impl.c +++ b/src/apps/relay/ns_ioalib_engine_impl.c @@ -1371,30 +1371,9 @@ ioa_socket_handle create_ioa_socket_from_fd(ioa_engine_handle e, ioa_socket_raw } static void ssl_info_callback(SSL *ssl, int where, int ret) { - UNUSED_ARG(ret); UNUSED_ARG(ssl); UNUSED_ARG(where); - -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - if (0 != (where & SSL_CB_HANDSHAKE_START)) { - ioa_socket_handle s = (ioa_socket_handle)SSL_get_app_data(ssl); - if (s) { - ++(s->ssl_renegs); - } - } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) { - if (ssl->s3) { - ioa_socket_handle s = (ioa_socket_handle)SSL_get_app_data(ssl); - if (s) { - if (s->ssl_renegs > SSL_MAX_RENEG_NUMBER) { - ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; - } - } - } - } -#endif -#endif } typedef void (*ssl_info_callback_t)(const SSL *ssl, int type, int val); @@ -1835,7 +1814,7 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve BIO *rbio = BIO_new_mem_buf(buffer, old_buffer_len); BIO_set_mem_eof_return(rbio, -1); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL) +#if defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL ssl->rbio = rbio; #else SSL_set0_rbio(ssl, rbio); @@ -1934,7 +1913,7 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve if (ret > 0) { ioa_network_buffer_add_offset_size(nbh, (uint16_t)buf_size, 0, (size_t)ret); } -#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL) +#if defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL ssl->rbio = NULL; BIO_free(rbio); #else diff --git a/src/apps/uclient/mainuclient.c b/src/apps/uclient/mainuclient.c index 1c6058cc4..5f1d312b2 100644 --- a/src/apps/uclient/mainuclient.c +++ b/src/apps/uclient/mainuclient.c @@ -497,40 +497,16 @@ int main(int argc, char **argv) { } if (use_tcp) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#if TLSv1_2_SUPPORTED - root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_2_client_method()); -#elif TLSv1_1_SUPPORTED - root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_1_client_method()); -#else - root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_client_method()); -#endif - SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); -#else // OPENSSL_VERSION_NUMBER >= 0x10100000L root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLS_client_method()); SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); -#endif root_tls_ctx_num++; } else { #if !DTLS_SUPPORTED fprintf(stderr, "ERROR: DTLS is not supported.\n"); exit(-1); #else -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (OPENSSL_VERSION_NUMBER < 0x10000000L) { - TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, - "WARNING: OpenSSL version is rather old, DTLS may not be working correctly.\n"); - } -#if DTLSv1_2_SUPPORTED - root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_2_client_method()); -#else - root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_client_method()); -#endif - SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); -#else // OPENSSL_VERSION_NUMBER >= 0x10100000L root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLS_client_method()); SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); -#endif #endif root_tls_ctx_num++; } diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c index 769dba13c..1e8b3c0c3 100644 --- a/src/client/ns_turn_msg.c +++ b/src/client/ns_turn_msg.c @@ -180,21 +180,12 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c if (shatype == SHATYPE_SHA256) { #if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH) -#if OPENSSL_VERSION_NUMBER < 0x10100000L - unsigned int keylen = 0; - EVP_MD_CTX ctx; - EVP_DigestInit(&ctx, EVP_sha256()); - EVP_DigestUpdate(&ctx, str, strl); - EVP_DigestFinal(&ctx, key, &keylen); - EVP_MD_CTX_cleanup(&ctx); -#else unsigned int keylen = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_DigestInit(ctx, EVP_sha256()); EVP_DigestUpdate(ctx, str, strl); EVP_DigestFinal(ctx, key, &keylen); EVP_MD_CTX_free(ctx); -#endif ret = 0; #else fprintf(stderr, "SHA256 is not supported\n"); @@ -202,21 +193,12 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c #endif } else if (shatype == SHATYPE_SHA384) { #if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH) -#if OPENSSL_VERSION_NUMBER < 0x10100000L - unsigned int keylen = 0; - EVP_MD_CTX ctx; - EVP_DigestInit(&ctx, EVP_sha384()); - EVP_DigestUpdate(&ctx, str, strl); - EVP_DigestFinal(&ctx, key, &keylen); - EVP_MD_CTX_cleanup(&ctx); -#else unsigned int keylen = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_DigestInit(ctx, EVP_sha384()); EVP_DigestUpdate(ctx, str, strl); EVP_DigestFinal(ctx, key, &keylen); EVP_MD_CTX_free(ctx); -#endif ret = 0; #else fprintf(stderr, "SHA384 is not supported\n"); @@ -224,41 +206,19 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c #endif } else if (shatype == SHATYPE_SHA512) { #if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH) -#if OPENSSL_VERSION_NUMBER < 0x10100000L - unsigned int keylen = 0; - EVP_MD_CTX ctx; - EVP_DigestInit(&ctx, EVP_sha512()); - EVP_DigestUpdate(&ctx, str, strl); - EVP_DigestFinal(&ctx, key, &keylen); - EVP_MD_CTX_cleanup(&ctx); -#else unsigned int keylen = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_DigestInit(ctx, EVP_sha512()); EVP_DigestUpdate(ctx, str, strl); EVP_DigestFinal(ctx, key, &keylen); EVP_MD_CTX_free(ctx); -#endif ret = 0; #else fprintf(stderr, "SHA512 is not supported\n"); ret = -1; #endif } else { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - unsigned int keylen = 0; - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); -#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } -#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER) - EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&ctx, str, strl); - EVP_DigestFinal(&ctx, key, &keylen); - EVP_MD_CTX_cleanup(&ctx); -#elif OPENSSL_VERSION_NUMBER >= 0x30000000L +#if OPENSSL_VERSION_NUMBER >= 0x30000000L unsigned int keylen = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); if (EVP_default_properties_is_fips_enabled(NULL)) { @@ -268,7 +228,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c EVP_DigestUpdate(ctx, str, strl); EVP_DigestFinal(ctx, key, &keylen); EVP_MD_CTX_free(ctx); -#else // OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x30000000L +#else // OPENSSL_VERSION_NUMBER < 0x30000000L unsigned int keylen = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER) @@ -280,7 +240,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c EVP_DigestUpdate(ctx, str, strl); EVP_DigestFinal(ctx, key, &keylen); EVP_MD_CTX_free(ctx); -#endif // OPENSSL_VERSION_NUMBER < 0X10100000L +#endif // OPENSSL_VERSION_NUMBER >= 0X30000000L ret = 0; } @@ -318,23 +278,6 @@ static void generate_enc_password(const char *pwd, char *result, const unsigned result[3 + PWD_SALT_SIZE + PWD_SALT_SIZE] = '$'; unsigned char *out = (unsigned char *)(result + 3 + PWD_SALT_SIZE + PWD_SALT_SIZE + 1); { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_MD_CTX ctx; -#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH) - EVP_DigestInit(&ctx, EVP_sha256()); -#else - EVP_DigestInit(&ctx, EVP_sha1()); -#endif - EVP_DigestUpdate(&ctx, salt, PWD_SALT_SIZE); - EVP_DigestUpdate(&ctx, pwd, strlen(pwd)); - { - unsigned char hash[129]; - unsigned int keylen = 0; - EVP_DigestFinal(&ctx, hash, &keylen); - readable_string(hash, out, keylen); - } - EVP_MD_CTX_cleanup(&ctx); -#else EVP_MD_CTX *ctx = EVP_MD_CTX_new(); #if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH) EVP_DigestInit(ctx, EVP_sha256()); @@ -350,7 +293,6 @@ static void generate_enc_password(const char *pwd, char *result, const unsigned readable_string(hash, out, keylen); } EVP_MD_CTX_free(ctx); -#endif } } @@ -2581,12 +2523,7 @@ static int encode_oauth_token_gcm(const uint8_t *server_name, encoded_oauth_toke return -1; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX *ctxp = &ctx; -#else EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new(); -#endif EVP_CIPHER_CTX_init(ctxp); /* Initialize the encryption operation. */ @@ -2636,11 +2573,7 @@ static int encode_oauth_token_gcm(const uint8_t *server_name, encoded_oauth_toke etoken->size = 2 + OAUTH_GCM_NONCE_SIZE + outl; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(ctxp); -#else EVP_CIPHER_CTX_free(ctxp); -#endif return 0; } @@ -2680,12 +2613,7 @@ static int decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oaut return -1; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX *ctxp = &ctx; -#else EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new(); -#endif EVP_CIPHER_CTX_init(ctxp); /* Initialize the decryption operation. */ if (1 != EVP_DecryptInit_ex(ctxp, cipher, NULL, NULL, NULL)) { @@ -2728,21 +2656,13 @@ static int decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oaut int tmp_outl = 0; if (EVP_DecryptFinal_ex(ctxp, decoded_field + outl, &tmp_outl) < 1) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(ctxp); -#else EVP_CIPHER_CTX_free(ctxp); -#endif OAUTH_ERROR("%s: token integrity check failed\n", __FUNCTION__); return -1; } outl += tmp_outl; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(ctxp); -#else EVP_CIPHER_CTX_free(ctxp); -#endif size_t len = 0;