From 2bff5ebd9821efee564b60a66231938ebb64ebf9 Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Sun, 27 Nov 2022 22:03:03 -0600 Subject: [PATCH] Avoid using APIs deprecated in OpenSSL 3.0 --- stuncore/stunbuilder.cpp | 9 ++++- stuncore/stunreader.cpp | 79 +++++++++++++++++++++++----------------- 2 files changed, 53 insertions(+), 35 deletions(-) diff --git a/stuncore/stunbuilder.cpp b/stuncore/stunbuilder.cpp index 2cc456e..d16d357 100644 --- a/stuncore/stunbuilder.cpp +++ b/stuncore/stunbuilder.cpp @@ -570,10 +570,15 @@ HRESULT CStunMessageBuilder::AddMessageIntegrityLongTerm(const char* pszUserName ASSERT(key+lenTotal == pDst); -#ifndef __APPLE__ +#ifdef __APPLE__ + pResult = CC_MD5(key, lenTotal, hash); +#elif OPENSSL_VERSION_NUMBER < 0x30000000L pResult = MD5(key, lenTotal, hash); #else - pResult = CC_MD5(key, lenTotal, hash); + if (EVP_Digest(key, lenTotal, hash, NULL, EVP_md5(), NULL)) + { + pResult = hash; + } #endif ASSERT(pResult != NULL); diff --git a/stuncore/stunreader.cpp b/stuncore/stunreader.cpp index 6139ae9..b27fb48 100644 --- a/stuncore/stunreader.cpp +++ b/stuncore/stunreader.cpp @@ -151,22 +151,24 @@ HRESULT CStunMessageReader::ValidateMessageIntegrity(uint8_t* key, size_t keylen bool fNoOtherAttributesAfterIntegrity = false; const size_t c_hmacsize = 20; uint8_t hmaccomputed[c_hmacsize] = {}; // zero-init - unsigned int hmaclength = c_hmacsize; -#ifndef __APPLE__ +#ifdef __APPLE__ + CCHmacContext* ctx = NULL; + CCHmacContext ctxData = {}; + ctx = &ctxData; +#elif OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX* ctx = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000L + unsigned int hmaclength = c_hmacsize; HMAC_CTX ctxData = {}; ctx = &ctxData; HMAC_CTX_init(ctx); +#elif OPENSSL_VERSION_NUMBER < 0x30000000L + HMAC_CTX* ctx = HMAC_CTX_new(); + unsigned int hmaclength = c_hmacsize; #else - ctx = HMAC_CTX_new(); -#endif -#else - CCHmacContext* ctx = NULL; - CCHmacContext ctxData = {}; - ctx = &ctxData; - - UNREFERENCED_VARIABLE(hmaclength); + EVP_MAC* mac = EVP_MAC_fetch(NULL, "HMAC", NULL); + EVP_MAC_CTX* ctx = EVP_MAC_CTX_new(mac); + EVP_MAC_free(mac); + size_t hmaclength = c_hmacsize; #endif uint32_t chunk32; uint16_t chunk16; @@ -204,23 +206,28 @@ HRESULT CStunMessageReader::ValidateMessageIntegrity(uint8_t* key, size_t keylen stream.Attach(spBuffer, false); // Here comes the fun part. If there is a fingerprint attribute, we have to adjust the length header in computing the hash -#ifndef __APPLE__ -#if OPENSSL_VERSION_NUMBER < 0x10100000L // could be lower! +#ifdef __APPLE__ + CCHmacInit(ctx, kCCHmacAlgSHA1, key, keylength); +#elif OPENSSL_VERSION_NUMBER < 0x10100000L // could be lower! HMAC_Init(ctx, key, keylength, EVP_sha1()); -#else +#elif OPENSSL_VERSION_NUMBER < 0x30000000L HMAC_Init_ex(ctx, key, keylength, EVP_sha1(), NULL); -#endif #else - CCHmacInit(ctx, kCCHmacAlgSHA1, key, keylength); + OSSL_PARAM params[2]; + params[0] = OSSL_PARAM_construct_utf8_string("digest", (char*)"SHA1", 0); + params[1] = OSSL_PARAM_construct_end(); + EVP_MAC_init(ctx, key, keylength, params); #endif fContextInit = true; // message type Chk(stream.ReadUint16(&chunk16)); -#ifndef __APPLE__ +#ifdef __APPLE__ + CCHmacUpdate(ctx, &chunk16, sizeof(chunk16)); +#elif OPENSSL_VERSION_NUMBER < 0x30000000L HMAC_Update(ctx, (unsigned char*)&chunk16, sizeof(chunk16)); #else - CCHmacUpdate(ctx, &chunk16, sizeof(chunk16)); + EVP_MAC_update(ctx, (unsigned char*)&chunk16, sizeof(chunk16)); #endif // message length @@ -237,10 +244,12 @@ HRESULT CStunMessageReader::ValidateMessageIntegrity(uint8_t* key, size_t keylen chunk16 = htons(adjustedlengthHeader); } -#ifndef __APPLE__ +#ifdef __APPLE__ + CCHmacUpdate(ctx, &chunk16, sizeof(chunk16)); +#elif OPENSSL_VERSION_NUMBER < 0x30000000L HMAC_Update(ctx, (unsigned char*)&chunk16, sizeof(chunk16)); #else - CCHmacUpdate(ctx, &chunk16, sizeof(chunk16)); + EVP_MAC_update(ctx, (unsigned char*)&chunk16, sizeof(chunk16)); #endif // now include everything up to the hash attribute itself. @@ -255,17 +264,21 @@ HRESULT CStunMessageReader::ValidateMessageIntegrity(uint8_t* key, size_t keylen for (size_t count = 0; count < nChunks; count++) { Chk(stream.ReadUint32(&chunk32)); -#ifndef __APPLE__ +#ifdef __APPLE__ + CCHmacUpdate(ctx, &chunk32, sizeof(chunk32)); +#elif OPENSSL_VERSION_NUMBER < 0x30000000L HMAC_Update(ctx, (unsigned char*)&chunk32, sizeof(chunk32)); #else - CCHmacUpdate(ctx, &chunk32, sizeof(chunk32)); + EVP_MAC_update(ctx, (unsigned char*)&chunk32, sizeof(chunk32)); #endif } -#ifndef __APPLE__ +#ifdef __APPLE__ + CCHmacFinal(ctx, hmaccomputed); +#elif OPENSSL_VERSION_NUMBER < 0x30000000L HMAC_Final(ctx, hmaccomputed, &hmaclength); #else - CCHmacFinal(ctx, hmaccomputed); + EVP_MAC_final(ctx, hmaccomputed, &hmaclength, sizeof(hmaccomputed)); #endif @@ -277,14 +290,14 @@ HRESULT CStunMessageReader::ValidateMessageIntegrity(uint8_t* key, size_t keylen Cleanup: if (fContextInit) { -#ifndef __APPLE__ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#ifdef __APPLE__ + UNREFERENCED_VARIABLE(fContextInit); +#elif OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup(ctx); -#else +#elif OPENSSL_VERSION_NUMBER < 0x30000000L HMAC_CTX_free(ctx); -#endif #else - UNREFERENCED_VARIABLE(fContextInit); + EVP_MAC_CTX_free(ctx); #endif } @@ -344,14 +357,14 @@ HRESULT CStunMessageReader::ValidateMessageIntegrityLong(const char* pszUser, co ASSERT(key+totallength == pDst); -#ifndef __APPLE__ +#ifdef __APPLE__ + CC_MD5(key, totallength, hash); +#elif OPENSSL_VERSION_NUMBER < 0x30000000L ChkIfA(NULL == MD5(key, totallength, hash), E_FAIL); #else - CC_MD5(key, totallength, hash); + ChkIfA(0 == EVP_Digest(key, totallength, hash, NULL, EVP_md5(), NULL), E_FAIL); #endif - - Chk(ValidateMessageIntegrity(hash, ARRAYSIZE(hash))); Cleanup: