[Pkg-voip-commits] [pjproject] 10/13: Use the OpenSSL RNG if available for SRTP

tzafrir at debian.org tzafrir at debian.org
Mon Aug 3 05:15:50 UTC 2015


This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch master
in repository pjproject.

commit 1e1e3085f4541a11c3b6688476047218783fb4ba
Author: Liong Sauw Ming <ming at teluu.com>
Date:   Thu Apr 23 23:58:22 2015 +0000

    Use the OpenSSL RNG if available for SRTP
    
    The SRTP internal RNG interface (crypto_get_random()) has been
    derecated and is probably not good enough. Use one from OpenSSL, if
    possible.
---
 pjmedia/src/pjmedia/transport_srtp.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c
index 29fcb03..1887a89 100644
--- a/pjmedia/src/pjmedia/transport_srtp.c
+++ b/pjmedia/src/pjmedia/transport_srtp.c
@@ -30,8 +30,21 @@
 
 #if defined(PJMEDIA_HAS_SRTP) && (PJMEDIA_HAS_SRTP != 0)
 
+#if defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0)
+#  include <openssl/rand.h>
+
+/* Suppress compile warning of OpenSSL deprecation (OpenSSL is deprecated
+ * since MacOSX 10.7).
+ */
+#if defined(PJ_DARWINOS) && PJ_DARWINOS==1
+#  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
+#endif
+
 #if defined(PJMEDIA_EXTERNAL_SRTP) && (PJMEDIA_EXTERNAL_SRTP != 0)
 #  include <srtp/srtp.h>
+#  include <srtp/crypto_kernel.h>
 #else
 #  include <srtp.h>
 #endif
@@ -1084,6 +1097,15 @@ static pj_status_t generate_crypto_attr_value(pj_pool_t *pool,
 	do {
 	    key_ok = PJ_TRUE;
 
+
+#if defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0)
+	    err = RAND_bytes((unsigned char*)key,
+			     crypto_suites[cs_idx].cipher_key_len);
+	    if (err != 1) {
+		PJ_LOG(5,(THIS_FILE, "Failed generating random key"));
+		return PJMEDIA_ERRNO_FROM_LIBSRTP(1);
+	    }
+#else
 	    err = crypto_get_random((unsigned char*)key,
 				     crypto_suites[cs_idx].cipher_key_len);
 	    if (err != err_status_ok) {
@@ -1091,6 +1113,7 @@ static pj_status_t generate_crypto_attr_value(pj_pool_t *pool,
 			  get_libsrtp_errstr(err)));
 		return PJMEDIA_ERRNO_FROM_LIBSRTP(err);
 	    }
+#endif
 	    for (i=0; i<crypto_suites[cs_idx].cipher_key_len && key_ok; ++i)
 		if (key[i] == 0) key_ok = PJ_FALSE;
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/pjproject.git



More information about the Pkg-voip-commits mailing list