[Pkg-voip-commits] [pjproject] 10/13: Use the OpenSSL RNG if available for SRTP
tzafrir at debian.org
tzafrir at debian.org
Mon Aug 3 05:15:50 UTC 2015
This is an automated email from the git hooks/post-receive script.
tzafrir pushed a commit to branch master
in repository pjproject.
commit 1e1e3085f4541a11c3b6688476047218783fb4ba
Author: Liong Sauw Ming <ming at teluu.com>
Date: Thu Apr 23 23:58:22 2015 +0000
Use the OpenSSL RNG if available for SRTP
The SRTP internal RNG interface (crypto_get_random()) has been
derecated and is probably not good enough. Use one from OpenSSL, if
possible.
---
pjmedia/src/pjmedia/transport_srtp.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c
index 29fcb03..1887a89 100644
--- a/pjmedia/src/pjmedia/transport_srtp.c
+++ b/pjmedia/src/pjmedia/transport_srtp.c
@@ -30,8 +30,21 @@
#if defined(PJMEDIA_HAS_SRTP) && (PJMEDIA_HAS_SRTP != 0)
+#if defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0)
+# include <openssl/rand.h>
+
+/* Suppress compile warning of OpenSSL deprecation (OpenSSL is deprecated
+ * since MacOSX 10.7).
+ */
+#if defined(PJ_DARWINOS) && PJ_DARWINOS==1
+# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
+#endif
+
#if defined(PJMEDIA_EXTERNAL_SRTP) && (PJMEDIA_EXTERNAL_SRTP != 0)
# include <srtp/srtp.h>
+# include <srtp/crypto_kernel.h>
#else
# include <srtp.h>
#endif
@@ -1084,6 +1097,15 @@ static pj_status_t generate_crypto_attr_value(pj_pool_t *pool,
do {
key_ok = PJ_TRUE;
+
+#if defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0)
+ err = RAND_bytes((unsigned char*)key,
+ crypto_suites[cs_idx].cipher_key_len);
+ if (err != 1) {
+ PJ_LOG(5,(THIS_FILE, "Failed generating random key"));
+ return PJMEDIA_ERRNO_FROM_LIBSRTP(1);
+ }
+#else
err = crypto_get_random((unsigned char*)key,
crypto_suites[cs_idx].cipher_key_len);
if (err != err_status_ok) {
@@ -1091,6 +1113,7 @@ static pj_status_t generate_crypto_attr_value(pj_pool_t *pool,
get_libsrtp_errstr(err)));
return PJMEDIA_ERRNO_FROM_LIBSRTP(err);
}
+#endif
for (i=0; i<crypto_suites[cs_idx].cipher_key_len && key_ok; ++i)
if (key[i] == 0) key_ok = PJ_FALSE;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/pjproject.git
More information about the Pkg-voip-commits
mailing list