wok-current view rtmpdump/stuff/librtmp-openssl-1.1.x-build-fixes.diff @ rev 25695
Up linux 5.10.214, Patch xorg-server (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083)
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Thu Apr 04 08:53:51 2024 +0000 (2 months ago) |
| parents | |
| children |
line source
1 librtmp/dh.h | 60 +++++++++++++++++++++++++++++++++--------------------
2 librtmp/handshake.h | 14 ++++++++-----
3 librtmp/hashswf.c | 10 ++++-----
4 librtmp/rtmp.c | 10 ++++-----
5 librtmp/rtmp_sys.h | 2 +-
6 rtmpsrv.c | 6 +++---
7 rtmpsuck.c | 16 +++++++-------
8 thread.c | 6 +++---
9 8 files changed, 72 insertions(+), 52 deletions(-)
11 diff --git a/librtmp/dh.h b/librtmp/dh.h
12 index 5fc3f32..28d727c 100644
13 --- a/librtmp/dh.h
14 +++ b/librtmp/dh.h
15 @@ -194,7 +194,7 @@ typedef BIGNUM * MP_t;
17 /* RFC 2631, Section 2.1.5, http://www.ietf.org/rfc/rfc2631.txt */
18 static int
19 -isValidPublicKey(MP_t y, MP_t p, MP_t q)
20 +isValidPublicKey(const BIGNUM *y, const BIGNUM *p, const BIGNUM *q)
21 {
22 int ret = TRUE;
23 MP_t bn;
24 @@ -234,9 +234,9 @@ isValidPublicKey(MP_t y, MP_t p, MP_t q)
25 MP_modexp(bn, y, q, p);
27 if (MP_cmp_1(bn) != 0)
28 - {
29 - RTMP_Log(RTMP_LOGWARNING, "DH public key does not fulfill y^q mod p = 1");
30 - }
31 + {
32 + RTMP_Log(RTMP_LOGWARNING, "DH public key does not fulfill y^q mod p = 1");
33 + }
34 }
36 failed:
37 @@ -253,20 +253,22 @@ DHInit(int nKeyBits)
38 if (!dh)
39 goto failed;
41 - MP_new(dh->g);
42 + BIGNUM *g = BN_new(); /*MP_new(dh->g);*/
44 - if (!dh->g)
45 + if (!g) /*(!dh->g)*/
46 goto failed;
48 - MP_gethex(dh->p, P1024, res); /* prime P1024, see dhgroups.h */
49 + BIGNUM *p;
50 + res = BN_hex2bn(&p, P1024); /*MP_gethex(dh->p, P1024, res);*/ /* prime P1024, see dhgroups.h */
51 if (!res)
52 {
53 goto failed;
54 }
56 - MP_set_w(dh->g, 2); /* base 2 */
57 + BN_set_word(g, 2); /*MP_set_w(dh->g, 2);*/ /* base 2 */
59 - dh->length = nKeyBits;
60 + DH_set0_pqg(dh, p, NULL, g);
61 + DH_set_length(dh, nKeyBits); /*dh->length = nKeyBits;*/
62 return dh;
64 failed:
65 @@ -286,20 +288,24 @@ DHGenerateKey(MDH *dh)
66 while (!res)
67 {
68 MP_t q1 = NULL;
69 + const BIGNUM *p, *q, *g, *pub_key, *priv_key;
71 if (!MDH_generate_key(dh))
72 - return 0;
73 + return 0;
75 MP_gethex(q1, Q1024, res);
76 assert(res);
78 - res = isValidPublicKey(dh->pub_key, dh->p, q1);
79 + DH_get0_key(dh, &pub_key, &priv_key);
80 + DH_get0_pqg(dh, &p, &q, &g);
81 +
82 + res = isValidPublicKey(pub_key, p, q1);
83 if (!res)
84 - {
85 - MP_free(dh->pub_key);
86 - MP_free(dh->priv_key);
87 - dh->pub_key = dh->priv_key = 0;
88 - }
89 + {
90 + /*MP_free(dh->pub_key);*/
91 + /*MP_free(dh->priv_key);*/
92 + /*dh->pub_key = dh->priv_key = 0;*/
93 + }
95 MP_free(q1);
96 }
97 @@ -311,18 +317,25 @@ DHGenerateKey(MDH *dh)
98 */
100 static int
101 -DHGetPublicKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen)
102 +DHGetPublicKey(MDH *dh, uint8_t *pubkey_out, size_t nPubkeyLen)
103 {
104 int len;
105 - if (!dh || !dh->pub_key)
106 + const BIGNUM *pub_key, *priv_key;
107 +
108 + if (!dh) /*|| !dh->pub_key*/
109 + return 0;
110 +
111 + DH_get0_key(dh, &pub_key, &priv_key);
112 + if (!pub_key)
113 return 0;
115 - len = MP_bytes(dh->pub_key);
116 +
117 + len = MP_bytes(pub_key); /*dh->pub_key*/
118 if (len <= 0 || len > (int) nPubkeyLen)
119 return 0;
121 - memset(pubkey, 0, nPubkeyLen);
122 - MP_setbin(dh->pub_key, pubkey + (nPubkeyLen - len), len);
123 + memset(pubkey_out, 0, nPubkeyLen);
124 + BN_bn2bin(pub_key, pubkey_out + (nPubkeyLen - len)); /*MP_setbin(dh->pub_key, pubkey + (nPubkeyLen - len), len);*/
125 return 1;
126 }
128 @@ -353,6 +366,7 @@ DHComputeSharedSecretKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen,
129 MP_t q1 = NULL, pubkeyBn = NULL;
130 size_t len;
131 int res;
132 + const BIGNUM *p, *q, *g;
134 if (!dh || !secret || nPubkeyLen >= INT_MAX)
135 return -1;
136 @@ -364,7 +378,9 @@ DHComputeSharedSecretKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen,
137 MP_gethex(q1, Q1024, len);
138 assert(len);
140 - if (isValidPublicKey(pubkeyBn, dh->p, q1))
141 + DH_get0_pqg(dh, &p, &q, &g);
142 +
143 + if (isValidPublicKey(pubkeyBn, p, q1))
144 res = MDH_compute_key(secret, nPubkeyLen, pubkeyBn, dh);
145 else
146 res = -1;
147 diff --git a/librtmp/handshake.h b/librtmp/handshake.h
148 index 0438486..86d3648 100644
149 --- a/librtmp/handshake.h
150 +++ b/librtmp/handshake.h
151 @@ -69,9 +69,9 @@ typedef struct arcfour_ctx* RC4_handle;
152 #if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH)
153 #error Your OpenSSL is too old, need 0.9.8 or newer with SHA256
154 #endif
155 -#define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0)
156 -#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len)
157 -#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
158 +#define HMAC_setup(ctx, key, len) HMAC_CTX_reset(ctx); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0)
159 +#define HMAC_crunch(ctx, buf, len) HMAC_Update(ctx, buf, len)
160 +#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_free(ctx)
162 typedef RC4_KEY * RC4_handle;
163 #define RC4_alloc(h) *h = malloc(sizeof(RC4_KEY))
164 @@ -117,7 +117,9 @@ static void InitRC4Encryption
165 {
166 uint8_t digest[SHA256_DIGEST_LENGTH];
167 unsigned int digestLen = 0;
168 - HMAC_CTX ctx;
169 + HMAC_CTX *ctx = HMAC_CTX_new();
170 + if(!ctx)
171 + return;
173 RC4_alloc(rc4keyIn);
174 RC4_alloc(rc4keyOut);
175 @@ -266,7 +268,9 @@ HMACsha256(const uint8_t *message, size_t messageLen, const uint8_t *key,
176 size_t keylen, uint8_t *digest)
177 {
178 unsigned int digestLen;
179 - HMAC_CTX ctx;
180 + HMAC_CTX *ctx = HMAC_CTX_new();
181 + if(!ctx)
182 + return;
184 HMAC_setup(ctx, key, keylen);
185 HMAC_crunch(ctx, message, messageLen);
186 diff --git a/librtmp/hashswf.c b/librtmp/hashswf.c
187 index 32b2eed..9673863 100644
188 --- a/librtmp/hashswf.c
189 +++ b/librtmp/hashswf.c
190 @@ -57,10 +57,10 @@
191 #include <openssl/sha.h>
192 #include <openssl/hmac.h>
193 #include <openssl/rc4.h>
194 -#define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, (unsigned char *)key, len, EVP_sha256(), 0)
195 -#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, (unsigned char *)buf, len)
196 -#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, (unsigned char *)dig, &dlen);
197 -#define HMAC_close(ctx) HMAC_CTX_cleanup(&ctx)
198 +#define HMAC_setup(ctx, key, len) HMAC_CTX_reset(ctx); HMAC_Init_ex(ctx, (unsigned char *)key, len, EVP_sha256(), 0)
199 +#define HMAC_crunch(ctx, buf, len) HMAC_Update(ctx, (unsigned char *)buf, len)
200 +#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, (unsigned char *)dig, &dlen);
201 +#define HMAC_close(ctx) HMAC_CTX_free(ctx)
202 #endif
204 extern void RTMP_TLS_Init();
205 @@ -298,7 +298,7 @@ leave:
206 struct info
207 {
208 z_stream *zs;
209 - HMAC_CTX ctx;
210 + HMAC_CTX *ctx;
211 int first;
212 int zlib;
213 int size;
214 diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c
215 index 0865689..df65bee 100644
216 --- a/librtmp/rtmp.c
217 +++ b/librtmp/rtmp.c
218 @@ -1902,7 +1902,7 @@ SendFCUnpublish(RTMP *r)
220 SAVC(publish);
221 SAVC(live);
222 -SAVC(record);
223 +/*SAVC(record);*/
225 static int
226 SendPublish(RTMP *r)
227 @@ -2904,8 +2904,8 @@ AVC("NetStream.Play.PublishNotify");
228 static const AVal av_NetStream_Play_UnpublishNotify =
229 AVC("NetStream.Play.UnpublishNotify");
230 static const AVal av_NetStream_Publish_Start = AVC("NetStream.Publish.Start");
231 -static const AVal av_NetConnection_Connect_Rejected =
232 -AVC("NetConnection.Connect.Rejected");
233 +/*static const AVal av_NetConnection_Connect_Rejected =
234 +AVC("NetConnection.Connect.Rejected"); */
236 /* Returns 0 for OK/Failed/error, 1 for 'Stop or Complete' */
237 static int
238 @@ -3552,7 +3552,7 @@ RTMP_ReadPacket(RTMP *r, RTMPPacket *packet)
239 uint8_t hbuf[RTMP_MAX_HEADER_SIZE] = { 0 };
240 char *header = (char *)hbuf;
241 int nSize, hSize, nToRead, nChunk;
242 - int didAlloc = FALSE;
243 + /*int didAlloc = FALSE;*/
244 int extendedTimestamp;
246 RTMP_Log(RTMP_LOGDEBUG2, "%s: fd=%d", __FUNCTION__, r->m_sb.sb_socket);
247 @@ -3679,7 +3679,7 @@ RTMP_ReadPacket(RTMP *r, RTMPPacket *packet)
248 RTMP_Log(RTMP_LOGDEBUG, "%s, failed to allocate packet", __FUNCTION__);
249 return FALSE;
250 }
251 - didAlloc = TRUE;
252 + /*didAlloc = TRUE;*/
253 packet->m_headerType = (hbuf[0] & 0xc0) >> 6;
254 }
256 diff --git a/librtmp/rtmp_sys.h b/librtmp/rtmp_sys.h
257 index 85d7e53..048f538 100644
258 --- a/librtmp/rtmp_sys.h
259 +++ b/librtmp/rtmp_sys.h
260 @@ -37,7 +37,7 @@
261 #define GetSockError() WSAGetLastError()
262 #define SetSockError(e) WSASetLastError(e)
263 #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
264 -#define EWOULDBLOCK WSAETIMEDOUT /* we don't use nonblocking, but we do use timeouts */
265 +/* #define EWOULDBLOCK WSAETIMEDOUT */ /* we don't use nonblocking, but we do use timeouts */
266 #define sleep(n) Sleep(n*1000)
267 #define msleep(n) Sleep(n)
268 #define SET_RCVTIMEO(tv,s) int tv = s*1000
269 diff --git a/rtmpsrv.c b/rtmpsrv.c
270 index 5df4d3a..0a4166a 100644
271 --- a/rtmpsrv.c
272 +++ b/rtmpsrv.c
273 @@ -152,11 +152,11 @@ SAVC(flashVer);
274 SAVC(swfUrl);
275 SAVC(pageUrl);
276 SAVC(tcUrl);
277 -SAVC(fpad);
278 +/*SAVC(fpad);*/
279 SAVC(capabilities);
280 SAVC(audioCodecs);
281 SAVC(videoCodecs);
282 -SAVC(videoFunction);
283 +/*SAVC(videoFunction);*/
284 SAVC(objectEncoding);
285 SAVC(_result);
286 SAVC(createStream);
287 @@ -167,7 +167,7 @@ SAVC(mode);
288 SAVC(level);
289 SAVC(code);
290 SAVC(description);
291 -SAVC(secureToken);
292 +/*SAVC(secureToken);*/
294 static int
295 SendConnectResult(RTMP *r, double txn)
296 diff --git a/rtmpsuck.c b/rtmpsuck.c
297 index e886179..33ffff9 100644
298 --- a/rtmpsuck.c
299 +++ b/rtmpsuck.c
300 @@ -124,21 +124,21 @@ SAVC(flashVer);
301 SAVC(swfUrl);
302 SAVC(pageUrl);
303 SAVC(tcUrl);
304 -SAVC(fpad);
305 -SAVC(capabilities);
306 +/*SAVC(fpad);*/
307 +/*SAVC(capabilities);*/
308 SAVC(audioCodecs);
309 SAVC(videoCodecs);
310 -SAVC(videoFunction);
311 +/*SAVC(videoFunction);*/
312 SAVC(objectEncoding);
313 -SAVC(_result);
314 -SAVC(createStream);
315 +/*SAVC(_result);*/
316 +/*SAVC(createStream);*/
317 SAVC(play);
318 SAVC(closeStream);
319 -SAVC(fmsVer);
320 -SAVC(mode);
321 +/*SAVC(fmsVer);*/
322 +/*SAVC(mode);*/
323 SAVC(level);
324 SAVC(code);
325 -SAVC(secureToken);
326 +/*SAVC(secureToken);*/
327 SAVC(onStatus);
328 SAVC(close);
329 static const AVal av_NetStream_Failed = AVC("NetStream.Failed");
330 diff --git a/thread.c b/thread.c
331 index 0913c98..9de42ea 100644
332 --- a/thread.c
333 +++ b/thread.c
334 @@ -29,13 +29,13 @@
335 HANDLE
336 ThreadCreate(thrfunc *routine, void *args)
337 {
338 - HANDLE thd;
339 + uintptr_t thd;
341 - thd = (HANDLE) _beginthread(routine, 0, args);
342 + thd = _beginthread(routine, 0, args);
343 if (thd == -1L)
344 RTMP_LogPrintf("%s, _beginthread failed with %d\n", __FUNCTION__, errno);
346 - return thd;
347 + return (HANDLE) thd;
348 }
349 #else
350 pthread_t