From 8d704056dfc0658360a34f839f3a6a6a85d24118c142f5777cb1791f73586eaf Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 22 Oct 2024 13:19:19 +0000 Subject: [PATCH 1/3] - Adapt libzrtpcpp to build with OpenSSL 3 [bsc#1219884] * Add libzrtpcpp-openssl3.patch OBS-URL: https://build.opensuse.org/package/show/network:telephony/libzrtpcpp?expand=0&rev=58 --- .gitattributes | 23 ++++ .gitignore | 1 + 4.7.0.tar.gz | 3 + libzrtpcpp-openssl3.patch | 215 ++++++++++++++++++++++++++++++++++ libzrtpcpp.changes | 240 ++++++++++++++++++++++++++++++++++++++ libzrtpcpp.spec | 103 ++++++++++++++++ 6 files changed, 585 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 4.7.0.tar.gz create mode 100644 libzrtpcpp-openssl3.patch create mode 100644 libzrtpcpp.changes create mode 100644 libzrtpcpp.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/4.7.0.tar.gz b/4.7.0.tar.gz new file mode 100644 index 0000000..144d23f --- /dev/null +++ b/4.7.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:05e451c85755300f84899d7b71c4ed2ef3ed5d272b13019a7aa88c0b51288c35 +size 2235691 diff --git a/libzrtpcpp-openssl3.patch b/libzrtpcpp-openssl3.patch new file mode 100644 index 0000000..5b91431 --- /dev/null +++ b/libzrtpcpp-openssl3.patch @@ -0,0 +1,215 @@ +Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/zrtpDH.cpp +=================================================================== +--- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/zrtpDH.cpp ++++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/zrtpDH.cpp +@@ -201,6 +201,7 @@ ZrtpDH::ZrtpDH(const char* type) { + case DH3K: + ctx = static_cast(DH_new()); + tmpCtx = static_cast(ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmpCtx->g = BN_new(); + BN_set_word(tmpCtx->g, DH_GENERATOR_2); + +@@ -215,7 +216,23 @@ ZrtpDH::ZrtpDH(const char* type) { + tmpCtx->priv_key = BN_bin2bn(random, 32, nullptr); + } + break; +- ++#else ++ { ++ BIGNUM* g = BN_new(); ++ BN_set_word(g, DH_GENERATOR_2); ++ if (pkType == DH2K) { ++ DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); ++ RAND_bytes(random, 32); ++ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); ++ } ++ else if (pkType == DH3K) { ++ DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); ++ RAND_bytes(random, 64); ++ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); ++ } ++ } ++ break; ++#endif + case EC25: + ctx = static_cast(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + break; +@@ -252,11 +269,18 @@ int32_t ZrtpDH::computeSecretKey(uint8_t + if (pkType == DH2K || pkType == DH3K) { + auto* tmpCtx = static_cast(ctx); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (tmpCtx->pub_key != nullptr) { + BN_free(tmpCtx->pub_key); + } + tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), nullptr); + return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); ++#else ++ DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); ++ BIGNUM* pub_key; ++ DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); ++ return DH_compute_key(secret, pub_key, tmpCtx); ++#endif + } + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[200]; +@@ -304,8 +328,16 @@ uint32_t ZrtpDH::getDhSize() const + + int32_t ZrtpDH::getPubKeySize() const + { +- if (pkType == DH2K || pkType == DH3K) +- return BN_num_bytes(static_cast(ctx)->pub_key); ++ ++ if (pkType == DH2K || pkType == DH3K) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return BN_num_bytes(static_cast(ctx)->pub_key); ++#else ++ BIGNUM* pub_key; ++ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); ++ return BN_num_bytes(pub_key); ++#endif ++ } + + if (pkType == EC25 || pkType == EC38) + return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), +@@ -324,7 +356,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t * + if (prepend > 0) { + memset(buf, 0, prepend); + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); ++#else ++ BIGNUM* pub_key; ++ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); ++ return BN_bn2bin(pub_key, buf + prepend); ++#endif + } + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[200]; +Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac256.cpp +=================================================================== +--- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/hmac256.cpp ++++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac256.cpp +@@ -32,13 +32,31 @@ void hmacSha256(const uint8_t* key, uint + uint8_t* mac, uint32_t* mac_length) + { + unsigned int tmp; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX ctx = {}; + HMAC_CTX_init(&ctx); +- HMAC_Init_ex( &ctx, key, static_cast(key_length), EVP_sha256(), nullptr ); ++ HMAC_Init_ex(&ctx, key, static_cast(key_length), EVP_sha256(), nullptr); ++#else ++ HMAC_CTX * ctx; ++ ctx = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx, key, key_length, EVP_sha256(), NULL); ++#endif + for (size_t i = 0, size = data.size(); i < size; i++) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Update(&ctx, data[i], dataLength[i]); ++#else ++ HMAC_Update(ctx, data[i], dataLength[i]); ++#endif + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Final( &ctx, mac, &tmp); ++#else ++ HMAC_Final( ctx, mac, &tmp); ++#endif + *mac_length = tmp; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup( &ctx ); ++#else ++ HMAC_CTX_free( ctx ); ++#endif + } +Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac384.cpp +=================================================================== +--- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/hmac384.cpp ++++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac384.cpp +@@ -32,14 +32,32 @@ void hmacSha384(const uint8_t* key, uint + uint8_t* mac, uint32_t* mac_length) + { + unsigned int tmp; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX ctx = {}; +- HMAC_CTX_init( &ctx ); +- HMAC_Init_ex( &ctx, key, static_cast(key_length), EVP_sha384(), nullptr ); ++ HMAC_CTX_init(&ctx); ++ HMAC_Init_ex(&ctx, key, static_cast(key_length), EVP_sha384(), nullptr); ++#else ++ HMAC_CTX * ctx; ++ ctx = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx, key, key_length, EVP_sha384(), NULL); ++#endif + + for (size_t i = 0, size = data.size(); i < size; i++) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Update(&ctx, data[i], dataLength[i]); ++#else ++ HMAC_Update(ctx, data[i], dataLength[i]); ++#endif + } +- HMAC_Final( &ctx, mac, &tmp); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ HMAC_Final(&ctx, mac, &tmp); ++#else ++ HMAC_Final(ctx, mac, &tmp); ++#endif + *mac_length = tmp; +- HMAC_CTX_cleanup( &ctx ); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ HMAC_CTX_cleanup( &ctx); ++#else ++ HMAC_CTX_free(ctx); ++#endif + } +Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/InitializeOpenSSL.cpp +=================================================================== +--- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/InitializeOpenSSL.cpp ++++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/InitializeOpenSSL.cpp +@@ -18,6 +18,10 @@ + #include + #include + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++# define CRYPTO_get_lock_name(type) (NULL) ++#endif ++ + #ifdef _MSWINDOWS_ + #include + #endif +@@ -132,9 +136,13 @@ static void threadLockCleanup(void) { + fprintf(stderr,"cleanup\n"); + + for (i = 0; i < CRYPTO_num_locks(); i++) { +- /* rwlock_destroy(&(lock_cs[i])); */ +- mutex_destroy(&(lock_cs[i])); +- fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); ++ /* rwlock_destroy(&(lock_cs[i])); */ ++ mutex_destroy(&(lock_cs[i])); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); ++#else ++ fprintf(stderr,"%8ld\n",lock_count[i]); ++#endif + } + OPENSSL_free(lock_cs); + OPENSSL_free(lock_count); +@@ -198,9 +206,12 @@ static void threadLockCleanup(void) + CRYPTO_set_locking_callback(NULL); + fprintf(stderr,"cleanup\n"); + for (i = 0; i < CRYPTO_num_locks(); i++) { +- pthread_mutex_destroy(&(lock_cs[i])); +- fprintf(stderr,"%8ld:%s\n",lock_count[i], +- CRYPTO_get_lock_name(i)); ++ pthread_mutex_destroy(&(lock_cs[i])); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); ++#else ++ fprintf(stderr,"%8ld\n",lock_count[i]); ++#endif + } + OPENSSL_free(lock_cs); + OPENSSL_free(lock_count); diff --git a/libzrtpcpp.changes b/libzrtpcpp.changes new file mode 100644 index 0000000..400b4fa --- /dev/null +++ b/libzrtpcpp.changes @@ -0,0 +1,240 @@ +------------------------------------------------------------------- +Tue Oct 22 12:54:43 UTC 2024 - Pedro Monreal + +- Adapt libzrtpcpp to build with OpenSSL 3 [bsc#1219884] + * Add libzrtpcpp-openssl3.patch + +------------------------------------------------------------------- +Sun Sep 6 13:52:09 UTC 2020 - Jan Engelhardt + +- Update to release 4.7.0 + * Add a first version of a new SAS algorithm which renders 6 digits + +------------------------------------------------------------------- +Sun Dec 10 23:31:20 UTC 2017 - jengelh@inai.de + +- BuildRequire pre-1.1 openssl. + +------------------------------------------------------------------- +Mon Jul 31 22:31:49 UTC 2017 - jengelh@inai.de + +- Update to new maintenance release 4.6.6 + * Fix a memory leak, extra buffer length checks added. +- Remove typo.diff (merged) + +------------------------------------------------------------------- +Mon Nov 21 01:15:05 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 4.6.4 + * Include the openSSL specific hmac.h file when building SRTP + with openSSL crypto backend. + * Rename macro "DEPRECATED" to "DEPRECATED_ZRTP" to avoid + name clashes. + * Add warning code to ZrtpCWrapper.h if AuxSecret match fails. +- Add typo.diff to make it build + +------------------------------------------------------------------- +Wed Mar 23 21:19:19 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 4.6.3 +* A small fix inside the ZRTP main module to ignore malformed + DH1 packets and avoid an NULL pointer access. + +------------------------------------------------------------------- +Mon Feb 8 12:34:06 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 4.6.2 +* add-on to the code to implement handling of the disclosure flag. + See RFC6189, chapter 11 for more details. +* A fix in the ZrtpCWrapper to initialize and use the ZRTP + master instance in case of multi-stream usage. + +------------------------------------------------------------------- +Fri Jan 22 17:57:13 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 4.5.0 +* Added a new SAS algorithm 'B32E' that uses 32 Unicode Emoji + code points instead of 32 ASCII characters. Application that + are able to display Emojis may use this new SAS algorithm to + display nice Emojis instead of 'boring' ASCII letters and + digits. +- Drop unused keyring file from SRPM + +------------------------------------------------------------------- +Fri Aug 14 08:25:38 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 4.4.0 +* Changes to the handling of HMAC and Hash contexts to avoild too + many malloc/free calls and thus memory pointer problems. +* Enhance the handling an check the nonce when using multi-stream + mode. +- Drop 0001-pkg-config-add-includedir-libzrtcpp-to-CFLAGS.patch + (merged) + +------------------------------------------------------------------- +Tue Mar 17 19:57:23 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 4.3.1 +* This version adds some new API that provide to set retry timer + values and to get some retry counters. +* Application may now set some values of the retry counters during + the discovery (Hello) and the negotiation phase. Applications may + increase the number of retries or modify the capping to support + slow or bad networks. + +------------------------------------------------------------------- +Sat Oct 25 12:46:04 UTC 2014 - jengelh@inai.de + +- Add 0001-pkg-config-add-includedir-libzrtcpp-to-CFLAGS.patch + to fix downstream compilation [bso#902614] + +------------------------------------------------------------------- +Mon Oct 13 09:26:17 UTC 2014 - jengelh@inai.de + +- Set version on BuildRequire dependency; the project needs a C++11 + compiler. + +------------------------------------------------------------------- +Sat Sep 6 18:30:47 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 4.2.4 +* Rename functions aes_init() to aes_init_zrtp() to avoid names + clashes with other libreries that may include own AES modules. + +------------------------------------------------------------------- +Sat Jun 28 01:41:37 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 4.2.3 +* Enhance SRTP handling to provide a longer bit-shift register +* Add functions to read ZID cache entries, raw data, formatted + as string +* Order full ZID list by secure-since date + +------------------------------------------------------------------- +Sun Nov 24 13:16:43 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 4.1.0 +* added some new algorithms for the DH key agreement and the Skein + Hash for ZRTP. + +------------------------------------------------------------------- +Wed Jul 3 23:35:48 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 3.2.2.2 +* Re-structure ZRTP cache and add SQlite3 as optional storage backend +* Fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 (bnc#828028) + +------------------------------------------------------------------- +Thu Jun 13 20:01:04 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 2.3.3 +* Fallback to libgcrypt if openssl has no Elliptical Curve + support (no user-visible changes) + +------------------------------------------------------------------- +Wed Jun 5 22:43:00 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 2.3.2 +* Upstream has not provided a NEWS/changelog entry +- Do signature verification +- Remove redundant %clean section; more robust make install call +- Remove libzrtpcpp-libdir.patch (no longer required) + +------------------------------------------------------------------- +Sat Mar 23 22:07:11 UTC 2013 - schwab@suse.de + +- Properly determine LIB_SUFFIX + +------------------------------------------------------------------- +Thu Apr 5 13:28:26 UTC 2012 - dvaleev@suse.com + +- better libdir handling + +------------------------------------------------------------------- +Thu Apr 5 11:59:40 UTC 2012 - dvaleev@suse.com + +- fix libdir for ppc64 + +------------------------------------------------------------------- +Tue Sep 27 08:02:08 UTC 2011 - coolo@suse.com + +- fix the shared library policy packaging + +------------------------------------------------------------------- +Sat Aug 20 07:17:04 UTC 2011 - Werner.Dittmann@t-online.de + +- Modify and rename spec file to adhere to naming policies + * remove rpmlintrc file - not longer used + +------------------------------------------------------------------- +Mon Aug 1 15:54:33 UTC 2011 - Werner.Dittmann@t-online.de + +- update to version 2.0 to be in sync with version number of GNU ccRTP + * Update configuration to use the new GNU uCommon library + +------------------------------------------------------------------- +Sat Jan 8 09:10:00 MEZ 2011 - Werner.Dittmann@t-online.de + +- Update to latest version of GNU ZRTP C++ + * Cumulative update that implements all fixes and + versions since 1.3.0 (see below) + * Protocol implementation compliant with latest ZRTP + specification. + * lots of documentation added (doxygen ready) + * some code cleanup + +------------------------------------------------------------------- +Thu Dec 9 15:36:27 UTC 2010 - rguenther@novell.com + +- drop bogus libgcc BuildRequires + +------------------------------------------------------------------- +Tue Nov 3 19:09:29 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Mon Sep 8 14:21:01 CEST 2008 - hvogel@suse.de + +- Update to 1.3.0 + * implements the latest changes define in the ZRTP draft + * The Method ''setSipsSecret(...)'' is no longer available. + * The method ''setOtherSecret(...)'' was renamed to + ''setPbxSecret(...)'' + * The methos ''setSrtpsSecret(...)'' is was renamed to + ''setAuxSecret(...)'' + +------------------------------------------------------------------- +Sun May 11 23:30:44 CEST 2008 - crrodriguez@suse.de + +- fix no-return-in-nonvoid-function errors +- fix both buildRequires and -devel package dependencies +- remove static libraries and "la" files + +------------------------------------------------------------------- +Wed Apr 2 15:49:00 CEST 2008 - hvogel@suse.de + +- update to version 1.0.1 + * various bugfixes +- add libzrtpcpp1 sub-package + +------------------------------------------------------------------- +Tue Mar 27 14:37:07 CEST 2007 - mskibbe@suse.de + +- fix compiler warnings +- fix changlog date problems + +------------------------------------------------------------------- +Fri Mar 2 11:44:38 CET 2007 - mskibbe@suse.de + +- libzrtpcpp-devel has a broken epoch and packaging bugs (#249532) + +------------------------------------------------------------------- +Thu Feb 15 09:51:45 CET 2007 - mskibbe@suse.de + +- change package for SuSE + +------------------------------------------------------------------- +Sun Oct 15 12:00:00 CET 2006 - cs@linux-administrator.com + +- initial package build for SuSE 10.1 diff --git a/libzrtpcpp.spec b/libzrtpcpp.spec new file mode 100644 index 0000000..a42d090 --- /dev/null +++ b/libzrtpcpp.spec @@ -0,0 +1,103 @@ +# +# spec file for package libzrtpcpp +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: libzrtpcpp +%define lname libzrtpcpp4 +Version: 4.7.0 +Release: 0 +Summary: A ccrtp extension for ZRTP support +License: GPL-3.0-or-later +Group: Development/Libraries/C and C++ +URL: http://www.gnutelephony.org/index.php/GNU_ZRTP + +#Git-Clone: git://github.com/wernerd/ZRTPCPP +#Git-Web: https://github.com/wernerd/ZRTPCPP +Source: https://github.com/wernerd/ZRTPCPP/archive/%version.tar.gz +#PATCH-FIX-OPENSUSE bsc#1219884 Adapt libzrtpcpp to build with OpenSSL 3 +Patch0: libzrtpcpp-openssl3.patch +BuildRequires: cmake +BuildRequires: gcc-c++ >= 4.7 +BuildRequires: libopenssl-devel +BuildRequires: pkg-config +BuildRequires: pkgconfig(libccrtp) >= 2 +BuildRequires: pkgconfig(sqlite3) >= 3.7 + +%description +A library that adds RFC6189-compliant ZRTP support to the GNU ccRTP +stack and serves as library for other RTP stacks such as PJSIP and +GStreamer. ZRTP was developed to allow ad-hoc key negotiation to +setup Secure RTP (SRTP) sessions. + +%package -n %lname +Summary: A ccrtp extension for ZRTP support +Group: System/Libraries + +%description -n %lname +A library that adds RFC6189-compliant ZRTP support to the GNU ccRTP +stack and serves as library for other RTP stacks such as PJSIP and +GStreamer. ZRTP was developed to allow ad-hoc key negotiation to +setup Secure RTP (SRTP) sessions. + +%package devel +Summary: Headers and link library for libzrtpcpp +Group: Development/Libraries/C and C++ +Requires: %lname = %version +Requires: ccrtp-devel >= 2.0.0 + +%description devel +This package provides the header files for building applications that +use libzrtpcpp. + +%prep +%autosetup -p1 -n ZRTPCPP-%version +chmod a-x INSTALL + +%build +# libzrtpcpp changed its API (apparently - can't tell whether aes_init +# was meant to be exported or not), but failed to bump the SO version. +# So now, add explicit symbol versions to ensure programs with wrong +# ABI combinations are caught. +echo "V_%version { global: *; };" >version.map +%cmake -DCMAKE_INSTALL_PREFIX="%_prefix" \ + -DCMAKE_C_FLAGS:STRING="%optflags" \ + -DCMAKE_CXX_FLAGS:STRING="%optflags" \ + -DCMAKE_LD_FLAGS:STRING="-Wl,--version-script=$PWD/version.map" \ + -DCRYPTO_STANDALONE:BOOL=false \ +%if "%_lib" == "lib64" + -DLIB_SUFFIX=64 \ +%endif + +%cmake_build + +%install +%cmake_install + +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig + +%files -n %lname +%license COPYING +%_libdir/libzrtpcpp.so.4* + +%files devel +%doc AUTHORS README.md +%_libdir/libzrtpcpp.so +%_libdir/pkgconfig/libzrtpcpp.pc +%_includedir/libzrtpcpp/ + +%changelog From d59b0bc92649c0fd3abf87b67dd63c270c54cfd81fe31a912d3362b00b075037 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 22 Oct 2024 13:24:12 +0000 Subject: [PATCH 2/3] Shrink libzrtpcpp-openssl3.patch by getting rid of all the ^- lines OBS-URL: https://build.opensuse.org/package/show/network:telephony/libzrtpcpp?expand=0&rev=59 --- libzrtpcpp-openssl3.patch | 253 +++++++++++++++++++------------------- 1 file changed, 124 insertions(+), 129 deletions(-) diff --git a/libzrtpcpp-openssl3.patch b/libzrtpcpp-openssl3.patch index 5b91431..f73e698 100644 --- a/libzrtpcpp-openssl3.patch +++ b/libzrtpcpp-openssl3.patch @@ -1,92 +1,55 @@ -Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/zrtpDH.cpp +From: Pedro Monreal Gonzalez +Date: 2024-10-22 12:59:25+0000 +Subject: Adapt libzrtpcpp to build with OpenSSL 3 +References: https://bugzilla.opensuse.org/1219884 + +--- + zrtp/crypto/openssl/InitializeOpenSSL.cpp | 12 +++++++++ + zrtp/crypto/openssl/hmac256.cpp | 18 +++++++++++++ + zrtp/crypto/openssl/hmac384.cpp | 18 +++++++++++++ + zrtp/crypto/openssl/zrtpDH.cpp | 39 ++++++++++++++++++++++++++++++ + 4 files changed, 87 insertions(+) + +Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/InitializeOpenSSL.cpp =================================================================== ---- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/zrtpDH.cpp -+++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/zrtpDH.cpp -@@ -201,6 +201,7 @@ ZrtpDH::ZrtpDH(const char* type) { - case DH3K: - ctx = static_cast(DH_new()); - tmpCtx = static_cast(ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - tmpCtx->g = BN_new(); - BN_set_word(tmpCtx->g, DH_GENERATOR_2); - -@@ -215,7 +216,23 @@ ZrtpDH::ZrtpDH(const char* type) { - tmpCtx->priv_key = BN_bin2bn(random, 32, nullptr); - } - break; -- -+#else -+ { -+ BIGNUM* g = BN_new(); -+ BN_set_word(g, DH_GENERATOR_2); -+ if (pkType == DH2K) { -+ DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); -+ RAND_bytes(random, 32); -+ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); -+ } -+ else if (pkType == DH3K) { -+ DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); -+ RAND_bytes(random, 64); -+ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); -+ } -+ } -+ break; -+#endif - case EC25: - ctx = static_cast(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); - break; -@@ -252,11 +269,18 @@ int32_t ZrtpDH::computeSecretKey(uint8_t - if (pkType == DH2K || pkType == DH3K) { - auto* tmpCtx = static_cast(ctx); +--- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/InitializeOpenSSL.cpp ++++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/InitializeOpenSSL.cpp +@@ -18,6 +18,10 @@ + #include + #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (tmpCtx->pub_key != nullptr) { - BN_free(tmpCtx->pub_key); - } - tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), nullptr); - return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); -+#else -+ DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); -+ BIGNUM* pub_key; -+ DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); -+ return DH_compute_key(secret, pub_key, tmpCtx); ++# define CRYPTO_get_lock_name(type) (NULL) +#endif - } - if (pkType == EC25 || pkType == EC38) { - uint8_t buffer[200]; -@@ -304,8 +328,16 @@ uint32_t ZrtpDH::getDhSize() const - - int32_t ZrtpDH::getPubKeySize() const - { -- if (pkType == DH2K || pkType == DH3K) -- return BN_num_bytes(static_cast(ctx)->pub_key); + -+ if (pkType == DH2K || pkType == DH3K) { + #ifdef _MSWINDOWS_ + #include + #endif +@@ -134,7 +138,11 @@ static void threadLockCleanup(void) { + for (i = 0; i < CRYPTO_num_locks(); i++) { + /* rwlock_destroy(&(lock_cs[i])); */ + mutex_destroy(&(lock_cs[i])); +#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ return BN_num_bytes(static_cast(ctx)->pub_key); + fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); +#else -+ BIGNUM* pub_key; -+ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); -+ return BN_num_bytes(pub_key); -+#endif -+ } - - if (pkType == EC25 || pkType == EC38) - return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), -@@ -324,7 +356,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t * - if (prepend > 0) { - memset(buf, 0, prepend); - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); -+#else -+ BIGNUM* pub_key; -+ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); -+ return BN_bn2bin(pub_key, buf + prepend); ++ fprintf(stderr,"%8ld\n",lock_count[i]); +#endif } - if (pkType == EC25 || pkType == EC38) { - uint8_t buffer[200]; + OPENSSL_free(lock_cs); + OPENSSL_free(lock_count); +@@ -199,8 +207,12 @@ static void threadLockCleanup(void) + fprintf(stderr,"cleanup\n"); + for (i = 0; i < CRYPTO_num_locks(); i++) { + pthread_mutex_destroy(&(lock_cs[i])); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + fprintf(stderr,"%8ld:%s\n",lock_count[i], + CRYPTO_get_lock_name(i)); ++#else ++ fprintf(stderr,"%8ld\n",lock_count[i]); ++#endif + } + OPENSSL_free(lock_cs); + OPENSSL_free(lock_count); Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac256.cpp =================================================================== --- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/hmac256.cpp @@ -98,8 +61,7 @@ Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac256.cpp +#if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX ctx = {}; HMAC_CTX_init(&ctx); -- HMAC_Init_ex( &ctx, key, static_cast(key_length), EVP_sha256(), nullptr ); -+ HMAC_Init_ex(&ctx, key, static_cast(key_length), EVP_sha256(), nullptr); + HMAC_Init_ex( &ctx, key, static_cast(key_length), EVP_sha256(), nullptr ); +#else + HMAC_CTX * ctx; + ctx = HMAC_CTX_new(); @@ -134,10 +96,8 @@ Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac384.cpp unsigned int tmp; +#if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX ctx = {}; -- HMAC_CTX_init( &ctx ); -- HMAC_Init_ex( &ctx, key, static_cast(key_length), EVP_sha384(), nullptr ); -+ HMAC_CTX_init(&ctx); -+ HMAC_Init_ex(&ctx, key, static_cast(key_length), EVP_sha384(), nullptr); + HMAC_CTX_init( &ctx ); + HMAC_Init_ex( &ctx, key, static_cast(key_length), EVP_sha384(), nullptr ); +#else + HMAC_CTX * ctx; + ctx = HMAC_CTX_new(); @@ -151,65 +111,100 @@ Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/hmac384.cpp + HMAC_Update(ctx, data[i], dataLength[i]); +#endif } -- HMAC_Final( &ctx, mac, &tmp); +#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ HMAC_Final(&ctx, mac, &tmp); + HMAC_Final( &ctx, mac, &tmp); +#else + HMAC_Final(ctx, mac, &tmp); +#endif *mac_length = tmp; -- HMAC_CTX_cleanup( &ctx ); +#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ HMAC_CTX_cleanup( &ctx); + HMAC_CTX_cleanup( &ctx ); +#else + HMAC_CTX_free(ctx); +#endif } -Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/InitializeOpenSSL.cpp +Index: ZRTPCPP-4.7.0/zrtp/crypto/openssl/zrtpDH.cpp =================================================================== ---- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/InitializeOpenSSL.cpp -+++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/InitializeOpenSSL.cpp -@@ -18,6 +18,10 @@ - #include - #include +--- ZRTPCPP-4.7.0.orig/zrtp/crypto/openssl/zrtpDH.cpp ++++ ZRTPCPP-4.7.0/zrtp/crypto/openssl/zrtpDH.cpp +@@ -201,6 +201,7 @@ ZrtpDH::ZrtpDH(const char* type) { + case DH3K: + ctx = static_cast(DH_new()); + tmpCtx = static_cast(ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmpCtx->g = BN_new(); + BN_set_word(tmpCtx->g, DH_GENERATOR_2); + +@@ -216,6 +217,23 @@ ZrtpDH::ZrtpDH(const char* type) { + } + break; + ++#else ++ { ++ BIGNUM* g = BN_new(); ++ BN_set_word(g, DH_GENERATOR_2); ++ if (pkType == DH2K) { ++ DH_set0_pqg(tmpCtx, BN_dup(bnP2048), NULL, g); ++ RAND_bytes(random, 32); ++ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); ++ } ++ else if (pkType == DH3K) { ++ DH_set0_pqg(tmpCtx, BN_dup(bnP3072), NULL, g); ++ RAND_bytes(random, 64); ++ DH_set0_key(tmpCtx, NULL, BN_bin2bn(random, 32, NULL)); ++ } ++ } ++ break; ++#endif + case EC25: + ctx = static_cast(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + break; +@@ -252,11 +270,18 @@ int32_t ZrtpDH::computeSecretKey(uint8_t + if (pkType == DH2K || pkType == DH3K) { + auto* tmpCtx = static_cast(ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L -+# define CRYPTO_get_lock_name(type) (NULL) + if (tmpCtx->pub_key != nullptr) { + BN_free(tmpCtx->pub_key); + } + tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), nullptr); + return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); ++#else ++ DH_set0_key(tmpCtx, BN_bin2bn(pubKeyBytes, getDhSize(), NULL), NULL); ++ BIGNUM* pub_key; ++ DH_get0_key(tmpCtx, const_cast(&pub_key), NULL); ++ return DH_compute_key(secret, pub_key, tmpCtx); +#endif -+ - #ifdef _MSWINDOWS_ - #include - #endif -@@ -132,9 +136,13 @@ static void threadLockCleanup(void) { - fprintf(stderr,"cleanup\n"); + } + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[200]; +@@ -305,7 +330,15 @@ uint32_t ZrtpDH::getDhSize() const + int32_t ZrtpDH::getPubKeySize() const + { + if (pkType == DH2K || pkType == DH3K) ++ { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + return BN_num_bytes(static_cast(ctx)->pub_key); ++#else ++ BIGNUM* pub_key; ++ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); ++ return BN_num_bytes(pub_key); ++#endif ++ } - for (i = 0; i < CRYPTO_num_locks(); i++) { -- /* rwlock_destroy(&(lock_cs[i])); */ -- mutex_destroy(&(lock_cs[i])); -- fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); -+ /* rwlock_destroy(&(lock_cs[i])); */ -+ mutex_destroy(&(lock_cs[i])); + if (pkType == EC25 || pkType == EC38) + return EC_POINT_point2oct(EC_KEY_get0_group(static_cast(ctx)), +@@ -324,7 +357,13 @@ int32_t ZrtpDH::getPubKeyBytes(uint8_t * + if (prepend > 0) { + memset(buf, 0, prepend); + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); + return BN_bn2bin(static_cast(ctx)->pub_key, buf + prepend); +#else -+ fprintf(stderr,"%8ld\n",lock_count[i]); ++ BIGNUM* pub_key; ++ DH_get0_key(static_cast(ctx), const_cast(&pub_key), NULL); ++ return BN_bn2bin(pub_key, buf + prepend); +#endif } - OPENSSL_free(lock_cs); - OPENSSL_free(lock_count); -@@ -198,9 +206,12 @@ static void threadLockCleanup(void) - CRYPTO_set_locking_callback(NULL); - fprintf(stderr,"cleanup\n"); - for (i = 0; i < CRYPTO_num_locks(); i++) { -- pthread_mutex_destroy(&(lock_cs[i])); -- fprintf(stderr,"%8ld:%s\n",lock_count[i], -- CRYPTO_get_lock_name(i)); -+ pthread_mutex_destroy(&(lock_cs[i])); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); -+#else -+ fprintf(stderr,"%8ld\n",lock_count[i]); -+#endif - } - OPENSSL_free(lock_cs); - OPENSSL_free(lock_count); + if (pkType == EC25 || pkType == EC38) { + uint8_t buffer[200]; From 4ebdedb3ee503afdd6a75d3d3ff803796d3a49f28f894404bc2ea1f50dc7a309 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 22 Oct 2024 13:27:03 +0000 Subject: [PATCH 3/3] Remove redundant patch line, metadata is together with the patch data in the patch file OBS-URL: https://build.opensuse.org/package/show/network:telephony/libzrtpcpp?expand=0&rev=60 --- libzrtpcpp.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/libzrtpcpp.spec b/libzrtpcpp.spec index a42d090..bc6bc4a 100644 --- a/libzrtpcpp.spec +++ b/libzrtpcpp.spec @@ -24,11 +24,9 @@ Summary: A ccrtp extension for ZRTP support License: GPL-3.0-or-later Group: Development/Libraries/C and C++ URL: http://www.gnutelephony.org/index.php/GNU_ZRTP - #Git-Clone: git://github.com/wernerd/ZRTPCPP #Git-Web: https://github.com/wernerd/ZRTPCPP Source: https://github.com/wernerd/ZRTPCPP/archive/%version.tar.gz -#PATCH-FIX-OPENSUSE bsc#1219884 Adapt libzrtpcpp to build with OpenSSL 3 Patch0: libzrtpcpp-openssl3.patch BuildRequires: cmake BuildRequires: gcc-c++ >= 4.7