[asterisk-commits] file: branch file/sha256-a-harsh-reality r417074 - /team/file/sha256-a-harsh-...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Jun 23 08:09:37 CDT 2014


Author: file
Date: Mon Jun 23 08:09:31 2014
New Revision: 417074

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=417074
Log:
Accept SHA-256 as a remote fingerprint hash.

Modified:
    team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c

Modified: team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c
URL: http://svnview.digium.com/svn/asterisk/team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c?view=diff&rev=417074&r1=417073&r2=417074
==============================================================================
--- team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c (original)
+++ team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c Mon Jun 23 08:09:31 2014
@@ -1061,9 +1061,11 @@
 	int pos = 0;
 	struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
 
-	if (hash != AST_RTP_DTLS_HASH_SHA1) {
+	if (hash != AST_RTP_DTLS_HASH_SHA1 && hash != AST_RTP_DTLS_HASH_SHA256) {
 		return;
 	}
+
+	rtp->remote_hash = hash;
 
 	while ((value = strsep(&tmp, ":")) && (pos != (EVP_MAX_MD_SIZE - 1))) {
 		sscanf(value, "%02x", (unsigned int*)&rtp->remote_fingerprint[pos++]);
@@ -1458,10 +1460,20 @@
 
 		/* If a fingerprint is present in the SDP make sure that the peer certificate matches it */
 		if (rtp->remote_fingerprint[0]) {
+			const EVP_MD *type;
 			unsigned char fingerprint[EVP_MAX_MD_SIZE];
 			unsigned int size;
 
-			if (!X509_digest(certificate, EVP_sha1(), fingerprint, &size) ||
+			if (rtp->remote_hash == AST_RTP_DTLS_HASH_SHA1) {
+				type = EVP_sha1();
+			} else if (rtp->remote_hash == AST_RTP_DTLS_HASH_SHA256) {
+				type = EVP_sha256();
+			} else {
+				ast_log(LOG_WARNING, "Unsupported fingerprint hash type on RTP instance '%p'\n", instance);
+				return -1;
+			}
+
+			if (!X509_digest(certificate, type, fingerprint, &size) ||
 			    !size ||
 			    memcmp(fingerprint, rtp->remote_fingerprint, size)) {
 				X509_free(certificate);




More information about the asterisk-commits mailing list