[asterisk-commits] file: branch file/sha256-a-harsh-reality r417074 - /team/file/sha256-a-harsh-...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Jun 23 08:09:37 CDT 2014
Author: file
Date: Mon Jun 23 08:09:31 2014
New Revision: 417074
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=417074
Log:
Accept SHA-256 as a remote fingerprint hash.
Modified:
team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c
Modified: team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c
URL: http://svnview.digium.com/svn/asterisk/team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c?view=diff&rev=417074&r1=417073&r2=417074
==============================================================================
--- team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c (original)
+++ team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c Mon Jun 23 08:09:31 2014
@@ -1061,9 +1061,11 @@
int pos = 0;
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
- if (hash != AST_RTP_DTLS_HASH_SHA1) {
+ if (hash != AST_RTP_DTLS_HASH_SHA1 && hash != AST_RTP_DTLS_HASH_SHA256) {
return;
}
+
+ rtp->remote_hash = hash;
while ((value = strsep(&tmp, ":")) && (pos != (EVP_MAX_MD_SIZE - 1))) {
sscanf(value, "%02x", (unsigned int*)&rtp->remote_fingerprint[pos++]);
@@ -1458,10 +1460,20 @@
/* If a fingerprint is present in the SDP make sure that the peer certificate matches it */
if (rtp->remote_fingerprint[0]) {
+ const EVP_MD *type;
unsigned char fingerprint[EVP_MAX_MD_SIZE];
unsigned int size;
- if (!X509_digest(certificate, EVP_sha1(), fingerprint, &size) ||
+ if (rtp->remote_hash == AST_RTP_DTLS_HASH_SHA1) {
+ type = EVP_sha1();
+ } else if (rtp->remote_hash == AST_RTP_DTLS_HASH_SHA256) {
+ type = EVP_sha256();
+ } else {
+ ast_log(LOG_WARNING, "Unsupported fingerprint hash type on RTP instance '%p'\n", instance);
+ return -1;
+ }
+
+ if (!X509_digest(certificate, type, fingerprint, &size) ||
!size ||
memcmp(fingerprint, rtp->remote_fingerprint, size)) {
X509_free(certificate);
More information about the asterisk-commits
mailing list