Module: kamailio Branch: master Commit: e0c04615bb6a9f4a2077012481d4cbb5c669ecf0 URL: https://github.com/kamailio/kamailio/commit/e0c04615bb6a9f4a2077012481d4cbb5c669ecf0
Author: Daniel-Constantin Mierla <mico...@gmail.com> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2025-08-07T06:01:05+02:00 websocket: use core sha1 instead of libssl for the handshake key - avoid the libssl crypto rwlock use --- Modified: src/modules/websocket/CMakeLists.txt Modified: src/modules/websocket/Makefile Modified: src/modules/websocket/ws_handshake.c --- Diff: https://github.com/kamailio/kamailio/commit/e0c04615bb6a9f4a2077012481d4cbb5c669ecf0.diff Patch: https://github.com/kamailio/kamailio/commit/e0c04615bb6a9f4a2077012481d4cbb5c669ecf0.patch --- diff --git a/src/modules/websocket/CMakeLists.txt b/src/modules/websocket/CMakeLists.txt index daddc40face..ce3d36f9cb9 100644 --- a/src/modules/websocket/CMakeLists.txt +++ b/src/modules/websocket/CMakeLists.txt @@ -4,8 +4,6 @@ add_library(${module_name} SHARED ${MODULE_SOURCES}) find_package(OpenSSL REQUIRED) -target_link_libraries(websocket PRIVATE OpenSSL::SSL OpenSSL::Crypto) - # TODO: Verify if correct if(EMBEDDED_UTF8_DECODE EQUAL 0) target_link_libraries(${module_name} PRIVATE unistring) diff --git a/src/modules/websocket/Makefile b/src/modules/websocket/Makefile index 99b1fe1f8c3..3df8ed318cb 100644 --- a/src/modules/websocket/Makefile +++ b/src/modules/websocket/Makefile @@ -8,36 +8,6 @@ NAME=websocket.so EMBEDDED_UTF8_DECODE ?= 0 -ifeq ($(CROSS_COMPILE),) -SSL_BUILDER=$(shell \ - if pkg-config --exists libssl; then \ - echo 'pkg-config libssl'; \ - fi) - -ifneq ($(SSL_BUILDER),) -SSL_BUILDER+=$(shell \ - if pkg-config --exists libcrypto; then \ - echo 'libcrypto'; \ - fi) -endif - -endif - -ifneq ($(SSL_BUILDER),) - DEFS += $(shell $(SSL_BUILDER) --cflags) - LIBS += $(shell $(SSL_BUILDER) --libs) -else - DEFS += -I$(LOCALBASE)/ssl/include - LIBS += -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib \ - -L$(LOCALBASE)/lib64 -L$(LOCALBASE)/ssl/lib64 \ - -lssl -lcrypto - # NOTE: depending on the way in which libssl was compiled you might - # have to add -lz -lkrb5 (zlib and kerberos5). - # E.g.: make TLS_HOOKS=1 TLS_EXTRA_LIBS="-lz -lkrb5" -endif - -LIBS+= $(TLS_EXTRA_LIBS) - ifeq ($(EMBEDDED_UTF8_DECODE),0) DEFS += -I$(LOCALBASE)/include LIBS += -L$(LOCALBASE)/lib -lunistring @@ -50,4 +20,3 @@ endif #LIBS+= /usr/lib/libcurl.a /usr/lib/libssl.a /usr/lib/libcrypto.a -lkrb5 -lidn -lz -lgssapi_krb5 -lrt include ../../Makefile.modules - diff --git a/src/modules/websocket/ws_handshake.c b/src/modules/websocket/ws_handshake.c index 01a543486c0..32ec7599af1 100644 --- a/src/modules/websocket/ws_handshake.c +++ b/src/modules/websocket/ws_handshake.c @@ -26,8 +26,6 @@ * */ -#include <openssl/sha.h> - #include "../../core/basex.h" #include "../../core/data_lump_rpl.h" #include "../../core/dprint.h" @@ -36,6 +34,7 @@ #include "../../core/tcp_conn.h" #include "../../core/counters.h" #include "../../core/strutils.h" +#include "../../core/crypto/shautils.h" #include "../../core/mem/mem.h" #include "../../core/parser/msg_parser.h" #include "../sl/sl.h" @@ -93,7 +92,7 @@ static str str_status_service_unavailable = str_init("Service Unavailable"); #define HDR_BUF_LEN (512) static char headers_buf[HDR_BUF_LEN]; -static char key_buf[base64_enc_len(SHA_DIGEST_LENGTH)]; +static char key_buf[base64_enc_len(SHA1_DIGEST_LENGTH)]; static int ws_send_reply(sip_msg_t *msg, int code, str *reason, str *hdrs) { @@ -120,7 +119,7 @@ static int ws_send_reply(sip_msg_t *msg, int code, str *reason, str *hdrs) int ws_handle_handshake(struct sip_msg *msg) { str key = {0, 0}, headers = {0, 0}, reply_key = {0, 0}, origin = {0, 0}; - unsigned char sha1[SHA_DIGEST_LENGTH]; + unsigned char sha1[SHA1_DIGEST_LENGTH]; unsigned int hdr_flags = 0, sub_protocol = 0; int version = 0; struct hdr_field *hdr = msg->headers; @@ -305,11 +304,11 @@ int ws_handle_handshake(struct sip_msg *msg) memcpy(reply_key.s, key.s, key.len); memcpy(reply_key.s + key.len, str_ws_guid.s, str_ws_guid.len); reply_key.len = key.len + str_ws_guid.len; - SHA1((const unsigned char *)reply_key.s, reply_key.len, sha1); + compute_sha1_raw(sha1, (u_int8_t *)reply_key.s, reply_key.len); pkg_free(reply_key.s); reply_key.s = key_buf; - reply_key.len = base64_enc(sha1, SHA_DIGEST_LENGTH, - (unsigned char *)reply_key.s, base64_enc_len(SHA_DIGEST_LENGTH)); + reply_key.len = base64_enc(sha1, SHA1_DIGEST_LENGTH, + (unsigned char *)reply_key.s, base64_enc_len(SHA1_DIGEST_LENGTH)); /* Add the connection to the WebSocket connection table */ wsconn_add(&msg->rcv, sub_protocol); _______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
