Update openssl to 1.1.1 (#558)

Author: starwarfan

doc/servermd/Server.md

@@ -106,7 +106,7 @@ This section describes the dependencies and steps for installing the OWT server.
 **Table 2-3. OWT Server Dependencies**
 Name|Version|Remarks
 --------|--------|--------
-Node.js |8.15.0|Website: http://nodejs.org/
+Node.js |10.21.0|Website: http://nodejs.org/
 Node modules|Specified|N/A
 MongoDB| 2.6.10 |Website: http://mongodb.org
 System libraries|Latest|N/A
@@ -115,7 +115,7 @@ All dependencies, except system libraries, are provided or can be automatically
 
 All essential system libraries are installed when you install the OWT server package using the Ubuntu or CentOS's package management system.
 
-Regarding Node.js*, make sure it's installed in your system prior to installing the OWT server. We recommend version 8.15.0. Refer to http://nodejs.org/ for the details and installation.
+Regarding Node.js*, make sure it's installed in your system prior to installing the OWT server. We recommend version 10.21.0. Refer to http://nodejs.org/ for the details and installation.
 
 Before installing the OWT server, make sure your login account has sys-admin privileges; i.e. the ability to execute `sudo`.
 
@@ -789,10 +789,10 @@ Peer server | Ubuntu 18.04 LTS, CentOS* 7.6/7.4
 **Table 5-2. Peer Server Dependencies**
 Name | Version | Remarks
 -----|----|----
-Node.js | 8.15.0 | Website: http://nodejs.org/
+Node.js | 10.21.0 | Website: http://nodejs.org/
 Node modules | Specified | N/A
 
-Regarding Node.js*, make sure it's installed in your system prior to installing the Peer Server. We recommend version 8.15.0. Refer to http://nodejs.org/ for installation details.
+Regarding Node.js*, make sure it's installed in your system prior to installing the Peer Server. We recommend version 10.21.0. Refer to http://nodejs.org/ for installation details.
 ## 5.3 Installation {#Conferencesection5_3}
 On the server machine, unpack the peer server release package, and install node modules
 

scripts/installCommonDeps.sh

@@ -150,13 +150,14 @@ install_openssl(){
   $INCR_INSTALL && [[ ! -z $LIST_LIBS ]] && echo "openssl already installed." && return 0
 
   if [ -d $LIB_DIR ]; then
-    local SSL_BASE_VERSION="1.0.2"
-    local SSL_VERSION="1.0.2t"
+    local SSL_BASE_VERSION="1.1.1"
+    local SSL_VERSION="1.1.1g"
     cd $LIB_DIR
     rm -f ./build/lib/libssl.*
     rm -f ./build/lib/libcrypto.*
     rm -rf openssl-1*
-    wget -c http://www.openssl.org/source/old/${SSL_BASE_VERSION}/openssl-${SSL_VERSION}.tar.gz
+
+    wget -c https://www.openssl.org/source/openssl-${SSL_VERSION}.tar.gz
     tar xf openssl-${SSL_VERSION}.tar.gz
     cd openssl-${SSL_VERSION}
     ./config no-ssl3 --prefix=$PREFIX_DIR -fPIC
@@ -326,6 +327,7 @@ install_libsrtp2(){
 
   if [ -d $LIB_DIR ]; then
     cd $LIB_DIR
+    rm -rf libsrtp-2.1.0
     curl -o libsrtp-2.1.0.tar.gz https://codeload.github.com/cisco/libsrtp/tar.gz/v2.1.0
     tar -zxvf libsrtp-2.1.0.tar.gz
     cd libsrtp-2.1.0
@@ -381,7 +383,7 @@ install_libre() {
     rm -rf re
     git clone https://github.com/creytiv/re.git
     pushd re >/dev/null
-    git checkout v0.4.16
+    git checkout v0.5.0
     make SYSROOT_ALT=${PREFIX_DIR} RELEASE=1
     make install SYSROOT_ALT=${PREFIX_DIR} RELEASE=1 PREFIX=${PREFIX_DIR}
     popd >/dev/null

scripts/pack.js

@@ -420,6 +420,8 @@ function isLibAllowed(libSrc) {
 
   const whiteList = [
     'rtcadapter',
+    'libssl.so.1.1',
+    'libcrypto',
     'libnice',
     'libSvtHevcEnc',
     'libusrsctp',

scripts/patches/licode/0014-Do-SSL-DTLS-init-on-addon-start-instead-of-in-DtlsCl.patch

@@ -0,0 +1,46 @@
+From 562465e10e805b4808f22386d219988634c4e781 Mon Sep 17 00:00:00 2001
+From: Pedro Rodriguez <[email protected]>
+Date: Tue, 30 Oct 2018 16:46:32 +0100
+Subject: [PATCH] Do SSL/DTLS init on addon start instead of in DtlsClient Init
+ (#1324)
+
+---
+ erizo/src/erizo/dtls/DtlsClient.cpp | 1 -
+ erizoAPI/addon.cc                   | 2 ++
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/erizo/src/erizo/dtls/DtlsClient.cpp b/erizo/src/erizo/dtls/DtlsClient.cpp
+index 48b22bd..e72df66 100644
+--- a/erizo/src/erizo/dtls/DtlsClient.cpp
++++ b/erizo/src/erizo/dtls/DtlsClient.cpp
+@@ -214,7 +214,6 @@ int createCert(const std::string& pAor, int expireDays, int keyLen, X509*& outCe
+   // is required
+   DtlsSocketContext::DtlsSocketContext() {
+     started = false;
+-    DtlsSocketContext::Init();
+ 
+     ELOG_DEBUG("Creating Dtls factory, Openssl v %s", OPENSSL_VERSION_TEXT);
+ 
+diff --git a/erizoAPI/addon.cc b/erizoAPI/addon.cc
+index d4966f3..2dfee72 100644
+--- a/erizoAPI/addon.cc
++++ b/erizoAPI/addon.cc
+@@ -2,6 +2,7 @@
+ #define BUILDING_NODE_EXTENSION
+ #endif
+ #include <nan.h>
++#include <dtls/DtlsSocket.h>
+ #include "WebRtcConnection.h"
+ #include "MediaStream.h"
+ #include "OneToManyProcessor.h"
+@@ -14,6 +15,7 @@
+ #include "IOThreadPool.h"
+ 
+ NAN_MODULE_INIT(InitAll) {
++  dtls::DtlsSocketContext::Init();
+   WebRtcConnection::Init(target);
+   MediaStream::Init(target);
+   OneToManyProcessor::Init(target);
+-- 
+2.7.4
+

scripts/patches/licode/0015-change-DTLSv1_2_method-to-DTLS_method-1386.patch

@@ -0,0 +1,25 @@
+From 3609eb3f64976ea3a55ed9ed22f376ec450dc99a Mon Sep 17 00:00:00 2001
+From: Shining Dong <[email protected]>
+Date: Tue, 2 Apr 2019 15:41:20 +0800
+Subject: [PATCH] change DTLSv1_2_method to DTLS_method (#1386)
+
+---
+ erizo/src/erizo/dtls/DtlsClient.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/erizo/src/erizo/dtls/DtlsClient.cpp b/erizo/src/erizo/dtls/DtlsClient.cpp
+index e72df66..a2ff18f 100644
+--- a/erizo/src/erizo/dtls/DtlsClient.cpp
++++ b/erizo/src/erizo/dtls/DtlsClient.cpp
+@@ -217,7 +217,7 @@ int createCert(const std::string& pAor, int expireDays, int keyLen, X509*& outCe
+ 
+     ELOG_DEBUG("Creating Dtls factory, Openssl v %s", OPENSSL_VERSION_TEXT);
+ 
+-    mContext = SSL_CTX_new(DTLSv1_2_method());
++    mContext = SSL_CTX_new(DTLS_method());
+     assert(mContext);
+ 
+     int r = SSL_CTX_use_certificate(mContext, mCert);
+-- 
+2.7.4
+

scripts/patches/licode/0016-fix-dtls-multi-thread-crash-issue-1409.patch

@@ -0,0 +1,173 @@
+From a476d713dc8edf4e25d9591f04d6829c0660a558 Mon Sep 17 00:00:00 2001
+From: yuanchao0310 <[email protected]>
+Date: Tue, 14 May 2019 23:56:39 +0800
+Subject: [PATCH] fix dtls multi-thread crash issue (#1409)
+
+---
+ erizo/src/erizo/dtls/DtlsClient.cpp | 53 ++++++++++++++++++++++++++++++++++---
+ erizo/src/erizo/dtls/DtlsSocket.h   |  1 +
+ erizo/src/test/DtlsSocketTest.cpp   | 42 +++++++++++++++++++++++++++++
+ 3 files changed, 92 insertions(+), 4 deletions(-)
+ create mode 100644 erizo/src/test/DtlsSocketTest.cpp
+
+diff --git a/erizo/src/erizo/dtls/DtlsClient.cpp b/erizo/src/erizo/dtls/DtlsClient.cpp
+index a2ff18f..ba6c3af 100644
+--- a/erizo/src/erizo/dtls/DtlsClient.cpp
++++ b/erizo/src/erizo/dtls/DtlsClient.cpp
+@@ -3,6 +3,8 @@
+ extern "C" {
+   #include <srtp2/srtp.h>
+ }
++#include <mutex>  // NOLINT
++#include <thread>  // NOLINT
+ 
+ #include <boost/thread.hpp>
+ #include <boost/lexical_cast.hpp>
+@@ -31,14 +33,52 @@ using std::memcpy;
+ 
+ const char* DtlsSocketContext::DefaultSrtpProfile = "SRTP_AES128_CM_SHA1_80";
+ 
+-X509 *DtlsSocketContext::mCert = NULL;
+-EVP_PKEY *DtlsSocketContext::privkey = NULL;
++X509 *DtlsSocketContext::mCert = nullptr;
++EVP_PKEY *DtlsSocketContext::privkey = nullptr;
+ 
+ static const int KEY_LENGTH = 1024;
+ 
++static std::mutex* array_mutex;
++
+ DEFINE_LOGGER(DtlsSocketContext, "dtls.DtlsSocketContext");
+ log4cxx::LoggerPtr sslLogger(log4cxx::Logger::getLogger("dtls.SSL"));
+ 
++static void ssl_lock_callback(int mode, int type, const char* file, int line) {
++  if (mode & CRYPTO_LOCK) {
++    array_mutex[type].lock();
++  } else {
++    array_mutex[type].unlock();
++  }
++}
++
++static unsigned long ssl_thread_id() {  // NOLINT
++  return (unsigned long)std::hash<std::thread::id>()(std::this_thread::get_id());  // NOLINT
++}
++
++static int ssl_thread_setup() {
++  array_mutex = new std::mutex[CRYPTO_num_locks()];
++
++  if (!array_mutex) {
++    return 0;
++  } else {
++    CRYPTO_set_id_callback(ssl_thread_id);
++    CRYPTO_set_locking_callback(ssl_lock_callback);
++  }
++  return 1;
++}
++
++static int ssl_thread_cleanup() {
++  if (!array_mutex) {
++    return 0;
++  }
++
++  CRYPTO_set_id_callback(nullptr);
++  CRYPTO_set_locking_callback(nullptr);
++  delete[] array_mutex;
++  array_mutex = nullptr;
++  return 1;
++}
++
+ void SSLInfoCallback(const SSL* s, int where, int ret) {
+   const char* str = "undefined";
+   int w = where & ~SSL_ST_MASK;
+@@ -249,7 +289,7 @@ int createCert(const std::string& pAor, int expireDays, int keyLen, X509*& outCe
+     DtlsSocketContext::~DtlsSocketContext() {
+       mSocket->close();
+       delete mSocket;
+-      mSocket = NULL;
++      mSocket = nullptr;
+       SSL_CTX_free(mContext);
+     }
+ 
+@@ -258,7 +298,8 @@ int createCert(const std::string& pAor, int expireDays, int keyLen, X509*& outCe
+     }
+ 
+     void DtlsSocketContext::Init() {
+-      if (DtlsSocketContext::mCert == NULL) {
++      ssl_thread_setup();
++      if (DtlsSocketContext::mCert == nullptr) {
+         OpenSSL_add_all_algorithms();
+         SSL_library_init();
+         SSL_load_error_strings();
+@@ -267,6 +308,10 @@ int createCert(const std::string& pAor, int expireDays, int keyLen, X509*& outCe
+       }
+     }
+ 
++    void DtlsSocketContext::Destroy() {
++      ssl_thread_cleanup();
++    }
++
+     DtlsSocket* DtlsSocketContext::createClient() {
+       return new DtlsSocket(this, DtlsSocket::Client);
+     }
+diff --git a/erizo/src/erizo/dtls/DtlsSocket.h b/erizo/src/erizo/dtls/DtlsSocket.h
+index 2ea4795..e99cef8 100644
+--- a/erizo/src/erizo/dtls/DtlsSocket.h
++++ b/erizo/src/erizo/dtls/DtlsSocket.h
+@@ -187,6 +187,7 @@ class DtlsSocketContext {
+   static EVP_PKEY *privkey;
+ 
+   static void Init();
++  static void Destroy();
+ 
+  protected:
+   DtlsSocket *mSocket;
+diff --git a/erizo/src/test/DtlsSocketTest.cpp b/erizo/src/test/DtlsSocketTest.cpp
+new file mode 100644
+index 0000000..7708111
+--- /dev/null
++++ b/erizo/src/test/DtlsSocketTest.cpp
+@@ -0,0 +1,42 @@
++#include <gmock/gmock.h>
++#include <gtest/gtest.h>
++
++#include <dtls/DtlsSocket.h>
++#include <string>
++#include <thread>  // NOLINT
++
++using testing::_;
++using testing::Return;
++using testing::Eq;
++
++void createDtlsClient() {
++  std::unique_ptr<dtls::DtlsSocketContext> dtls_rtp;
++  dtls_rtp.reset(new dtls::DtlsSocketContext());
++  dtls_rtp->createClient();
++}
++
++class DtlsSocketTest : public ::testing::Test {
++ protected:
++  virtual void SetUp() {
++    dtls::DtlsSocketContext::Init();
++  }
++
++  virtual void TearDown() {
++    dtls::DtlsSocketContext::Destroy();
++  }
++
++  void runTest(int number_of_clients) {
++    std::thread threads[number_of_clients];  // NOLINT
++    for (int j = 0; j < number_of_clients; j++) {
++      threads[j] = std::thread(createDtlsClient);
++    }
++    for (int j = 0; j < number_of_clients; j++) {
++      threads[j].join();
++    }
++  }
++};
++
++TEST_F(DtlsSocketTest, create_1000_DtlsClient) {
++  runTest(1000);
++  EXPECT_THAT(true, Eq(true));
++}
+-- 
+2.7.4
+