Changeset 5483

Timestamp:

Nov 16, 2016 5:53:23 AM (8 years ago)

Author:

ming

Message:

Re #1975: Add autoconf detection of OpenSSL elliptic curve and sigalg support

Location:

pjproject/trunk

Files:

• aconfigure (modified) (5 diffs)
• aconfigure.ac (modified) (2 diffs)
• pjlib/build/os-auto.mak.in (modified) (1 diff)
• pjlib/src/pj/ssl_sock_ossl.c (modified) (6 diffs)

pjproject/trunk/aconfigure

@@ -642 +642 @@
 ac_no_opencore_amrwb
 ac_no_opencore_amrnb
+ec_curve_present
+set_curve_present
 libcrypto_present
 libssl_present
 openssl_h_present
+ac_ssl_has_sigalg
+ac_ssl_has_ec
 ac_ssl_has_aes_gcm
 ac_no_ssl
@@ -5415 +5419 @@
 
 
+
 ac_fn_c_check_func "$LINENO" "localtime_r" "ac_cv_func_localtime_r"
 if test "x$ac_cv_func_localtime_r" = xyes; then :
@@ -5420 +5425 @@
 
 fi
+
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Setting PJ_OS_NAME to $target" >&5
@@ -7784 +7790 @@
 ac_ssl_has_aes_gcm=0
 
+ac_ssl_has_ec=0
+
+ac_ssl_has_sigalg=0
+
 # Check whether --enable-ssl was given.
 if test "${enable_ssl+set}" = set; then :
@@ -7945 +7955 @@
 $as_echo "OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos" >&6; }
                         fi
+
+                        # Check if OpenSSL supports setting curve algorithm
+                        # and has elliptic curve
+
+                        { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL setting curve functions" >&5
+$as_echo_n "checking OpenSSL setting curve functions... " >&6; }
+                        set_curve_present=0
+
+                        ec_curve_present=0
+
+                        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <openssl/ssl.h>
+
+int
+main ()
+{
+ SSL_set1_curves(NULL, NULL, 0);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+   set_curve_present=1
+                                   { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+
+else
+
+                                   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
+                        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EC_curve_nid2nist in -lssl" >&5
+$as_echo_n "checking for EC_curve_nid2nist in -lssl... " >&6; }
+if ${ac_cv_lib_ssl_EC_curve_nid2nist+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lssl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EC_curve_nid2nist ();
+int
+main ()
+{
+return EC_curve_nid2nist ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_ssl_EC_curve_nid2nist=yes
+else
+  ac_cv_lib_ssl_EC_curve_nid2nist=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_EC_curve_nid2nist" >&5
+$as_echo "$ac_cv_lib_ssl_EC_curve_nid2nist" >&6; }
+if test "x$ac_cv_lib_ssl_EC_curve_nid2nist" = xyes; then :
+  ec_curve_present=1
+fi
+
+                        if test "x$set_curve_present" = "x1" -a "x$ec_curve_present" = "x1"; then
+                                ac_ssl_has_ec=1
+                                { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL has elliptic curve support" >&5
+$as_echo "OpenSSL has elliptic curve support" >&6; }
+                        else
+                                { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL elliptic curve algorithm unsupported" >&5
+$as_echo "OpenSSL elliptic curve algorithm unsupported" >&6; }
+                        fi
+
+                        { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL setting sigalg" >&5
+$as_echo_n "checking OpenSSL setting sigalg... " >&6; }
+                        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <openssl/ssl.h>
+
+int
+main ()
+{
+SSL_set1_sigalgs_list(NULL, NULL);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+   ac_ssl_has_sigalg=1
+                                   { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+
+else
+
+                                   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 
                         # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK

pjproject/trunk/aconfigure.ac

@@ -1534 +1534 @@
 AC_SUBST(ac_no_ssl)
 AC_SUBST(ac_ssl_has_aes_gcm,0)
+AC_SUBST(ac_ssl_has_ec,0)
+AC_SUBST(ac_ssl_has_sigalg,0)
 AC_ARG_ENABLE(ssl,
               AS_HELP_STRING([--disable-ssl],
@@ -1568 +1570 @@
                                 AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
                         fi
+
+                        # Check if OpenSSL supports setting curve algorithm
+                        # and has elliptic curve
+                        
+                        AC_MSG_CHECKING([OpenSSL setting curve functions])
+                        AC_SUBST(set_curve_present,0)
+                        AC_SUBST(ec_curve_present,0)
+                        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h>
+                                                  ]],
+                                                  [ SSL_set1_curves(NULL, NULL, 0);]
+                                                 )],
+                                 [ set_curve_present=1
+                                   AC_MSG_RESULT(ok)
+                                  ],
+                                 [
+                                   AC_MSG_RESULT(no)
+                                 ])
+
+                        AC_CHECK_LIB(ssl,EC_curve_nid2nist,[ec_curve_present=1])
+                        if test "x$set_curve_present" = "x1" -a "x$ec_curve_present" = "x1"; then
+                                [ac_ssl_has_ec=1]
+                                AC_MSG_RESULT([OpenSSL has elliptic curve support])
+                        else
+                                AC_MSG_RESULT([OpenSSL elliptic curve algorithm unsupported])
+                        fi
+
+                        AC_MSG_CHECKING([OpenSSL setting sigalg])
+                        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h>
+                                                  ]],
+                                                  [SSL_set1_sigalgs_list(NULL, NULL);]
+                                                 )],
+                                 [ ac_ssl_has_sigalg=1
+                                   AC_MSG_RESULT(ok)
+                                  ],
+                                 [
+                                   AC_MSG_RESULT(no)
+                                 ])
 
                         # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK

pjproject/trunk/pjlib/build/os-auto.mak.in

@@ -34 +34 @@
 export TARGETS_EXE  =   $(TEST_EXE)
 
+ifeq (@ac_ssl_has_ec@,1)
+export PJLIB_CFLAGS += -DPJ_SSL_SOCK_OSSL_HAS_EC=1
+endif
 
+ifeq (@ac_ssl_has_sigalg@,1)
+export PJLIB_CFLAGS += -DPJ_SSL_SOCK_OSSL_HAS_SIGALG=1
+endif

pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

@@ -53 +53 @@
 #include <openssl/engine.h>
 
-#if !defined(OPENSSL_NO_EC)
+#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1
    extern int tls1_ec_nid2curve_id(int nid);
    extern int tls1_ec_curve_id2nid(int curve_id);
@@ -386 +386 @@
         ssl->session = SSL_SESSION_new();
 
-#if !defined(OPENSSL_NO_EC)
+#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1
         openssl_curves_num = SSL_get_shared_curve(ssl,-1);
         if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves))
@@ -1000 +1000 @@
 static pj_status_t set_curves_list(pj_ssl_sock_t *ssock)
 {
-#if !defined(OPENSSL_NO_EC)
+#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1
     int ret;
     int curves[PJ_SSL_SOCK_MAX_CURVES];
@@ -1023 +1023 @@
             return GET_SSL_STATUS(ssock);
     }
+#endif
 
     return PJ_SUCCESS;
-#else
-    return PJ_ENOTSUP;
-#endif
 }
 
 static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
 {
+#if defined(PJ_SSL_SOCK_OSSL_HAS_SIGALG) && PJ_SSL_SOCK_OSSL_HAS_SIGALG==1
     int ret;
 
@@ -1046 +1045 @@
             return GET_SSL_STATUS(ssock);
     }
+#endif
 
     return PJ_SUCCESS;
@@ -2394 +2394 @@
 
     for (i = 0; i < *curve_num; ++i)
-    curves[i] = openssl_curves[i].id;
+        curves[i] = openssl_curves[i].id;
 
     return PJ_SUCCESS;