Context Navigation

← Previous Changeset
Next Changeset →

Changeset 5537

Timestamp:

Jan 23, 2017 3:34:17 AM (8 years ago)

Author:

nanang

Message:

Close #1932: Support OpenSSL 1.1.0.

Location:

pjproject/trunk

Files:

: 3 edited

aconfigure (modified) (10 diffs)
aconfigure.ac (modified) (1 diff)
pjlib/src/pj/ssl_sock_ossl.c (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed

pjproject/trunk/aconfigure

-                      r5517
+                      r5537
 oldincludedir
 includedir
-runstatedir
 localstatedir
 sharedstatedir
 …
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 …
     silent=yes ;;
-  -runstatedir | --runstatedir | --runstatedi | --runstated \
-  | --runstate | --runstat | --runsta | --runst | --runs \
-  | --run | --ru | --r)
-    ac_prev=runstatedir ;;
-  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-  | --run=* | --ru=* | --r=*)
-    runstatedir=$ac_optarg ;;
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
 …
                 datadir sysconfdir sharedstatedir localstatedir includedir \
                 oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
                 libdir localedir mandir runstatedir
+                libdir localedir mandir
 do
   eval ac_val=\$$ac_var
 …
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
 …
 fi
                 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_library_init in -lssl" >&5
 $as_echo_n "checking for SSL_library_init in -lssl... " >&6; }
 if ${ac_cv_lib_ssl_SSL_library_init+:} false; then :
+                { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5
+$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; }
+if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then :
   $as_echo_n "(cached) " >&6
 else
 …
 extern "C"
 #endif
 char SSL_library_init ();
+char SSL_CTX_new ();
 int
 main ()
+{
 return SSL_library_init ();
+return SSL_CTX_new ();
+  ;
   return 0;
 …
 _ACEOF
 if ac_fn_c_try_link "$LINENO"; then :
   ac_cv_lib_ssl_SSL_library_init=yes
 else
   ac_cv_lib_ssl_SSL_library_init=no
+  ac_cv_lib_ssl_SSL_CTX_new=yes
+else
+  ac_cv_lib_ssl_SSL_CTX_new=no
 fi
 rm -f core conftest.err conftest.$ac_objext \
 …
 LIBS=$ac_check_lib_save_LIBS
 fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_library_init" >&5
 $as_echo "$ac_cv_lib_ssl_SSL_library_init" >&6; }
 if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5
+$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; }
+if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then :
   libssl_present=1 && LIBS="-lssl $LIBS"
 fi
 …
                         # Check if SRTP should be compiled with OpenSSL
+                        # support, to enable cryptos such as AES GCM
+                        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_aes_128_gcm in -lcrypto" >&5
+$as_echo_n "checking for EVP_aes_128_gcm in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_EVP_aes_128_gcm+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+                        # support, to enable cryptos such as AES GCM.
+                        # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
+                        # AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])
+                        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_aes_128_gcm ();
+#include <openssl/evp.h>
 int
 main ()
+{
 return EVP_aes_128_gcm ();
+EVP_CIPHER_CTX ctx;EVP_aes_128_gcm();
+  ;
   return 0;
+}
 _ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_crypto_EVP_aes_128_gcm=yes
+else
+  ac_cv_lib_crypto_EVP_aes_128_gcm=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_aes_128_gcm" >&5
+$as_echo "$ac_cv_lib_crypto_EVP_aes_128_gcm" >&6; }
+if test "x$ac_cv_lib_crypto_EVP_aes_128_gcm" = xyes; then :
+if ac_fn_c_try_compile "$LINENO"; then :
   ac_ssl_has_aes_gcm=1
 fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
                         if test "x$ac_ssl_has_aes_gcm" = "x1"; then
                                 { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL has AES GCM support, SRTP will use OpenSSL" >&5

pjproject/trunk/aconfigure.ac

-                      r5517
+                      r5537
                 AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
                 AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
                 AC_CHECK_LIB(ssl,SSL_library_init,[libssl_present=1 && LIBS="-lssl $LIBS"])
+                AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
                 if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
                         AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
                         # Check if SRTP should be compiled with OpenSSL
+                        # support, to enable cryptos such as AES GCM
+                        AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])
+                        # support, to enable cryptos such as AES GCM.
+                        # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
+                        # AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])
+                        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+                                                          [EVP_CIPHER_CTX ctx;EVP_aes_128_gcm();])],
+                                          [ac_ssl_has_aes_gcm=1])
                         if test "x$ac_ssl_has_aes_gcm" = "x1"; then
                                 AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])

pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

-                      r5517
+                      r5537
  * Include OpenSSL headers
  */
+#include <openssl/asn1.h>
 #include <openssl/bio.h>
 #include <openssl/ssl.h>
 …
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#  define OPENSSL_NO_SSL2           /* seems to be removed in 1.1.0 */
+#  define M_ASN1_STRING_data(x)     ASN1_STRING_get0_data(x)
+#  define M_ASN1_STRING_length(x)   ASN1_STRING_length(x)
+#else
+#  define SSL_CIPHER_get_id(c)      (c)->id
+#  define SSL_set_session(ssl, s)   (ssl)->session = (s)
+#endif
 #ifdef _MSC_VER
 #  pragma comment( lib, "libeay32")
 #  pragma comment( lib, "ssleay32")
+#  pragma comment( lib, "crypt32")
 #endif
 …
             c = sk_SSL_CIPHER_value(sk_cipher,i);
             openssl_ciphers[i].id = (pj_ssl_cipher)
+                                    (pj_uint32_t)c->id & 0x00FFFFFF;
+                                    (pj_uint32_t)SSL_CIPHER_get_id(c) &
+x00FFFFFF;
             openssl_ciphers[i].name = SSL_CIPHER_get_name(c);
+        }
         openssl_cipher_num = n;
         ssl->session = SSL_SESSION_new();
+        SSL_set_session(ssl, SSL_SESSION_new());
 #if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
 …
             c = sk_SSL_CIPHER_value(sk_cipher, j);
             if (ssock->param.ciphers[i] == (pj_ssl_cipher)
+                                           ((pj_uint32_t)c->id & 0x00FFFFFF))
+                                           ((pj_uint32_t)SSL_CIPHER_get_id(c) &
+x00FFFFFF))
+            {
                 const char *c_name;
 …
+    }
     if( ssock->ossl_ssl->server ) {
+    if( SSL_is_server(ssock->ossl_ssl) ) {
         ret = SSL_set1_curves(ssock->ossl_ssl, curves,
                               ssock->param.curves_num);
 …
     char buf[512];
     pj_uint8_t serial_no[64] = {0}; /* should be >= sizeof(ci->serial_no) */
     pj_uint8_t *q;
+    const pj_uint8_t *q;
     unsigned len;
     GENERAL_NAMES *names = NULL;
 …
     /* Get serial no */
     q = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x));
+    q = (const pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x));
     len = M_ASN1_STRING_length(X509_get_serialNumber(x));
     if (len > sizeof(ci->serial_no))
 …
         /* Current cipher */
         cipher = SSL_get_current_cipher(ssock->ossl_ssl);
         info->cipher = (cipher->id & 0x00FFFFFF);
+        info->cipher = (SSL_CIPHER_get_id(cipher) & 0x00FFFFFF);
         /* Remote address */

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: