Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge "res_rtp_asterisk: Allow OpenSSL configured with no-deprecated." into 13

Browse Source
13.23
Jenkins2 7 years ago committed by Gerrit Code Review
parent 7609249a22 ef2386fcd7
commit 49c4c8af98
4 changed files with 10 additions and 130 deletions
Show Stats Download Patch File Download Diff File

116
configure vendored
Unescape View File

@ -1118,10 +1118,6 @@ PBX_DAHDI
DAHDI_DIR DAHDI_DIR
DAHDI_INCLUDE DAHDI_INCLUDE
DAHDI_LIB DAHDI_LIB
PBX_OPENSSL_EC
OPENSSL_EC_DIR
OPENSSL_EC_INCLUDE
OPENSSL_EC_LIB
PBX_OPENSSL_SRTP PBX_OPENSSL_SRTP
OPENSSL_SRTP_DIR OPENSSL_SRTP_DIR
OPENSSL_SRTP_INCLUDE OPENSSL_SRTP_INCLUDE
@ -9596,18 +9592,6 @@ PBX_OPENSSL_SRTP=0
OPENSSL_EC_DESCRIP="OpenSSL Elliptic Curve Support"
OPENSSL_EC_OPTION=crypto
OPENSSL_EC_DIR=${CRYPTO_DIR}
PBX_OPENSSL_EC=0
DAHDI_DESCRIP="DAHDI" DAHDI_DESCRIP="DAHDI"
DAHDI_OPTION="dahdi" DAHDI_OPTION="dahdi"
PBX_DAHDI=0 PBX_DAHDI=0
@ -30582,106 +30566,6 @@ _ACEOF
fi fi
fi
if test "$PBX_OPENSSL" = "1";
then
if test "x${PBX_OPENSSL_EC}" != "x1" -a "${USE_OPENSSL_EC}" != "no"; then
pbxlibdir=""
# if --with-OPENSSL_EC=DIR has been specified, use it.
if test "x${OPENSSL_EC_DIR}" != "x"; then
if test -d ${OPENSSL_EC_DIR}/lib; then
pbxlibdir="-L${OPENSSL_EC_DIR}/lib"
else
pbxlibdir="-L${OPENSSL_EC_DIR}"
fi
fi
ast_ext_lib_check_save_CFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} "
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EC_KEY_new_by_curve_name in -lssl" >&5
$as_echo_n "checking for EC_KEY_new_by_curve_name in -lssl... " >&6; }
if ${ac_cv_lib_ssl_EC_KEY_new_by_curve_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char EC_KEY_new_by_curve_name ();
int
main ()
{
return EC_KEY_new_by_curve_name ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_ssl_EC_KEY_new_by_curve_name=yes
else
ac_cv_lib_ssl_EC_KEY_new_by_curve_name=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_EC_KEY_new_by_curve_name" >&5
$as_echo "$ac_cv_lib_ssl_EC_KEY_new_by_curve_name" >&6; }
if test "x$ac_cv_lib_ssl_EC_KEY_new_by_curve_name" = xyes; then :
AST_OPENSSL_EC_FOUND=yes
else
AST_OPENSSL_EC_FOUND=no
fi
CFLAGS="${ast_ext_lib_check_save_CFLAGS}"
# now check for the header.
if test "${AST_OPENSSL_EC_FOUND}" = "yes"; then
OPENSSL_EC_LIB="${pbxlibdir} -lssl -lcrypto"
# if --with-OPENSSL_EC=DIR has been specified, use it.
if test "x${OPENSSL_EC_DIR}" != "x"; then
OPENSSL_EC_INCLUDE="-I${OPENSSL_EC_DIR}/include"
fi
OPENSSL_EC_INCLUDE="${OPENSSL_EC_INCLUDE} "
# check for the header
ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"
CPPFLAGS="${CPPFLAGS} ${OPENSSL_EC_INCLUDE}"
ac_fn_c_check_header_mongrel "$LINENO" "openssl/ec.h" "ac_cv_header_openssl_ec_h" "$ac_includes_default"
if test "x$ac_cv_header_openssl_ec_h" = xyes; then :
OPENSSL_EC_HEADER_FOUND=1
else
OPENSSL_EC_HEADER_FOUND=0
fi
CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"
if test "x${OPENSSL_EC_HEADER_FOUND}" = "x0" ; then
OPENSSL_EC_LIB=""
OPENSSL_EC_INCLUDE=""
else
PBX_OPENSSL_EC=1
cat >>confdefs.h <<_ACEOF
#define HAVE_OPENSSL_EC 1
_ACEOF
fi
fi
fi
fi fi

6
configure.ac
Unescape View File

@ -461,7 +461,6 @@ AST_EXT_LIB_SETUP([CURSES], [curses], [curses])
AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt]) AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt])
AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto]) AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto])
AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto]) AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto])
AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_EC], [OpenSSL Elliptic Curve Support], [CRYPTO], [crypto])
AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi]) AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi])
AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec]) AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec])
AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise]) AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise])
@ -2508,11 +2507,6 @@ then
AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto]) AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])
fi fi
if test "$PBX_OPENSSL" = "1";
then
AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto])
fi
AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2]) AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2])
AST_EXT_LIB_CHECK_SHARED([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [], [ AST_EXT_LIB_CHECK_SHARED([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [], [
AC_MSG_WARN([***]) AC_MSG_WARN([***])

3
include/asterisk/autoconfig.h.in
Unescape View File

@ -549,9 +549,6 @@
/* Define to 1 if you have the OpenSSL Secure Sockets Layer library. */ /* Define to 1 if you have the OpenSSL Secure Sockets Layer library. */
#undef HAVE_OPENSSL #undef HAVE_OPENSSL
/* Define to 1 if CRYPTO has the OpenSSL Elliptic Curve Support feature. */
#undef HAVE_OPENSSL_EC
/* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */ /* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */
#undef HAVE_OPENSSL_SRTP #undef HAVE_OPENSSL_SRTP

15
res/res_rtp_asterisk.c
Unescape View File

@ -43,9 +43,14 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include <fcntl.h> #include <fcntl.h>
#ifdef HAVE_OPENSSL_SRTP #ifdef HAVE_OPENSSL_SRTP
#include <openssl/opensslconf.h>
#include <openssl/opensslv.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#endif #endif
#ifdef HAVE_PJPROJECT #ifdef HAVE_PJPROJECT
@ -1610,7 +1615,7 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
{ {
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance); struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
int res; int res;
#ifdef HAVE_OPENSSL_EC #if !defined(OPENSSL_NO_ECDH) && (OPENSSL_VERSION_NUMBER >= 0x10000000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
EC_KEY *ecdh; EC_KEY *ecdh;
#endif #endif
@ -1638,8 +1643,7 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1); SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1);
#ifdef HAVE_OPENSSL_EC #ifndef OPENSSL_NO_DH
if (!ast_strlen_zero(dtls_cfg->pvtfile)) { if (!ast_strlen_zero(dtls_cfg->pvtfile)) {
BIO *bio = BIO_new_file(dtls_cfg->pvtfile, "r"); BIO *bio = BIO_new_file(dtls_cfg->pvtfile, "r");
if (bio != NULL) { if (bio != NULL) {
@ -1656,6 +1660,8 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
BIO_free(bio); BIO_free(bio);
} }
} }
#endif /* !OPENSSL_NO_DH */
#if !defined(OPENSSL_NO_ECDH) && (OPENSSL_VERSION_NUMBER >= 0x10000000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
/* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ecdh != NULL) { if (ecdh != NULL) {
@ -1672,8 +1678,7 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
} }
EC_KEY_free(ecdh); EC_KEY_free(ecdh);
} }
#endif /* !OPENSSL_NO_ECDH */
#endif /* #ifdef HAVE_OPENSSL_EC */
rtp->dtls_verify = dtls_cfg->verify; rtp->dtls_verify = dtls_cfg->verify;

Write Preview
Loading…
Cancel
Save