kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-04 20:04:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_rtp_asterisk: Instead of ./configure use OPENSSL_NO_SRTP.

Browse Source 
Previously, Asterisk used its script ./configure, to test whether OpenSSL was
built with no-srtp (or was simply too old). However, the header file
<openssl/opensslconf.h> is the preferred way to detect the local configuration
of OpenSSL.

As a positive side-effect the script ./configure does not interleave the
detection of the Open Settlement Protocol Toolkit (OSPTK) with the detection of
individual features of OpenSSL anymore.

Change-Id: I3c77c7b00b2ffa2e935632097fa057b9fdf480c0
This commit is contained in:
Alexander Traud
2018-06-13 12:06:10 +02:00
parent a6a22debf1
commit b01fc2ef3d
3 changed files with 23 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
configure vendored
View File

@@ -30763,102 +30763,6 @@ $as_echo "no" >&6; }
fi fi
fi fi
if test "x${PBX_OPENSSL_SRTP}" != "x1" -a "${USE_OPENSSL_SRTP}" != "no"; then
pbxlibdir=""
# if --with-OPENSSL_SRTP=DIR has been specified, use it.
if test "x${OPENSSL_SRTP_DIR}" != "x"; then
if test -d ${OPENSSL_SRTP_DIR}/lib; then
pbxlibdir="-L${OPENSSL_SRTP_DIR}/lib"
else
pbxlibdir="-L${OPENSSL_SRTP_DIR}"
fi
fi
ast_ext_lib_check_save_CFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} "
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_tlsext_use_srtp in -lssl" >&5
$as_echo_n "checking for SSL_CTX_set_tlsext_use_srtp in -lssl... " >&6; }
if ${ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char SSL_CTX_set_tlsext_use_srtp ();
int
main ()
{
return SSL_CTX_set_tlsext_use_srtp ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=yes
else
ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&5
$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&6; }
if test "x$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" = xyes; then :
AST_OPENSSL_SRTP_FOUND=yes
else
AST_OPENSSL_SRTP_FOUND=no
fi
CFLAGS="${ast_ext_lib_check_save_CFLAGS}"
# now check for the header.
if test "${AST_OPENSSL_SRTP_FOUND}" = "yes"; then
OPENSSL_SRTP_LIB="${pbxlibdir} -lssl -lcrypto"
# if --with-OPENSSL_SRTP=DIR has been specified, use it.
if test "x${OPENSSL_SRTP_DIR}" != "x"; then
OPENSSL_SRTP_INCLUDE="-I${OPENSSL_SRTP_DIR}/include"
fi
OPENSSL_SRTP_INCLUDE="${OPENSSL_SRTP_INCLUDE} "
# check for the header
ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"
CPPFLAGS="${CPPFLAGS} ${OPENSSL_SRTP_INCLUDE}"
ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :
OPENSSL_SRTP_HEADER_FOUND=1
else
OPENSSL_SRTP_HEADER_FOUND=0
fi
CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"
if test "x${OPENSSL_SRTP_HEADER_FOUND}" = "x0" ; then
OPENSSL_SRTP_LIB=""
OPENSSL_SRTP_INCLUDE=""
else
PBX_OPENSSL_SRTP=1
cat >>confdefs.h <<_ACEOF
#define HAVE_OPENSSL_SRTP 1
_ACEOF
fi
fi
fi
fi fi

1
configure.ac
View File

@@ -2518,7 +2518,6 @@ fi
if test "$PBX_OPENSSL" = "1"; if test "$PBX_OPENSSL" = "1";
then then
AST_CHECK_OSPTK([4], [0], [0]) AST_CHECK_OSPTK([4], [0], [0])
AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])
fi fi
AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2]) AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2])

44
res/res_rtp_asterisk.c
View File

@@ -40,9 +40,10 @@
#include <signal.h> #include <signal.h>
#include <fcntl.h> #include <fcntl.h>
#ifdef HAVE_OPENSSL_SRTP #ifdef HAVE_OPENSSL
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/bio.h> #include <openssl/bio.h>
@@ -53,6 +54,7 @@
#include <openssl/dh.h> #include <openssl/dh.h>
#endif #endif
#endif #endif
#endif
#ifdef HAVE_PJPROJECT #ifdef HAVE_PJPROJECT
#include <pjlib.h> #include <pjlib.h>
@@ -275,7 +277,7 @@ struct rtp_learning_info {
enum ast_media_type stream_type; enum ast_media_type stream_type;
}; };
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
struct dtls_details { struct dtls_details {
SSL *ssl; /*!< SSL session */ SSL *ssl; /*!< SSL session */
BIO *read_bio; /*!< Memory buffer for reading */ BIO *read_bio; /*!< Memory buffer for reading */
@@ -417,7 +419,7 @@ struct ast_rtp {
unsigned int ice_num_components; /*!< The number of ICE components */ unsigned int ice_num_components; /*!< The number of ICE components */
#endif #endif
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
SSL_CTX *ssl_ctx; /*!< SSL context */ SSL_CTX *ssl_ctx; /*!< SSL context */
enum ast_rtp_dtls_verify dtls_verify; /*!< What to verify */ enum ast_rtp_dtls_verify dtls_verify; /*!< What to verify */
enum ast_srtp_suite suite; /*!< SRTP crypto suite */ enum ast_srtp_suite suite; /*!< SRTP crypto suite */
@@ -494,7 +496,7 @@ struct ast_rtcp {
/* VP8: sequence number for the RTCP FIR FCI */ /* VP8: sequence number for the RTCP FIR FCI */
int firseq; int firseq;
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
struct dtls_details dtls; /*!< DTLS state information */ struct dtls_details dtls; /*!< DTLS state information */
#endif #endif
@@ -562,7 +564,7 @@ static void ast_rtp_set_stream_num(struct ast_rtp_instance *instance, int stream
static int ast_rtp_extension_enable(struct ast_rtp_instance *instance, enum ast_rtp_extension extension); static int ast_rtp_extension_enable(struct ast_rtp_instance *instance, enum ast_rtp_extension extension);
static int ast_rtp_bundle(struct ast_rtp_instance *child, struct ast_rtp_instance *parent); static int ast_rtp_bundle(struct ast_rtp_instance *child, struct ast_rtp_instance *parent);
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
static int ast_rtp_activate(struct ast_rtp_instance *instance); static int ast_rtp_activate(struct ast_rtp_instance *instance);
static void dtls_srtp_check_pending(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp); static void dtls_srtp_check_pending(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);
static void dtls_srtp_start_timeout_timer(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp); static void dtls_srtp_start_timeout_timer(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);
@@ -1581,7 +1583,7 @@ static struct ast_rtp_engine_ice ast_rtp_ice = {
}; };
#endif #endif
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
static int dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) static int dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{ {
/* We don't want to actually verify the certificate so just accept what they have provided */ /* We don't want to actually verify the certificate so just accept what they have provided */
@@ -2259,7 +2261,7 @@ static struct ast_rtp_engine asterisk_rtp_engine = {
#ifdef HAVE_PJPROJECT #ifdef HAVE_PJPROJECT
.ice = &ast_rtp_ice, .ice = &ast_rtp_ice,
#endif #endif
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
.dtls = &ast_rtp_dtls, .dtls = &ast_rtp_dtls,
.activate = ast_rtp_activate, .activate = ast_rtp_activate,
#endif #endif
@@ -2271,7 +2273,7 @@ static struct ast_rtp_engine asterisk_rtp_engine = {
.bundle = ast_rtp_bundle, .bundle = ast_rtp_bundle,
}; };
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/*! \pre instance is locked */ /*! \pre instance is locked */
static void dtls_perform_handshake(struct ast_rtp_instance *instance, struct dtls_details *dtls, int rtcp) static void dtls_perform_handshake(struct ast_rtp_instance *instance, struct dtls_details *dtls, int rtcp)
{ {
@@ -2305,7 +2307,7 @@ static void dtls_perform_handshake(struct ast_rtp_instance *instance, struct dtl
} }
#endif #endif
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
static void dtls_perform_setup(struct dtls_details *dtls) static void dtls_perform_setup(struct dtls_details *dtls)
{ {
if (!dtls->ssl || !SSL_is_init_finished(dtls->ssl)) { if (!dtls->ssl || !SSL_is_init_finished(dtls->ssl)) {
@@ -2349,7 +2351,7 @@ static void ast_rtp_on_ice_complete(pj_ice_sess *ice, pj_status_t status)
} }
} }
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
dtls_perform_setup(&rtp->dtls); dtls_perform_setup(&rtp->dtls);
dtls_perform_handshake(instance, &rtp->dtls, 0); dtls_perform_handshake(instance, &rtp->dtls, 0);
@@ -2483,7 +2485,7 @@ static inline int rtcp_debug_test_addr(struct ast_sockaddr *addr)
return 1; return 1;
} }
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/*! \pre instance is locked */ /*! \pre instance is locked */
static int dtls_srtp_handle_timeout(struct ast_rtp_instance *instance, int rtcp) static int dtls_srtp_handle_timeout(struct ast_rtp_instance *instance, int rtcp)
{ {
@@ -2817,7 +2819,7 @@ static int __rtp_recvfrom(struct ast_rtp_instance *instance, void *buf, size_t s
return len; return len;
} }
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/* If this is an SSL packet pass it to OpenSSL for processing. RFC section for first byte value: /* If this is an SSL packet pass it to OpenSSL for processing. RFC section for first byte value:
* https://tools.ietf.org/html/rfc5764#section-5.1.2 */ * https://tools.ietf.org/html/rfc5764#section-5.1.2 */
if ((*in >= 20) && (*in <= 63)) { if ((*in >= 20) && (*in <= 63)) {
@@ -3514,7 +3516,7 @@ static int rtp_allocate_transport(struct ast_rtp_instance *instance, struct ast_
} }
#endif #endif
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
rtp->rekeyid = -1; rtp->rekeyid = -1;
rtp->dtls.timeout_timer = -1; rtp->dtls.timeout_timer = -1;
#endif #endif
@@ -3530,7 +3532,7 @@ static void rtp_deallocate_transport(struct ast_rtp_instance *instance, struct a
struct timespec ts = { .tv_sec = wait.tv_sec, .tv_nsec = wait.tv_usec * 1000, }; struct timespec ts = { .tv_sec = wait.tv_sec, .tv_nsec = wait.tv_usec * 1000, };
#endif #endif
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
ast_rtp_dtls_stop(instance); ast_rtp_dtls_stop(instance);
#endif #endif
@@ -6727,7 +6729,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro
return; return;
} }
rtp->rtcp->s = -1; rtp->rtcp->s = -1;
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
rtp->rtcp->dtls.timeout_timer = -1; rtp->rtcp->dtls.timeout_timer = -1;
#endif #endif
rtp->rtcp->schedid = -1; rtp->rtcp->schedid = -1;
@@ -6790,7 +6792,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro
rtp_add_candidates_to_ice(instance, rtp, &rtp->rtcp->us, ast_sockaddr_port(&rtp->rtcp->us), AST_RTP_ICE_COMPONENT_RTCP, TRANSPORT_SOCKET_RTCP); rtp_add_candidates_to_ice(instance, rtp, &rtp->rtcp->us, ast_sockaddr_port(&rtp->rtcp->us), AST_RTP_ICE_COMPONENT_RTCP, TRANSPORT_SOCKET_RTCP);
} }
#endif #endif
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
dtls_setup_rtcp(instance); dtls_setup_rtcp(instance);
#endif #endif
} else { } else {
@@ -6810,7 +6812,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro
rtp->rtcp->s = rtp->s; rtp->rtcp->s = rtp->s;
ast_rtp_instance_get_remote_address(instance, &addr); ast_rtp_instance_get_remote_address(instance, &addr);
ast_sockaddr_copy(&rtp->rtcp->them, &addr); ast_sockaddr_copy(&rtp->rtcp->them, &addr);
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
if (rtp->rtcp->dtls.ssl && rtp->rtcp->dtls.ssl != rtp->dtls.ssl) { if (rtp->rtcp->dtls.ssl && rtp->rtcp->dtls.ssl != rtp->dtls.ssl) {
SSL_free(rtp->rtcp->dtls.ssl); SSL_free(rtp->rtcp->dtls.ssl);
} }
@@ -6838,7 +6840,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro
if (rtp->rtcp->s > -1 && rtp->rtcp->s != rtp->s) { if (rtp->rtcp->s > -1 && rtp->rtcp->s != rtp->s) {
close(rtp->rtcp->s); close(rtp->rtcp->s);
} }
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
ao2_unlock(instance); ao2_unlock(instance);
dtls_srtp_stop_timeout_timer(instance, rtp, 1); dtls_srtp_stop_timeout_timer(instance, rtp, 1);
ao2_lock(instance); ao2_lock(instance);
@@ -7090,7 +7092,7 @@ static void ast_rtp_stop(struct ast_rtp_instance *instance)
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance); struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
struct ast_sockaddr addr = { {0,} }; struct ast_sockaddr addr = { {0,} };
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
ao2_unlock(instance); ao2_unlock(instance);
AST_SCHED_DEL_UNREF(rtp->sched, rtp->rekeyid, ao2_ref(instance, -1)); AST_SCHED_DEL_UNREF(rtp->sched, rtp->rekeyid, ao2_ref(instance, -1));
@@ -7310,7 +7312,7 @@ static int ast_rtp_bundle(struct ast_rtp_instance *child, struct ast_rtp_instanc
AST_VECTOR_APPEND(&parent_rtp->ssrc_mapping, mapping); AST_VECTOR_APPEND(&parent_rtp->ssrc_mapping, mapping);
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/* If DTLS-SRTP is already in use then add the local SSRC to it, otherwise it will get added once DTLS /* If DTLS-SRTP is already in use then add the local SSRC to it, otherwise it will get added once DTLS
* negotiation has been completed. * negotiation has been completed.
*/ */
@@ -7331,7 +7333,7 @@ static int ast_rtp_bundle(struct ast_rtp_instance *child, struct ast_rtp_instanc
return 0; return 0;
} }
#ifdef HAVE_OPENSSL_SRTP #if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/*! \pre instance is locked */ /*! \pre instance is locked */
static int ast_rtp_activate(struct ast_rtp_instance *instance) static int ast_rtp_activate(struct ast_rtp_instance *instance)
{ {