That's very interesting, I'm not a developer but I hape the changes are incorporated. ;) I also submited a set of patches sometime ago ([1]) to have support for GnuTLS (they weren't/aren't mine, so I'm still hoping for the original authors to resubmit again. The patches related to GnuTLS (and perhaps yours too? I don't know) also fix a possible licensing incompatibility depending on how things are linked. [1] <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/2017-June/020020.html>. Adam Duskett <aduskett@xxxxxxxxx> writes: > LibreSSL is a drop in replacement for OpenSSL 1.0, with goals of modernizing > the codebase, improving security and applying best practice development > processes. > > The main issue is that LibreSSL reports it's version as 2.0 and above, which > causes checks for a OpenSSL version number >= 1.1 to use incompatible > functions. > > The traditional way of handling this is to also check if > LIBRESSL_VERSION_NUMBER is defined, however on projects with several of these > checks it can quickly get out of hand. > > Instead, this patch takes the Apache approach to handling LibreSSL, which does > the following: > > - Add a new file called ssl_private.h that has the following: > - Add 4 definitions from OpenSSL 1.0.2 that are missing from LibreSSL. > - Add 3 macros from OpenSSL 1.0.2 that are missing from LibreSSL. > - Add a wrapper for SSL_is_server for LibreSSL to prevent an implicit > declaration error when compiling. > - Defines PJ_USE_OPENSSL_PRE_1_1_API if LIBRESSL_VERSION_NUMBER or > OPENSSL_VERSION_NUMBER < 0x10100000L are true. > > - Add the header file to the other 5 files that have checks for > OPENSSL_VERSION_NUMBER > > - Change the following OPENSSL_VERSION_NUMBER checks to > PJ_USE_OPENSSL_PRE_1_1_API: > < 0x009080ffL > < 0x10100000L > >= 0x1000200fL > >= 0x10000000L > > - Change OPENSSL_VERSION_NUMBER >= 0x10100000L to !PJ_USE_OPENSSL_PRE_1_1_API > > - Add a check in aconfigure.ac and aconfigure to check for the function > tls_config_set_ca_mem. This function does not exist in OpenSSL and is a > clear way to check to see if LibreSSL is being compiled against. > This is the same method used in openntpd. > Depending on if it's found or not, the variable $libssl_library is set to > either OpenSSL or LibreSSL. > > - Change the string OpenSSL to $libssl_library in aconfigure.ac and aconfigure > where it's appropriate. > > Signed-off-by: Adam Duskett <aduskett@xxxxxxxxx> > --- > aconfigure | 80 ++++++++++++++++++++++++++----- > aconfigure.ac | 13 ++--- > pjlib/include/pj/ssl_private.h | 60 +++++++++++++++++++++++ > pjlib/src/pj/ssl_sock_ossl.c | 27 ++++++----- > pjmedia/src/pjmedia/transport_srtp_dtls.c | 3 +- > pjmedia/src/pjmedia/transport_srtp_sdes.c | 3 +- > third_party/srtp/crypto/hash/hmac_ossl.c | 5 +- > third_party/srtp/crypto/include/sha1.h | 3 +- > 8 files changed, 159 insertions(+), 35 deletions(-) > create mode 100644 pjlib/include/pj/ssl_private.h > > diff --git a/aconfigure b/aconfigure > index aec2a284..b021835d 100755 > --- a/aconfigure > +++ b/aconfigure > @@ -7877,8 +7877,8 @@ $as_echo "Checking if SSL support is disabled... yes" >&6; } > > else > > - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for OpenSSL installations.." >&5 > -$as_echo "checking for OpenSSL installations.." >&6; } > + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for SSL library installations.." >&5 > +$as_echo "checking for SSL library installations.." >&6; } > if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then > CFLAGS="$CFLAGS -I$with_ssl/include" > LDFLAGS="$LDFLAGS -L$with_ssl/lib" > @@ -7974,11 +7974,69 @@ if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : > libssl_present=1 && LIBS="-lssl $LIBS" > fi > > +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing tls_config_set_ca_mem" >&5 > +$as_echo_n "checking for library containing tls_config_set_ca_mem... " >&6; } > +if ${ac_cv_search_tls_config_set_ca_mem+:} false; then : > + $as_echo_n "(cached) " >&6 > +else > + ac_func_search_save_LIBS=$LIBS > +cat confdefs.h - <<_ACEOF >conftest.$ac_ext > +/* end confdefs.h. */ > + > +/* Override any GCC internal prototype to avoid an error. > + Use char because int might match the return type of a GCC > + builtin and then its argument prototype would still apply. */ > +#ifdef __cplusplus > +extern "C" > +#endif > +char tls_config_set_ca_mem (); > +int > +main () > +{ > +return tls_config_set_ca_mem (); > + ; > + return 0; > +} > +_ACEOF > +for ac_lib in '' tls; do > + if test -z "$ac_lib"; then > + ac_res="none required" > + else > + ac_res=-l$ac_lib > + LIBS="-l$ac_lib $ac_func_search_save_LIBS" > + fi > + if ac_fn_c_try_link "$LINENO"; then : > + ac_cv_search_tls_config_set_ca_mem=$ac_res > +fi > +rm -f core conftest.err conftest.$ac_objext \ > + conftest$ac_exeext > + if ${ac_cv_search_tls_config_set_ca_mem+:} false; then : > + break > +fi > +done > +if ${ac_cv_search_tls_config_set_ca_mem+:} false; then : > + > +else > + ac_cv_search_tls_config_set_ca_mem=no > +fi > +rm conftest.$ac_ext > +LIBS=$ac_func_search_save_LIBS > +fi > +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_tls_config_set_ca_mem" >&5 > +$as_echo "$ac_cv_search_tls_config_set_ca_mem" >&6; } > +ac_res=$ac_cv_search_tls_config_set_ca_mem > +if test "$ac_res" != no; then : > + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" > + libssl_library=LibreSSL > +else > + libssl_library=OpenSSL > +fi > + > if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then > - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL library found, SSL support enabled" >&5 > -$as_echo "OpenSSL library found, SSL support enabled" >&6; } > + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libssl_library library found, SSL support enabled" >&5 > +$as_echo "$libssl_library library found, SSL support enabled" >&6; } > > - # Check if SRTP should be compiled with OpenSSL > + # Check if SRTP should be compiled with SSL > # support, to enable cryptos such as AES GCM. > > # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. > @@ -8039,11 +8097,11 @@ fi > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > if test "x$ac_ssl_has_aes_gcm" = "x1"; then > - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL has AES GCM support, SRTP will use OpenSSL" >&5 > -$as_echo "OpenSSL has AES GCM support, SRTP will use OpenSSL" >&6; } > + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libssl_library has AES GCM support, SRTP will use $libssl_library" >&5 > +$as_echo "$libssl_library has AES GCM support, SRTP will use $libssl_library" >&6; } > else > - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos" >&5 > -$as_echo "OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos" >&6; } > + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libssl_library AES GCM support not found, SRTP will only support AES CM cryptos" >&5 > +$as_echo "$libssl_library AES GCM support not found, SRTP will only support AES CM cryptos" >&6; } > fi > > # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK > @@ -8051,8 +8109,8 @@ $as_echo "OpenSSL AES GCM support not found, SRTP will only support AES CM crypt > $as_echo "#define PJ_HAS_SSL_SOCK 1" >>confdefs.h > > else > - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** OpenSSL libraries not found, disabling SSL support **" >&5 > -$as_echo "** OpenSSL libraries not found, disabling SSL support **" >&6; } > + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** SSL libraries not found, disabling SSL support **" >&5 > +$as_echo "** SSL libraries not found, disabling SSL support **" >&6; } > fi > > fi > diff --git a/aconfigure.ac b/aconfigure.ac > index e9770b72..99705092 100644 > --- a/aconfigure.ac > +++ b/aconfigure.ac > @@ -1565,7 +1565,7 @@ AC_ARG_ENABLE(ssl, > fi > ], > [ > - AC_MSG_RESULT([checking for OpenSSL installations..]) > + AC_MSG_RESULT([checking for SSL library installations..]) > if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then > CFLAGS="$CFLAGS -I$with_ssl/include" > LDFLAGS="$LDFLAGS -L$with_ssl/lib" > @@ -1577,10 +1577,11 @@ AC_ARG_ENABLE(ssl, > AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1]) > AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) > AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"]) > + AC_SEARCH_LIBS(tls_config_set_ca_mem,tls,[libssl_library=LibreSSL],[libssl_library=OpenSSL]) > if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then > - AC_MSG_RESULT([OpenSSL library found, SSL support enabled]) > + AC_MSG_RESULT([$libssl_library found, SSL support enabled]) > > - # Check if SRTP should be compiled with OpenSSL > + # Check if SRTP should be compiled with SSL > # support, to enable cryptos such as AES GCM. > > # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. > @@ -1590,16 +1591,16 @@ AC_ARG_ENABLE(ssl, > [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])], > [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])]) > if test "x$ac_ssl_has_aes_gcm" = "x1"; then > - AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL]) > + AC_MSG_RESULT([$libssl_library has AES GCM support, SRTP will use SSL]) > else > - AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos]) > + AC_MSG_RESULT([$libssl_library AES GCM support not found, SRTP will only support AES CM cryptos]) > fi > > # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK > #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1) > AC_DEFINE(PJ_HAS_SSL_SOCK, 1) > else > - AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **]) > + AC_MSG_RESULT([** SSL libraries not found, disabling SSL support **]) > fi > ]) > > diff --git a/pjlib/include/pj/ssl_private.h b/pjlib/include/pj/ssl_private.h > new file mode 100644 > index 00000000..adfc73ec > --- /dev/null > +++ b/pjlib/include/pj/ssl_private.h > @@ -0,0 +1,60 @@ > +/* $Id$ */ > +/* > + * Copyright (C) 2017 Teluu Inc. (http://www.teluu.com) > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program; if not, write to the Free Software > + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA > + */ > +#ifndef __PJ_SSL_PRIVATE_H__ > +#define __PJ_SSL_PRIVATE_H__ > + > +/** > + * @file ssl_private.h > + * @brief Internal SSL handling. > + */ > + > +#include <openssl/opensslv.h> > +#include <pj/types.h> > + > +PJ_BEGIN_DECL > + > +#if defined(LIBRESSL_VERSION_NUMBER) > +/** Missing from LibreSSL but present in OpenSSL 1.0.2 */ > +# define TLSEXT_nid_unknown 0x1000000 > +# define SSL_CTRL_GET_SHARED_CURVE 93 > +# define SSL_CTRL_SET_SIGALGS_LIST 98 > +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 > + > +# define SSL_get_shared_curve(s, n) \ > + SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) > + > +# define SSL_set1_sigalgs_list(ctx, s) \ > + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) > + > +# define SSL_set1_client_sigalgs_list(ctx, s) \ > + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) > + > +#define SSL_is_server(ssl) ((ssl)->server) > + > +/** LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but is not compatible with > + * OpenSSL >= 1.1 > + */ > +#define PJ_USE_OPENSSL_PRE_1_1_API (1) > +#else > +#define PJ_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) > +#endif > + > +PJ_END_DECL > + > +#endif /* __PJ_SSL_PRIVATE_H__ */ > diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c > index 6550f002..a0e10ff4 100644 > --- a/pjlib/src/pj/ssl_sock_ossl.c > +++ b/pjlib/src/pj/ssl_sock_ossl.c > @@ -16,6 +16,7 @@ > * along with this program; if not, write to the Free Software > * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA > */ > +#include <pj/ssl_private.h> > #include <pj/ssl_sock.h> > #include <pj/activesock.h> > #include <pj/compat/socket.h> > @@ -53,7 +54,7 @@ > #include <openssl/rand.h> > #include <openssl/opensslconf.h> > > -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL > +#if !defined(OPENSSL_NO_EC) && PJ_USE_OPENSSL_PRE_1_1_API > > # include <openssl/obj_mac.h> > > @@ -111,7 +112,7 @@ static unsigned get_nid_from_cid(unsigned cid) > #endif > > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > +#if !PJ_USE_OPENSSL_PRE_1_1_API > # define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */ > # define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x) > # define M_ASN1_STRING_length(x) ASN1_STRING_length(x) > @@ -126,7 +127,7 @@ static unsigned get_nid_from_cid(unsigned cid) > > > #ifdef _MSC_VER > -# if OPENSSL_VERSION_NUMBER >= 0x10100000L > +# if !PJ_USE_OPENSSL_PRE_1_1_API > # pragma comment(lib, "libcrypto") > # pragma comment(lib, "libssl") > # pragma comment(lib, "crypt32") > @@ -535,13 +536,13 @@ static pj_status_t init_openssl(void) > pj_assert(status == PJ_SUCCESS); > > /* Init OpenSSL lib */ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if PJ_USE_OPENSSL_PRE_1_1_API > SSL_library_init(); > SSL_load_error_strings(); > #else > OPENSSL_init_ssl(0, NULL); > #endif > -#if OPENSSL_VERSION_NUMBER < 0x009080ffL > +#if PJ_USE_OPENSSL_PRE_1_1_API > /* This is now synonym of SSL_library_init() */ > OpenSSL_add_all_algorithms(); > #endif > @@ -556,7 +557,7 @@ static pj_status_t init_openssl(void) > int nid; > const char *cname; > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if PJ_USE_OPENSSL_PRE_1_1_API > meth = (SSL_METHOD*)SSLv23_server_method(); > if (!meth) > meth = (SSL_METHOD*)TLSv1_server_method(); > @@ -599,7 +600,7 @@ static pj_status_t init_openssl(void) > > SSL_set_session(ssl, SSL_SESSION_new()); > > -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL > +#if !defined(OPENSSL_NO_EC) && PJ_USE_OPENSSL_PRE_1_1_API > openssl_curves_num = SSL_get_shared_curve(ssl,-1); > if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves)) > openssl_curves_num = PJ_ARRAY_SIZE(openssl_curves); > @@ -768,7 +769,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) > BIO *bio; > DH *dh; > long options; > -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L > +#if !defined(OPENSSL_NO_ECDH) && PJ_USE_OPENSSL_PRE_1_1_API > EC_KEY *ecdh; > #endif > SSL_METHOD *ssl_method = NULL; > @@ -791,7 +792,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) > ssock->param.proto = PJ_SSL_SOCK_PROTO_SSL23; > > /* Determine SSL method to use */ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if PJ_USE_OPENSSL_PRE_1_1_API > switch (ssock->param.proto) { > case PJ_SSL_SOCK_PROTO_TLS1: > ssl_method = (SSL_METHOD*)TLSv1_method(); > @@ -927,7 +928,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) > if (dh != NULL) { > if (SSL_CTX_set_tmp_dh(ctx, dh)) { > options = SSL_OP_CIPHER_SERVER_PREFERENCE | > - #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L > + #if !defined(OPENSSL_NO_ECDH) && PJ_USE_OPENSSL_PRE_1_1_API > SSL_OP_SINGLE_ECDH_USE | > #endif > SSL_OP_SINGLE_DH_USE; > @@ -995,7 +996,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) > if (SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) { > PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized " > "(automatic), faster PFS ciphers enabled")); > - #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L > + #if !defined(OPENSSL_NO_ECDH) && PJ_USE_OPENSSL_PRE_1_1_API > } else { > /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ > ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); > @@ -1228,7 +1229,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) > > static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) > { > -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL > +#if !defined(OPENSSL_NO_EC) && PJ_USE_OPENSSL_PRE_1_1_API > int ret; > int curves[PJ_SSL_SOCK_MAX_CURVES]; > unsigned cnt; > @@ -1259,7 +1260,7 @@ static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) > > static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock) > { > -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL > +#if PJ_USE_OPENSSL_PRE_1_1_API > int ret; > > if (ssock->param.sigalgs.ptr && ssock->param.sigalgs.slen) { > diff --git a/pjmedia/src/pjmedia/transport_srtp_dtls.c b/pjmedia/src/pjmedia/transport_srtp_dtls.c > index 6dfa4083..28103678 100644 > --- a/pjmedia/src/pjmedia/transport_srtp_dtls.c > +++ b/pjmedia/src/pjmedia/transport_srtp_dtls.c > @@ -23,6 +23,7 @@ > #include <pj/errno.h> > #include <pj/rand.h> > #include <pj/ssl_sock.h> > +#include <pj/ssl_private.h> > > /* > * Include OpenSSL headers > @@ -32,7 +33,7 @@ > #include <openssl/rsa.h> > #include <openssl/ssl.h> > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ > +#if !PJ_USE_OPENSSL_PRE_1_1_API && \ > defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT >= 0x10100000L > # define X509_get_notBefore(x) X509_getm_notBefore(x) > # define X509_get_notAfter(x) X509_getm_notAfter(x) > diff --git a/pjmedia/src/pjmedia/transport_srtp_sdes.c b/pjmedia/src/pjmedia/transport_srtp_sdes.c > index effe17c2..010443e7 100644 > --- a/pjmedia/src/pjmedia/transport_srtp_sdes.c > +++ b/pjmedia/src/pjmedia/transport_srtp_sdes.c > @@ -17,11 +17,12 @@ > * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA > */ > > +#include <pj/ssl_private.h> > #if defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0) > > /* Include OpenSSL libraries for MSVC */ > # ifdef _MSC_VER > -# if OPENSSL_VERSION_NUMBER >= 0x10100000L > +# if !PJ_USE_OPENSSL_PRE_1_1_API > # pragma comment(lib, "libcrypto") > # else > # pragma comment(lib, "libeay32") > diff --git a/third_party/srtp/crypto/hash/hmac_ossl.c b/third_party/srtp/crypto/hash/hmac_ossl.c > index f99646b5..8c389d6c 100644 > --- a/third_party/srtp/crypto/hash/hmac_ossl.c > +++ b/third_party/srtp/crypto/hash/hmac_ossl.c > @@ -51,6 +51,7 @@ > #include "err.h" /* for srtp_debug */ > #include <openssl/evp.h> > #include <openssl/hmac.h> > +#include <pj/ssl_private.h> > > #define SHA1_DIGEST_SIZE 20 > > @@ -76,7 +77,7 @@ static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_ > > /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated > using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if PJ_USE_OPENSSL_PRE_1_1_API > { > /* allocate memory for auth and HMAC_CTX structures */ > uint8_t* pointer; > @@ -121,7 +122,7 @@ static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) > > hmac_ctx = (HMAC_CTX*)a->state; > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if PJ_USE_OPENSSL_PRE_1_1_API > HMAC_CTX_cleanup(hmac_ctx); > > /* zeroize entire state*/ > diff --git a/third_party/srtp/crypto/include/sha1.h b/third_party/srtp/crypto/include/sha1.h > index 3dc8d910..b2e3353a 100644 > --- a/third_party/srtp/crypto/include/sha1.h > +++ b/third_party/srtp/crypto/include/sha1.h > @@ -53,6 +53,7 @@ > > #include "err.h" > #ifdef OPENSSL > +#include <pj/ssl_private.h> > #include <openssl/evp.h> > #include <stdint.h> > #else > @@ -81,7 +82,7 @@ extern "C" { > > /* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated > using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if PJ_USE_OPENSSL_PRE_1_1_API > > typedef EVP_MD_CTX srtp_sha1_ctx_t; -- - https://libreplanet.org/wiki/User:Adfeno - Palestrante e consultor sobre /software/ livre (não confundir com gratis). - "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar instantaneamente comigo no endereço abaixo. - Contato: https://libreplanet.org/wiki/User:Adfeno#vCard - Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft Office, MP3, MP4, WMA, WMV. - Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF (apenas sem DRM), PNG, TXT, WEBM. _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip@xxxxxxxxxxxxxxx http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
