diff options
| -rwxr-xr-x | configure | 63 | ||||
| -rw-r--r-- | configure.ac | 6 | ||||
| -rw-r--r-- | include/asterisk/autoconfig.h.in | 3 | ||||
| -rw-r--r-- | res/res_rtp_asterisk.c | 7 |
4 files changed, 79 insertions, 0 deletions
@@ -1089,6 +1089,10 @@ PBX_DAHDI DAHDI_DIR DAHDI_INCLUDE DAHDI_LIB +PBX_OPENSSL_ECDH_AUTO +OPENSSL_ECDH_AUTO_DIR +OPENSSL_ECDH_AUTO_INCLUDE +OPENSSL_ECDH_AUTO_LIB PBX_OPENSSL_EC OPENSSL_EC_DIR OPENSSL_EC_INCLUDE @@ -8696,6 +8700,18 @@ PBX_OPENSSL_EC=0 +OPENSSL_ECDH_AUTO_DESCRIP="OpenSSL Auto ECDH Support" +OPENSSL_ECDH_AUTO_OPTION=crypto +OPENSSL_ECDH_AUTO_DIR=${CRYPTO_DIR} + +PBX_OPENSSL_ECDH_AUTO=0 + + + + + + + DAHDI_DESCRIP="DAHDI" DAHDI_OPTION="dahdi" PBX_DAHDI=0 @@ -30266,6 +30282,53 @@ fi fi +if test "$PBX_OPENSSL" = "1"; +then + + if test "x${PBX_OPENSSL_ECDH_AUTO}" != "x1" -a "${USE_OPENSSL_ECDH_AUTO}" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h" >&5 +$as_echo_n "checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h... " >&6; } + saved_cppflags="${CPPFLAGS}" + if test "x${OPENSSL_ECDH_AUTO_DIR}" != "x"; then + OPENSSL_ECDH_AUTO_INCLUDE="-I${OPENSSL_ECDH_AUTO_DIR}/include" + fi + CPPFLAGS="${CPPFLAGS} ${OPENSSL_ECDH_AUTO_INCLUDE}" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include <openssl/ssl.h> +int +main () +{ +#if !defined(SSL_CTX_set_ecdh_auto) + (void) SSL_CTX_set_ecdh_auto; + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + PBX_OPENSSL_ECDH_AUTO=1 + +$as_echo "#define HAVE_OPENSSL_ECDH_AUTO 1" >>confdefs.h + + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + CPPFLAGS="${saved_cppflags}" + fi + +fi + if test "x${PBX_SRTP}" != "x1" -a "${USE_SRTP}" != "no"; then pbxlibdir="" diff --git a/configure.ac b/configure.ac index 971f9bf8a..329280924 100644 --- a/configure.ac +++ b/configure.ac @@ -414,6 +414,7 @@ AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt]) AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto]) AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto]) AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_EC], [OpenSSL Elliptic Curve Support], [CRYPTO], [crypto]) +AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_ECDH_AUTO], [OpenSSL Auto ECDH Support], [CRYPTO], [crypto]) AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi]) AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec]) AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise]) @@ -2283,6 +2284,11 @@ then AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto]) fi +if test "$PBX_OPENSSL" = "1"; +then + AST_C_DECLARE_CHECK([OPENSSL_ECDH_AUTO], [SSL_CTX_set_ecdh_auto], [openssl/ssl.h]) +fi + AST_EXT_LIB_CHECK([SRTP], [srtp], [srtp_init], [srtp/srtp.h]) if test "$PBX_SRTP" = "1"; diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in index 4efff1f21..542f5d2a0 100644 --- a/include/asterisk/autoconfig.h.in +++ b/include/asterisk/autoconfig.h.in @@ -548,6 +548,9 @@ /* Define to 1 if CRYPTO has the OpenSSL Elliptic Curve Support feature. */ #undef HAVE_OPENSSL_EC +/* Define if your system has SSL_CTX_set_ecdh_auto declared. */ +#undef HAVE_OPENSSL_ECDH_AUTO + /* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */ #undef HAVE_OPENSSL_SRTP diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c index 5d206c1a0..0c47e1e25 100644 --- a/res/res_rtp_asterisk.c +++ b/res/res_rtp_asterisk.c @@ -1288,6 +1288,13 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1); +#ifdef HAVE_OPENSSL_ECDH_AUTO + SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1); +#else + SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, + EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); +#endif + rtp->dtls_verify = dtls_cfg->verify; SSL_CTX_set_verify(rtp->ssl_ctx, (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_FINGERPRINT) || (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_CERTIFICATE) ? |