Add support to boringssl (#2856)
This commit is contained in:
parent
c4bad5df14
commit
9ffd718d17
|
@ -80,6 +80,18 @@
|
||||||
# define USING_LIBRESSL 0
|
# define USING_LIBRESSL 0
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(OPENSSL_IS_BORINGSSL)
|
||||||
|
# define USING_BORINGSSL 1
|
||||||
|
|
||||||
|
# define TLSEXT_nid_unknown 0x1000000
|
||||||
|
|
||||||
|
#undef SSL_CTRL_SET_ECDH_AUTO
|
||||||
|
# define SSL_CTRL_SET_ECDH_AUTO 94
|
||||||
|
|
||||||
|
#else
|
||||||
|
# define USING_BORINGSSL 0
|
||||||
|
#endif
|
||||||
|
|
||||||
#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
|
#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
|
||||||
&& OPENSSL_VERSION_NUMBER >= 0x1000200fL
|
&& OPENSSL_VERSION_NUMBER >= 0x1000200fL
|
||||||
|
|
||||||
|
@ -394,7 +406,11 @@ static pj_str_t ssl_strerror(pj_status_t status,
|
||||||
ssl_err -= PJ_SSL_ERRNO_START;
|
ssl_err -= PJ_SSL_ERRNO_START;
|
||||||
l = ssl_err / MAX_OSSL_ERR_REASON;
|
l = ssl_err / MAX_OSSL_ERR_REASON;
|
||||||
r = ssl_err % MAX_OSSL_ERR_REASON;
|
r = ssl_err % MAX_OSSL_ERR_REASON;
|
||||||
|
#if USING_BORINGSSL
|
||||||
|
ssl_err = ERR_PACK(l, r);
|
||||||
|
#else
|
||||||
ssl_err = ERR_PACK(l, 0, r);
|
ssl_err = ERR_PACK(l, 0, r);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(PJ_HAS_ERROR_STRING) && (PJ_HAS_ERROR_STRING != 0)
|
#if defined(PJ_HAS_ERROR_STRING) && (PJ_HAS_ERROR_STRING != 0)
|
||||||
|
@ -717,7 +733,11 @@ static pj_status_t init_openssl(void)
|
||||||
}
|
}
|
||||||
ssl_cipher_num = n;
|
ssl_cipher_num = n;
|
||||||
|
|
||||||
|
#if USING_BORINGSSL
|
||||||
|
ssl_sess = SSL_SESSION_new(ctx);
|
||||||
|
#else
|
||||||
ssl_sess = SSL_SESSION_new();
|
ssl_sess = SSL_SESSION_new();
|
||||||
|
#endif
|
||||||
SSL_set_session(ssl, ssl_sess);
|
SSL_set_session(ssl, ssl_sess);
|
||||||
|
|
||||||
#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
|
#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
|
||||||
|
@ -725,7 +745,12 @@ static pj_status_t init_openssl(void)
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
|
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
|
||||||
ssl_curves_num = EC_get_builtin_curves(NULL, 0);
|
ssl_curves_num = EC_get_builtin_curves(NULL, 0);
|
||||||
#else
|
#else
|
||||||
|
|
||||||
|
#if USING_BORINGSSL
|
||||||
|
ssl_curves_num = SSL_get_curve_id(ssl);
|
||||||
|
#else
|
||||||
ssl_curves_num = SSL_get_shared_curve(ssl,-1);
|
ssl_curves_num = SSL_get_shared_curve(ssl,-1);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ssl_curves_num > PJ_ARRAY_SIZE(ssl_curves))
|
if (ssl_curves_num > PJ_ARRAY_SIZE(ssl_curves))
|
||||||
ssl_curves_num = PJ_ARRAY_SIZE(ssl_curves);
|
ssl_curves_num = PJ_ARRAY_SIZE(ssl_curves);
|
||||||
|
@ -770,7 +795,11 @@ static pj_status_t init_openssl(void)
|
||||||
OPENSSL_free(curves);
|
OPENSSL_free(curves);
|
||||||
#else
|
#else
|
||||||
for (i = 0; i < ssl_curves_num; i++) {
|
for (i = 0; i < ssl_curves_num; i++) {
|
||||||
|
#if USING_BORINGSSL
|
||||||
|
nid = SSL_get_curve_id(ssl);
|
||||||
|
#else
|
||||||
nid = SSL_get_shared_curve(ssl, i);
|
nid = SSL_get_shared_curve(ssl, i);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (nid & TLSEXT_nid_unknown) {
|
if (nid & TLSEXT_nid_unknown) {
|
||||||
cname = "curve unknown";
|
cname = "curve unknown";
|
||||||
|
@ -987,10 +1016,19 @@ static pj_ssl_sock_t *ssl_alloc(pj_pool_t *pool)
|
||||||
return (pj_ssl_sock_t *)PJ_POOL_ZALLOC_T(pool, ossl_sock_t);
|
return (pj_ssl_sock_t *)PJ_POOL_ZALLOC_T(pool, ossl_sock_t);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !USING_BORINGSSL
|
||||||
|
|
||||||
static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) {
|
static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) {
|
||||||
return X509_NAME_cmp(*a, *b);
|
return X509_NAME_cmp(*a, *b);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#else
|
||||||
|
|
||||||
|
static int xname_cmp(const X509_NAME **a, const X509_NAME **b) {
|
||||||
|
return X509_NAME_cmp(*a, *b);
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Initialize OpenSSL context for the ssock */
|
/* Initialize OpenSSL context for the ssock */
|
||||||
static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
|
static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
|
||||||
|
@ -1377,12 +1415,16 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
|
||||||
pj_memcpy(p, "rsa", CERT_TYPE_LEN);
|
pj_memcpy(p, "rsa", CERT_TYPE_LEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if USING_BORINGSSL
|
||||||
|
if (SSL_CTX_set_mode(ctx, SSL_CTRL_SET_ECDH_AUTO)) {
|
||||||
|
#else
|
||||||
#ifndef SSL_CTRL_SET_ECDH_AUTO
|
#ifndef SSL_CTRL_SET_ECDH_AUTO
|
||||||
#define SSL_CTRL_SET_ECDH_AUTO 94
|
#define SSL_CTRL_SET_ECDH_AUTO 94
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* SSL_CTX_set_ecdh_auto(ctx,on) requires OpenSSL 1.0.2 which wraps: */
|
/* SSL_CTX_set_ecdh_auto(ctx,on) requires OpenSSL 1.0.2 which wraps: */
|
||||||
if (SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) {
|
if (SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) {
|
||||||
|
#endif
|
||||||
PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized "
|
PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized "
|
||||||
"(automatic), faster PFS ciphers enabled"));
|
"(automatic), faster PFS ciphers enabled"));
|
||||||
#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && \
|
#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && \
|
||||||
|
@ -1441,7 +1483,11 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
|
||||||
if ((xn = X509_NAME_dup(xn)) == NULL )
|
if ((xn = X509_NAME_dup(xn)) == NULL )
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
#if !USING_BORINGSSL
|
||||||
if (sk_X509_NAME_find(sk, xn) >= 0) {
|
if (sk_X509_NAME_find(sk, xn) >= 0) {
|
||||||
|
#else
|
||||||
|
if (sk_X509_NAME_find(sk, NULL, xn) >= 0) {
|
||||||
|
#endif
|
||||||
X509_NAME_free(xn);
|
X509_NAME_free(xn);
|
||||||
} else {
|
} else {
|
||||||
sk_X509_NAME_push(sk, xn);
|
sk_X509_NAME_push(sk, xn);
|
||||||
|
@ -1753,6 +1799,7 @@ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (ssock->param.sigalgs.ptr && ssock->param.sigalgs.slen) {
|
if (ssock->param.sigalgs.ptr && ssock->param.sigalgs.slen) {
|
||||||
|
#if !USING_BORINGSSL
|
||||||
if (ssock->is_server) {
|
if (ssock->is_server) {
|
||||||
ret = SSL_set1_client_sigalgs_list(ossock->ossl_ssl,
|
ret = SSL_set1_client_sigalgs_list(ossock->ossl_ssl,
|
||||||
ssock->param.sigalgs.ptr);
|
ssock->param.sigalgs.ptr);
|
||||||
|
@ -1760,6 +1807,10 @@ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
|
||||||
ret = SSL_set1_sigalgs_list(ossock->ossl_ssl,
|
ret = SSL_set1_sigalgs_list(ossock->ossl_ssl,
|
||||||
ssock->param.sigalgs.ptr);
|
ssock->param.sigalgs.ptr);
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
ret = SSL_set1_sigalgs_list(ossock->ossl_ssl,
|
||||||
|
ssock->param.sigalgs.ptr);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ret < 1)
|
if (ret < 1)
|
||||||
return GET_SSL_STATUS(ssock);
|
return GET_SSL_STATUS(ssock);
|
||||||
|
|
Loading…
Reference in New Issue