Add support to boringssl (#2856)
This commit is contained in:
parent
c4bad5df14
commit
9ffd718d17
|
@ -80,6 +80,18 @@
|
|||
# define USING_LIBRESSL 0
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_IS_BORINGSSL)
|
||||
# define USING_BORINGSSL 1
|
||||
|
||||
# define TLSEXT_nid_unknown 0x1000000
|
||||
|
||||
#undef SSL_CTRL_SET_ECDH_AUTO
|
||||
# define SSL_CTRL_SET_ECDH_AUTO 94
|
||||
|
||||
#else
|
||||
# define USING_BORINGSSL 0
|
||||
#endif
|
||||
|
||||
#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
|
||||
&& OPENSSL_VERSION_NUMBER >= 0x1000200fL
|
||||
|
||||
|
@ -394,7 +406,11 @@ static pj_str_t ssl_strerror(pj_status_t status,
|
|||
ssl_err -= PJ_SSL_ERRNO_START;
|
||||
l = ssl_err / MAX_OSSL_ERR_REASON;
|
||||
r = ssl_err % MAX_OSSL_ERR_REASON;
|
||||
#if USING_BORINGSSL
|
||||
ssl_err = ERR_PACK(l, r);
|
||||
#else
|
||||
ssl_err = ERR_PACK(l, 0, r);
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(PJ_HAS_ERROR_STRING) && (PJ_HAS_ERROR_STRING != 0)
|
||||
|
@ -717,7 +733,11 @@ static pj_status_t init_openssl(void)
|
|||
}
|
||||
ssl_cipher_num = n;
|
||||
|
||||
#if USING_BORINGSSL
|
||||
ssl_sess = SSL_SESSION_new(ctx);
|
||||
#else
|
||||
ssl_sess = SSL_SESSION_new();
|
||||
#endif
|
||||
SSL_set_session(ssl, ssl_sess);
|
||||
|
||||
#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
|
||||
|
@ -725,7 +745,12 @@ static pj_status_t init_openssl(void)
|
|||
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
|
||||
ssl_curves_num = EC_get_builtin_curves(NULL, 0);
|
||||
#else
|
||||
|
||||
#if USING_BORINGSSL
|
||||
ssl_curves_num = SSL_get_curve_id(ssl);
|
||||
#else
|
||||
ssl_curves_num = SSL_get_shared_curve(ssl,-1);
|
||||
#endif
|
||||
|
||||
if (ssl_curves_num > PJ_ARRAY_SIZE(ssl_curves))
|
||||
ssl_curves_num = PJ_ARRAY_SIZE(ssl_curves);
|
||||
|
@ -770,7 +795,11 @@ static pj_status_t init_openssl(void)
|
|||
OPENSSL_free(curves);
|
||||
#else
|
||||
for (i = 0; i < ssl_curves_num; i++) {
|
||||
#if USING_BORINGSSL
|
||||
nid = SSL_get_curve_id(ssl);
|
||||
#else
|
||||
nid = SSL_get_shared_curve(ssl, i);
|
||||
#endif
|
||||
|
||||
if (nid & TLSEXT_nid_unknown) {
|
||||
cname = "curve unknown";
|
||||
|
@ -987,10 +1016,19 @@ static pj_ssl_sock_t *ssl_alloc(pj_pool_t *pool)
|
|||
return (pj_ssl_sock_t *)PJ_POOL_ZALLOC_T(pool, ossl_sock_t);
|
||||
}
|
||||
|
||||
#if !USING_BORINGSSL
|
||||
|
||||
static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) {
|
||||
return X509_NAME_cmp(*a, *b);
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
static int xname_cmp(const X509_NAME **a, const X509_NAME **b) {
|
||||
return X509_NAME_cmp(*a, *b);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* Initialize OpenSSL context for the ssock */
|
||||
static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
|
||||
|
@ -1377,12 +1415,16 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
|
|||
pj_memcpy(p, "rsa", CERT_TYPE_LEN);
|
||||
}
|
||||
|
||||
#if USING_BORINGSSL
|
||||
if (SSL_CTX_set_mode(ctx, SSL_CTRL_SET_ECDH_AUTO)) {
|
||||
#else
|
||||
#ifndef SSL_CTRL_SET_ECDH_AUTO
|
||||
#define SSL_CTRL_SET_ECDH_AUTO 94
|
||||
#endif
|
||||
|
||||
/* SSL_CTX_set_ecdh_auto(ctx,on) requires OpenSSL 1.0.2 which wraps: */
|
||||
if (SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) {
|
||||
#endif
|
||||
PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized "
|
||||
"(automatic), faster PFS ciphers enabled"));
|
||||
#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && \
|
||||
|
@ -1441,7 +1483,11 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
|
|||
if ((xn = X509_NAME_dup(xn)) == NULL )
|
||||
break;
|
||||
|
||||
#if !USING_BORINGSSL
|
||||
if (sk_X509_NAME_find(sk, xn) >= 0) {
|
||||
#else
|
||||
if (sk_X509_NAME_find(sk, NULL, xn) >= 0) {
|
||||
#endif
|
||||
X509_NAME_free(xn);
|
||||
} else {
|
||||
sk_X509_NAME_push(sk, xn);
|
||||
|
@ -1753,6 +1799,7 @@ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
|
|||
int ret;
|
||||
|
||||
if (ssock->param.sigalgs.ptr && ssock->param.sigalgs.slen) {
|
||||
#if !USING_BORINGSSL
|
||||
if (ssock->is_server) {
|
||||
ret = SSL_set1_client_sigalgs_list(ossock->ossl_ssl,
|
||||
ssock->param.sigalgs.ptr);
|
||||
|
@ -1760,6 +1807,10 @@ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
|
|||
ret = SSL_set1_sigalgs_list(ossock->ossl_ssl,
|
||||
ssock->param.sigalgs.ptr);
|
||||
}
|
||||
#else
|
||||
ret = SSL_set1_sigalgs_list(ossock->ossl_ssl,
|
||||
ssock->param.sigalgs.ptr);
|
||||
#endif
|
||||
|
||||
if (ret < 1)
|
||||
return GET_SSL_STATUS(ssock);
|
||||
|
|
Loading…
Reference in New Issue