[FFmpeg-devel] lavf/tls_openssl: Support building with LibreSSL

Submitted by Marek Behún on Jan. 27, 2017, 9:42 p.m.

Details

Message ID 20170127214210.13422-1-kabel@blackhole.sk
State New
Headers show

Commit Message

Marek Behún Jan. 27, 2017, 9:42 p.m.
In configure, check if the function BIO_meth_new is defined in the
corresponding OpenSSL/LibreSSL library, and if yes, define
HAVE_OPENSSL_BIO_METH_CALLS variable to 1 in config.h, or to 0
otherwise.

Change the heuristics preprocessor check
  #if OPENSSL_VERSION_NUMBER >= 0x1010000fL
to
  #if HAVE_OPENSSL_BIO_METH_CALLS

This makes it possible to use LibreSSL, which defines
OPENSSL_VERSION_NUMBER to >= 0x2000000fL, but does not support the
BIO_meth_* calls from OpenSSL 1.1.0+.

Signed-off-by: Marek Behun <kabel@blackhole.sk>
---
 configure                 |  9 ++++++++-
 libavformat/tls_openssl.c | 12 ++++++------
 2 files changed, 14 insertions(+), 7 deletions(-)

Comments

Mark Thompson Jan. 27, 2017, 10:20 p.m.
On 27/01/17 21:42, Marek Behún wrote:
> In configure, check if the function BIO_meth_new is defined in the
> corresponding OpenSSL/LibreSSL library, and if yes, define
> HAVE_OPENSSL_BIO_METH_CALLS variable to 1 in config.h, or to 0
> otherwise.
> 
> Change the heuristics preprocessor check
>   #if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> to
>   #if HAVE_OPENSSL_BIO_METH_CALLS
> 
> This makes it possible to use LibreSSL, which defines
> OPENSSL_VERSION_NUMBER to >= 0x2000000fL, but does not support the
> BIO_meth_* calls from OpenSSL 1.1.0+.
> 
> Signed-off-by: Marek Behun <kabel@blackhole.sk>
> ---
>  configure                 |  9 ++++++++-
>  libavformat/tls_openssl.c | 12 ++++++------
>  2 files changed, 14 insertions(+), 7 deletions(-)
> 
> diff --git a/configure b/configure
> index 7154142..f2bf7b4 100755
> --- a/configure
> +++ b/configure
> @@ -2060,6 +2060,7 @@ HAVE_LIST="
>      makeinfo
>      makeinfo_html
>      MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS
> +    openssl_bio_meth_calls
>      perl
>      pod2man
>      sdl2
> @@ -5883,7 +5884,13 @@ enabled openssl           && { use_pkg_config openssl openssl/ssl.h OPENSSL_init
>                                 check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto ||
>                                 check_lib openssl/ssl.h SSL_library_init -lssl32 -leay32 ||
>                                 check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto -lws2_32 -lgdi32 ||
> -                               die "ERROR: openssl not found"; }
> +                               die "ERROR: openssl not found"; } &&
> +                             { { check_pkg_config openssl openssl/bio.h BIO_meth_new ||
> +                                 check_func BIO_meth_new -lssl -lcrypto ||
> +                                 check_func BIO_meth_new -lssl32 -leay32 ||
> +                                 check_func BIO_meth_new -lssl -lcrypto -lws2_32 -lgdi32; } &&
> +                               enable openssl_bio_meth_calls || disable openssl_bio_meth_calls
> +                             }

You don't need to duplicate the whole list of tests.  Once one of the first set has succeeded then the necessary libraries have already been added to the accumulated flags.

That is:

@@ -5883,7 +5884,8 @@ enabled openssl           && { use_pkg_config openssl openssl/ssl.h OPENSSL_init
                                check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto ||
                                check_lib openssl/ssl.h SSL_library_init -lssl32 -leay32 ||
                                check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto -lws2_32 -lgdi32 ||
-                               die "ERROR: openssl not found"; }
+                               die "ERROR: openssl not found"; } &&
+                             { check_func BIO_meth_new && enable openssl_bio_meth_calls; }
 enabled qtkit_indev      && { check_header_objcc QTKit/QTKit.h || disable qtkit_indev; }

>  enabled qtkit_indev      && { check_header_objcc QTKit/QTKit.h || disable qtkit_indev; }
>  
>  # libdc1394 check
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 3d9768a..cede0b6 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -43,7 +43,7 @@ typedef struct TLSContext {
>      TLSShared tls_shared;
>      SSL_CTX *ctx;
>      SSL *ssl;
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      BIO_METHOD* url_bio_method;
>  #endif
>  } TLSContext;
> @@ -68,7 +68,7 @@ static unsigned long openssl_thread_id(void)
>  
>  static int url_bio_create(BIO *b)
>  {
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      BIO_set_init(b, 1);
>      BIO_set_data(b, NULL);
>      BIO_set_flags(b, 0);
> @@ -85,7 +85,7 @@ static int url_bio_destroy(BIO *b)
>      return 1;
>  }
>  
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>  #define GET_BIO_DATA(x) BIO_get_data(x);
>  #else
>  #define GET_BIO_DATA(x) (x)->ptr;
> @@ -133,7 +133,7 @@ static int url_bio_bputs(BIO *b, const char *str)
>      return url_bio_bwrite(b, str, strlen(str));
>  }
>  
> -#if OPENSSL_VERSION_NUMBER < 0x1010000fL
> +#if !HAVE_OPENSSL_BIO_METH_CALLS
>  static BIO_METHOD url_bio_method = {
>      .type = BIO_TYPE_SOURCE_SINK,
>      .name = "urlprotocol bio",
> @@ -212,7 +212,7 @@ static int tls_close(URLContext *h)
>          SSL_CTX_free(c->ctx);
>      if (c->tls_shared.tcp)
>          ffurl_close(c->tls_shared.tcp);
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      if (c->url_bio_method)
>          BIO_meth_free(c->url_bio_method);
>  #endif
> @@ -270,7 +270,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
>          ret = AVERROR(EIO);
>          goto fail;
>      }
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      p->url_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "urlprotocol bio");
>      BIO_meth_set_write(p->url_bio_method, url_bio_bwrite);
>      BIO_meth_set_read(p->url_bio_method, url_bio_bread);
> 

Otherwise LGTM, but we should wait to give other people a chance to comment on it (particularly those in the original discussion a few months ago).

Thanks,

- Mark

Patch hide | download patch | download mbox

diff --git a/configure b/configure
index 7154142..f2bf7b4 100755
--- a/configure
+++ b/configure
@@ -2060,6 +2060,7 @@  HAVE_LIST="
     makeinfo
     makeinfo_html
     MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS
+    openssl_bio_meth_calls
     perl
     pod2man
     sdl2
@@ -5883,7 +5884,13 @@  enabled openssl           && { use_pkg_config openssl openssl/ssl.h OPENSSL_init
                                check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto ||
                                check_lib openssl/ssl.h SSL_library_init -lssl32 -leay32 ||
                                check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto -lws2_32 -lgdi32 ||
-                               die "ERROR: openssl not found"; }
+                               die "ERROR: openssl not found"; } &&
+                             { { check_pkg_config openssl openssl/bio.h BIO_meth_new ||
+                                 check_func BIO_meth_new -lssl -lcrypto ||
+                                 check_func BIO_meth_new -lssl32 -leay32 ||
+                                 check_func BIO_meth_new -lssl -lcrypto -lws2_32 -lgdi32; } &&
+                               enable openssl_bio_meth_calls || disable openssl_bio_meth_calls
+                             }
 enabled qtkit_indev      && { check_header_objcc QTKit/QTKit.h || disable qtkit_indev; }
 
 # libdc1394 check
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 3d9768a..cede0b6 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -43,7 +43,7 @@  typedef struct TLSContext {
     TLSShared tls_shared;
     SSL_CTX *ctx;
     SSL *ssl;
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+#if HAVE_OPENSSL_BIO_METH_CALLS
     BIO_METHOD* url_bio_method;
 #endif
 } TLSContext;
@@ -68,7 +68,7 @@  static unsigned long openssl_thread_id(void)
 
 static int url_bio_create(BIO *b)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+#if HAVE_OPENSSL_BIO_METH_CALLS
     BIO_set_init(b, 1);
     BIO_set_data(b, NULL);
     BIO_set_flags(b, 0);
@@ -85,7 +85,7 @@  static int url_bio_destroy(BIO *b)
     return 1;
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+#if HAVE_OPENSSL_BIO_METH_CALLS
 #define GET_BIO_DATA(x) BIO_get_data(x);
 #else
 #define GET_BIO_DATA(x) (x)->ptr;
@@ -133,7 +133,7 @@  static int url_bio_bputs(BIO *b, const char *str)
     return url_bio_bwrite(b, str, strlen(str));
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
+#if !HAVE_OPENSSL_BIO_METH_CALLS
 static BIO_METHOD url_bio_method = {
     .type = BIO_TYPE_SOURCE_SINK,
     .name = "urlprotocol bio",
@@ -212,7 +212,7 @@  static int tls_close(URLContext *h)
         SSL_CTX_free(c->ctx);
     if (c->tls_shared.tcp)
         ffurl_close(c->tls_shared.tcp);
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+#if HAVE_OPENSSL_BIO_METH_CALLS
     if (c->url_bio_method)
         BIO_meth_free(c->url_bio_method);
 #endif
@@ -270,7 +270,7 @@  static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
         ret = AVERROR(EIO);
         goto fail;
     }
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+#if HAVE_OPENSSL_BIO_METH_CALLS
     p->url_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "urlprotocol bio");
     BIO_meth_set_write(p->url_bio_method, url_bio_bwrite);
     BIO_meth_set_read(p->url_bio_method, url_bio_bread);