Summary: | net/libsrtp: Build failure with OpenSSL 1.1 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Bernard Spil <brnrd> | ||||
Component: | Individual Port(s) | Assignee: | Tijl Coosemans <tijl> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | brnrd | ||||
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(tijl) |
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 228865 | ||||||
Attachments: |
|
A commit references this bug: Author: tijl Date: Sun Jun 10 14:46:32 UTC 2018 New revision: 472142 URL: https://svnweb.freebsd.org/changeset/ports/472142 Log: Add net/libsrtp2 2.2.0 (API not compatible with net/libsrtp). PR: 228866 Changes: head/net/Makefile head/net/libsrtp2/ head/net/libsrtp2/Makefile head/net/libsrtp2/distinfo head/net/libsrtp2/files/patch-Makefile.in head/net/libsrtp2/files/patch-libsrtp.pc.in head/net/libsrtp2/files/patch-libsrtp2.pc.in head/net/libsrtp2/pkg-plist Thanks Tijl! I was hesitant in proposing this as I didn't know what fall-out that would lead to in ports. Do you have info on ports this affects? I created a new port net/libsrtp2. It does not fix anything yet. I'm working on backporting the OpenSSL 1.1 support to net/libsrtp now. Thanks for picking that up Tijl! I was looking at that yesterday, but a simple cherry-pick of the commit that fixed it in 2.x wouldn't just work. A commit references this bug: Author: tijl Date: Mon Jun 11 08:18:32 UTC 2018 New revision: 472170 URL: https://svnweb.freebsd.org/changeset/ports/472170 Log: Backport OpenSSL 1.1 support (and prerequisites) from libsrtp2. https://github.com/cisco/libsrtp/commit/84faa631a55235f6138cacda2e7f81980a43d13e Refactor memory allocation for the symmetric ciphers context structures. https://github.com/cisco/libsrtp/commit/5781341d99cd286a1f3d164e0576c2e837a444b7 Use the OpenSSL HMAC implementation, and thus also the OpenSSL EVP_sha1() implementation. Experiments show about a 1.5x speedup on Intel CPUs with AVX2. https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b When building with OpenSSL, pass the AES_ICM key to the EVP context (and thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv. This means that AES key expansion is done once per key, rather than once per packet, resulting in a 2-3x speedup for AES-128. https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac When building with OpenSSL, pass the AES_GCM key to the EVP context (and thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv. Improves AES_GCM performance 2x-3x. https://github.com/cisco/libsrtp/commit/0b45423678ddc46d702f3a51614f20bfbd112ddd Changes for OpenSSL 1.1.0 compatibility. In OpenSSL 1.1.0, EVP_CIPHER_CTX, HMAC_CTX, and EVP_MD_CTX are opaque types, and have to be allocated with *_new methods and deallocated with *_free. EVP_CIPHER_CTX_new/free is present in OpenSSL 1.0.1 and later, but HMAC_CTX_new and EVP_MD_CTX_new are new in OpenSSL 1.1.0. Use the _new unconditionally for ciphers, and conditionally use the old or new APIs for HMAC and MD. No noticible performance change for older OpenSSL. PR: 228866 Changes: head/net/libsrtp/Makefile head/net/libsrtp/files/patch-00-84faa63 head/net/libsrtp/files/patch-01-5781341 head/net/libsrtp/files/patch-02-fb95445 head/net/libsrtp/files/patch-03-1acba56 head/net/libsrtp/files/patch-04-0b45423 |
Created attachment 194125 [details] Poudriere build log Current port v1.6.0 fails to build with OpenSSL 1.1 The v2.x branch of libsrtp seems to be compatible but requires changes to dependent ports, impact unknown.