Bug 228866 - net/libsrtp: Build failure with OpenSSL 1.1
Summary: net/libsrtp: Build failure with OpenSSL 1.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Tijl Coosemans
URL:
Keywords:
Depends on:
Blocks: 228865
  Show dependency treegraph
 
Reported: 2018-06-10 11:12 UTC by Bernard Spil
Modified: 2018-06-11 09:31 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (tijl)


Attachments
Poudriere build log (24.42 KB, text/plain)
2018-06-10 11:12 UTC, Bernard Spil
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2018-06-10 11:12:38 UTC
Created attachment 194125 [details]
Poudriere build log

Current port v1.6.0 fails to build with OpenSSL 1.1

The v2.x branch of libsrtp seems to be compatible but requires changes to dependent ports, impact unknown.
Comment 1 commit-hook freebsd_committer 2018-06-10 14:47:10 UTC
A commit references this bug:

Author: tijl
Date: Sun Jun 10 14:46:32 UTC 2018
New revision: 472142
URL: https://svnweb.freebsd.org/changeset/ports/472142

Log:
  Add net/libsrtp2 2.2.0 (API not compatible with net/libsrtp).

  PR:		228866

Changes:
  head/net/Makefile
  head/net/libsrtp2/
  head/net/libsrtp2/Makefile
  head/net/libsrtp2/distinfo
  head/net/libsrtp2/files/patch-Makefile.in
  head/net/libsrtp2/files/patch-libsrtp.pc.in
  head/net/libsrtp2/files/patch-libsrtp2.pc.in
  head/net/libsrtp2/pkg-plist
Comment 2 Bernard Spil freebsd_committer 2018-06-10 18:00:06 UTC
Thanks Tijl!

I was hesitant in proposing this as I didn't know what fall-out that would lead to in ports. Do you have info on ports this affects?
Comment 3 Tijl Coosemans freebsd_committer 2018-06-10 18:22:57 UTC
I created a new port net/libsrtp2.  It does not fix anything yet.  I'm working on backporting the OpenSSL 1.1 support to net/libsrtp now.
Comment 4 Bernard Spil freebsd_committer 2018-06-11 08:08:40 UTC
Thanks for picking that up Tijl! I was looking at that yesterday, but a simple cherry-pick of the commit that fixed it in 2.x wouldn't just work.
Comment 5 commit-hook freebsd_committer 2018-06-11 08:19:22 UTC
A commit references this bug:

Author: tijl
Date: Mon Jun 11 08:18:32 UTC 2018
New revision: 472170
URL: https://svnweb.freebsd.org/changeset/ports/472170

Log:
  Backport OpenSSL 1.1 support (and prerequisites) from libsrtp2.

  https://github.com/cisco/libsrtp/commit/84faa631a55235f6138cacda2e7f81980a43d13e
    Refactor memory allocation for the symmetric ciphers context structures.

  https://github.com/cisco/libsrtp/commit/5781341d99cd286a1f3d164e0576c2e837a444b7
    Use the OpenSSL HMAC implementation, and thus also the OpenSSL EVP_sha1()
    implementation.

    Experiments show about a 1.5x speedup on Intel CPUs with AVX2.

  https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b
    When building with OpenSSL, pass the AES_ICM key to the EVP context (and
    thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv.

    This means that AES key expansion is done once per key, rather than once
    per packet, resulting in a 2-3x speedup for AES-128.

  https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac
    When building with OpenSSL, pass the AES_GCM key to the EVP context (and
    thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv.

    Improves AES_GCM performance 2x-3x.

  https://github.com/cisco/libsrtp/commit/0b45423678ddc46d702f3a51614f20bfbd112ddd
    Changes for OpenSSL 1.1.0 compatibility.

    In OpenSSL 1.1.0, EVP_CIPHER_CTX, HMAC_CTX, and EVP_MD_CTX are opaque
    types, and have to be allocated with *_new methods and deallocated with
    *_free.

    EVP_CIPHER_CTX_new/free is present in OpenSSL 1.0.1 and later, but
    HMAC_CTX_new and EVP_MD_CTX_new are new in OpenSSL 1.1.0.

    Use the _new unconditionally for ciphers, and conditionally use the old
    or new APIs for HMAC and MD.

    No noticible performance change for older OpenSSL.

  PR:		228866

Changes:
  head/net/libsrtp/Makefile
  head/net/libsrtp/files/patch-00-84faa63
  head/net/libsrtp/files/patch-01-5781341
  head/net/libsrtp/files/patch-02-fb95445
  head/net/libsrtp/files/patch-03-1acba56
  head/net/libsrtp/files/patch-04-0b45423