Merge branch 'master' into oviano-mods

.appveyor.yml

@@ -14,9 +14,9 @@ platform:
 build_script:
   - ps: $VSIMG = $Env:APPVEYOR_BUILD_WORKER_IMAGE; $CNFG = $Env:CONFIGURATION
   # use a few differing arguments depending on VS version to exercise different options during builds
-  - ps: if ($VSIMG -match '2019' -and $CNFG -eq "Release") { .\scripts\build-windows.ps1 -STATIC_LINK_SSL ON -BUILD_APPS ON -UNIT_TESTS ON }
+  - ps: if ($VSIMG -match '2019' -and $CNFG -eq "Release") { .\scripts\build-windows.ps1 -STATIC_LINK_SSL ON -BUILD_APPS ON -UNIT_TESTS ON -BONDING ON }
   - ps: if ($VSIMG -match '2019' -and $CNFG -eq "Debug")   { .\scripts\build-windows.ps1 -STATIC_LINK_SSL ON -BUILD_APPS ON }
-  - ps: if ($VSIMG -match '2015' -and $CNFG -eq "Release") { .\scripts\build-windows.ps1 -STATIC_LINK_SSL ON -BUILD_APPS ON -UNIT_TESTS ON }
+  - ps: if ($VSIMG -match '2015' -and $CNFG -eq "Release") { .\scripts\build-windows.ps1 -STATIC_LINK_SSL ON -BUILD_APPS ON -UNIT_TESTS ON -BONDING ON}
   - ps: if ($VSIMG -match '2015' -and $CNFG -eq "Debug")   { .\scripts\build-windows.ps1 -STATIC_LINK_SSL ON -BUILD_APPS OFF }
   - ps: if ($VSIMG -match '2013' -and $CNFG -eq "Release") { .\scripts\build-windows.ps1 -CXX11 OFF -BUILD_APPS ON }
   - ps: if ($VSIMG -match '2013' -and $CNFG -eq "Debug")   { Exit-AppveyorBuild } # just skip 2013 debug build for speed

CMakeLists.txt

@@ -15,13 +15,13 @@ include(haiUtil) # needed for set_version_variables
 # CMake version 3.0 introduced the VERSION option of the project() command
 # to specify a project version as well as the name.
 if(${CMAKE_VERSION} VERSION_LESS "3.0.0")
-  project(SRT C CXX)
-  # Sets SRT_VERSION_MAJOR, SRT_VERSION_MINOR, SRT_VERSION_PATCH
-  set_version_variables(SRT_VERSION ${SRT_VERSION})
+	project(SRT C CXX)
+	# Sets SRT_VERSION_MAJOR, SRT_VERSION_MINOR, SRT_VERSION_PATCH
+	set_version_variables(SRT_VERSION ${SRT_VERSION})
 else()
-  cmake_policy(SET CMP0048 NEW)
-  # Also sets SRT_VERSION_MAJOR, SRT_VERSION_MINOR, SRT_VERSION_PATCH
-  project(SRT VERSION ${SRT_VERSION} LANGUAGES C CXX)
+	cmake_policy(SET CMP0048 NEW)
+	# Also sets SRT_VERSION_MAJOR, SRT_VERSION_MINOR, SRT_VERSION_PATCH
+	project(SRT VERSION ${SRT_VERSION} LANGUAGES C CXX)
 endif()
 
 include(FindPkgConfig)
@@ -63,15 +63,28 @@ if (NOT DEFINED ENABLE_DEBUG)
 	endif()
 endif()
 
-# Set CMAKE_BUILD_TYPE properly, now that you know
-# that ENABLE_DEBUG is set as it should.
-
-if (ENABLE_DEBUG EQUAL 2)
-	set (CMAKE_BUILD_TYPE "RelWithDebInfo")
-elseif (ENABLE_DEBUG) # 1, ON, YES, TRUE, Y, or any other non-zero number
-	set (CMAKE_BUILD_TYPE "Debug")
-else()
-	set (CMAKE_BUILD_TYPE "Release")
+# XXX This is a kind of workaround - this part to set the build
+# type and associated other flags should not be done for build
+# systems (cmake generators) that generate a multi-configuration
+# build definition. At least it is known that MSVC does it and it
+# sets _DEBUG and NDEBUG flags itself, so this shouldn't be done
+# at all in this case.
+if (NOT MICROSOFT)
+
+	# Set CMAKE_BUILD_TYPE properly, now that you know
+	# that ENABLE_DEBUG is set as it should.
+	if (ENABLE_DEBUG EQUAL 2)
+		set (CMAKE_BUILD_TYPE "RelWithDebInfo")
+		add_definitions(-DNDEBUG)
+	elseif (ENABLE_DEBUG) # 1, ON, YES, TRUE, Y, or any other non-zero number
+		set (CMAKE_BUILD_TYPE "Debug")
+
+		# Add _DEBUG macro in debug mode only, to enable SRT_ASSERT().
+		add_definitions(-D_DEBUG)
+	else()
+		set (CMAKE_BUILD_TYPE "Release")
+		add_definitions(-DNDEBUG)
+	endif()
 endif()
 
 message(STATUS "BUILD TYPE: ${CMAKE_BUILD_TYPE}")
@@ -339,8 +352,9 @@ if (ENABLE_ENCRYPTION)
 				set(SRT_LIBS_PRIVATE ${SRT_LIBS_PRIVATE} "-l${LIB}")
 			endif()
 		endforeach()
-	else() # openssl
-		add_definitions(-DUSE_OPENSSL=1)
+	elseif ("${USE_ENCLIB}" STREQUAL "openssl-evp")
+		# Openssl-EVP requires CRYSPR2
+		add_definitions(-DUSE_OPENSSL_EVP=1 -DCRYSPR2)
 		set (SSL_REQUIRED_MODULES "openssl libcrypto")
 		# Try using pkg-config method first if enabled,
 		# fall back to find_package method otherwise
@@ -365,6 +379,39 @@ if (ENABLE_ENCRYPTION)
 			endif()
 			endif()
 
+			link_directories(
+				${SSL_LIBRARY_DIRS}
+			)
+			message(STATUS "SSL via pkg-config: -L ${SSL_LIBRARY_DIRS} -I ${SSL_INCLUDE_DIRS} -l;${SSL_LIBRARIES}")
+		else()
+			find_package(OpenSSL REQUIRED)
+			set (SSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
+			set (SSL_LIBRARIES ${OPENSSL_LIBRARIES})
+			message(STATUS "SSL via find_package(OpenSSL): -I ${SSL_INCLUDE_DIRS} -l;${SSL_LIBRARIES}")
+		endif()
+	else() # openssl
+		# Openssl (Direct-AES API) can use CRYSPR2
+		add_definitions(-DUSE_OPENSSL=1 -DCRYSPR2)
+			set (SSL_REQUIRED_MODULES "openssl libcrypto")
+		# Try using pkg-config method first if enabled,
+		# fall back to find_package method otherwise
+		if (USE_OPENSSL_PC)
+			pkg_check_modules(SSL ${SSL_REQUIRED_MODULES})
+		endif()
+		if (SSL_FOUND)
+			# We have some cases when pkg-config is improperly configured
+			# When it doesn't ship the -L and -I options, and the CMAKE_PREFIX_PATH
+			# is set (also through `configure`), then we have this problem. If so,
+			# set forcefully the -I and -L contents to prefix/include and
+			# prefix/lib.
+			if ("${SSL_LIBRARY_DIRS}" STREQUAL "")
+			if (NOT "${CMAKE_PREFIX_PATH}" STREQUAL "")
+				message(STATUS "WARNING: pkg-config has incorrect prefix - enforcing target path prefix: ${CMAKE_PREFIX_PATH}")
+				set (SSL_LIBRARY_DIRS ${CMAKE_PREFIX_PATH}/${CMAKE_INSTALL_LIBDIR})
+				set (SSL_INCLUDE_DIRS ${CMAKE_PREFIX_PATH}/include)
+			endif()
+			endif()
+
 			link_directories(
 				${SSL_LIBRARY_DIRS}
 			)

README.md

@@ -224,5 +224,5 @@ By contributing code to the SRT project, you agree to license your contribution
 [github releases]: https://github.com/Haivision/srt/releases
 [release-badge]: https://img.shields.io/github/release/Haivision/srt.svg
 
-[debian-badge]: https://badges.debian.net/badges/debian/testing/libsrt1/version.svg
-[debian-package]: https://packages.debian.org/testing/libsrt1
+[debian-badge]: https://badges.debian.net/badges/debian/testing/libsrt1.5-gnutls/version.svg
+[debian-package]: https://packages.debian.org/testing/libs/libsrt1.5-gnutls

docs/API/API-functions.md

@@ -1734,7 +1734,7 @@ delivered to the receiving application (in microseconds since SRT clock epoch).
   - [IN] Sender only. Specifies the application-provided timestamp to be associated
 with the packet. If not provided (specified as 0), the current time of 
 SRT internal clock is used.
-  - For details on how to use `srctime` please refer to the (Time Access)[#time-access] section.
+  - For details on how to use `srctime` please refer to the [Time Access](#time-access) section.
 
 - `pktseq`: Receiver only. Reports the sequence number for the packet carrying
 out the payload being returned. If the payload is carried out by more than one
@@ -2189,7 +2189,7 @@ as level-triggered, you can do two separate subscriptions for the same socket.
 
 **IMPORTANT**: The [`srt_epoll_wait`](#srt_epoll_wait) function does not report
 [`SRT_EPOLL_UPDATE`](#SRT_EPOLL_UPDATE) events. If you need the ability to get 
-any possible flag, you must use [`srt_epoll_wait`](#srt_epoll_wait). Note that 
+any possible flag, you must use [`srt_epoll_uwait`](#srt_epoll_uwait). Note that 
 this function doesn't work with system file descriptors.
 
 |      Returns                  |                                                           |

docs/build/build-options.md

@@ -58,7 +58,7 @@ Option details are given further below.
 | [`PTHREAD_LIBRARY`](#pthread_library)                        | 1.3.0 | `STRING`  | OFF        | Configures the path to a pthread library.  |
 | [`USE_BUSY_WAITING`](#use_busy_waiting)                      | 1.3.3 | `BOOL`    | OFF        | Enables more accurate sending times at the cost of potentially higher CPU load. |
 | [`USE_CXX_STD`](#use_cxx_std)                                | 1.4.2 | `STRING`  | OFF        | Enforces using a particular C++ standard (11, 14, 17, etc.) when compiling. |
-| [`USE_ENCLIB`](#use_enclib)                                  | 1.3.3 | `STRING`  | openssl    | Encryption library to be used (`openssl`, `gnutls`, `mbedtls`).  |
+| [`USE_ENCLIB`](#use_enclib)                                  | 1.3.3 | `STRING`  | openssl    | Encryption library to be used (`openssl`, `openssl-evp` (since 1.5.1-dev), `gnutls`, `mbedtls`).  |
 | [`USE_GNUSTL`](#use_gnustl)                                  | 1.3.4 | `BOOL`    | OFF        | Use `pkg-config` with the `gnustl` package name to extract the header and library path for the C++ standard library.  |
 | [`USE_OPENSSL_PC`](#use_openssl_pc)                          | 1.3.0 | `BOOL`    | ON         | Use `pkg-config` to find OpenSSL libraries.  |
 | [`OPENSSL_USE_STATIC_LIBS`](#openssl_use_static_libs)        | 1.5.0 | `BOOL`    | OFF        | Link OpenSSL statically.  |
@@ -456,12 +456,7 @@ will be run as part of the build process. This is intended for developers only.
 **`--openssl-crypto-library=<filepath>`**
 
 Used to configure the path to an OpenSSL crypto library. Ignored when encryption 
-is disabled (ENABLE_ENCRYPTION = OFF). Supported libraries are:
-
-  - openssl (default)
-  - gnutls
-  - mbedtls
-
+is disabled (ENABLE_ENCRYPTION = OFF). See [`USE_ENCLIB`](#use_enclib) for the list of supported libraries.
 
 [:arrow_up: &nbsp; Back to List of Build Options](#list-of-build-options)
 
@@ -534,6 +529,7 @@ remember that:
 Encryption library to be used. Possible options for `<name>`:
 
 * openssl (default)
+* openssl-evp (OpenSSL EVP API, since 1.5.1-dev)
 * gnutls (with nettle)
 * mbedtls
 

haicrypt/cryspr-config.h

@@ -9,6 +9,10 @@
 #include "cryspr-openssl.h"
 #define cryspr4SRT()  crysprOpenSSL()
 #define CRYSPR_IMPL_DESC "OpenSSL-AES"
+#elif defined(USE_OPENSSL_EVP)
+#include "cryspr-openssl-evp.h"
+#define cryspr4SRT()  crysprOpenSSL_EVP()
+#define CRYSPR_IMPL_DESC "OpenSSL-EVP"
 #elif defined(USE_GNUTLS)
 #include "cryspr-gnutls.h"
 #define cryspr4SRT()  crysprGnuTLS()

haicrypt/cryspr-gnutls.c

@@ -13,6 +13,8 @@
 written by
    Haivision Systems Inc.
 
+   2022-05-19 (jdube)
+        CRYSPR2 adaptation
    2019-06-27 (jdube)
         GnuTLS/Nettle CRYSPR/4SRT (CRYypto Service PRovider for SRT)
 *****************************************************************************/
@@ -24,6 +26,10 @@ written by
 typedef struct tag_crysprGnuTLS_AES_cb {
         CRYSPR_cb       ccb;        /* CRYSPR control block */
         /* Add other cryptolib specific data here */
+#ifdef CRYSPR2
+        CRYSPR_AESCTX   aes_kek_buf;		/* Key Encrypting Key (KEK) */
+        CRYSPR_AESCTX   aes_sek_buf[2];		/* even/odd Stream Encrypting Key (SEK) */
+#endif
 } crysprGnuTLS_cb;
 
 
@@ -33,11 +39,14 @@ int crysprGnuTLS_Prng(unsigned char *rn, int len)
 }
 
 int crysprGnuTLS_AES_SetKey(
+    int cipher_type,            /* One of HCRYPT_CTX_MODE_[CLRTXT|AESECB|AESCTR] */
     bool bEncrypt,              /* true:encrypt key, false:decrypt key*/
     const unsigned char *kstr,  /* key string */
     size_t kstr_len,            /* kstr length in  bytes (16, 24, or 32 bytes (for AES128,AES192, or AES256) */
     CRYSPR_AESCTX *aes_key)     /* Cryptolib Specific AES key context */
 {
+    (void)cipher_type;
+
     if (bEncrypt) {        /* Encrypt key */
         if (!(kstr_len == 16 || kstr_len == 24 || kstr_len == 32)) {
             HCRYPT_LOG(LOG_ERR, "%s", "AES_set_encrypt_key(kek) bad length\n");
@@ -114,6 +123,31 @@ int crysprGnuTLS_AES_CtrCipher( /* AES-CTR128 Encryption */
     return 0;
 }
 
+#ifdef CRYSPR2
+static CRYSPR_cb *crysprGnuTLS_Open(CRYSPR_methods *cryspr, size_t max_len)
+{
+    crysprGnuTLS_cb *aes_data;
+    CRYSPR_cb *cryspr_cb;
+
+    aes_data = (crysprGnuTLS_cb *)crysprHelper_Open(cryspr, sizeof(crysprGnuTLS_cb), max_len);
+    if (NULL == aes_data) {
+        HCRYPT_LOG(LOG_ERR, "crysprHelper_Open(%p, %zd, %zd) failed\n", cryspr, sizeof(crysprGnuTLS_cb), max_len);
+        return(NULL);
+    }
+
+    aes_data->ccb.aes_kek = &aes_data->aes_kek_buf; //key encrypting key
+    aes_data->ccb.aes_sek[0] = &aes_data->aes_sek_buf[0]; //stream encrypting key
+    aes_data->ccb.aes_sek[1] = &aes_data->aes_sek_buf[1]; //stream encrypting key
+
+    return(&aes_data->ccb);
+}
+
+static int crysprGnuTLS_Close(CRYSPR_cb *cryspr_cb)
+{
+    return(crysprHelper_Close(cryspr_cb));
+}
+#endif /* CRYSPR2 */
+
 #ifdef CRYSPR_HAS_PBKDF2
 /*
 * Password-based Key Derivation Function
@@ -157,8 +191,13 @@ CRYSPR_methods *crysprGnuTLS(void)
     #endif
 
     //--Crypto Session (Top API)
+    #ifdef CRYSPR2
+        crysprGnuTLS_methods.open     = crysprGnuTLS_Open;
+        crysprGnuTLS_methods.close    = crysprGnuTLS_Close;
+    #else /* CRYSPR2 */
     //  crysprGnuTLS_methods.open     =
     //  crysprGnuTLS_methods.close    =
+    #endif /* CRYSPR2 */
     //--Keying material (km) encryption
 #if CRYSPR_HAS_PBKDF2
     	crysprGnuTLS_methods.km_pbkdf2  = crysprGnuTLS_KmPbkdf2;