When I try to build PJSIP 2.6 on Lubuntu 16.04 x86_64, it doesn't find AES GCM support, even though I have OpenSSL installed.
./configure | grep -e ssl -e SSL -e crypto
checking for OpenSSL installations..
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking for ERR_load_BIO_strings in -lcrypto... yes
checking for SSL_CTX_new in -lssl... yes
OpenSSL library found, SSL support enabled
OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos
I also tried building a separate version of OpenSSL (1.1.0e) and the behavior is simillar. How can I enable AES GCM support?
What solved the problem to me was to manually compile openssl-1.0.2k. I don't know why ubuntu default (1.0.2g) would not work, but the "k" managed to work. The 1.1.0 version didn't work because the AES GCM would be tested with the following code:
#include <openssl/evp.h>
int main () {
EVP_CIPHER_CTX ctx;
EVP_aes_128_gcm();
return 0;
}
Whereas both Ubuntu implementation and OpenSSL 1.1.0> expect EVP_CIPHER_CTX variables to be declared as a pointer (or perhaps initialized?). Both builds would break and the configure would understand it as no support to the cipher. Changing the test wouldn't work either because that's how it was implemented internally.