[sr-dev] git:master:0a87b5a9: tls: add a level of libressl compatibility

Timo Teräs timo.teras at iki.fi
Fri Apr 28 09:18:47 CEST 2017


Module: kamailio
Branch: master
Commit: 0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e
URL: https://github.com/kamailio/kamailio/commit/0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e

Author: Timo Teräs <timo.teras at iki.fi>
Committer: Timo Teräs <timo.teras at iki.fi>
Date: 2017-04-28T10:18:32+03:00

tls: add a level of libressl compatibility

libressl is the openbsd openssl fork that is getting more popular.
It defines OPENSSL_VERSION_NUMBER 0x20000000L and introduces a new
LIBRESSL_VERSION_NUMBER that reflects the true libressl version.

As openssl made major changes between 1.0.1 and 1.1.0, and libressl
being closer to 1.0.1 series, it needs to be specifically detected
in certain cases.

This commit updates the compat logic to implement missing api
functions as inline function where sensible needed in order to
minimize the #ifdef clutter and make the code more readable and
less prone to bugs.

---

Modified: src/modules/tls/tls_bio.c
Modified: src/modules/tls/tls_domain.c

---

Diff:  https://github.com/kamailio/kamailio/commit/0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e.diff
Patch: https://github.com/kamailio/kamailio/commit/0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e.patch

---

diff --git a/src/modules/tls/tls_bio.c b/src/modules/tls/tls_bio.c
index ea4f6ec..567ed6f 100644
--- a/src/modules/tls/tls_bio.c
+++ b/src/modules/tls/tls_bio.c
@@ -63,7 +63,7 @@ static int tls_bio_mbuf_puts(BIO* b, const char* s);
 static long tls_bio_mbuf_ctrl(BIO* b, int cmd, long arg1, void* arg2);
 
 
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
 static BIO_METHOD tls_mbuf_method = {
 	BIO_TYPE_TLS_MBUF,	/* type */
 	"sr_tls_mbuf",		/* name */
@@ -76,6 +76,27 @@ static BIO_METHOD tls_mbuf_method = {
 	tls_bio_mbuf_free,	/* destroy(free) function */
 	0					/* ctrl callback */
 };
+
+static void *CRYPTO_zalloc(size_t num, const char *file, int line)
+{
+	void *ret = CRYPTO_malloc(num, file, line);
+	if (ret != NULL)
+		memset(ret, 0, num);
+	return ret;
+}
+# define OPENSSL_zalloc(num) CRYPTO_zalloc(num, __FILE__, __LINE__)
+static void *BIO_get_data(BIO *b)
+{
+	return b->ptr;
+}
+static void BIO_set_data(BIO *b, void *ptr)
+{
+	b->ptr = ptr;
+}
+static void BIO_set_init(BIO *b, int init)
+{
+	b->init = init;
+}
 #else
 static BIO_METHOD *tls_mbuf_method = NULL;
 #endif
@@ -84,7 +105,7 @@ static BIO_METHOD *tls_mbuf_method = NULL;
 /** returns a custom tls_mbuf BIO. */
 BIO_METHOD* tls_BIO_mbuf(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
 	return &tls_mbuf_method;
 #else
 	if(tls_mbuf_method != NULL) {
@@ -137,22 +158,14 @@ int tls_BIO_mbuf_set(BIO* b, struct tls_mbuf* rd, struct tls_mbuf* wr)
 	struct tls_bio_mbuf_data* d;
 
 	TLS_BIO_DBG("tls_BIO_mbuf_set called (%p => %p, %p)\n", b, rd, wr);
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
-	d = b->ptr;
-#else
 	d = BIO_get_data(b);
-#endif
 	if (unlikely(d == 0)){
 		BUG("null BIO ptr data\n");
 		return 0;
 	}
 	d->rd = rd;
 	d->wr = wr;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
-	b->init = 1;
-#else
 	BIO_set_init(b, 1);
-#endif
 	return 1;
 }
 
@@ -167,25 +180,12 @@ static int tls_bio_mbuf_new(BIO* b)
 	struct tls_bio_mbuf_data* d;
 
 	TLS_BIO_DBG("tls_bio_mbuf_new called (%p)\n", b);
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
-	b->init = 0; /* not initialized yet */
-	b->num = 0;
-	b->ptr = 0;
-	b->flags = 0;
-	d = OPENSSL_malloc(sizeof(*d));
-	if (unlikely(d == 0))
-		return 0;
-	d->rd = 0;
-	d->wr = 0;
-	b->ptr = d;
-#else
 	BIO_set_init(b, 0);
 	BIO_set_data(b, NULL);
 	d = OPENSSL_zalloc(sizeof(*d));
 	if (unlikely(d == 0))
 		return 0;
 	BIO_set_data(b, d);
-#endif
 	return 1;
 }
 
@@ -200,13 +200,6 @@ static int tls_bio_mbuf_free(BIO* b)
 	TLS_BIO_DBG("tls_bio_mbuf_free called (%p)\n", b);
 	if (unlikely( b == 0))
 			return 0;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
-	if (likely(b->ptr)){
-		OPENSSL_free(b->ptr);
-		b->ptr = 0;
-		b->init = 0;
-	}
-#else
 	do {
 		struct tls_bio_mbuf_data* d;
 		d = BIO_get_data(b);
@@ -216,7 +209,6 @@ static int tls_bio_mbuf_free(BIO* b)
 			BIO_set_init(b, 0);
 		}
 	} while(0);
-#endif
 	return 1;
 }
 
@@ -235,11 +227,7 @@ static int tls_bio_mbuf_read(BIO* b, char* dst, int dst_len)
 
 	ret = 0;
 	if (likely(dst)) {
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
-		d = b->ptr;
-#else
 		d = BIO_get_data(b);
-#endif
 		BIO_clear_retry_flags(b);
 		if (unlikely(d == 0 || d->rd->buf == 0)) {
 			if (d == 0)
@@ -291,11 +279,7 @@ static int tls_bio_mbuf_write(BIO* b, const char* src, int src_len)
 	int ret;
 
 	ret = 0;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
-	d = b->ptr;
-#else
 	d = BIO_get_data(b);
-#endif
 	BIO_clear_retry_flags(b);
 	if (unlikely(d == 0 || d->wr->buf == 0)) {
 		if (d == 0)
diff --git a/src/modules/tls/tls_domain.c b/src/modules/tls/tls_domain.c
index fafaf70..2849e15 100644
--- a/src/modules/tls/tls_domain.c
+++ b/src/modules/tls/tls_domain.c
@@ -124,7 +124,7 @@ static void setup_dh(SSL_CTX *ctx)
 		return;
 	}
 
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
 	/* libssl >= v1.1.0 */
 	DH_set0_pqg(dh, p, NULL, g);
 #else




More information about the sr-dev mailing list