[sr-dev] git:master:0a87b5a9: tls: add a level of libressl compatibility
Timo Teräs
timo.teras at iki.fi
Fri Apr 28 09:18:47 CEST 2017
Module: kamailio
Branch: master
Commit: 0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e
URL: https://github.com/kamailio/kamailio/commit/0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e
Author: Timo Teräs <timo.teras at iki.fi>
Committer: Timo Teräs <timo.teras at iki.fi>
Date: 2017-04-28T10:18:32+03:00
tls: add a level of libressl compatibility
libressl is the openbsd openssl fork that is getting more popular.
It defines OPENSSL_VERSION_NUMBER 0x20000000L and introduces a new
LIBRESSL_VERSION_NUMBER that reflects the true libressl version.
As openssl made major changes between 1.0.1 and 1.1.0, and libressl
being closer to 1.0.1 series, it needs to be specifically detected
in certain cases.
This commit updates the compat logic to implement missing api
functions as inline function where sensible needed in order to
minimize the #ifdef clutter and make the code more readable and
less prone to bugs.
---
Modified: src/modules/tls/tls_bio.c
Modified: src/modules/tls/tls_domain.c
---
Diff: https://github.com/kamailio/kamailio/commit/0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e.diff
Patch: https://github.com/kamailio/kamailio/commit/0a87b5a9b0af5e3a277e462d41a8ffc3ca3f246e.patch
---
diff --git a/src/modules/tls/tls_bio.c b/src/modules/tls/tls_bio.c
index ea4f6ec..567ed6f 100644
--- a/src/modules/tls/tls_bio.c
+++ b/src/modules/tls/tls_bio.c
@@ -63,7 +63,7 @@ static int tls_bio_mbuf_puts(BIO* b, const char* s);
static long tls_bio_mbuf_ctrl(BIO* b, int cmd, long arg1, void* arg2);
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
static BIO_METHOD tls_mbuf_method = {
BIO_TYPE_TLS_MBUF, /* type */
"sr_tls_mbuf", /* name */
@@ -76,6 +76,27 @@ static BIO_METHOD tls_mbuf_method = {
tls_bio_mbuf_free, /* destroy(free) function */
0 /* ctrl callback */
};
+
+static void *CRYPTO_zalloc(size_t num, const char *file, int line)
+{
+ void *ret = CRYPTO_malloc(num, file, line);
+ if (ret != NULL)
+ memset(ret, 0, num);
+ return ret;
+}
+# define OPENSSL_zalloc(num) CRYPTO_zalloc(num, __FILE__, __LINE__)
+static void *BIO_get_data(BIO *b)
+{
+ return b->ptr;
+}
+static void BIO_set_data(BIO *b, void *ptr)
+{
+ b->ptr = ptr;
+}
+static void BIO_set_init(BIO *b, int init)
+{
+ b->init = init;
+}
#else
static BIO_METHOD *tls_mbuf_method = NULL;
#endif
@@ -84,7 +105,7 @@ static BIO_METHOD *tls_mbuf_method = NULL;
/** returns a custom tls_mbuf BIO. */
BIO_METHOD* tls_BIO_mbuf(void)
{
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
return &tls_mbuf_method;
#else
if(tls_mbuf_method != NULL) {
@@ -137,22 +158,14 @@ int tls_BIO_mbuf_set(BIO* b, struct tls_mbuf* rd, struct tls_mbuf* wr)
struct tls_bio_mbuf_data* d;
TLS_BIO_DBG("tls_BIO_mbuf_set called (%p => %p, %p)\n", b, rd, wr);
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
- d = b->ptr;
-#else
d = BIO_get_data(b);
-#endif
if (unlikely(d == 0)){
BUG("null BIO ptr data\n");
return 0;
}
d->rd = rd;
d->wr = wr;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
- b->init = 1;
-#else
BIO_set_init(b, 1);
-#endif
return 1;
}
@@ -167,25 +180,12 @@ static int tls_bio_mbuf_new(BIO* b)
struct tls_bio_mbuf_data* d;
TLS_BIO_DBG("tls_bio_mbuf_new called (%p)\n", b);
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
- b->init = 0; /* not initialized yet */
- b->num = 0;
- b->ptr = 0;
- b->flags = 0;
- d = OPENSSL_malloc(sizeof(*d));
- if (unlikely(d == 0))
- return 0;
- d->rd = 0;
- d->wr = 0;
- b->ptr = d;
-#else
BIO_set_init(b, 0);
BIO_set_data(b, NULL);
d = OPENSSL_zalloc(sizeof(*d));
if (unlikely(d == 0))
return 0;
BIO_set_data(b, d);
-#endif
return 1;
}
@@ -200,13 +200,6 @@ static int tls_bio_mbuf_free(BIO* b)
TLS_BIO_DBG("tls_bio_mbuf_free called (%p)\n", b);
if (unlikely( b == 0))
return 0;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
- if (likely(b->ptr)){
- OPENSSL_free(b->ptr);
- b->ptr = 0;
- b->init = 0;
- }
-#else
do {
struct tls_bio_mbuf_data* d;
d = BIO_get_data(b);
@@ -216,7 +209,6 @@ static int tls_bio_mbuf_free(BIO* b)
BIO_set_init(b, 0);
}
} while(0);
-#endif
return 1;
}
@@ -235,11 +227,7 @@ static int tls_bio_mbuf_read(BIO* b, char* dst, int dst_len)
ret = 0;
if (likely(dst)) {
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
- d = b->ptr;
-#else
d = BIO_get_data(b);
-#endif
BIO_clear_retry_flags(b);
if (unlikely(d == 0 || d->rd->buf == 0)) {
if (d == 0)
@@ -291,11 +279,7 @@ static int tls_bio_mbuf_write(BIO* b, const char* src, int src_len)
int ret;
ret = 0;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
- d = b->ptr;
-#else
d = BIO_get_data(b);
-#endif
BIO_clear_retry_flags(b);
if (unlikely(d == 0 || d->wr->buf == 0)) {
if (d == 0)
diff --git a/src/modules/tls/tls_domain.c b/src/modules/tls/tls_domain.c
index fafaf70..2849e15 100644
--- a/src/modules/tls/tls_domain.c
+++ b/src/modules/tls/tls_domain.c
@@ -124,7 +124,7 @@ static void setup_dh(SSL_CTX *ctx)
return;
}
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
/* libssl >= v1.1.0 */
DH_set0_pqg(dh, p, NULL, g);
#else
More information about the sr-dev
mailing list