1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
From d52a694a806c1a8b6dd4d7d17d0671a96240449a Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 4 Jan 2017 15:31:40 +0100
Subject: [PATCH] Improve OpenSSL compatibility
Refactor the conditionals for openssl 1.1 support so we avoid multiple
if/else and add a check for LibreSSL as well.
---
src/crypto/hash.cc | 13 +++++--------
src/crypto/hmac.cc | 34 ++++++++++++++++++----------------
src/crypto/initialization_guard.cc | 15 ++++++---------
3 files changed, 29 insertions(+), 33 deletions(-)
diff --git a/src/crypto/hash.cc b/src/crypto/hash.cc
index 4427dfddeb..e035f695fc 100644
--- a/src/crypto/hash.cc
+++ b/src/crypto/hash.cc
@@ -8,27 +8,24 @@
#include "crypto/error.hpp"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
namespace crypto {
class evp_md_ctx_wrapper_t {
public:
evp_md_ctx_wrapper_t() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- m_evp_md_ctx = EVP_MD_CTX_create();
-#else
m_evp_md_ctx = EVP_MD_CTX_new();
-#endif
if (m_evp_md_ctx == nullptr) {
throw openssl_error_t(ERR_get_error());
}
}
~evp_md_ctx_wrapper_t() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- EVP_MD_CTX_destroy(m_evp_md_ctx);
-#else
EVP_MD_CTX_free(m_evp_md_ctx);
-#endif
}
EVP_MD_CTX *get() {
diff --git a/src/crypto/hmac.cc b/src/crypto/hmac.cc
index 2ac4314e24..0e3f91a0c1 100644
--- a/src/crypto/hmac.cc
+++ b/src/crypto/hmac.cc
@@ -7,43 +7,45 @@
#include "crypto/error.hpp"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+inline HMAC_CTX *HMAC_CTX_new() {
+ HMAC_CTX *tmp = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX));
+ if (tmp)
+ HMAC_CTX_init(tmp);
+ return tmp;
+}
+
+inline void HMAC_CTX_free(HMAC_CTX *ctx) {
+ if (ctx) {
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+#endif
+
namespace crypto {
class hmac_ctx_wrapper_t {
public:
hmac_ctx_wrapper_t() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- HMAC_CTX_init(&m_hmac_ctx);
-#else
m_hmac_ctx = HMAC_CTX_new();
if (m_hmac_ctx == nullptr) {
throw openssl_error_t(ERR_get_error());
}
-#endif
}
~hmac_ctx_wrapper_t() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- HMAC_CTX_cleanup(&m_hmac_ctx);
-#else
HMAC_CTX_free(m_hmac_ctx);
-#endif
}
HMAC_CTX *get() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return &m_hmac_ctx;
-#else
return m_hmac_ctx;
-#endif
}
private:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- HMAC_CTX m_hmac_ctx;
-#else
HMAC_CTX *m_hmac_ctx;
-#endif
};
std::array<unsigned char, SHA256_DIGEST_LENGTH> detail::hmac_sha256(
diff --git a/src/crypto/initialization_guard.cc b/src/crypto/initialization_guard.cc
index ba0503efc6..f76ffd96da 100644
--- a/src/crypto/initialization_guard.cc
+++ b/src/crypto/initialization_guard.cc
@@ -14,16 +14,17 @@
#include "arch/io/concurrency.hpp"
#include "arch/runtime/runtime.hpp"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#define OPENSSL_init_ssl(x, y) SSL_library_init()
+#define OPENSSL_init_crypto(x, y) SSL_load_error_strings()
+#define OPENSSL_cleanup ERR_free_strings
+#endif
+
namespace crypto {
initialization_guard_t::initialization_guard_t() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_library_init();
- SSL_load_error_strings();
-#else
OPENSSL_init_ssl(0, nullptr);
OPENSSL_init_crypto(0, nullptr);
-#endif
// Make OpenSSL thread-safe by registering the required callbacks
CRYPTO_THREADID_set_callback([](CRYPTO_THREADID *thread_out) {
@@ -49,11 +50,7 @@ initialization_guard_t::initialization_guard_t() {
}
initialization_guard_t::~initialization_guard_t() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- ERR_free_strings();
-#else
OPENSSL_cleanup();
-#endif
}
} // namespace crypto
--
2.11.0
|
