You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/01/25 06:34:46 UTC
[trafficserver] branch 7.1.x updated: Fixes for building with LibreSSL

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/7.1.x by this push:
       new  85a923c   Fixes for building with LibreSSL
85a923c is described below

commit 85a923cbd02609cc3fba98cf11a8ee9ce9090b24
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Sun Jan 8 13:34:39 2017 -0700

    Fixes for building with LibreSSL
    
    Fixes #1307
    
    (cherry picked from commit d1f44c3e6d78958c55e176cc3cf6af76410daa90)
---
 example/cppapi/websocket/WSBuffer.cc | 12 ++++----
 iocore/net/SSLUtils.cc               | 60 ++++++++----------------------------
 lib/ts/HashMD5.cc                    |  2 +-
 plugins/s3_auth/s3_auth.cc           |  6 ++--
 4 files changed, 23 insertions(+), 57 deletions(-)

diff --git a/example/cppapi/websocket/WSBuffer.cc b/example/cppapi/websocket/WSBuffer.cc
index e84429c..2d8d745 100644
--- a/example/cppapi/websocket/WSBuffer.cc
+++ b/example/cppapi/websocket/WSBuffer.cc
@@ -157,7 +157,7 @@ WSBuffer::read_buffered_message(std::string &message, int &code)
 std::string
 WSBuffer::ws_digest(std::string const &key)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   EVP_MD_CTX digest[1];
   EVP_MD_CTX_init(digest);
 #else
@@ -166,7 +166,7 @@ WSBuffer::ws_digest(std::string const &key)
 #endif
 
   if (!EVP_DigestInit_ex(digest, EVP_sha1(), nullptr)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     EVP_MD_CTX_cleanup(digest);
 #else
     EVP_MD_CTX_free(digest);
@@ -174,7 +174,7 @@ WSBuffer::ws_digest(std::string const &key)
     return "init-failed";
   }
   if (!EVP_DigestUpdate(digest, key.data(), key.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     EVP_MD_CTX_cleanup(digest);
 #else
     EVP_MD_CTX_free(digest);
@@ -182,7 +182,7 @@ WSBuffer::ws_digest(std::string const &key)
     return "update1-failed";
   }
   if (!EVP_DigestUpdate(digest, magic.data(), magic.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     EVP_MD_CTX_cleanup(digest);
 #else
     EVP_MD_CTX_free(digest);
@@ -193,14 +193,14 @@ WSBuffer::ws_digest(std::string const &key)
   unsigned char hash_buf[EVP_MAX_MD_SIZE];
   unsigned int hash_len = 0;
   if (!EVP_DigestFinal_ex(digest, hash_buf, &hash_len)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     EVP_MD_CTX_cleanup(digest);
 #else
     EVP_MD_CTX_free(digest);
 #endif
     return "final-failed";
   }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   EVP_MD_CTX_cleanup(digest);
 #else
   EVP_MD_CTX_free(digest);
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 99d98fc..67e9708 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -84,12 +84,6 @@
 #endif
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD
-typedef const SSL_METHOD *ink_ssl_method_t;
-#else
-typedef SSL_METHOD *ink_ssl_method_t;
-#endif
-
 /*
  * struct ssl_user_config: gather user provided settings from ssl_multicert.config in to this single struct
    * ssl_ticket_enabled - session ticket enabled
@@ -149,15 +143,11 @@ static InkHashTable *ssl_cipher_name_table = nullptr;
  * may use pthreads and openssl without confusing us here. (TS-2271).
  */
 
-// Only define this function if the version of openssl really has a
-// CRYPTO_THREADID_set_callback function.  openssl 1.1.0 defines it to 0
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static void
 SSL_pthreads_thread_id(CRYPTO_THREADID *id)
 {
   CRYPTO_THREADID_set_numeric(id, (unsigned long)pthread_self());
 }
-#endif
 
 // The locking callback goes away with openssl 1.1 and CRYPTO_LOCK is on longer defined
 #ifdef CRYPTO_LOCK
@@ -228,10 +218,10 @@ ssl_session_timed_out(SSL_SESSION *session)
 static void ssl_rm_cached_session(SSL_CTX *ctx, SSL_SESSION *sess);
 
 static SSL_SESSION *
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
-ssl_get_cached_session(SSL *ssl, const unsigned char *id, int len, int *copy)
-#else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 ssl_get_cached_session(SSL *ssl, unsigned char *id, int len, int *copy)
+#else
+ssl_get_cached_session(SSL *ssl, const unsigned char *id, int len, int *copy)
 #endif
 {
   SSLSessionID sid(id, len);
@@ -794,68 +784,47 @@ SSLRecRawStatSyncCount(const char *name, RecDataT data_type, RecData *data, RecR
   return RecRawStatSyncCount(name, data_type, data, rsb, id);
 }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#define ssl_malloc(size, file, line) ssl_malloc(size)
+#define ssl_realloc(ptr, size, file, line) ssl_realloc(ptr, size)
+#define ssl_free(ptr, file, line) ssl_free(ptr)
+#define ssl_track_malloc(size, file, line) ssl_track_malloc(size)
+#define ssl_track_realloc(ptr, size, file, line) ssl_track_realloc(ptr, size)
+#define ssl_track_free(ptr, file, line) ssl_track_free(ptr)
+#endif
+
 void *
 ssl_malloc(size_t size, const char * /*filename */, int /*lineno*/)
-#else
-void *
-ssl_malloc(size_t size)
-#endif
 {
   return ats_malloc(size);
 }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
 void *
 ssl_realloc(void *ptr, size_t size, const char * /*filename*/, int /*lineno*/)
-#else
-void *
-ssl_realloc(void *ptr, size_t size)
-#endif
 {
   return ats_realloc(ptr, size);
 }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
 void
 ssl_free(void *ptr, const char * /*filename*/, int /*lineno*/)
-#else
-void
-ssl_free(void *ptr)
-#endif
 {
   ats_free(ptr);
 }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
 void *
 ssl_track_malloc(size_t size, const char * /*filename*/, int /*lineno*/)
-#else
-void *
-ssl_track_malloc(size_t size)
-#endif
 {
   return ats_track_malloc(size, &ssl_memory_allocated);
 }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
 void *
 ssl_track_realloc(void *ptr, size_t size, const char * /*filename*/, int /*lineno*/)
-#else
-void *
-ssl_track_realloc(void *ptr, size_t size)
-#endif
 {
   return ats_track_realloc(ptr, size, &ssl_memory_allocated, &ssl_memory_freed);
 }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
 void
 ssl_track_free(void *ptr, const char * /*filename*/, int /*lineno*/)
-#else
-void
-ssl_track_free(void *ptr)
-#endif
 {
   ats_track_free(ptr, &ssl_memory_freed);
 }
@@ -1283,10 +1252,7 @@ SSLDebugBufferPrint(const char *tag, const char *buffer, unsigned buflen, const
 SSL_CTX *
 SSLDefaultServerContext()
 {
-  ink_ssl_method_t meth = nullptr;
-
-  meth = SSLv23_server_method();
-  return SSL_CTX_new(meth);
+  return SSL_CTX_new(SSLv23_server_method());
 }
 
 static bool
diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc
index 1ebd950..f4ede3f 100644
--- a/lib/ts/HashMD5.cc
+++ b/lib/ts/HashMD5.cc
@@ -67,7 +67,7 @@ ATSHashMD5::size(void) const
 void
 ATSHashMD5::clear(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
 #endif
   int ret = EVP_MD_CTX_reset(ctx);
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index 033b13a..3a62011 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -417,7 +417,7 @@ S3Request::authorize(S3Config *s3)
   }
 
 // Produce the SHA1 MAC digest
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   HMAC_CTX ctx[1];
 #else
   HMAC_CTX *ctx;
@@ -427,7 +427,7 @@ S3Request::authorize(S3Config *s3)
   unsigned char hmac[SHA_DIGEST_LENGTH];
   char hmac_b64[SHA_DIGEST_LENGTH * 2];
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   HMAC_CTX_init(ctx);
 #else
   ctx = HMAC_CTX_new();
@@ -454,7 +454,7 @@ S3Request::authorize(S3Config *s3)
   }
 
   HMAC_Final(ctx, hmac, &hmac_len);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   HMAC_CTX_cleanup(ctx);
 #else
   HMAC_CTX_free(ctx);

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].