You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/01/27 18:51:15 UTC
[trafficserver] branch 7.1.x updated: Use Autoconf checks vs. OPENSSL_VERSION_NUMBER

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/7.1.x by this push:
       new  378fd19   Use Autoconf checks vs. OPENSSL_VERSION_NUMBER
378fd19 is described below

commit 378fd19ed464030daf684f3887f09b5ec872ec39
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Mon Jan 9 11:22:15 2017 -0700

    Use Autoconf checks vs. OPENSSL_VERSION_NUMBER
    
    This will work better with the various OpenSSL forks.
    
    (cherry picked from commit 40310afc3ae52bb673d0178ce73f69ada4991736)
---
 configure.ac                         | 31 +++++++++++++++++++++++++++++++
 example/cppapi/websocket/WSBuffer.cc | 29 ++---------------------------
 iocore/net/BIO_fastopen.cc           | 11 +----------
 iocore/net/SSLUtils.cc               |  8 +++-----
 lib/ts/HashMD5.cc                    |  7 ++-----
 plugins/s3_auth/s3_auth.cc           |  7 ++++---
 6 files changed, 43 insertions(+), 50 deletions(-)

diff --git a/configure.ac b/configure.ac
index e7b29ed..95bf41f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1128,6 +1128,37 @@ TS_CHECK_CRYPTO_SET_RBIO
 # Check for DH_get_2048_256
 TS_CHECK_CRYPTO_DH_GET_2048_256
 
+saved_LIBS = "$LIBS"
+TS_ADDTO([LIBS], ["$OPENSSL_LIBS"])
+
+AC_CHECK_FUNCS([ \
+  BIO_meth_new \
+  CRYPTO_set_mem_functions \
+  HMAC_CTX_new \
+])
+
+AC_CHECK_FUNC([BIO_set_data], [],
+              [AC_DEFINE([BIO_set_data(a, _ptr)], [((a)->ptr = (_ptr))], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_get_data], [],
+              [AC_DEFINE([BIO_get_data(a)], [((a)->ptr)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_get_shutdown], [],
+              [AC_DEFINE([BIO_get_shutdown(a)], [((a)->shutdown)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_meth_get_ctrl], [],
+              [AC_DEFINE([BIO_meth_get_ctrl(biom)], [((biom)->ctrl)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_meth_get_create], [],
+              [AC_DEFINE([BIO_meth_get_create(biom)], [((biom)->create)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_meth_get_destroy], [],
+              [AC_DEFINE([BIO_meth_get_destroy(biom)], [((biom)->destroy)], [Added in OpenSSL 1.1])])
+
+AC_CHECK_FUNC([EVP_MD_CTX_new], [],
+              [AC_DEFINE([EVP_MD_CTX_new], [EVP_MD_CTX_create], [Renamed in OpenSSL 1.1])])
+AC_CHECK_FUNC([EVP_MD_CTX_reset], [],
+              [AC_DEFINE([EVP_MD_CTX_reset], [EVP_MD_CTX_cleanup], [Renamed in OpenSSL 1.1])])
+AC_CHECK_FUNC([EVP_MD_CTX_free], [],
+              [AC_DEFINE([EVP_MD_CTX_free], [EVP_MD_CTX_destroy], [Renamed in OpenSSL 1.1])])
+
+LIBS = "$saved_LIBS"
+
 #
 # Check for zlib presence and usability
 TS_CHECK_ZLIB
diff --git a/example/cppapi/websocket/WSBuffer.cc b/example/cppapi/websocket/WSBuffer.cc
index 2d8d745..2609f34 100644
--- a/example/cppapi/websocket/WSBuffer.cc
+++ b/example/cppapi/websocket/WSBuffer.cc
@@ -24,6 +24,7 @@
 #include "WSBuffer.h"
 
 #include <ts/ts.h>
+#include <ts/ink_config.h>
 #include "openssl/evp.h"
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -157,54 +158,28 @@ WSBuffer::read_buffered_message(std::string &message, int &code)
 std::string
 WSBuffer::ws_digest(std::string const &key)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-  EVP_MD_CTX digest[1];
-  EVP_MD_CTX_init(digest);
-#else
-  EVP_MD_CTX *digest;
-  digest = EVP_MD_CTX_new();
-#endif
+  EVP_MD_CTX *digest = EVP_MD_CTX_new();
 
   if (!EVP_DigestInit_ex(digest, EVP_sha1(), nullptr)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-    EVP_MD_CTX_cleanup(digest);
-#else
     EVP_MD_CTX_free(digest);
-#endif
     return "init-failed";
   }
   if (!EVP_DigestUpdate(digest, key.data(), key.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-    EVP_MD_CTX_cleanup(digest);
-#else
     EVP_MD_CTX_free(digest);
-#endif
     return "update1-failed";
   }
   if (!EVP_DigestUpdate(digest, magic.data(), magic.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-    EVP_MD_CTX_cleanup(digest);
-#else
     EVP_MD_CTX_free(digest);
-#endif
     return "update2-failed";
   }
 
   unsigned char hash_buf[EVP_MAX_MD_SIZE];
   unsigned int hash_len = 0;
   if (!EVP_DigestFinal_ex(digest, hash_buf, &hash_len)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-    EVP_MD_CTX_cleanup(digest);
-#else
     EVP_MD_CTX_free(digest);
-#endif
     return "final-failed";
   }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-  EVP_MD_CTX_cleanup(digest);
-#else
   EVP_MD_CTX_free(digest);
-#endif
   if (hash_len != 20) {
     return "bad-hash-length";
   }
diff --git a/iocore/net/BIO_fastopen.cc b/iocore/net/BIO_fastopen.cc
index 8280367..3e8095d 100644
--- a/iocore/net/BIO_fastopen.cc
+++ b/iocore/net/BIO_fastopen.cc
@@ -27,15 +27,6 @@
 
 #include "BIO_fastopen.h"
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define BIO_set_data(a, _ptr) ((a)->ptr = (_ptr))
-#define BIO_get_data(a) ((a)->ptr)
-#define BIO_get_shutdown(a) ((a)->shutdown)
-#define BIO_meth_get_ctrl(biom) ((biom)->ctrl)
-#define BIO_meth_get_create(biom) ((biom)->create)
-#define BIO_meth_get_destroy(biom) ((biom)->destroy)
-#endif
-
 static int (*fastopen_create)(BIO *) = BIO_meth_get_create(const_cast<BIO_METHOD *>(BIO_s_socket()));
 
 static int
@@ -127,7 +118,7 @@ fastopen_ctrl(BIO *bio, int cmd, long larg, void *ptr)
   return BIO_meth_get_ctrl(const_cast<BIO_METHOD *>(BIO_s_socket()))(bio, cmd, larg, ptr);
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef HAVE_BIO_METH_NEW
 static const BIO_METHOD fastopen_methods[] = {{
   .type          = BIO_TYPE_SOCKET,
   .name          = "fastopen",
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 67e9708..15f41b7 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -834,7 +834,7 @@ SSLInitializeLibrary()
 {
   if (!open_ssl_initialized) {
 // BoringSSL does not have the memory functions
-#ifndef OPENSSL_IS_BORINGSSL
+#ifdef HAVE_CRYPTO_SET_MEM_FUNCTIONS
     if (res_track_memory >= 2) {
       CRYPTO_set_mem_functions(ssl_track_malloc, ssl_track_realloc, ssl_track_free);
     } else {
@@ -1467,7 +1467,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
   int server_verify_client;
   ats_scoped_str completeServerCertPath;
   SSL_CTX *ctx                 = SSLDefaultServerContext();
-  EVP_MD_CTX *digest           = EVP_MD_CTX_create();
+  EVP_MD_CTX *digest           = EVP_MD_CTX_new();
   STACK_OF(X509_NAME) *ca_list = nullptr;
   unsigned char hash_buf[EVP_MAX_MD_SIZE];
   unsigned int hash_len    = 0;
@@ -1678,7 +1678,6 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
       SSL_CTX_set_client_CA_list(ctx, ca_list);
     }
   }
-  EVP_MD_CTX_init(digest);
 
   if (EVP_DigestInit_ex(digest, evp_md_func, nullptr) == 0) {
     SSLError("EVP_DigestInit_ex failed");
@@ -1764,8 +1763,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
   return ctx;
 
 fail:
-  // EVP_MD_CTX_destroy calls EVP_MD_CTX_cleanup too
-  EVP_MD_CTX_destroy(digest);
+  EVP_MD_CTX_free(digest);
   SSL_CLEAR_PW_REFERENCES(ctx)
   SSLReleaseContext(ctx);
   for (unsigned int i = 0; i < certList.length(); i++) {
diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc
index f4ede3f..fa877f7 100644
--- a/lib/ts/HashMD5.cc
+++ b/lib/ts/HashMD5.cc
@@ -24,7 +24,7 @@
 
 ATSHashMD5::ATSHashMD5(void) : md_len(0), finalized(false)
 {
-  ctx     = EVP_MD_CTX_create();
+  ctx     = EVP_MD_CTX_new();
   int ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr);
   ink_assert(ret == 1);
 }
@@ -67,9 +67,6 @@ ATSHashMD5::size(void) const
 void
 ATSHashMD5::clear(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
-#endif
   int ret = EVP_MD_CTX_reset(ctx);
   ink_assert(ret == 1);
   ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr);
@@ -80,5 +77,5 @@ ATSHashMD5::clear(void)
 
 ATSHashMD5::~ATSHashMD5()
 {
-  EVP_MD_CTX_destroy(ctx);
+  EVP_MD_CTX_free(ctx);
 }
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index 3a62011..8ab31cd 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -33,6 +33,7 @@
 
 #include <ts/ts.h>
 #include <ts/remap.h>
+#include <ts/ink_config.h>
 
 ///////////////////////////////////////////////////////////////////////////////
 // Some constants.
@@ -417,7 +418,7 @@ S3Request::authorize(S3Config *s3)
   }
 
 // Produce the SHA1 MAC digest
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#ifndef HAVE_HMAC_CTX_NEW
   HMAC_CTX ctx[1];
 #else
   HMAC_CTX *ctx;
@@ -427,7 +428,7 @@ S3Request::authorize(S3Config *s3)
   unsigned char hmac[SHA_DIGEST_LENGTH];
   char hmac_b64[SHA_DIGEST_LENGTH * 2];
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#ifndef HAVE_HMAC_CTX_NEW
   HMAC_CTX_init(ctx);
 #else
   ctx = HMAC_CTX_new();
@@ -454,7 +455,7 @@ S3Request::authorize(S3Config *s3)
   }
 
   HMAC_Final(ctx, hmac, &hmac_len);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#ifndef HAVE_HMAC_CTX_NEW
   HMAC_CTX_cleanup(ctx);
 #else
   HMAC_CTX_free(ctx);

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].