You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by no...@apache.org on 2017/01/24 17:48:52 UTC
[trafficserver] branch master updated: Fixes for building with
LibreSSL
This is an automated email from the ASF dual-hosted git repository.
nottheoilrig pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new d1f44c3 Fixes for building with LibreSSL
d1f44c3 is described below
commit d1f44c3e6d78958c55e176cc3cf6af76410daa90
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Sun Jan 8 13:34:39 2017 -0700
Fixes for building with LibreSSL
Fixes #1307
---
example/cppapi/websocket/WSBuffer.cc | 12 ++++----
iocore/net/SSLUtils.cc | 60 ++++++++----------------------------
lib/ts/HashMD5.cc | 2 +-
plugins/s3_auth/s3_auth.cc | 6 ++--
4 files changed, 23 insertions(+), 57 deletions(-)
diff --git a/example/cppapi/websocket/WSBuffer.cc b/example/cppapi/websocket/WSBuffer.cc
index e84429c..2d8d745 100644
--- a/example/cppapi/websocket/WSBuffer.cc
+++ b/example/cppapi/websocket/WSBuffer.cc
@@ -157,7 +157,7 @@ WSBuffer::read_buffered_message(std::string &message, int &code)
std::string
WSBuffer::ws_digest(std::string const &key)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX digest[1];
EVP_MD_CTX_init(digest);
#else
@@ -166,7 +166,7 @@ WSBuffer::ws_digest(std::string const &key)
#endif
if (!EVP_DigestInit_ex(digest, EVP_sha1(), nullptr)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup(digest);
#else
EVP_MD_CTX_free(digest);
@@ -174,7 +174,7 @@ WSBuffer::ws_digest(std::string const &key)
return "init-failed";
}
if (!EVP_DigestUpdate(digest, key.data(), key.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup(digest);
#else
EVP_MD_CTX_free(digest);
@@ -182,7 +182,7 @@ WSBuffer::ws_digest(std::string const &key)
return "update1-failed";
}
if (!EVP_DigestUpdate(digest, magic.data(), magic.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup(digest);
#else
EVP_MD_CTX_free(digest);
@@ -193,14 +193,14 @@ WSBuffer::ws_digest(std::string const &key)
unsigned char hash_buf[EVP_MAX_MD_SIZE];
unsigned int hash_len = 0;
if (!EVP_DigestFinal_ex(digest, hash_buf, &hash_len)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup(digest);
#else
EVP_MD_CTX_free(digest);
#endif
return "final-failed";
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup(digest);
#else
EVP_MD_CTX_free(digest);
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 99d98fc..67e9708 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -84,12 +84,6 @@
#endif
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD
-typedef const SSL_METHOD *ink_ssl_method_t;
-#else
-typedef SSL_METHOD *ink_ssl_method_t;
-#endif
-
/*
* struct ssl_user_config: gather user provided settings from ssl_multicert.config in to this single struct
* ssl_ticket_enabled - session ticket enabled
@@ -149,15 +143,11 @@ static InkHashTable *ssl_cipher_name_table = nullptr;
* may use pthreads and openssl without confusing us here. (TS-2271).
*/
-// Only define this function if the version of openssl really has a
-// CRYPTO_THREADID_set_callback function. openssl 1.1.0 defines it to 0
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
static void
SSL_pthreads_thread_id(CRYPTO_THREADID *id)
{
CRYPTO_THREADID_set_numeric(id, (unsigned long)pthread_self());
}
-#endif
// The locking callback goes away with openssl 1.1 and CRYPTO_LOCK is on longer defined
#ifdef CRYPTO_LOCK
@@ -228,10 +218,10 @@ ssl_session_timed_out(SSL_SESSION *session)
static void ssl_rm_cached_session(SSL_CTX *ctx, SSL_SESSION *sess);
static SSL_SESSION *
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
-ssl_get_cached_session(SSL *ssl, const unsigned char *id, int len, int *copy)
-#else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ssl_get_cached_session(SSL *ssl, unsigned char *id, int len, int *copy)
+#else
+ssl_get_cached_session(SSL *ssl, const unsigned char *id, int len, int *copy)
#endif
{
SSLSessionID sid(id, len);
@@ -794,68 +784,47 @@ SSLRecRawStatSyncCount(const char *name, RecDataT data_type, RecData *data, RecR
return RecRawStatSyncCount(name, data_type, data, rsb, id);
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#define ssl_malloc(size, file, line) ssl_malloc(size)
+#define ssl_realloc(ptr, size, file, line) ssl_realloc(ptr, size)
+#define ssl_free(ptr, file, line) ssl_free(ptr)
+#define ssl_track_malloc(size, file, line) ssl_track_malloc(size)
+#define ssl_track_realloc(ptr, size, file, line) ssl_track_realloc(ptr, size)
+#define ssl_track_free(ptr, file, line) ssl_track_free(ptr)
+#endif
+
void *
ssl_malloc(size_t size, const char * /*filename */, int /*lineno*/)
-#else
-void *
-ssl_malloc(size_t size)
-#endif
{
return ats_malloc(size);
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
void *
ssl_realloc(void *ptr, size_t size, const char * /*filename*/, int /*lineno*/)
-#else
-void *
-ssl_realloc(void *ptr, size_t size)
-#endif
{
return ats_realloc(ptr, size);
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
void
ssl_free(void *ptr, const char * /*filename*/, int /*lineno*/)
-#else
-void
-ssl_free(void *ptr)
-#endif
{
ats_free(ptr);
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
void *
ssl_track_malloc(size_t size, const char * /*filename*/, int /*lineno*/)
-#else
-void *
-ssl_track_malloc(size_t size)
-#endif
{
return ats_track_malloc(size, &ssl_memory_allocated);
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
void *
ssl_track_realloc(void *ptr, size_t size, const char * /*filename*/, int /*lineno*/)
-#else
-void *
-ssl_track_realloc(void *ptr, size_t size)
-#endif
{
return ats_track_realloc(ptr, size, &ssl_memory_allocated, &ssl_memory_freed);
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
void
ssl_track_free(void *ptr, const char * /*filename*/, int /*lineno*/)
-#else
-void
-ssl_track_free(void *ptr)
-#endif
{
ats_track_free(ptr, &ssl_memory_freed);
}
@@ -1283,10 +1252,7 @@ SSLDebugBufferPrint(const char *tag, const char *buffer, unsigned buflen, const
SSL_CTX *
SSLDefaultServerContext()
{
- ink_ssl_method_t meth = nullptr;
-
- meth = SSLv23_server_method();
- return SSL_CTX_new(meth);
+ return SSL_CTX_new(SSLv23_server_method());
}
static bool
diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc
index 1ebd950..f4ede3f 100644
--- a/lib/ts/HashMD5.cc
+++ b/lib/ts/HashMD5.cc
@@ -67,7 +67,7 @@ ATSHashMD5::size(void) const
void
ATSHashMD5::clear(void)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
#endif
int ret = EVP_MD_CTX_reset(ctx);
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index 033b13a..3a62011 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -417,7 +417,7 @@ S3Request::authorize(S3Config *s3)
}
// Produce the SHA1 MAC digest
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
HMAC_CTX ctx[1];
#else
HMAC_CTX *ctx;
@@ -427,7 +427,7 @@ S3Request::authorize(S3Config *s3)
unsigned char hmac[SHA_DIGEST_LENGTH];
char hmac_b64[SHA_DIGEST_LENGTH * 2];
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
HMAC_CTX_init(ctx);
#else
ctx = HMAC_CTX_new();
@@ -454,7 +454,7 @@ S3Request::authorize(S3Config *s3)
}
HMAC_Final(ctx, hmac, &hmac_len);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
HMAC_CTX_cleanup(ctx);
#else
HMAC_CTX_free(ctx);
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].