You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by no...@apache.org on 2017/01/27 16:15:55 UTC
[trafficserver] branch master updated: Use Autoconf checks vs.
OPENSSL_VERSION_NUMBER
This is an automated email from the ASF dual-hosted git repository.
nottheoilrig pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 40310af Use Autoconf checks vs. OPENSSL_VERSION_NUMBER
40310af is described below
commit 40310afc3ae52bb673d0178ce73f69ada4991736
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Mon Jan 9 11:22:15 2017 -0700
Use Autoconf checks vs. OPENSSL_VERSION_NUMBER
This will work better with the various OpenSSL forks.
---
configure.ac | 31 +++++++++++++++++++++++++++++++
example/cppapi/websocket/WSBuffer.cc | 29 ++---------------------------
iocore/net/BIO_fastopen.cc | 11 +----------
iocore/net/SSLUtils.cc | 8 +++-----
lib/ts/HashMD5.cc | 7 ++-----
plugins/s3_auth/s3_auth.cc | 7 ++++---
6 files changed, 43 insertions(+), 50 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0bb4bcf..813bcd3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1128,6 +1128,37 @@ TS_CHECK_CRYPTO_SET_RBIO
# Check for DH_get_2048_256
TS_CHECK_CRYPTO_DH_GET_2048_256
+saved_LIBS = "$LIBS"
+TS_ADDTO([LIBS], ["$OPENSSL_LIBS"])
+
+AC_CHECK_FUNCS([ \
+ BIO_meth_new \
+ CRYPTO_set_mem_functions \
+ HMAC_CTX_new \
+])
+
+AC_CHECK_FUNC([BIO_set_data], [],
+ [AC_DEFINE([BIO_set_data(a, _ptr)], [((a)->ptr = (_ptr))], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_get_data], [],
+ [AC_DEFINE([BIO_get_data(a)], [((a)->ptr)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_get_shutdown], [],
+ [AC_DEFINE([BIO_get_shutdown(a)], [((a)->shutdown)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_meth_get_ctrl], [],
+ [AC_DEFINE([BIO_meth_get_ctrl(biom)], [((biom)->ctrl)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_meth_get_create], [],
+ [AC_DEFINE([BIO_meth_get_create(biom)], [((biom)->create)], [Added in OpenSSL 1.1])])
+AC_CHECK_FUNC([BIO_meth_get_destroy], [],
+ [AC_DEFINE([BIO_meth_get_destroy(biom)], [((biom)->destroy)], [Added in OpenSSL 1.1])])
+
+AC_CHECK_FUNC([EVP_MD_CTX_new], [],
+ [AC_DEFINE([EVP_MD_CTX_new], [EVP_MD_CTX_create], [Renamed in OpenSSL 1.1])])
+AC_CHECK_FUNC([EVP_MD_CTX_reset], [],
+ [AC_DEFINE([EVP_MD_CTX_reset], [EVP_MD_CTX_cleanup], [Renamed in OpenSSL 1.1])])
+AC_CHECK_FUNC([EVP_MD_CTX_free], [],
+ [AC_DEFINE([EVP_MD_CTX_free], [EVP_MD_CTX_destroy], [Renamed in OpenSSL 1.1])])
+
+LIBS = "$saved_LIBS"
+
#
# Check for zlib presence and usability
TS_CHECK_ZLIB
diff --git a/example/cppapi/websocket/WSBuffer.cc b/example/cppapi/websocket/WSBuffer.cc
index 2d8d745..2609f34 100644
--- a/example/cppapi/websocket/WSBuffer.cc
+++ b/example/cppapi/websocket/WSBuffer.cc
@@ -24,6 +24,7 @@
#include "WSBuffer.h"
#include <ts/ts.h>
+#include <ts/ink_config.h>
#include "openssl/evp.h"
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -157,54 +158,28 @@ WSBuffer::read_buffered_message(std::string &message, int &code)
std::string
WSBuffer::ws_digest(std::string const &key)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- EVP_MD_CTX digest[1];
- EVP_MD_CTX_init(digest);
-#else
- EVP_MD_CTX *digest;
- digest = EVP_MD_CTX_new();
-#endif
+ EVP_MD_CTX *digest = EVP_MD_CTX_new();
if (!EVP_DigestInit_ex(digest, EVP_sha1(), nullptr)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- EVP_MD_CTX_cleanup(digest);
-#else
EVP_MD_CTX_free(digest);
-#endif
return "init-failed";
}
if (!EVP_DigestUpdate(digest, key.data(), key.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- EVP_MD_CTX_cleanup(digest);
-#else
EVP_MD_CTX_free(digest);
-#endif
return "update1-failed";
}
if (!EVP_DigestUpdate(digest, magic.data(), magic.length())) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- EVP_MD_CTX_cleanup(digest);
-#else
EVP_MD_CTX_free(digest);
-#endif
return "update2-failed";
}
unsigned char hash_buf[EVP_MAX_MD_SIZE];
unsigned int hash_len = 0;
if (!EVP_DigestFinal_ex(digest, hash_buf, &hash_len)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- EVP_MD_CTX_cleanup(digest);
-#else
EVP_MD_CTX_free(digest);
-#endif
return "final-failed";
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- EVP_MD_CTX_cleanup(digest);
-#else
EVP_MD_CTX_free(digest);
-#endif
if (hash_len != 20) {
return "bad-hash-length";
}
diff --git a/iocore/net/BIO_fastopen.cc b/iocore/net/BIO_fastopen.cc
index 8280367..3e8095d 100644
--- a/iocore/net/BIO_fastopen.cc
+++ b/iocore/net/BIO_fastopen.cc
@@ -27,15 +27,6 @@
#include "BIO_fastopen.h"
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define BIO_set_data(a, _ptr) ((a)->ptr = (_ptr))
-#define BIO_get_data(a) ((a)->ptr)
-#define BIO_get_shutdown(a) ((a)->shutdown)
-#define BIO_meth_get_ctrl(biom) ((biom)->ctrl)
-#define BIO_meth_get_create(biom) ((biom)->create)
-#define BIO_meth_get_destroy(biom) ((biom)->destroy)
-#endif
-
static int (*fastopen_create)(BIO *) = BIO_meth_get_create(const_cast<BIO_METHOD *>(BIO_s_socket()));
static int
@@ -127,7 +118,7 @@ fastopen_ctrl(BIO *bio, int cmd, long larg, void *ptr)
return BIO_meth_get_ctrl(const_cast<BIO_METHOD *>(BIO_s_socket()))(bio, cmd, larg, ptr);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef HAVE_BIO_METH_NEW
static const BIO_METHOD fastopen_methods[] = {{
.type = BIO_TYPE_SOCKET,
.name = "fastopen",
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 67e9708..15f41b7 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -834,7 +834,7 @@ SSLInitializeLibrary()
{
if (!open_ssl_initialized) {
// BoringSSL does not have the memory functions
-#ifndef OPENSSL_IS_BORINGSSL
+#ifdef HAVE_CRYPTO_SET_MEM_FUNCTIONS
if (res_track_memory >= 2) {
CRYPTO_set_mem_functions(ssl_track_malloc, ssl_track_realloc, ssl_track_free);
} else {
@@ -1467,7 +1467,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
int server_verify_client;
ats_scoped_str completeServerCertPath;
SSL_CTX *ctx = SSLDefaultServerContext();
- EVP_MD_CTX *digest = EVP_MD_CTX_create();
+ EVP_MD_CTX *digest = EVP_MD_CTX_new();
STACK_OF(X509_NAME) *ca_list = nullptr;
unsigned char hash_buf[EVP_MAX_MD_SIZE];
unsigned int hash_len = 0;
@@ -1678,7 +1678,6 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
SSL_CTX_set_client_CA_list(ctx, ca_list);
}
}
- EVP_MD_CTX_init(digest);
if (EVP_DigestInit_ex(digest, evp_md_func, nullptr) == 0) {
SSLError("EVP_DigestInit_ex failed");
@@ -1764,8 +1763,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
return ctx;
fail:
- // EVP_MD_CTX_destroy calls EVP_MD_CTX_cleanup too
- EVP_MD_CTX_destroy(digest);
+ EVP_MD_CTX_free(digest);
SSL_CLEAR_PW_REFERENCES(ctx)
SSLReleaseContext(ctx);
for (unsigned int i = 0; i < certList.length(); i++) {
diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc
index f4ede3f..fa877f7 100644
--- a/lib/ts/HashMD5.cc
+++ b/lib/ts/HashMD5.cc
@@ -24,7 +24,7 @@
ATSHashMD5::ATSHashMD5(void) : md_len(0), finalized(false)
{
- ctx = EVP_MD_CTX_create();
+ ctx = EVP_MD_CTX_new();
int ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr);
ink_assert(ret == 1);
}
@@ -67,9 +67,6 @@ ATSHashMD5::size(void) const
void
ATSHashMD5::clear(void)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
-#endif
int ret = EVP_MD_CTX_reset(ctx);
ink_assert(ret == 1);
ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr);
@@ -80,5 +77,5 @@ ATSHashMD5::clear(void)
ATSHashMD5::~ATSHashMD5()
{
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_free(ctx);
}
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index 3a62011..8ab31cd 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -33,6 +33,7 @@
#include <ts/ts.h>
#include <ts/remap.h>
+#include <ts/ink_config.h>
///////////////////////////////////////////////////////////////////////////////
// Some constants.
@@ -417,7 +418,7 @@ S3Request::authorize(S3Config *s3)
}
// Produce the SHA1 MAC digest
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#ifndef HAVE_HMAC_CTX_NEW
HMAC_CTX ctx[1];
#else
HMAC_CTX *ctx;
@@ -427,7 +428,7 @@ S3Request::authorize(S3Config *s3)
unsigned char hmac[SHA_DIGEST_LENGTH];
char hmac_b64[SHA_DIGEST_LENGTH * 2];
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#ifndef HAVE_HMAC_CTX_NEW
HMAC_CTX_init(ctx);
#else
ctx = HMAC_CTX_new();
@@ -454,7 +455,7 @@ S3Request::authorize(S3Config *s3)
}
HMAC_Final(ctx, hmac, &hmac_len);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#ifndef HAVE_HMAC_CTX_NEW
HMAC_CTX_cleanup(ctx);
#else
HMAC_CTX_free(ctx);
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].