From d52a694a806c1a8b6dd4d7d17d0671a96240449a Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 4 Jan 2017 15:31:40 +0100 Subject: [PATCH] Improve OpenSSL compatibility Refactor the conditionals for openssl 1.1 support so we avoid multiple if/else and add a check for LibreSSL as well. --- src/crypto/hash.cc | 13 +++++-------- src/crypto/hmac.cc | 34 ++++++++++++++++++---------------- src/crypto/initialization_guard.cc | 15 ++++++--------- 3 files changed, 29 insertions(+), 33 deletions(-) diff --git a/src/crypto/hash.cc b/src/crypto/hash.cc index 4427dfddeb..e035f695fc 100644 --- a/src/crypto/hash.cc +++ b/src/crypto/hash.cc @@ -8,27 +8,24 @@ #include "crypto/error.hpp" +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#define EVP_MD_CTX_new EVP_MD_CTX_create +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#endif + namespace crypto { class evp_md_ctx_wrapper_t { public: evp_md_ctx_wrapper_t() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - m_evp_md_ctx = EVP_MD_CTX_create(); -#else m_evp_md_ctx = EVP_MD_CTX_new(); -#endif if (m_evp_md_ctx == nullptr) { throw openssl_error_t(ERR_get_error()); } } ~evp_md_ctx_wrapper_t() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_MD_CTX_destroy(m_evp_md_ctx); -#else EVP_MD_CTX_free(m_evp_md_ctx); -#endif } EVP_MD_CTX *get() { diff --git a/src/crypto/hmac.cc b/src/crypto/hmac.cc index 2ac4314e24..0e3f91a0c1 100644 --- a/src/crypto/hmac.cc +++ b/src/crypto/hmac.cc @@ -7,43 +7,45 @@ #include "crypto/error.hpp" +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + +inline HMAC_CTX *HMAC_CTX_new() { + HMAC_CTX *tmp = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX)); + if (tmp) + HMAC_CTX_init(tmp); + return tmp; +} + +inline void HMAC_CTX_free(HMAC_CTX *ctx) { + if (ctx) { + HMAC_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +} + +#endif + namespace crypto { class hmac_ctx_wrapper_t { public: hmac_ctx_wrapper_t() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_init(&m_hmac_ctx); -#else m_hmac_ctx = HMAC_CTX_new(); if (m_hmac_ctx == nullptr) { throw openssl_error_t(ERR_get_error()); } -#endif } ~hmac_ctx_wrapper_t() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_cleanup(&m_hmac_ctx); -#else HMAC_CTX_free(m_hmac_ctx); -#endif } HMAC_CTX *get() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return &m_hmac_ctx; -#else return m_hmac_ctx; -#endif } private: -#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX m_hmac_ctx; -#else HMAC_CTX *m_hmac_ctx; -#endif }; std::array detail::hmac_sha256( diff --git a/src/crypto/initialization_guard.cc b/src/crypto/initialization_guard.cc index ba0503efc6..f76ffd96da 100644 --- a/src/crypto/initialization_guard.cc +++ b/src/crypto/initialization_guard.cc @@ -14,16 +14,17 @@ #include "arch/io/concurrency.hpp" #include "arch/runtime/runtime.hpp" +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#define OPENSSL_init_ssl(x, y) SSL_library_init() +#define OPENSSL_init_crypto(x, y) SSL_load_error_strings() +#define OPENSSL_cleanup ERR_free_strings +#endif + namespace crypto { initialization_guard_t::initialization_guard_t() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_library_init(); - SSL_load_error_strings(); -#else OPENSSL_init_ssl(0, nullptr); OPENSSL_init_crypto(0, nullptr); -#endif // Make OpenSSL thread-safe by registering the required callbacks CRYPTO_THREADID_set_callback([](CRYPTO_THREADID *thread_out) { @@ -49,11 +50,7 @@ initialization_guard_t::initialization_guard_t() { } initialization_guard_t::~initialization_guard_t() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_free_strings(); -#else OPENSSL_cleanup(); -#endif } } // namespace crypto -- 2.11.0