commit c32a43a4d2bbd2be89888fc5a253e55c72bb466a Author: Nick Mathewson nickm@torproject.org Date: Tue Nov 10 10:02:21 2015 -0500
Move openssl version compatibility defines into a new header. --- src/common/compat_openssl.h | 41 +++++++++++++++++++++++++++++++++++++++++ src/common/crypto.c | 32 +++----------------------------- src/common/include.am | 1 + src/common/tortls.c | 28 +++++----------------------- src/common/tortls.h | 1 + 5 files changed, 51 insertions(+), 52 deletions(-)
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h new file mode 100644 index 0000000..96c00c7 --- /dev/null +++ b/src/common/compat_openssl.h @@ -0,0 +1,41 @@ +/* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2015, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_COMPAT_OPENSSL_H +#define TOR_COMPAT_OPENSSL_H + +#include <openssl/opensslv.h> + +/** + * \file compat_openssl.h + * + * \brief compatability definitions for working with different openssl forks + **/ + +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) +#error "We require OpenSSL >= 1.0.0" +#endif + +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) +#define OPENSSL_VERSION SSLEAY_VERSION +#define OpenSSL_version(v) SSLeay_version(v) +#define OpenSSL_version_num() SSLeay() +#define RAND_OpenSSL() RAND_SSLeay() +#define tor_ERR_remove_cur_thread_state() ERR_remove_state(0) +#ifndef SSL_get_state +#define SSL_get_state(ssl) SSL_state(ssl) +#endif +#define STATE_IS_SW_SERVER_HELLO(st) \ + (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \ + ((st) == SSL3_ST_SW_SRVR_HELLO_B)) +#define OSSL_HANDSHAKE_STATE int +#else +#define tor_ERR_remove_cur_thread_state() ERR_remove_thread_state(NULL) +#define STATE_IS_SW_SERVER_HELLO(st) \ + ((st) == TLS_ST_SW_SRVR_HELLO) +#endif + +#endif diff --git a/src/common/crypto.c b/src/common/crypto.c index e50a69f..5feb9be 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -21,18 +21,13 @@ #undef OCSP_RESPONSE #endif
-#include <openssl/opensslv.h> - #define CRYPTO_PRIVATE #include "crypto.h" +#include "compat_openssl.h" #include "crypto_curve25519.h" #include "crypto_ed25519.h" #include "crypto_format.h"
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) -#error "We require OpenSSL >= 1.0.0" -#endif - #include <openssl/err.h> #include <openssl/rsa.h> #include <openssl/pem.h> @@ -227,11 +222,7 @@ const char * crypto_openssl_get_version_str(void) { if (crypto_openssl_version_str == NULL) { -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) const char *raw_version = OpenSSL_version(OPENSSL_VERSION); -#else - const char *raw_version = SSLeay_version(SSLEAY_VERSION); -#endif crypto_openssl_version_str = parse_openssl_version_str(raw_version); } return crypto_openssl_version_str; @@ -256,11 +247,7 @@ static int crypto_force_rand_ssleay(void) { RAND_METHOD *default_method; -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) default_method = RAND_OpenSSL(); -#else - default_method = RAND_SSLeay(); -#endif if (RAND_get_rand_method() != default_method) { log_notice(LD_CRYPTO, "It appears that one of our engines has provided " "a replacement the OpenSSL RNG. Resetting it to the default " @@ -301,13 +288,8 @@ crypto_early_init(void)
setup_openssl_threading();
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) unsigned long version_num = OpenSSL_version_num(); const char *version_str = OpenSSL_version(OPENSSL_VERSION); -#else - unsigned long version_num = SSLeay(); - const char *version_str = SSLeay_version(SSLEAY_VERSION); -#endif if (version_num == OPENSSL_VERSION_NUMBER && !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " @@ -421,11 +403,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) void crypto_thread_cleanup(void) { -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) - ERR_remove_thread_state(NULL); -#else - ERR_remove_state(0); -#endif + tor_ERR_remove_cur_thread_state(); }
/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */ @@ -2712,11 +2690,7 @@ int crypto_global_cleanup(void) { EVP_cleanup(); -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) - ERR_remove_thread_state(NULL); -#else - ERR_remove_state(0); -#endif + tor_ERR_remove_cur_thread_state(); ERR_free_strings();
if (dh_param_p) diff --git a/src/common/include.am b/src/common/include.am index 7de93ba..2fc92e2 100644 --- a/src/common/include.am +++ b/src/common/include.am @@ -118,6 +118,7 @@ COMMONHEADERS = \ src/common/ciphers.inc \ src/common/compat.h \ src/common/compat_libevent.h \ + src/common/compat_openssl.h \ src/common/compat_threads.h \ src/common/container.h \ src/common/crypto.h \ diff --git a/src/common/tortls.c b/src/common/tortls.c index cd36f9c..9f9ce0d 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -40,9 +40,6 @@ #include <openssl/opensslv.h> #include "crypto.h"
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) -#error "We require OpenSSL >= 1.0.0" -#endif #ifdef OPENSSL_NO_EC #error "We require OpenSSL with ECC support" #endif @@ -384,11 +381,7 @@ tor_tls_init(void)
#if (SIZEOF_VOID_P >= 8 && \ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) long version = OpenSSL_version_num(); -#else - long version = SSLeay(); -#endif
/* LCOV_EXCL_START : we can't test these lines on the same machine */ if (version >= OPENSSL_V_SERIES(1,0,1)) { @@ -1536,16 +1529,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) if (type != SSL_CB_ACCEPT_LOOP) return;
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) OSSL_HANDSHAKE_STATE ssl_state = SSL_get_state(ssl); - if (ssl_state == TLS_ST_SW_SRVR_HELLO) + if (! STATE_IS_SW_SERVER_HELLO(ssl_state)) return; -#else - int ssl_state = SSL_state(ssl); - if ((ssl_state != SSL3_ST_SW_SRVR_HELLO_A) && - (ssl_state != SSL3_ST_SW_SRVR_HELLO_B)) - return; -#endif tls = tor_tls_get_by_ssl(ssl); if (tls) { /* Check whether we're watching for renegotiates. If so, this is one! */ @@ -1906,11 +1892,9 @@ tor_tls_handshake(tor_tls_t *tls) tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
check_no_tls_errors(); -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) + OSSL_HANDSHAKE_STATE oldstate = SSL_get_state(tls->ssl); -#else - int oldstate = SSL_state(tls->ssl); -#endif + if (tls->isServer) { log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls, SSL_state_string_long(tls->ssl)); @@ -1920,11 +1904,9 @@ tor_tls_handshake(tor_tls_t *tls) SSL_state_string_long(tls->ssl)); r = SSL_connect(tls->ssl); } -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) + OSSL_HANDSHAKE_STATE newstate = SSL_get_state(tls->ssl); -#else - int newstate = SSL_state(tls->ssl); -#endif + if (oldstate != newstate) log_debug(LD_HANDSHAKE, "After call, %p was in state %s", tls, SSL_state_string_long(tls->ssl)); diff --git a/src/common/tortls.h b/src/common/tortls.h index 1cfe029..a719cb5 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -12,6 +12,7 @@ **/
#include "crypto.h" +#include "compat_openssl.h" #include "compat.h" #include "testsupport.h"