[tor-commits] [tor/master] Move openssl version compatibility defines into a new header.
nickm at torproject.org
nickm at torproject.org
Tue Nov 10 15:40:52 UTC 2015
commit c32a43a4d2bbd2be89888fc5a253e55c72bb466a
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Nov 10 10:02:21 2015 -0500
Move openssl version compatibility defines into a new header.
---
src/common/compat_openssl.h | 41 +++++++++++++++++++++++++++++++++++++++++
src/common/crypto.c | 32 +++-----------------------------
src/common/include.am | 1 +
src/common/tortls.c | 28 +++++-----------------------
src/common/tortls.h | 1 +
5 files changed, 51 insertions(+), 52 deletions(-)
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
new file mode 100644
index 0000000..96c00c7
--- /dev/null
+++ b/src/common/compat_openssl.h
@@ -0,0 +1,41 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_COMPAT_OPENSSL_H
+#define TOR_COMPAT_OPENSSL_H
+
+#include <openssl/opensslv.h>
+
+/**
+ * \file compat_openssl.h
+ *
+ * \brief compatability definitions for working with different openssl forks
+ **/
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
+#endif
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
+#define OPENSSL_VERSION SSLEAY_VERSION
+#define OpenSSL_version(v) SSLeay_version(v)
+#define OpenSSL_version_num() SSLeay()
+#define RAND_OpenSSL() RAND_SSLeay()
+#define tor_ERR_remove_cur_thread_state() ERR_remove_state(0)
+#ifndef SSL_get_state
+#define SSL_get_state(ssl) SSL_state(ssl)
+#endif
+#define STATE_IS_SW_SERVER_HELLO(st) \
+ (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \
+ ((st) == SSL3_ST_SW_SRVR_HELLO_B))
+#define OSSL_HANDSHAKE_STATE int
+#else
+#define tor_ERR_remove_cur_thread_state() ERR_remove_thread_state(NULL)
+#define STATE_IS_SW_SERVER_HELLO(st) \
+ ((st) == TLS_ST_SW_SRVR_HELLO)
+#endif
+
+#endif
diff --git a/src/common/crypto.c b/src/common/crypto.c
index e50a69f..5feb9be 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -21,18 +21,13 @@
#undef OCSP_RESPONSE
#endif
-#include <openssl/opensslv.h>
-
#define CRYPTO_PRIVATE
#include "crypto.h"
+#include "compat_openssl.h"
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
#include "crypto_format.h"
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
-#error "We require OpenSSL >= 1.0.0"
-#endif
-
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
@@ -227,11 +222,7 @@ const char *
crypto_openssl_get_version_str(void)
{
if (crypto_openssl_version_str == NULL) {
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
const char *raw_version = OpenSSL_version(OPENSSL_VERSION);
-#else
- const char *raw_version = SSLeay_version(SSLEAY_VERSION);
-#endif
crypto_openssl_version_str = parse_openssl_version_str(raw_version);
}
return crypto_openssl_version_str;
@@ -256,11 +247,7 @@ static int
crypto_force_rand_ssleay(void)
{
RAND_METHOD *default_method;
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
default_method = RAND_OpenSSL();
-#else
- default_method = RAND_SSLeay();
-#endif
if (RAND_get_rand_method() != default_method) {
log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
"a replacement the OpenSSL RNG. Resetting it to the default "
@@ -301,13 +288,8 @@ crypto_early_init(void)
setup_openssl_threading();
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
unsigned long version_num = OpenSSL_version_num();
const char *version_str = OpenSSL_version(OPENSSL_VERSION);
-#else
- unsigned long version_num = SSLeay();
- const char *version_str = SSLeay_version(SSLEAY_VERSION);
-#endif
if (version_num == OPENSSL_VERSION_NUMBER &&
!strcmp(version_str, OPENSSL_VERSION_TEXT)) {
log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
@@ -421,11 +403,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
void
crypto_thread_cleanup(void)
{
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
- ERR_remove_thread_state(NULL);
-#else
- ERR_remove_state(0);
-#endif
+ tor_ERR_remove_cur_thread_state();
}
/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@@ -2712,11 +2690,7 @@ int
crypto_global_cleanup(void)
{
EVP_cleanup();
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
- ERR_remove_thread_state(NULL);
-#else
- ERR_remove_state(0);
-#endif
+ tor_ERR_remove_cur_thread_state();
ERR_free_strings();
if (dh_param_p)
diff --git a/src/common/include.am b/src/common/include.am
index 7de93ba..2fc92e2 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -118,6 +118,7 @@ COMMONHEADERS = \
src/common/ciphers.inc \
src/common/compat.h \
src/common/compat_libevent.h \
+ src/common/compat_openssl.h \
src/common/compat_threads.h \
src/common/container.h \
src/common/crypto.h \
diff --git a/src/common/tortls.c b/src/common/tortls.c
index cd36f9c..9f9ce0d 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -40,9 +40,6 @@
#include <openssl/opensslv.h>
#include "crypto.h"
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
-#error "We require OpenSSL >= 1.0.0"
-#endif
#ifdef OPENSSL_NO_EC
#error "We require OpenSSL with ECC support"
#endif
@@ -384,11 +381,7 @@ tor_tls_init(void)
#if (SIZEOF_VOID_P >= 8 && \
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
long version = OpenSSL_version_num();
-#else
- long version = SSLeay();
-#endif
/* LCOV_EXCL_START : we can't test these lines on the same machine */
if (version >= OPENSSL_V_SERIES(1,0,1)) {
@@ -1536,16 +1529,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
if (type != SSL_CB_ACCEPT_LOOP)
return;
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
OSSL_HANDSHAKE_STATE ssl_state = SSL_get_state(ssl);
- if (ssl_state == TLS_ST_SW_SRVR_HELLO)
+ if (! STATE_IS_SW_SERVER_HELLO(ssl_state))
return;
-#else
- int ssl_state = SSL_state(ssl);
- if ((ssl_state != SSL3_ST_SW_SRVR_HELLO_A) &&
- (ssl_state != SSL3_ST_SW_SRVR_HELLO_B))
- return;
-#endif
tls = tor_tls_get_by_ssl(ssl);
if (tls) {
/* Check whether we're watching for renegotiates. If so, this is one! */
@@ -1906,11 +1892,9 @@ tor_tls_handshake(tor_tls_t *tls)
tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
check_no_tls_errors();
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+
OSSL_HANDSHAKE_STATE oldstate = SSL_get_state(tls->ssl);
-#else
- int oldstate = SSL_state(tls->ssl);
-#endif
+
if (tls->isServer) {
log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
SSL_state_string_long(tls->ssl));
@@ -1920,11 +1904,9 @@ tor_tls_handshake(tor_tls_t *tls)
SSL_state_string_long(tls->ssl));
r = SSL_connect(tls->ssl);
}
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+
OSSL_HANDSHAKE_STATE newstate = SSL_get_state(tls->ssl);
-#else
- int newstate = SSL_state(tls->ssl);
-#endif
+
if (oldstate != newstate)
log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
tls, SSL_state_string_long(tls->ssl));
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 1cfe029..a719cb5 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -12,6 +12,7 @@
**/
#include "crypto.h"
+#include "compat_openssl.h"
#include "compat.h"
#include "testsupport.h"
More information about the tor-commits
mailing list