Merge pull request #4608 from pks-t/pks/openssl-api-cleanup

OpenSSL legacy API cleanups
libgit2 · Apr 30, 2018 · 26a09a9 · 26a09a9
2 parents b33b6d3 + 173a037
commit 26a09a9
Show file tree

Hide file tree

Showing 2 changed files with 112 additions and 121 deletions.
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
@@ -38,8 +38,115 @@ SSL_CTX *git__ssl_ctx;
 
 #define GIT_SSL_DEFAULT_CIPHERS "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
 
-#if defined(GIT_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+# define OPENSSL_LEGACY_API
+#endif
+
+/*
+ * OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
+ * which do not exist in previous versions. We define these inline functions so
+ * we can program against the interface instead of littering the implementation
+ * with ifdefs. We do the same for OPENSSL_init_ssl.
+ */
+#if defined(OPENSSL_LEGACY_API)
+static int OPENSSL_init_ssl(int opts, void *settings)
+{
+	GIT_UNUSED(opts);
+	GIT_UNUSED(settings);
+	SSL_load_error_strings();
+	OpenSSL_add_ssl_algorithms();
+	return 0;
+}
+
+static BIO_METHOD* BIO_meth_new(int type, const char *name)
+{
+	BIO_METHOD *meth = git__calloc(1, sizeof(BIO_METHOD));
+	if (!meth) {
+		return NULL;
+	}
+
+	meth->type = type;
+	meth->name = name;
+
+	return meth;
+}
+
+static void BIO_meth_free(BIO_METHOD *biom)
+{
+	git__free(biom);
+}
 
+static int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int))
+{
+	biom->bwrite = write;
+	return 1;
+}
+
+static int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int))
+{
+	biom->bread = read;
+	return 1;
+}
+
+static int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *))
+{
+	biom->bputs = puts;
+	return 1;
+}
+
+static int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int))
+
+{
+	biom->bgets = gets;
+	return 1;
+}
+
+static int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *))
+{
+	biom->ctrl = ctrl;
+	return 1;
+}
+
+static int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+{
+	biom->create = create;
+	return 1;
+}
+
+static int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+{
+	biom->destroy = destroy;
+	return 1;
+}
+
+static int BIO_get_new_index(void)
+{
+	/* This exists as of 1.1 so before we'd just have 0 */
+	return 0;
+}
+
+static void BIO_set_init(BIO *b, int init)
+{
+	b->init = init;
+}
+
+static void BIO_set_data(BIO *a, void *ptr)
+{
+	a->ptr = ptr;
+}
+
+static void *BIO_get_data(BIO *a)
+{
+	return a->ptr;
+}
+
+static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+	return ASN1_STRING_data((ASN1_STRING *)x);
+}
+
+# if defined(GIT_THREADS)
 static git_mutex *openssl_locks;
 
 static void openssl_locking_function(
@@ -70,8 +177,8 @@ static void shutdown_ssl_locking(void)
 		git_mutex_free(&openssl_locks[i]);
 	git__free(openssl_locks);
 }
-
-#endif /* GIT_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L */
+# endif /* GIT_THREADS */
+#endif /* OPENSSL_LEGACY_API */
 
 static BIO_METHOD *git_stream_bio_method;
 static int init_bio_method(void);
@@ -95,7 +202,6 @@ static void shutdown_ssl(void)
 
 int git_openssl_stream_global_init(void)
 {
-#ifdef GIT_OPENSSL
 	long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
 	const char *ciphers = git_libgit2__ssl_ciphers();
 
@@ -104,13 +210,7 @@ int git_openssl_stream_global_init(void)
 	ssl_opts |= SSL_OP_NO_COMPRESSION;
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
-	SSL_load_error_strings();
-	OpenSSL_add_ssl_algorithms();
-#else
 	OPENSSL_init_ssl(0, NULL);
-#endif
 
 	/*
 	 * Load SSLv{2,3} and TLSv1 so that we can talk with servers
@@ -144,8 +244,6 @@ int git_openssl_stream_global_init(void)
 		return -1;
 	}
 
-#endif
-
 	git__on_shutdown(shutdown_ssl);
 
 	return 0;
@@ -160,7 +258,7 @@ static void threadid_cb(CRYPTO_THREADID *threadid)
 
 int git_openssl_set_locking(void)
 {
-#if defined(GIT_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(GIT_THREADS) && defined(OPENSSL_LEGACY_API)
 	int num_locks, i;
 
 	CRYPTO_THREADID_set_callback(threadid_cb);
@@ -179,7 +277,7 @@ int git_openssl_set_locking(void)
 	CRYPTO_set_locking_callback(openssl_locking_function);
 	git__on_shutdown(shutdown_ssl_locking);
 	return 0;
-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
+#elif !defined(OPENSSL_LEGACY_API)
 	return 0;
 #else
 	giterr_set(GITERR_THREAD, "libgit2 was not built with threads");

diff --git a/src/streams/openssl.h b/src/streams/openssl.h
@@ -17,111 +17,4 @@ extern int git_openssl_stream_new(git_stream **out, const char *host, const char
 
 extern int git_openssl__set_cert_location(const char *file, const char *path);
 
-/*
- * OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
- * which do not exist in previous versions. We define these inline functions so
- * we can program against the interface instead of littering the implementation
- * with ifdefs.
- */
-#ifdef GIT_OPENSSL
-# include <openssl/ssl.h>
-# include <openssl/err.h>
-# include <openssl/x509v3.h>
-# include <openssl/bio.h>
-
-
-
-# if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
-
-GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
-{
-	BIO_METHOD *meth = git__calloc(1, sizeof(BIO_METHOD));
-	if (!meth) {
-		return NULL;
-	}
-
-	meth->type = type;
-	meth->name = name;
-
-	return meth;
-}
-
-GIT_INLINE(void) BIO_meth_free(BIO_METHOD *biom)
-{
-	git__free(biom);
-}
-
-GIT_INLINE(int) BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int))
-{
-	biom->bwrite = write;
-	return 1;
-}
-
-GIT_INLINE(int) BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int))
-{
-	biom->bread = read;
-	return 1;
-}
-
-GIT_INLINE(int) BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *))
-{
-	biom->bputs = puts;
-	return 1;
-}
-
-GIT_INLINE(int) BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int))
-
-{
-	biom->bgets = gets;
-	return 1;
-}
-
-GIT_INLINE(int) BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *))
-{
-	biom->ctrl = ctrl;
-	return 1;
-}
-
-GIT_INLINE(int) BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
-{
-	biom->create = create;
-	return 1;
-}
-
-GIT_INLINE(int) BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
-{
-	biom->destroy = destroy;
-	return 1;
-}
-
-GIT_INLINE(int) BIO_get_new_index(void)
-{
-	/* This exists as of 1.1 so before we'd just have 0 */
-	return 0;
-}
-
-GIT_INLINE(void) BIO_set_init(BIO *b, int init)
-{
-	b->init = init;
-}
-
-GIT_INLINE(void) BIO_set_data(BIO *a, void *ptr)
-{
-	a->ptr = ptr;
-}
-
-GIT_INLINE(void*) BIO_get_data(BIO *a)
-{
-	return a->ptr;
-}
-
-GIT_INLINE(const unsigned char *) ASN1_STRING_get0_data(const ASN1_STRING *x)
-{
-	return ASN1_STRING_data((ASN1_STRING *)x);
-}
-
-# endif // OpenSSL < 1.1
-#endif // GIT_OPENSSL
-
 #endif