Browse code

tls: fixed initialization when LibreSSL is used

- port from OpenBSD

Sergey Safarov authored on 20/09/2017 11:21:44 • Daniel-Constantin Mierla committed on 20/09/2017 11:21:44
Showing 2 changed files
... ...
@@ -144,6 +144,7 @@ sr_tls_methods_t sr_tls_methods[TLS_METHOD_MAX];
144 144
 
145 145
 
146 146
 
147
+#ifndef LIBRESSL_VERSION_NUMBER
147 148
 inline static char* buf_append(char* buf, char* end, char* str, int str_len)
148 149
 {
149 150
 	if ( (buf+str_len)<end){
... ...
@@ -269,9 +270,12 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
269 270
 #endif
270 271
 	return p;
271 272
 }
273
+#endif /* LIBRESSL_VERSION_NUMBER */
272 274
 
273 275
 #else /*TLS_MALLOC_DBG */
274 276
 
277
+#ifndef LIBRESSL_VERSION_NUMBER
278
+
275 279
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
276 280
 static void* ser_malloc(size_t size)
277 281
 {
... ...
@@ -321,6 +325,7 @@ static void ser_free(void *ptr, const char *fname, int fline)
321 325
 }
322 326
 #endif
323 327
 
328
+#endif /* LIBRESSL_VERSION_NUMBER */
324 329
 
325 330
 /*
326 331
  * Initialize TLS socket
... ...
@@ -366,7 +371,7 @@ static void init_ssl_methods(void)
366 371
 	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
367 372
 
368 373
 	/* only specific SSL or TLS version */
369
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
374
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
370 375
 #ifndef OPENSSL_NO_SSL2
371 376
 	ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
372 377
 	ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
... ...
@@ -384,13 +389,13 @@ static void init_ssl_methods(void)
384 389
 	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
385 390
 	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
386 391
 
387
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
392
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
388 393
 	ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
389 394
 	ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
390 395
 	ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
391 396
 #endif
392 397
 
393
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
398
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
394 399
 	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
395 400
 	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
396 401
 	ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
... ...
@@ -399,11 +404,11 @@ static void init_ssl_methods(void)
399 404
 	/* ranges of TLS versions (require a minimum TLS version) */
400 405
 	ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS;
401 406
 
402
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
407
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
403 408
 	ssl_methods[TLS_USE_TLSv1_1_PLUS - 1] = (void*)TLS_OP_TLSv1_1_PLUS;
404 409
 #endif
405 410
 
406
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
411
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
407 412
 	ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS;
408 413
 #endif
409 414
 
... ...
@@ -477,6 +482,7 @@ static void init_ssl_methods(void)
477 482
  */
478 483
 static int init_tls_compression(void)
479 484
 {
485
+#ifndef LIBRESSL_VERSION_NUMBER
480 486
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
481 487
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
482 488
 	int n, r;
... ...
@@ -561,6 +567,7 @@ static int init_tls_compression(void)
561 567
 end:
562 568
 #endif /* OPENSSL_VERSION_NUMBER >= 0.9.8 */
563 569
 #endif /* OPENSSL_VERSION_NUMBER < 1.1.0 */
570
+#endif /* LIBRESSL_VERSION_NUMBER */
564 571
 	return 0;
565 572
 }
566 573
 
... ...
@@ -571,6 +578,7 @@ end:
571 578
  */
572 579
 int tls_pre_init(void)
573 580
 {
581
+#ifndef LIBRESSL_VERSION_NUMBER
574 582
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
575 583
 	void *(*mf)(size_t) = NULL;
576 584
 	void *(*rf)(void *, size_t) = NULL;
... ...
@@ -598,6 +606,7 @@ int tls_pre_init(void)
598 606
 				" libssl (can be loaded first to be safe)\n");
599 607
 		return -1;
600 608
 	}
609
+#endif /* LIBRESSL_VERSION_NUMBER */
601 610
 
602 611
 	if (tls_init_locks()<0)
603 612
 		return -1;
... ...
@@ -631,7 +640,7 @@ int init_tls_h(void)
631 640
 {
632 641
 	/*struct socket_info* si;*/
633 642
 	long ssl_version;
634
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
643
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
635 644
 	int lib_kerberos;
636 645
 	int lib_zlib;
637 646
 	int kerberos_support;
... ...
@@ -675,7 +684,7 @@ int init_tls_h(void)
675 684
 	}
676 685
 
677 686
 	/* check kerberos support using compile flags only for version < 1.1.0 */
678
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
687
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
679 688
 
680 689
 #ifdef TLS_KERBEROS_SUPPORT
681 690
 	kerberos_support=1;
... ...
@@ -33,7 +33,7 @@ static int n_static_locks=0;
33 33
 static gen_lock_set_t* static_locks=0;
34 34
 
35 35
 /* OpenSSL is thread-safe since 1.1.0 */
36
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
36
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
37 37
 
38 38
 /* "dynamic" locks */
39 39
 
... ...
@@ -118,7 +118,7 @@ static void locking_f(int mode, int n, const char* file, int line)
118 118
 	}
119 119
 }
120 120
 
121
-#endif /* openssl < 0x10100000L (1.1.0) */
121
+#endif /* openssl < 0x10100000L (1.1.0) or LibreSSL */
122 122
 
123 123
 
124 124
 void tls_destroy_locks()