Move openssl version compatibility defines into a new header.

diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
new file mode 100644 (file)
index 0000000..96c00c7
--- /dev/null
+++ b/src/common/compat_openssl.h
@@ -0,0 +1,41 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_COMPAT_OPENSSL_H
+#define TOR_COMPAT_OPENSSL_H
+
+#include <openssl/opensslv.h> 
+
+/**
+ * \file compat_openssl.h
+ *
+ * \brief compatability definitions for working with different openssl forks
+ **/
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
+#endif
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
+#define OPENSSL_VERSION SSLEAY_VERSION
+#define OpenSSL_version(v) SSLeay_version(v)
+#define OpenSSL_version_num() SSLeay()
+#define RAND_OpenSSL() RAND_SSLeay()
+#define tor_ERR_remove_cur_thread_state() ERR_remove_state(0)
+#ifndef SSL_get_state
+#define SSL_get_state(ssl) SSL_state(ssl)
+#endif
+#define STATE_IS_SW_SERVER_HELLO(st)       \
+  (((st) == SSL3_ST_SW_SRVR_HELLO_A) ||    \
+   ((st) == SSL3_ST_SW_SRVR_HELLO_B))
+#define OSSL_HANDSHAKE_STATE int
+#else
+#define tor_ERR_remove_cur_thread_state() ERR_remove_thread_state(NULL)
+#define STATE_IS_SW_SERVER_HELLO(st) \
+  ((st) == TLS_ST_SW_SRVR_HELLO)
+#endif
+
+#endif

diff --git a/src/common/crypto.c b/src/common/crypto.c
index e50a69f538e7a9417e71c9d7bd04c4bae643dc4e..5feb9be2c2cb04b45b8b83a57c2b46017681eac7 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -21,18 +21,13 @@
 #undef OCSP_RESPONSE
 #endif
 
-#include <openssl/opensslv.h>
-
 #define CRYPTO_PRIVATE
 #include "crypto.h"
+#include "compat_openssl.h"
 #include "crypto_curve25519.h"
 #include "crypto_ed25519.h"
 #include "crypto_format.h"
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
-#error "We require OpenSSL >= 1.0.0"
-#endif
-
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
@@ -227,11 +222,7 @@ const char *
 crypto_openssl_get_version_str(void)
 {
   if (crypto_openssl_version_str == NULL) {
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
     const char *raw_version = OpenSSL_version(OPENSSL_VERSION);
-#else
-    const char *raw_version = SSLeay_version(SSLEAY_VERSION);
-#endif
     crypto_openssl_version_str = parse_openssl_version_str(raw_version);
   }
   return crypto_openssl_version_str;
@@ -256,11 +247,7 @@ static int
 crypto_force_rand_ssleay(void)
 {
   RAND_METHOD *default_method;
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
   default_method = RAND_OpenSSL();
-#else
-  default_method = RAND_SSLeay();
-#endif
   if (RAND_get_rand_method() != default_method) {
     log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
                "a replacement the OpenSSL RNG. Resetting it to the default "
@@ -301,13 +288,8 @@ crypto_early_init(void)
 
     setup_openssl_threading();
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
     unsigned long version_num = OpenSSL_version_num();
     const char *version_str = OpenSSL_version(OPENSSL_VERSION);
-#else
-    unsigned long version_num = SSLeay();
-    const char *version_str = SSLeay_version(SSLEAY_VERSION);
-#endif
     if (version_num == OPENSSL_VERSION_NUMBER &&
         !strcmp(version_str, OPENSSL_VERSION_TEXT)) {
       log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
@@ -421,11 +403,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 void
 crypto_thread_cleanup(void)
 {
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
-  ERR_remove_thread_state(NULL);
-#else
-  ERR_remove_state(0);
-#endif
+  tor_ERR_remove_cur_thread_state();
 }
 
 /** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@@ -2712,11 +2690,7 @@ int
 crypto_global_cleanup(void)
 {
   EVP_cleanup();
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
-  ERR_remove_thread_state(NULL);
-#else
-  ERR_remove_state(0);
-#endif
+  tor_ERR_remove_cur_thread_state();
   ERR_free_strings();
 
   if (dh_param_p)

diff --git a/src/common/include.am b/src/common/include.am
index 7de93ba2acfc6794f6d5ffd457924289422dc6f4..2fc92e2cebf61a90f44d286aaed693c9892f4ecf 100644 (file)
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -118,6 +118,7 @@ COMMONHEADERS = \
   src/common/ciphers.inc                       \
   src/common/compat.h                          \
   src/common/compat_libevent.h                 \
+  src/common/compat_openssl.h                  \
   src/common/compat_threads.h                  \
   src/common/container.h                       \
   src/common/crypto.h                          \

diff --git a/src/common/tortls.c b/src/common/tortls.c
index cd36f9cc0b257da8c15592ebde552666d1247970..9f9ce0ddf58964f3ec693edd323cc1a7cef7b5d6 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -40,9 +40,6 @@
 #include <openssl/opensslv.h>
 #include "crypto.h"
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
-#error "We require OpenSSL >= 1.0.0"
-#endif
 #ifdef OPENSSL_NO_EC
 #error "We require OpenSSL with ECC support"
 #endif
@@ -384,11 +381,7 @@ tor_tls_init(void)
 
 #if (SIZEOF_VOID_P >= 8 &&                              \
      OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
     long version = OpenSSL_version_num();
-#else
-    long version = SSLeay();
-#endif
 
     /* LCOV_EXCL_START : we can't test these lines on the same machine */
     if (version >= OPENSSL_V_SERIES(1,0,1)) {
@@ -1536,16 +1529,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
   if (type != SSL_CB_ACCEPT_LOOP)
     return;
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
   OSSL_HANDSHAKE_STATE ssl_state = SSL_get_state(ssl);
-  if (ssl_state == TLS_ST_SW_SRVR_HELLO)
+  if (! STATE_IS_SW_SERVER_HELLO(ssl_state))
     return;
-#else
-  int ssl_state = SSL_state(ssl);
-  if ((ssl_state != SSL3_ST_SW_SRVR_HELLO_A) &&
-      (ssl_state != SSL3_ST_SW_SRVR_HELLO_B))
-    return;
-#endif
   tls = tor_tls_get_by_ssl(ssl);
   if (tls) {
     /* Check whether we're watching for renegotiates.  If so, this is one! */
@@ -1906,11 +1892,9 @@ tor_tls_handshake(tor_tls_t *tls)
   tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
 
   check_no_tls_errors();
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+
   OSSL_HANDSHAKE_STATE oldstate = SSL_get_state(tls->ssl);
-#else
-  int oldstate = SSL_state(tls->ssl);
-#endif
+
   if (tls->isServer) {
     log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
               SSL_state_string_long(tls->ssl));
@@ -1920,11 +1904,9 @@ tor_tls_handshake(tor_tls_t *tls)
               SSL_state_string_long(tls->ssl));
     r = SSL_connect(tls->ssl);
   }
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+
   OSSL_HANDSHAKE_STATE newstate = SSL_get_state(tls->ssl);
-#else
-  int newstate = SSL_state(tls->ssl);
-#endif
+
   if (oldstate != newstate)
     log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
               tls, SSL_state_string_long(tls->ssl));

diff --git a/src/common/tortls.h b/src/common/tortls.h
index 1cfe029adb9ea6f7778286d22e506d7b61f32b9d..a719cb57c39f823d53b30b3f2e4b4dc7cbe52020 100644 (file)
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -12,6 +12,7 @@
  **/
 
 #include "crypto.h"
+#include "compat_openssl.h"
 #include "compat.h"
 #include "testsupport.h"