Provide identical BN_GENCB_new shim

Instead of trying to optimize by using a stack local variable
with additional #ifdef logic, use identical implementations of
the upstream functions to reduce #ifdef clutter.

Move the definitions from dst_openssl.h to openssl_shim.h where
rest of the shim is.

diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h
index b9027af3698b61eaa615f394d88b1b05cc768741..c941693198377bc3a0f23979f4d1142063edb176 100644 (file)
--- a/lib/dns/dst_openssl.h
+++ b/lib/dns/dst_openssl.h
@@ -24,20 +24,6 @@
 #include <isc/log.h>
 #include <isc/result.h>
 
-#if !HAVE_BN_GENCB_NEW
-/*
- * These are new in OpenSSL 1.1.0.  BN_GENCB _cb needs to be declared in
- * the function like this before the BN_GENCB_new call:
- *
- * #if !HAVE_BN_GENCB_NEW
- *              _cb;
- * #endif
- */
-#define BN_GENCB_free(x)    ((void)0)
-#define BN_GENCB_new()     (&_cb)
-#define BN_GENCB_get_arg(x) ((x)->arg)
-#endif /* !HAVE_BN_GENCB_NEW */
-
 ISC_LANG_BEGINDECLS
 
 isc_result_t

diff --git a/lib/dns/openssl_shim.h b/lib/dns/openssl_shim.h
index ad07638c3e5225d269f16e22fe9424397d8414a4..120384952b3f908a831fae30742dfde1f21988b8 100644 (file)
--- a/lib/dns/openssl_shim.h
+++ b/lib/dns/openssl_shim.h
@@ -28,6 +28,27 @@
 #define RSA_MAX_PUBEXP_BITS 35
 #endif /* ifndef RSA_MAX_PUBEXP_BITS */
 
+#if !HAVE_BN_GENCB_NEW
+/* These are new in OpenSSL 1.1.0. */
+static inline BN_GENCB *
+BN_GENCB_new(void) {
+       return (OPENSSL_malloc(sizeof(BN_GENCB)));
+}
+
+static inline void
+BN_GENCB_free(BN_GENCB *cb) {
+       if (cb == NULL) {
+               return;
+       }
+       OPENSSL_free(cb);
+}
+
+static inline void *
+BN_GENCB_get_arg(BN_GENCB *cb) {
+       return cb->arg;
+}
+#endif /* !HAVE_BN_GENCB_NEW */
+
 #if !HAVE_EVP_PKEY_GET0_RSA && OPENSSL_VERSION_NUMBER < 0x10100000L
 static inline const RSA *
 EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {

diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index e32a7d2a191fc091143b39354d1677ea587ff02b..c4729b675f2100715cca9fea59c3658800b498b2 100644 (file)
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -365,9 +365,6 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
        DH *dh = NULL;
        BN_GENCB *cb = NULL;
-#if !HAVE_BN_GENCB_NEW
-       BN_GENCB _cb;
-#endif /* !HAVE_BN_GENCB_NEW */
 #else
        OSSL_PARAM_BLD *bld = NULL;
        OSSL_PARAM *params = NULL;
@@ -452,12 +449,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
                if (callback != NULL) {
                        cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
                        if (cb == NULL) {
                                DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
                        }
-#endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-       * !defined(LIBRESSL_VERSION_NUMBER) */
                        u.fptr = callback;
                        BN_GENCB_set(cb, progress_cb, u.dptr);
                }

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 619ce345f4a19d3b8ec2010983dd498750b2eb23..8fc8a297c581b011bb1196737e1ec05df51c7448 100644 (file)
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -299,9 +299,6 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
        RSA *rsa = RSA_new();
        EVP_PKEY *pkey = EVP_PKEY_new();
-#if !HAVE_BN_GENCB_NEW
-       BN_GENCB _cb;
-#endif /* !HAVE_BN_GENCB_NEW */
        BN_GENCB *cb = NULL;
 #else
        EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
@@ -362,12 +359,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
 
        if (callback != NULL) {
                cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
                if (cb == NULL) {
                        DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
                }
-#endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-       * !defined(LIBRESSL_VERSION_NUMBER) */
                u.fptr = callback;
                BN_GENCB_set(cb, progress_cb, u.dptr);
        }