Only consider openssl 1.1.0 final, and introduce macro to simplify code

woltere · Aug 26, 2016 · 5bc31d1 · 5bc31d1
1 parent e606e1b
commit 5bc31d1
Showing 1 changed file with 11 additions and 12 deletions.
diff --git a/neverbleed.c b/neverbleed.c
@@ -45,6 +45,8 @@
 #endif
 #include "neverbleed.h"
 
+#define OPENSSL_101_API (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+
 enum neverbleed_type { NEVERBLEED_TYPE_NONE, NEVERBLEED_TYPE_RSA, NEVERBLEED_TYPE_ECDSA };
 
 struct expbuf_t {
@@ -524,7 +526,8 @@ static int sign_stub(struct expbuf_t *buf)
     return 0;
 }
 
-#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100005L
+#if !OPENSSL_101_API
+
 static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 {
     if (n) {
@@ -596,7 +599,7 @@ static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t key_index, const char *ebu
     return pkey;
 }
 
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100005L
+#if OPENSSL_101_API
 
 static EC_KEY *daemon_get_ecdsa(size_t key_index)
 {
@@ -788,7 +791,7 @@ int neverbleed_load_private_key_file(neverbleed_t *nb, SSL_CTX *ctx, const char
         }
         pkey = create_pkey(nb, key_index, estr, nstr);
         break;
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100005L
+#if OPENSSL_101_API
     case NEVERBLEED_TYPE_ECDSA:
         if (expbuf_shift_num(&buf, &curve_name) != 0 || (ec_pubkeystr = expbuf_shift_str(&buf)) == NULL) {
             errno = 0;
@@ -861,7 +864,7 @@ static int load_key_stub(struct expbuf_t *buf)
         nstr = BN_bn2hex(n);
         break;
     case EVP_PKEY_EC:
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100005L
+#if OPENSSL_101_API
         ec_key = EVP_PKEY_get0_EC_KEY(pkey);
         type = NEVERBLEED_TYPE_ECDSA;
         key_index = daemon_set_ecdsa(ec_key);
@@ -1055,7 +1058,7 @@ static void *daemon_conn_thread(void *_sock_fd)
         } else if (strcmp(cmd, "sign") == 0) {
             if (sign_stub(&buf) != 0)
                 break;
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100005L
+#if OPENSSL_101_API
         } else if (strcmp(cmd, "ecdsa_sign") == 0) {
             if (ecdsa_sign_stub(&buf) != 0)
                 break;
@@ -1113,7 +1116,7 @@ __attribute__((noreturn)) static void daemon_main(int listen_fd, int close_notif
     }
 }
 
-#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100005L
+#if !OPENSSL_101_API
 
 static RSA_METHOD static_rsa_method = {
     "privsep RSA method", /* name */
@@ -1125,11 +1128,7 @@ static RSA_METHOD static_rsa_method = {
     NULL,                 /* bn_mod_exp */
     NULL,                 /* init */
     NULL,                 /* finish */
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100005L
-    0,                    /* flags */
-#else
     RSA_FLAG_SIGN_VER,    /* flags */
-#endif
     NULL,                 /* app data */
     sign_proxy,           /* rsa_sign */
     NULL,                 /* rsa_verify */
@@ -1142,7 +1141,7 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
 {
     int pipe_fds[2] = {-1, -1}, listen_fd = -1;
     char *tempdir = NULL;
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100005L
+#if OPENSSL_101_API
     const RSA_METHOD *default_method = RSA_PKCS1_OpenSSL();
     EC_KEY_METHOD *ecdsa_method;
     const EC_KEY_METHOD *ecdsa_default_method;
@@ -1227,7 +1226,7 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
     /* setup engine */
     if ((nb->engine = ENGINE_new()) == NULL || !ENGINE_set_id(nb->engine, "neverbleed") ||
         !ENGINE_set_name(nb->engine, "privilege separation software engine") || !ENGINE_set_RSA(nb->engine, rsa_method)
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100005L
+#if OPENSSL_101_API
         || !ENGINE_set_EC(nb->engine, ecdsa_method)
 #endif
             ) {