Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
git2
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
lvzhengyang
git2
Commits
26a09a93
Unverified
Commit
26a09a93
authored
Apr 30, 2018
by
Carlos Martín Nieto
Committed by
GitHub
Apr 30, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #4608 from pks-t/pks/openssl-api-cleanup
OpenSSL legacy API cleanups
parents
b33b6d33
173a0375
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
112 additions
and
121 deletions
+112
-121
src/streams/openssl.c
+112
-14
src/streams/openssl.h
+0
-107
No files found.
src/streams/openssl.c
View file @
26a09a93
...
...
@@ -38,8 +38,115 @@ SSL_CTX *git__ssl_ctx;
#define GIT_SSL_DEFAULT_CIPHERS "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
#if defined(GIT_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
# define OPENSSL_LEGACY_API
#endif
/*
* OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
* which do not exist in previous versions. We define these inline functions so
* we can program against the interface instead of littering the implementation
* with ifdefs. We do the same for OPENSSL_init_ssl.
*/
#if defined(OPENSSL_LEGACY_API)
static
int
OPENSSL_init_ssl
(
int
opts
,
void
*
settings
)
{
GIT_UNUSED
(
opts
);
GIT_UNUSED
(
settings
);
SSL_load_error_strings
();
OpenSSL_add_ssl_algorithms
();
return
0
;
}
static
BIO_METHOD
*
BIO_meth_new
(
int
type
,
const
char
*
name
)
{
BIO_METHOD
*
meth
=
git__calloc
(
1
,
sizeof
(
BIO_METHOD
));
if
(
!
meth
)
{
return
NULL
;
}
meth
->
type
=
type
;
meth
->
name
=
name
;
return
meth
;
}
static
void
BIO_meth_free
(
BIO_METHOD
*
biom
)
{
git__free
(
biom
);
}
static
int
BIO_meth_set_write
(
BIO_METHOD
*
biom
,
int
(
*
write
)
(
BIO
*
,
const
char
*
,
int
))
{
biom
->
bwrite
=
write
;
return
1
;
}
static
int
BIO_meth_set_read
(
BIO_METHOD
*
biom
,
int
(
*
read
)
(
BIO
*
,
char
*
,
int
))
{
biom
->
bread
=
read
;
return
1
;
}
static
int
BIO_meth_set_puts
(
BIO_METHOD
*
biom
,
int
(
*
puts
)
(
BIO
*
,
const
char
*
))
{
biom
->
bputs
=
puts
;
return
1
;
}
static
int
BIO_meth_set_gets
(
BIO_METHOD
*
biom
,
int
(
*
gets
)
(
BIO
*
,
char
*
,
int
))
{
biom
->
bgets
=
gets
;
return
1
;
}
static
int
BIO_meth_set_ctrl
(
BIO_METHOD
*
biom
,
long
(
*
ctrl
)
(
BIO
*
,
int
,
long
,
void
*
))
{
biom
->
ctrl
=
ctrl
;
return
1
;
}
static
int
BIO_meth_set_create
(
BIO_METHOD
*
biom
,
int
(
*
create
)
(
BIO
*
))
{
biom
->
create
=
create
;
return
1
;
}
static
int
BIO_meth_set_destroy
(
BIO_METHOD
*
biom
,
int
(
*
destroy
)
(
BIO
*
))
{
biom
->
destroy
=
destroy
;
return
1
;
}
static
int
BIO_get_new_index
(
void
)
{
/* This exists as of 1.1 so before we'd just have 0 */
return
0
;
}
static
void
BIO_set_init
(
BIO
*
b
,
int
init
)
{
b
->
init
=
init
;
}
static
void
BIO_set_data
(
BIO
*
a
,
void
*
ptr
)
{
a
->
ptr
=
ptr
;
}
static
void
*
BIO_get_data
(
BIO
*
a
)
{
return
a
->
ptr
;
}
static
const
unsigned
char
*
ASN1_STRING_get0_data
(
const
ASN1_STRING
*
x
)
{
return
ASN1_STRING_data
((
ASN1_STRING
*
)
x
);
}
# if defined(GIT_THREADS)
static
git_mutex
*
openssl_locks
;
static
void
openssl_locking_function
(
...
...
@@ -70,8 +177,8 @@ static void shutdown_ssl_locking(void)
git_mutex_free
(
&
openssl_locks
[
i
]);
git__free
(
openssl_locks
);
}
#endif
/*
GIT_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
*/
# endif
/* GIT_THREADS */
#endif
/*
OPENSSL_LEGACY_API
*/
static
BIO_METHOD
*
git_stream_bio_method
;
static
int
init_bio_method
(
void
);
...
...
@@ -95,7 +202,6 @@ static void shutdown_ssl(void)
int
git_openssl_stream_global_init
(
void
)
{
#ifdef GIT_OPENSSL
long
ssl_opts
=
SSL_OP_NO_SSLv2
|
SSL_OP_NO_SSLv3
;
const
char
*
ciphers
=
git_libgit2__ssl_ciphers
();
...
...
@@ -104,13 +210,7 @@ int git_openssl_stream_global_init(void)
ssl_opts
|=
SSL_OP_NO_COMPRESSION
;
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
SSL_load_error_strings
();
OpenSSL_add_ssl_algorithms
();
#else
OPENSSL_init_ssl
(
0
,
NULL
);
#endif
/*
* Load SSLv{2,3} and TLSv1 so that we can talk with servers
...
...
@@ -144,8 +244,6 @@ int git_openssl_stream_global_init(void)
return
-
1
;
}
#endif
git__on_shutdown
(
shutdown_ssl
);
return
0
;
...
...
@@ -160,7 +258,7 @@ static void threadid_cb(CRYPTO_THREADID *threadid)
int
git_openssl_set_locking
(
void
)
{
#if defined(GIT_THREADS) &&
OPENSSL_VERSION_NUMBER < 0x10100000L
#if defined(GIT_THREADS) &&
defined(OPENSSL_LEGACY_API)
int
num_locks
,
i
;
CRYPTO_THREADID_set_callback
(
threadid_cb
);
...
...
@@ -179,7 +277,7 @@ int git_openssl_set_locking(void)
CRYPTO_set_locking_callback
(
openssl_locking_function
);
git__on_shutdown
(
shutdown_ssl_locking
);
return
0
;
#elif
OPENSSL_VERSION_NUMBER >= 0x10100000L
#elif
!defined(OPENSSL_LEGACY_API)
return
0
;
#else
giterr_set
(
GITERR_THREAD
,
"libgit2 was not built with threads"
);
...
...
src/streams/openssl.h
View file @
26a09a93
...
...
@@ -17,111 +17,4 @@ extern int git_openssl_stream_new(git_stream **out, const char *host, const char
extern
int
git_openssl__set_cert_location
(
const
char
*
file
,
const
char
*
path
);
/*
* OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
* which do not exist in previous versions. We define these inline functions so
* we can program against the interface instead of littering the implementation
* with ifdefs.
*/
#ifdef GIT_OPENSSL
# include <openssl/ssl.h>
# include <openssl/err.h>
# include <openssl/x509v3.h>
# include <openssl/bio.h>
# if OPENSSL_VERSION_NUMBER < 0x10100000L || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
GIT_INLINE
(
BIO_METHOD
*
)
BIO_meth_new
(
int
type
,
const
char
*
name
)
{
BIO_METHOD
*
meth
=
git__calloc
(
1
,
sizeof
(
BIO_METHOD
));
if
(
!
meth
)
{
return
NULL
;
}
meth
->
type
=
type
;
meth
->
name
=
name
;
return
meth
;
}
GIT_INLINE
(
void
)
BIO_meth_free
(
BIO_METHOD
*
biom
)
{
git__free
(
biom
);
}
GIT_INLINE
(
int
)
BIO_meth_set_write
(
BIO_METHOD
*
biom
,
int
(
*
write
)
(
BIO
*
,
const
char
*
,
int
))
{
biom
->
bwrite
=
write
;
return
1
;
}
GIT_INLINE
(
int
)
BIO_meth_set_read
(
BIO_METHOD
*
biom
,
int
(
*
read
)
(
BIO
*
,
char
*
,
int
))
{
biom
->
bread
=
read
;
return
1
;
}
GIT_INLINE
(
int
)
BIO_meth_set_puts
(
BIO_METHOD
*
biom
,
int
(
*
puts
)
(
BIO
*
,
const
char
*
))
{
biom
->
bputs
=
puts
;
return
1
;
}
GIT_INLINE
(
int
)
BIO_meth_set_gets
(
BIO_METHOD
*
biom
,
int
(
*
gets
)
(
BIO
*
,
char
*
,
int
))
{
biom
->
bgets
=
gets
;
return
1
;
}
GIT_INLINE
(
int
)
BIO_meth_set_ctrl
(
BIO_METHOD
*
biom
,
long
(
*
ctrl
)
(
BIO
*
,
int
,
long
,
void
*
))
{
biom
->
ctrl
=
ctrl
;
return
1
;
}
GIT_INLINE
(
int
)
BIO_meth_set_create
(
BIO_METHOD
*
biom
,
int
(
*
create
)
(
BIO
*
))
{
biom
->
create
=
create
;
return
1
;
}
GIT_INLINE
(
int
)
BIO_meth_set_destroy
(
BIO_METHOD
*
biom
,
int
(
*
destroy
)
(
BIO
*
))
{
biom
->
destroy
=
destroy
;
return
1
;
}
GIT_INLINE
(
int
)
BIO_get_new_index
(
void
)
{
/* This exists as of 1.1 so before we'd just have 0 */
return
0
;
}
GIT_INLINE
(
void
)
BIO_set_init
(
BIO
*
b
,
int
init
)
{
b
->
init
=
init
;
}
GIT_INLINE
(
void
)
BIO_set_data
(
BIO
*
a
,
void
*
ptr
)
{
a
->
ptr
=
ptr
;
}
GIT_INLINE
(
void
*
)
BIO_get_data
(
BIO
*
a
)
{
return
a
->
ptr
;
}
GIT_INLINE
(
const
unsigned
char
*
)
ASN1_STRING_get0_data
(
const
ASN1_STRING
*
x
)
{
return
ASN1_STRING_data
((
ASN1_STRING
*
)
x
);
}
# endif // OpenSSL < 1.1
#endif // GIT_OPENSSL
#endif
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment