Răsfoiți Sursa

Merge branch 'master' into next

* master:
  Silence unused variable warnings.
  Fix indentation warnings
  Drop support for OpenSSL < 1.1
  Bump OPENSSL_API_COMPAT to 1.1
  OpenSSL 1.1 no longer needs all this OPENSSL_init_ssl() compat.
  Add missing openssl/bn.h header.
  generate_defs: Error if a symbol cannot be looked up
  generate_defs: Split up long line
Bryan Drewery 2 ani în urmă
părinte
comite
d50958d702
8 a modificat fișierele cu 36 adăugiri și 88 ștergeri
  1. 1 0
      doc/UPDATES.md
  2. 0 52
      src/compat/openssl.cc
  3. 18 1
      src/generate_defs.sh
  4. 1 0
      src/libcrypto.h
  5. 0 16
      src/libssl.cc
  6. 8 3
      src/mod/irc.mod/chan.cc
  7. 6 4
      src/mod/irc.mod/mode.cc
  8. 2 12
      src/openssl.cc

+ 1 - 0
doc/UPDATES.md

@@ -21,6 +21,7 @@
 
 # maint
   * Fix OpenSSL 3 build.
+  * Drop support for OpenSSL < 1.1
 
 # 1.4.10
   * Clear FiSH keys when a client quits.

+ 0 - 52
src/compat/openssl.cc

@@ -1,53 +1 @@
 #include <openssl/opensslv.h>
-/* Provide forward compat functions when built from < 1.1. */
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
-#include <stdlib.h>
-#include <stdint.h>
-#include "dl.h"
-
-extern "C" {
-typedef int (*OPENSSL_init_ssl_t)(uint64_t a1, const void *a2);
-static int _OPENSSL_init_ssl(uint64_t a1, const void *a2) {
-  if (DLSYM_VAR(OPENSSL_init_ssl) == NULL)
-    if (DLSYM_GLOBAL_SIMPLE(RTLD_NEXT, OPENSSL_init_ssl) == NULL)
-      return 0;
-  return DLSYM_VAR(OPENSSL_init_ssl)(a1, a2);
-}
-
-void _ERR_free_strings(void) __attribute__((const));
-void _ERR_free_strings(void) {
-}
-
-void _EVP_cleanup(void) __attribute__((const));
-void _EVP_cleanup(void) {
-}
-
-void _CRYPTO_cleanup_all_ex_data(void) __attribute__((const));
-void _CRYPTO_cleanup_all_ex_data(void) {
-}
-
-int _SSL_library_init(void) {
-  return _OPENSSL_init_ssl(0, NULL);
-}
-
-#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS    0x00000002L
-#define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
-void _SSL_load_error_strings(void) {
-    _OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
-                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
-}
-
-typedef void *(*TLS_client_method_t)(void);
-static const void *_TLS_client_method(void) {
-  if (DLSYM_VAR(TLS_client_method) == NULL)
-    if (DLSYM_GLOBAL_SIMPLE(RTLD_NEXT, TLS_client_method) == NULL)
-      return NULL;
-  return DLSYM_VAR(TLS_client_method)();
-}
-
-const void *_SSLv23_client_method(void) {
-  return _TLS_client_method();
-}
-
-} /* extern "C" */
-#endif	/* OPENSSL_VERSION_NUMBER < 0x10100000L */

+ 18 - 1
src/generate_defs.sh

@@ -60,8 +60,25 @@ for file in ${files}; do
     typedef=$(grep "^typedef .*(\*${symbol}_t)" ${dirname}/${basename}.h)
     # ... if not, generate it
     if [ -z "$typedef" ]; then
+      if ! grep -v "DLSYM" "${TMPFILE}" | grep -qw "${symbol}"; then
+        echo "Unable to parse symbol ${symbol}. Is there a missing header?" >&2
+	errors=1
+	rm -f "${TMPFILE}"
+	exit 1
+      fi
+
       # Trim off any extern "C", trim out the variable names, cleanup whitespace issues
-      typedef=$(grep -w "${symbol}" $TMPFILE | head -n 1 | $SED -e 's/extern "C" *//' -e "s/\(.*\) *${symbol} *(\(.*\)).*/typedef \1 (*${symbol}_t)(\2);/" -e 's/[_0-9A-Za-z]*\(,\)/\1/g' -e 's/[_0-9A-Za-z]*\();\)/\1/g' -e 's/  */ /g' -e 's/ \([,)]\)/\1/g' -e 's/ *()/(void)/g')
+      typedef=$(grep -w "${symbol}" $TMPFILE |
+	      head -n 1 |
+	      $SED \
+	         -e 's/extern "C" *//' \
+		 -e "s/\(.*\) *${symbol} *(\(.*\)).*/typedef \1 (*${symbol}_t)(\2);/" \
+		 -e 's/[_0-9A-Za-z]*\(,\)/\1/g' \
+		 -e 's/[_0-9A-Za-z]*\();\)/\1/g' \
+		 -e 's/  */ /g' \
+		 -e 's/ \([,)]\)/\1/g' \
+		 -e 's/ *()/(void)/g' \
+	 )
       existing_typedef=0
     else
       existing_typedef=1

+ 1 - 0
src/libcrypto.h

@@ -10,6 +10,7 @@
 #include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include <openssl/blowfish.h>
+#include <openssl/bn.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
 #include <openssl/err.h>

+ 0 - 16
src/libssl.cc

@@ -58,25 +58,9 @@ static int load_symbols(void *handle) {
   DLSYM_GLOBAL(handle, SSL_CTX_ctrl);
   DLSYM_GLOBAL(handle, SSL_CTX_set_cipher_list);
   DLSYM_GLOBAL(handle, SSL_CTX_set_tmp_dh_callback);
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
-  /* For SSL_library_init and SSL_load_error_strings. */
   DLSYM_GLOBAL(handle, OPENSSL_init_ssl);
-#endif
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
-  DLSYM_GLOBAL_FWDCOMPAT(handle, SSL_library_init);
-  DLSYM_GLOBAL_FWDCOMPAT(handle, SSL_load_error_strings);
-#endif
-  /* Some forward-compat is handled in src/compat/openssl.cc. */
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
   DLSYM_GLOBAL(handle, TLS_client_method);
   DLSYM_GLOBAL(handle, SSL_CTX_set_options);
-#else
-  /* If SSLv23_client_method() is not found then use our
-   * _SSLv23_client_method()
-   */
-  DLSYM_GLOBAL_FWDCOMPAT(handle, SSLv23_client_method);
-  /* Some forward-compat is handled in src/compat/openssl.cc. */
-#endif
 
   return 0;
 }

+ 8 - 3
src/mod/irc.mod/chan.cc

@@ -1535,7 +1535,7 @@ void recheck_channel(struct chanset_t *chan, int dobans)
 
   memberlist *m = NULL;
   struct flag_record fr = {FR_GLOBAL | FR_CHAN, 0, 0, 0 };
-  int stop_reset = 0, botops = 0, nonbotops = 0, botnonops = 0;
+  int stop_reset = 0, botops = 0, /*nonbotops = 0,*/ botnonops = 0;
   bool flush = 0;
 
   ++stacking;
@@ -1551,8 +1551,11 @@ void recheck_channel(struct chanset_t *chan, int dobans)
           ++botops;
         else
           ++botnonops;
-      } else if (hasop)
+#if 0
+      } else if (hasop) {
         ++nonbotops;
+#endif
+      }
     }
   }
 
@@ -3150,12 +3153,14 @@ void check_should_cycle(struct chanset_t *chan)
     return;
 
   //If there are other ops split off and i'm the only op on this side of split, cycle
-  int localops = 0, localbotops = 0, splitops = 0, splitbotops = 0, localnonops = 0;
+  int localops = 0, localbotops = 0, /*splitops = 0,*/ splitbotops = 0, localnonops = 0;
 
   for (memberlist *ml = chan->channel.member; ml && ml->nick[0]; ml = ml->next) {
     if (chan_hasop(ml)) {
       if (chan_issplit(ml)) {
+#if 0
         splitops++;
+#endif
         if ((ml->user) && ml->user->bot)
           splitbotops++;
       } else {

+ 6 - 4
src/mod/irc.mod/mode.cc

@@ -1072,7 +1072,7 @@ gotmode(char *from, char *msg)
       } else
         nick = splitnick(&from);
 
-      int i = 0, modecnt = 0, ops = 0, deops = 0, bans = 0, unbans = 0;
+      int i = 0, modecnt = 0, ops = 0, deops = 0, /*bans = 0,*/ unbans = 0;
       bool me_opped = 0;
       char **modes = (char **) calloc(1, sizeof(char *));
       char s[UHOSTLEN] = "";
@@ -1120,10 +1120,12 @@ gotmode(char *from, char *msg)
                   me_opped = 0;
               }
             } else if (chg[0] == 'b') {
-              if (sign == '+')
-                ++bans;
-              else
+              if (sign == '-')
                 ++unbans;
+#if 0
+              else
+                ++bans;
+#endif
             }
           }
           ++chg;

+ 2 - 12
src/openssl.cc

@@ -76,13 +76,9 @@ int init_openssl() {
 
 #ifdef EGG_SSL_EXT
   /* good place to init ssl stuff */
-  SSL_load_error_strings();
-  OpenSSL_add_ssl_algorithms();
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
-  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-#else
+  OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+      OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
   ssl_ctx = SSL_CTX_new(TLS_client_method());
-#endif
   if (!ssl_ctx) {
     sdprintf("SSL_CTX_new() failed");
     return 1;
@@ -125,12 +121,6 @@ int uninit_openssl () {
     RAND_write_file(tls_rand_file);
 #endif
 
-#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
-  ERR_free_strings();
-  EVP_cleanup();
-  CRYPTO_cleanup_all_ex_data();
-#endif
-
   unload_libssl();
   unload_libcrypto();
   return 0;