Provide identical BN_GENCB_new shim

Instead of trying to optimize by using a stack local variable with additional #ifdef logic, use identical implementations of the upstream functions to reduce #ifdef clutter. Move the definitions from dst_openssl.h to openssl_shim.h where rest of the shim is.
2025-08-30 05:57:52 +00:00 · 2022-12-26 16:55:48 +02:00 · 2022-12-26 16:55:48 +02:00 · 307f95d72f
commit 307f95d72f
parent 220267f241
4 changed files with 21 additions and 26 deletions
--- a/lib/dns/dst_openssl.h
+++ b/lib/dns/dst_openssl.h
@ -24,20 +24,6 @@
 #include <isc/log.h>
 #include <isc/result.h>

-#if !HAVE_BN_GENCB_NEW
-/*
- * These are new in OpenSSL 1.1.0.  BN_GENCB _cb needs to be declared in
- * the function like this before the BN_GENCB_new call:
- *
- * #if !HAVE_BN_GENCB_NEW
- *     	 _cb;
- * #endif
- */
-#define BN_GENCB_free(x)    ((void)0)
-#define BN_GENCB_new()	    (&_cb)
-#define BN_GENCB_get_arg(x) ((x)->arg)
-#endif /* !HAVE_BN_GENCB_NEW */
-
 ISC_LANG_BEGINDECLS

 isc_result_t
--- a/lib/dns/openssl_shim.h
+++ b/lib/dns/openssl_shim.h
@ -28,6 +28,27 @@
 #define RSA_MAX_PUBEXP_BITS 35
 #endif /* ifndef RSA_MAX_PUBEXP_BITS */

+#if !HAVE_BN_GENCB_NEW
+/* These are new in OpenSSL 1.1.0. */
+static inline BN_GENCB *
+BN_GENCB_new(void) {
+	return (OPENSSL_malloc(sizeof(BN_GENCB)));
+}
+
+static inline void
+BN_GENCB_free(BN_GENCB *cb) {
+	if (cb == NULL) {
+		return;
+	}
+	OPENSSL_free(cb);
+}
+
+static inline void *
+BN_GENCB_get_arg(BN_GENCB *cb) {
+	return cb->arg;
+}
+#endif /* !HAVE_BN_GENCB_NEW */
+
 #if !HAVE_EVP_PKEY_GET0_RSA && OPENSSL_VERSION_NUMBER < 0x10100000L
 static inline const RSA *
 EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@ -365,9 +365,6 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
 	DH *dh = NULL;
 	BN_GENCB *cb = NULL;
-#if !HAVE_BN_GENCB_NEW
-	BN_GENCB _cb;
-#endif /* !HAVE_BN_GENCB_NEW */
 #else
 	OSSL_PARAM_BLD *bld = NULL;
 	OSSL_PARAM *params = NULL;
@ -452,12 +449,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
 		if (callback != NULL) {
 			cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			if (cb == NULL) {
 				DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
 			}
-#endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	* !defined(LIBRESSL_VERSION_NUMBER) */
 			u.fptr = callback;
 			BN_GENCB_set(cb, progress_cb, u.dptr);
 		}
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@ -299,9 +299,6 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
 	RSA *rsa = RSA_new();
 	EVP_PKEY *pkey = EVP_PKEY_new();
-#if !HAVE_BN_GENCB_NEW
-	BN_GENCB _cb;
-#endif /* !HAVE_BN_GENCB_NEW */
 	BN_GENCB *cb = NULL;
 #else
 	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
@ -362,12 +359,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {

 	if (callback != NULL) {
 		cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 		if (cb == NULL) {
 			DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
 		}
-#endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	* !defined(LIBRESSL_VERSION_NUMBER) */
 		u.fptr = callback;
 		BN_GENCB_set(cb, progress_cb, u.dptr);
 	}