Provide identical BN_GENCB_new shim

Instead of trying to optimize by using a stack local variable
with additional #ifdef logic, use identical implementations of
the upstream functions to reduce #ifdef clutter.

Move the definitions from dst_openssl.h to openssl_shim.h where
rest of the shim is.

lib/dns/dst_openssl.h

@@ -24,20 +24,6 @@
 #include <isc/log.h>
 #include <isc/result.h>
 
-#if !HAVE_BN_GENCB_NEW
-/*
- * These are new in OpenSSL 1.1.0.  BN_GENCB _cb needs to be declared in
- * the function like this before the BN_GENCB_new call:
- *
- * #if !HAVE_BN_GENCB_NEW
- *     	 _cb;
- * #endif
- */
-#define BN_GENCB_free(x)    ((void)0)
-#define BN_GENCB_new()	    (&_cb)
-#define BN_GENCB_get_arg(x) ((x)->arg)
-#endif /* !HAVE_BN_GENCB_NEW */
-
 ISC_LANG_BEGINDECLS
 
 isc_result_t

lib/dns/openssl_shim.h

@@ -28,6 +28,27 @@
 #define RSA_MAX_PUBEXP_BITS 35
 #endif /* ifndef RSA_MAX_PUBEXP_BITS */
 
+#if !HAVE_BN_GENCB_NEW
+/* These are new in OpenSSL 1.1.0. */
+static inline BN_GENCB *
+BN_GENCB_new(void) {
+	return (OPENSSL_malloc(sizeof(BN_GENCB)));
+}
+
+static inline void
+BN_GENCB_free(BN_GENCB *cb) {
+	if (cb == NULL) {
+		return;
+	}
+	OPENSSL_free(cb);
+}
+
+static inline void *
+BN_GENCB_get_arg(BN_GENCB *cb) {
+	return cb->arg;
+}
+#endif /* !HAVE_BN_GENCB_NEW */
+
 #if !HAVE_EVP_PKEY_GET0_RSA && OPENSSL_VERSION_NUMBER < 0x10100000L
 static inline const RSA *
 EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {

lib/dns/openssldh_link.c

@@ -365,9 +365,6 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
 	DH *dh = NULL;
 	BN_GENCB *cb = NULL;
-#if !HAVE_BN_GENCB_NEW
-	BN_GENCB _cb;
-#endif /* !HAVE_BN_GENCB_NEW */
 #else
 	OSSL_PARAM_BLD *bld = NULL;
 	OSSL_PARAM *params = NULL;
@@ -452,12 +449,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
 		if (callback != NULL) {
 			cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			if (cb == NULL) {
 				DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
 			}
-#endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	* !defined(LIBRESSL_VERSION_NUMBER) */
 			u.fptr = callback;
 			BN_GENCB_set(cb, progress_cb, u.dptr);
 		}

lib/dns/opensslrsa_link.c

@@ -299,9 +299,6 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
 	RSA *rsa = RSA_new();
 	EVP_PKEY *pkey = EVP_PKEY_new();
-#if !HAVE_BN_GENCB_NEW
-	BN_GENCB _cb;
-#endif /* !HAVE_BN_GENCB_NEW */
 	BN_GENCB *cb = NULL;
 #else
 	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
@@ -362,12 +359,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
 
 	if (callback != NULL) {
 		cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 		if (cb == NULL) {
 			DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
 		}
-#endif /* if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	* !defined(LIBRESSL_VERSION_NUMBER) */
 		u.fptr = callback;
 		BN_GENCB_set(cb, progress_cb, u.dptr);
 	}