Add hybrid support for OpenSSL 1.0 and 1.1

This changes the functional code to use OpenSSL 1.1 API in the places where the API changed. "apibridge" provides equivalent methods for the OpenSSL 1.0 environment. The following configurations have been tested: * Non-portable against OpenSSL 1.0 * Non-portable against OpenSSL 1.1 * Portable, built against OpenSSL 1.0 and run against OpenSSL 1.0 * Portable, built against OpenSSL 1.0 and run against OpenSSL 1.1 * Portable, built against OpenSSL 1.1 and run against OpenSSL 1.0 * Portable, built against OpenSSL 1.1 and run against OpenSSL 1.1 In opensslshim, the PER_FUNCTION_BLOCK macro style has been broken up into a named purposes: * REQUIRED_FUNCTION(fn) * API that we use unconditionally, regardless of version * Formerly PER_FUNCTION_BLOCK(fn, true) * NEW_REQUIRED_FUNCTION(fn) * API that we use unconditionally in paths that only exist against OpenSSL 1.1, is not probed for when the runtime is 1.0 * LIGHTUP_FUNCTION(fn) * API that might not exist, must be probed with API_EXISTS checks before being utilized * Formerly PER_FUNCTION_BLOCK(fn, false) * FALLBACK_FUNCTION(fn) * API that is required on OpenSSL 1.1, and when not found will bind to a method named local_#fn in the shim library * RENAMED_FUNCTION(fn,oldfn) * Handles a rename with no signature change from oldfn to newfn, binds appropriately based on the runtime library. * LEGACY_FUNCTION(fn) * API that we use unconditionally in paths that only exist against OpenSSL 1.0, is not probed for when the runtime is 1.1. Two new #defines are available, but ideally need no further usage: * NEED_OPENSSL_1_0 * Defined when building portable, or on non-portable when the headers are OpenSSL 1.0 * NEED_OPENSSL_1_1 * Defined when building portable, or on non-portable when the headers are OpenSSL 1.1
dotnet · Jan 17, 2019 · e4bcbd5 · e4bcbd5
1 parent 3fd578c
commit e4bcbd5
Show file tree

Hide file tree

Showing 27 changed files with 1,878 additions and 592 deletions.
diff --git a/src/Common/src/Microsoft/Win32/SafeHandles/SafeEvpPKeyHandle.Unix.cs b/src/Common/src/Microsoft/Win32/SafeHandles/SafeEvpPKeyHandle.Unix.cs
@@ -52,12 +52,9 @@ public SafeEvpPKeyHandle DuplicateHandle()
             // that we don't lose a tracked reference in low-memory situations.
             SafeEvpPKeyHandle safeHandle = new SafeEvpPKeyHandle();
 
-            int newRefCount = Interop.Crypto.UpRefEvpPkey(this);
+            int success = Interop.Crypto.UpRefEvpPkey(this);
 
-            // UpRefEvpPkey returns the number of references to this key, if it's less than 2
-            // (the incoming handle, and this one) then someone has already Disposed() this key
-            // into non-existence.
-            if (newRefCount < 2)
+            if (success != 1)
             {
                 Debug.Fail("Called UpRefEvpPkey on a key which was already marked for destruction");
                 throw Interop.Crypto.CreateOpenSslCryptographicException();

diff --git a/src/Native/Unix/System.Security.Cryptography.Native/CMakeLists.txt b/src/Native/Unix/System.Security.Cryptography.Native/CMakeLists.txt
@@ -6,7 +6,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON)
 # These are happening inside of OpenSSL-defined macros out of our control
 add_compile_options(-Wno-cast-align)
 
-add_definitions(-DPIC=1)
+add_definitions(-DPIC=1 -DOPENSSL_API_COMPAT=0x10100000L)
 
 if(CMAKE_STATIC_LIB_LINK)
    set(CMAKE_FIND_LIBRARY_SUFFIXES .a)
@@ -16,6 +16,7 @@ find_package(OpenSSL REQUIRED)
 include_directories(SYSTEM ${OPENSSL_INCLUDE_DIR})
 
 set(NATIVECRYPTO_SOURCES
+    apibridge.cpp
     openssl.cpp
     pal_asn1.cpp
     pal_asn1_print.cpp