From 7785404bd292918a4afd4780ccfc36d6626a49ca Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 31 Oct 2022 03:04:34 +0000 Subject: gentoo auto-resync : 31:10:2022 - 03:04:34 --- net-im/Manifest.gz | Bin 10427 -> 10425 bytes net-im/coturn/Manifest | 5 +- net-im/coturn/coturn-4.6.0.ebuild | 98 +++++++ net-im/coturn/coturn-9999.ebuild | 31 ++- net-im/coturn/files/coturn-4.6.0-openssl3.patch | 356 ++++++++++++++++++++++++ 5 files changed, 479 insertions(+), 11 deletions(-) create mode 100644 net-im/coturn/coturn-4.6.0.ebuild create mode 100644 net-im/coturn/files/coturn-4.6.0-openssl3.patch (limited to 'net-im') diff --git a/net-im/Manifest.gz b/net-im/Manifest.gz index e1bb24e0b59b..9f0340752040 100644 Binary files a/net-im/Manifest.gz and b/net-im/Manifest.gz differ diff --git a/net-im/coturn/Manifest b/net-im/coturn/Manifest index 7009a214e92f..4604d60956c9 100644 --- a/net-im/coturn/Manifest +++ b/net-im/coturn/Manifest @@ -1,9 +1,12 @@ AUX coturn-4.5.2-respect-TMPDIR.patch 479 BLAKE2B 75e20f0927bcb080c354579d2dd0d7d3674a1f41cf4644519499b0b2fd17c819a613fa94b9cceac68bb7e442228e9996265cf358005924458710e4fefab2c3bd SHA512 660fdfa1284c5abd5075fd0bce9f123ab0caac9b18cf499fba78022368b04c2904be0df477b7c5070a8cca46b5ac53d686664015747718c228d8c1aa2a1e8945 +AUX coturn-4.6.0-openssl3.patch 11812 BLAKE2B 2c989408bbe9b742a16341516421e526cd159da74cabd18cf038aa5ed473cca13a41fe857fc566e13eb3e884a72d9c5201f90b7584dc314017ca3425c367df3e SHA512 c71f0b1d5830670c58994445bfd98818b24171d4e4aac170ed67b495a87db680dad36cd1eed4f0ae1e80e42f9567e9f28d5ca8847e8c9fe68909b7fae42f3744 AUX coturn.conf 46 BLAKE2B 8ae3300f7a0a6e09fde5259b660ec69c7b15cd08d2edcd7a5f77db9beda773d313b5625c44f75b922efc6205b06d17aadcfba98c8b8c8638b6a8de12801245b1 SHA512 f5b813fef017b995d036fc968c6b44cd969867c0233d36ef450357ab5f104a9f38fb27100c22fa14ed4ef49ec410e86c077f400ba7cde1b0e2466368fd02a2dc AUX coturn.service 470 BLAKE2B 21b1cc005b5b91a8cb80b05a45afc16d73ad88e5b0a851294a6fab79d01a3bebbd048dc0bdd2423b62c2b56fe16dece95613846ad45bc9d5c3642a79fa726eff SHA512 f4228af88e51a38b06b0f91e1494d4e61a9a9f18cbab9fe85c323267e28045ebaae2832bae114da6e326cf22bf8efbd2bd5677cbcdde8fe994eca60802a6dc66 AUX logrotate.coturn 345 BLAKE2B 26edd2ad44d947bf943757fb3e3255cafea64fac5d495402bbc3a7088ed6ffd822cc8f07010669f9faf856eb8a893d9ba9ab48d4b417f8c3fd27772ffb71cae0 SHA512 ebfadc7e6435061b7120baffce76a65c224768ab85e59e3b8cd140e394fa6e4eaa258eccce76f3152fd6a1adab0c84e39feb51663c76359401e04df4d8db2c1d AUX turnserver.init 633 BLAKE2B 78da89afc2be30bac969bb2a393d454d32ba77e199f2ccb5e34557ce34cf3a242402210afe6e30400b4a47ef9dc7880cded44a1932f7769f21f4143261a3569e SHA512 3b86b2186499c96ec0cfd3a124ea058a622c21cc870e079414f6055f7ba85830a5b85c424c809c010144f9270fcada80ef20bcab4cbc9c7fe0949b24fef02b59 DIST coturn-4.5.2.tar.gz 442745 BLAKE2B c18d5f5cfedd600875c0bfa08b874ef6316a5aa9af34c27e2901825da412b794d437e08f0706f9651bdf6d3d19e151486af39a42f2326c7ab6bb802d33fd0ba4 SHA512 00e86a3a273a8e4e69deaefd338bdd6c44739a807f21a72a2d68efc089053e16efd1d5b34b0c6dea7a0fa2b66f70821d8c3e1107561e1f08dfac2c93933a6121 +DIST coturn-4.6.0.tar.gz 474423 BLAKE2B b70ecd1f333f4f9f37adcab6f5fd3406aa0eb962488b7cae4a30c9339cf7b11b2bfedd1fa70bd3b0c32bf82702d39eb22278506521f71e0cb6aaadee9d3c3d05 SHA512 a80ea1b8d9c78b8f9fc632517a0246cb0d2d4ff21c59d53827f026fb3a145a01b3bec637af94a96b525c35251cb5e9e209ba7f368f08e12ef61220bcb784637c EBUILD coturn-4.5.2-r1.ebuild 2397 BLAKE2B 5c2a056db7dc714a73f6e49ac5e4d0cf3a8c4555dcdab39276bdd845353860475acccd09dad8dae9358f6623b9bd4449ac0f17dbd6ead186c14e7c31c66b2808 SHA512 6a278b46b214dd6d7f0d3599d72aa1961a54a83a0ac47f50259461d82bebac3483cdaba7ec289aed118c980849a6693512b2b9670ac4219af0b8a64cf664f714 -EBUILD coturn-9999.ebuild 2397 BLAKE2B 5c2a056db7dc714a73f6e49ac5e4d0cf3a8c4555dcdab39276bdd845353860475acccd09dad8dae9358f6623b9bd4449ac0f17dbd6ead186c14e7c31c66b2808 SHA512 6a278b46b214dd6d7f0d3599d72aa1961a54a83a0ac47f50259461d82bebac3483cdaba7ec289aed118c980849a6693512b2b9670ac4219af0b8a64cf664f714 +EBUILD coturn-4.6.0.ebuild 2467 BLAKE2B a476558982c0a4dc7528a89352a361d1530f6a445d23beb06f532f2dd523f0d553c8397849999e7519777f3bcc9c05994742aa048f26d1bb3491073fac734d31 SHA512 23c020bb991f10c23c354b0708856881b64eb25c08018f8ef366d9d98d81ebd408c1d2fd4359264ba71945863026e46e16d21cfe25f0ac9a0c523688217d8362 +EBUILD coturn-9999.ebuild 2467 BLAKE2B a476558982c0a4dc7528a89352a361d1530f6a445d23beb06f532f2dd523f0d553c8397849999e7519777f3bcc9c05994742aa048f26d1bb3491073fac734d31 SHA512 23c020bb991f10c23c354b0708856881b64eb25c08018f8ef366d9d98d81ebd408c1d2fd4359264ba71945863026e46e16d21cfe25f0ac9a0c523688217d8362 MISC metadata.xml 498 BLAKE2B 59313fc116427a965c6b1583f6d0832d52da36ef4e9e62d1ed2039cd750281e82679d351f960dbff0ec9077d8c6f4bc44a2aba237748aea668f2237fa4ffdfbf SHA512 23c885a01456773028feab711122e844a61022b6c2aae440c41f5def70a504ac0842c1a3ef43349d248011e1256e7dde37516d13dac36435a6c8d8b972e4319f diff --git a/net-im/coturn/coturn-4.6.0.ebuild b/net-im/coturn/coturn-4.6.0.ebuild new file mode 100644 index 000000000000..8c10c10306aa --- /dev/null +++ b/net-im/coturn/coturn-4.6.0.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs systemd tmpfiles + +DESCRIPTION="coturn TURN server project" +HOMEPAGE="https://github.com/coturn/coturn" + +if [[ ${PV} == *9999 ]]; then + EGIT_REPO_URI="https://github.com/coturn/coturn.git" + inherit git-r3 + #S="${WORKDIR}/${PN}-master" +else + SRC_URI="https://github.com/coturn/coturn/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="BSD" +SLOT="0" +IUSE="mongodb mysql postgres redis sqlite" + +RDEPEND=" + acct-group/turnserver + acct-user/turnserver + >dev-libs/libevent-2.1.8:= + dev-libs/openssl:= + mongodb? ( dev-libs/mongo-c-driver ) + mysql? ( dev-db/mysql-connector-c:= ) + postgres? ( dev-db/postgresql:* ) + redis? ( dev-libs/hiredis:= ) + sqlite? ( dev-db/sqlite ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch + "${FILESDIR}"/${P}-openssl3.patch +) + +src_configure() { + if [[ -n "${AR}" ]]; then + sed 's:ARCHIVERCMD="ar -r":ARCHIVERCMD="${AR} -r":g' -i "${S}/configure" + fi + + sed 's:MANPREFIX}/man/:MANPREFIX}/:g' -i "${S}/Makefile.in" || die "sed for mandir failed" + sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \ + -i "${S}/examples/etc/turnserver.conf" || die "sed for logdir failed" + sed 's:#simple-log:simple-log:' -i "${S}/examples/etc/turnserver.conf" \ + || die "sed for simple-log failed" + sed '/INSTALL_DIR} examples\/script/a \ \${INSTALL_DIR} examples\/ca \${DESTDIR}${EXAMPLESDIR}' \ + -i "${S}/Makefile.in" || die "sed for example ca failed" + + if ! use mongodb; then + export TURN_NO_MONGO=yes + fi + if ! use mysql; then + export TURN_NO_MYSQL=yes + fi + if ! use postgres; then + export TURN_NO_PQ=yes + fi + if ! use redis; then + export TURN_NO_HIREDIS=yes + fi + if ! use sqlite; then + export TURN_NO_SQLITE=yes + fi + + tc-export CC + + export ARCHIVERCMD="$(tc-getAR) -r" + export PKGCONFIG="$(tc-getPKG_CONFIG)" + export DOCSDIR="/usr/share/doc/${PN}-${PV}" + + econf $(use_with sqlite) +} + +src_install() { + default + + newinitd "${FILESDIR}/turnserver.init" turnserver + + insinto /etc/logrotate.d + newins "${FILESDIR}/logrotate.${PN}" "${PN}" + + systemd_dounit "${FILESDIR}/${PN}.service" + dotmpfiles "${FILESDIR}/${PN}.conf" +} + +pkg_postinst() { + tmpfiles_process ${PN}.conf + + elog "You need to copy ${EROOT}/etc/turnserver.conf.default to" + elog "${EROOT}/etc/turnserver.conf and do your settings there." +} diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-9999.ebuild index d3a3c8813604..8c10c10306aa 100644 --- a/net-im/coturn/coturn-9999.ebuild +++ b/net-im/coturn/coturn-9999.ebuild @@ -4,22 +4,25 @@ EAPI=7 inherit toolchain-funcs systemd tmpfiles + DESCRIPTION="coturn TURN server project" HOMEPAGE="https://github.com/coturn/coturn" -if [ ${PV} = 9999 ]; then - EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" +if [[ ${PV} == *9999 ]]; then + EGIT_REPO_URI="https://github.com/coturn/coturn.git" inherit git-r3 -# S="${WORKDIR}/${PN}-master" + #S="${WORKDIR}/${PN}-master" else + SRC_URI="https://github.com/coturn/coturn/archive/${PV}.tar.gz -> ${P}.tar.gz" KEYWORDS="~amd64 ~x86" - SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" fi LICENSE="BSD" SLOT="0" IUSE="mongodb mysql postgres redis sqlite" -RDEPEND="acct-group/turnserver + +RDEPEND=" + acct-group/turnserver acct-user/turnserver >dev-libs/libevent-2.1.8:= dev-libs/openssl:= @@ -27,18 +30,21 @@ RDEPEND="acct-group/turnserver mysql? ( dev-db/mysql-connector-c:= ) postgres? ( dev-db/postgresql:* ) redis? ( dev-libs/hiredis:= ) - sqlite? ( dev-db/sqlite )" + sqlite? ( dev-db/sqlite ) +" DEPEND="${RDEPEND}" BDEPEND="virtual/pkgconfig" PATCHES=( "${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch + "${FILESDIR}"/${P}-openssl3.patch ) src_configure() { - if [ -n "${AR}" ]; then + if [[ -n "${AR}" ]]; then sed 's:ARCHIVERCMD="ar -r":ARCHIVERCMD="${AR} -r":g' -i "${S}/configure" fi + sed 's:MANPREFIX}/man/:MANPREFIX}/:g' -i "${S}/Makefile.in" || die "sed for mandir failed" sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \ -i "${S}/examples/etc/turnserver.conf" || die "sed for logdir failed" @@ -46,6 +52,7 @@ src_configure() { || die "sed for simple-log failed" sed '/INSTALL_DIR} examples\/script/a \ \${INSTALL_DIR} examples\/ca \${DESTDIR}${EXAMPLESDIR}' \ -i "${S}/Makefile.in" || die "sed for example ca failed" + if ! use mongodb; then export TURN_NO_MONGO=yes fi @@ -73,15 +80,19 @@ src_configure() { src_install() { default + newinitd "${FILESDIR}/turnserver.init" turnserver + insinto /etc/logrotate.d newins "${FILESDIR}/logrotate.${PN}" "${PN}" + systemd_dounit "${FILESDIR}/${PN}.service" dotmpfiles "${FILESDIR}/${PN}.conf" } pkg_postinst() { - tmpfiles_process "${PN}.conf" - elog "You need to copy /etc/turnserver.conf.default to" - elog "/etc/turnserver.conf and do your settings there." + tmpfiles_process ${PN}.conf + + elog "You need to copy ${EROOT}/etc/turnserver.conf.default to" + elog "${EROOT}/etc/turnserver.conf and do your settings there." } diff --git a/net-im/coturn/files/coturn-4.6.0-openssl3.patch b/net-im/coturn/files/coturn-4.6.0-openssl3.patch new file mode 100644 index 000000000000..19b88048af50 --- /dev/null +++ b/net-im/coturn/files/coturn-4.6.0-openssl3.patch @@ -0,0 +1,356 @@ +https://github.com/coturn/coturn/commit/9af9f6306ab73c3403f9e11086b1936e9148f7de +https://github.com/coturn/coturn/commit/4ce784a8781ab086c150e2b9f5641b1a37fd9b31 +https://github.com/coturn/coturn/commit/9370bb742d976166a51032760da1ecedefb92267 +https://github.com/coturn/coturn/commit/d72a2a8920b80ce66b36e22b2c22f308ad06c424 + +From 9af9f6306ab73c3403f9e11086b1936e9148f7de Mon Sep 17 00:00:00 2001 +From: Pavel Punsky +Date: Wed, 14 Sep 2022 03:29:26 -0700 +Subject: [PATCH] Fix renegotiation flag for older version of openssl (#978) + +`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above +Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS ` + +Fixes #977 and #952 + +Test: +Build in a docker container running running openssl-1.0.2g (ubuntu +16.04) successfully (without the fix getting the same errors) +--- a/src/apps/relay/dtls_listener.c ++++ b/src/apps/relay/dtls_listener.c +@@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty + SSL_set_accept_state(connecting_ssl); + + SSL_set_bio(connecting_ssl, NULL, wbio); +- SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION); +- ++ SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) ++ | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS ++#endif ++#else ++#if defined(SSL_OP_NO_RENEGOTIATION) ++ | SSL_OP_NO_RENEGOTIATION ++#endif ++#endif ++ ); + SSL_set_max_cert_list(connecting_ssl, 655350); + + ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl, +@@ -581,7 +590,17 @@ static int create_new_connected_udp_socket( + + SSL_set_bio(connecting_ssl, NULL, wbio); + +- SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION); ++ SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) ++ | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS ++#endif ++#else ++#if defined(SSL_OP_NO_RENEGOTIATION) ++ | SSL_OP_NO_RENEGOTIATION ++#endif ++#endif ++ ); + + SSL_set_max_cert_list(connecting_ssl, 655350); + int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh, +--- a/src/apps/relay/ns_ioalib_engine_impl.c ++++ b/src/apps/relay/ns_ioalib_engine_impl.c +@@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_handle s, SSL *ssl) + if(ssl) { + SSL_set_app_data(ssl,s); + SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback); +- SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION); ++ SSL_set_options(ssl, ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) ++ SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS ++#endif ++#else ++#if defined(SSL_OP_NO_RENEGOTIATION) ++ SSL_OP_NO_RENEGOTIATION ++#endif ++#endif ++ ); + } + } + } + +From 4ce784a8781ab086c150e2b9f5641b1a37fd9b31 Mon Sep 17 00:00:00 2001 +From: Pavel Punsky +Date: Fri, 16 Sep 2022 00:46:45 -0700 +Subject: [PATCH] Improve openssl3 and FIPS support (#955) + +openssl-3.0 deprecated some APIs and introduced new APIs instead: + +`SSL_get_peer_certificate ` -> `SSL_get1_peer_certificate ` +`FIPS_mode()`->`EVP_default_properties_is_fips_enabled()` +`EVP_MD_CTX_set_flags()`->`EVP_default_properties_enable_fips()` +specifically for enabling FIPS mode + +This change should workaround that by ifdef-ing old/new versions of +openssl and APIs - so pre-3.0 use existing APIs (so not change there) +and >=3.0 will use new APIs (whether it actually works or not is still +TBD as this is just a first step in openssl-3.0 support) + +Should fix #886 + +Test Plan: +Run CI build that supports ubuntu-20.04 (openssl-1.1.1) and ubuntu-22.04 +(openssl-3.0.2) +Both builds pass +None of them have FIPS support (which for 1.1.x stays the same as +before) + +Co-authored-by: Pavel Punsky +--- a/src/apps/relay/ns_ioalib_engine_impl.c ++++ b/src/apps/relay/ns_ioalib_engine_impl.c +@@ -1868,7 +1868,11 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve + + } else if (!if1 && if2) { + ++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) ++ if(verbose && SSL_get1_peer_certificate(ssl)) { ++#else + if(verbose && SSL_get_peer_certificate(ssl)) { ++#endif + printf("\n------------------------------------------------------------\n"); + X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1, + XN_FLAG_MULTILINE); +--- a/src/apps/uclient/startuclient.c ++++ b/src/apps/uclient/startuclient.c +@@ -138,7 +138,11 @@ static SSL* tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, int *try_again + if (rc > 0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: client session connected with cipher %s, method=%s\n",__FUNCTION__, + SSL_get_cipher(ssl),turn_get_ssl_method(ssl,NULL)); ++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) ++ if(clnet_verbose && SSL_get1_peer_certificate(ssl)) { ++#else + if(clnet_verbose && SSL_get_peer_certificate(ssl)) { ++#endif + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "------------------------------------------------------------\n"); + X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1, + XN_FLAG_MULTILINE); +--- a/src/client/ns_turn_msg.c ++++ b/src/client/ns_turn_msg.c +@@ -248,12 +248,22 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c + if (FIPS_mode()) { + EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } +-#endif ++#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER) + EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); + EVP_DigestUpdate(&ctx,str,strl); + EVP_DigestFinal(&ctx,key,&keylen); + EVP_MD_CTX_cleanup(&ctx); +-#else ++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L ++ unsigned int keylen = 0; ++ EVP_MD_CTX *ctx = EVP_MD_CTX_new(); ++ if (EVP_default_properties_is_fips_enabled(NULL)) { ++ EVP_default_properties_enable_fips(NULL, 0); ++ } ++ EVP_DigestInit_ex(ctx,EVP_md5(), NULL); ++ EVP_DigestUpdate(ctx,str,strl); ++ EVP_DigestFinal(ctx,key,&keylen); ++ EVP_MD_CTX_free(ctx); ++#else // OPENSSL_VERSION_NUMBER < 0x10100000L + unsigned int keylen = 0; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER) +@@ -265,7 +275,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c + EVP_DigestUpdate(ctx,str,strl); + EVP_DigestFinal(ctx,key,&keylen); + EVP_MD_CTX_free(ctx); +-#endif ++#endif // OPENSSL_VERSION_NUMBER < 0X10100000L + ret = 0; + } + + +From 9370bb742d976166a51032760da1ecedefb92267 Mon Sep 17 00:00:00 2001 +From: Pavel Punsky +Date: Fri, 16 Sep 2022 23:29:32 -0700 +Subject: [PATCH] Fix a warning (#988) + +There are too many defines that are, eventually, used in one place so +just inlining. + +Current code generates following warning: +``` +warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined] +``` + +With the fix there is no warning + +Co-authored-by: Pavel Punsky +--- a/src/apps/relay/netengine.c ++++ b/src/apps/relay/netengine.c +@@ -31,13 +31,7 @@ + #include "mainrelay.h" + + //////////// Backward compatibility with OpenSSL 1.0.x ////////////// +-#define HAVE_OPENSSL11_API (!(OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)) +- +-#ifndef HAVE_SSL_CTX_UP_REF +-#define HAVE_SSL_CTX_UP_REF HAVE_OPENSSL11_API +-#endif +- +-#if !HAVE_SSL_CTX_UP_REF ++#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER) + #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX) + #endif + + +From d72a2a8920b80ce66b36e22b2c22f308ad06c424 Mon Sep 17 00:00:00 2001 +From: Pavel Punsky +Date: Mon, 24 Oct 2022 13:06:35 -0700 +Subject: [PATCH] Cleanup openssl initialization (#1012) + +Rewriting openssl initialization code (threading support to make it +cleaner + +- Regroup functions so that there is one ifdef (for old code and new +code) +- Modern openssl (>1.0.2) does not need any synchornization routines so +they are empty +- Old openssl (<=1.0.2) now require `OPENSSL_THREADS` which allows +running multiple threads in turnserver. Not having turnserver +multi-threaded is a huge waste. `OPENSSL_THREADS` is now a requirement. + + +Test Plan: +- CI builds pass for openssl versions 1.0.2, 1.1.1, 3.0, including tests +--- a/src/apps/relay/mainrelay.c ++++ b/src/apps/relay/mainrelay.c +@@ -1345,7 +1345,6 @@ static void set_option(int c, char *value) + STRCPY(turn_params.relay_ifname, value); + break; + case 'm': +-#if defined(OPENSSL_THREADS) + if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: max number of relay threads is 128.\n"); + turn_params.general_relay_servers_number = MAX_NUMBER_OF_GENERAL_RELAY_SERVERS; +@@ -1354,9 +1353,6 @@ static void set_option(int c, char *value) + } else { + turn_params.general_relay_servers_number = atoi(value); + } +-#else +- TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: OpenSSL version is too old OR does not support threading,\n I am using single thread for relaying.\n"); +-#endif + break; + case 'd': + STRCPY(turn_params.listener_ifname, value); +@@ -2645,9 +2641,8 @@ int main(int argc, char **argv) + + ////////// OpenSSL locking //////////////////////////////////////// + +-#if defined(OPENSSL_THREADS) +- +-static char some_buffer[65536]; ++#if defined(OPENSSL_THREADS) ++#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 + + //array larger than anything that OpenSSL may need: + static pthread_mutex_t mutex_buf[256]; +@@ -2665,76 +2660,52 @@ void coturn_locking_function(int mode, int n, const char *file, int line) { + } + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L + void coturn_id_function(CRYPTO_THREADID *ctid); + void coturn_id_function(CRYPTO_THREADID *ctid) + { + UNUSED_ARG(ctid); + CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self()); + } +-#else +-unsigned long coturn_id_function(void); +-unsigned long coturn_id_function(void) +-{ +- return (unsigned long)pthread_self(); +-} +-#endif +- +-#endif + + static int THREAD_setup(void) { +- +-#if defined(OPENSSL_THREADS) +- +- int i; +- +- some_buffer[0] = 0; +- ++ int i; + for (i = 0; i < CRYPTO_num_locks(); i++) { + pthread_mutex_init(&(mutex_buf[i]), NULL); + } + + mutex_buf_initialized = 1; +- +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1 + CRYPTO_THREADID_set_callback(coturn_id_function); +-#else +- CRYPTO_set_id_callback(coturn_id_function); +-#endif +- + CRYPTO_set_locking_callback(coturn_locking_function); +-#endif +- + return 1; + } + + int THREAD_cleanup(void); + int THREAD_cleanup(void) { ++ int i; + +-#if defined(OPENSSL_THREADS) ++ if (!mutex_buf_initialized) ++ return 0; + +- int i; +- +- if (!mutex_buf_initialized) +- return 0; ++ CRYPTO_THREADID_set_callback(NULL); ++ CRYPTO_set_locking_callback(NULL); ++ for (i = 0; i < CRYPTO_num_locks(); i++) { ++ pthread_mutex_destroy(&(mutex_buf[i])); ++ } + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1 +- CRYPTO_THREADID_set_callback(NULL); ++ mutex_buf_initialized = 0; ++ return 1; ++} + #else +- CRYPTO_set_id_callback(NULL); +-#endif +- +- CRYPTO_set_locking_callback(NULL); +- for (i = 0; i < CRYPTO_num_locks(); i++) { +- pthread_mutex_destroy(&(mutex_buf[i])); +- } +- +- mutex_buf_initialized = 0; +- +-#endif ++static int THREAD_setup(void) { ++ return 1; ++} + +- return 1; ++int THREAD_cleanup(void); ++int THREAD_cleanup(void){ ++ return 1; + } ++#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */ ++#endif /* defined(OPENSSL_THREADS) */ + + static void adjust_key_file_name(char *fn, const char* file_title, int critical) + { + -- cgit v1.2.3