From eb456ec638e4a7dd5fd571903a27dae59d34ecc8 Mon Sep 17 00:00:00 2001
From: Cory Snider <csnider@mirantis.com>
Date: Wed, 18 Oct 2023 14:00:02 -0400
Subject: [PATCH] Make vMajor, vMinor, vPatch globals unsigned

This lets the compiler statically prove e.g. vPatch >= 0 is a constant
so it can optimize away unnecessary comparisons after inlining and
constant-propagating calls to versionAtOrAbove().

Signed-off-by: Cory Snider <csnider@mirantis.com>
---
 goopenssl.c |  4 ++--
 goopenssl.h |  2 +-
 init.go     | 13 +++++++------
 openssl.go  | 10 +++++++---
 4 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/goopenssl.c b/goopenssl.c
index ec4adc15..1e428d52 100644
--- a/goopenssl.c
+++ b/goopenssl.c
@@ -60,12 +60,12 @@ go_openssl_fips_enabled(void* handle)
 // and assign them to their corresponding function pointer
 // defined in goopenssl.h.
 void
-go_openssl_load_functions(void* handle, int major, int minor, int patch)
+go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch)
 {
 #define DEFINEFUNC_INTERNAL(name, func)                                                                         \
     _g_##name = dlsym(handle, func);                                                                            \
     if (_g_##name == NULL) {                                                                                    \
-        fprintf(stderr, "Cannot get required symbol " #func " from libcrypto version %d.%d\n", major, minor);   \
+        fprintf(stderr, "Cannot get required symbol " #func " from libcrypto version %u.%u\n", major, minor);   \
         abort();                                                                                                \
     }
 #define DEFINEFUNC(ret, func, args, argscall) \
diff --git a/goopenssl.h b/goopenssl.h
index a363dd7f..a0e2b623 100644
--- a/goopenssl.h
+++ b/goopenssl.h
@@ -24,7 +24,7 @@ int go_openssl_version_major(void* handle);
 int go_openssl_version_minor(void* handle);
 int go_openssl_version_patch(void* handle);
 int go_openssl_thread_setup(void);
-void go_openssl_load_functions(void* handle, int major, int minor, int patch);
+void go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch);
 const GO_EVP_MD_PTR go_openssl_EVP_md5_sha1_backport(void);
 
 // Define pointers to all the used OpenSSL functions.
diff --git a/init.go b/init.go
index 21126ff5..a1466329 100644
--- a/init.go
+++ b/init.go
@@ -13,7 +13,7 @@ import (
 // as reported by the OpenSSL API.
 //
 // See Init() for details about file.
-func opensslInit(file string) (major, minor, patch int, err error) {
+func opensslInit(file string) (major, minor, patch uint, err error) {
 	// Load the OpenSSL shared library using dlopen.
 	handle, err := dlopen(file)
 	if err != nil {
@@ -24,12 +24,13 @@ func opensslInit(file string) (major, minor, patch int, err error) {
 	// Notice that major and minor could not match with the version parameter
 	// in case the name of the shared library file differs from the OpenSSL
 	// version it contains.
-	major = int(C.go_openssl_version_major(handle))
-	minor = int(C.go_openssl_version_minor(handle))
-	patch = int(C.go_openssl_version_patch(handle))
-	if major == -1 || minor == -1 || patch == -1 {
+	imajor := int(C.go_openssl_version_major(handle))
+	iminor := int(C.go_openssl_version_minor(handle))
+	ipatch := int(C.go_openssl_version_patch(handle))
+	if imajor < 0 || iminor < 0 || ipatch < 0 {
 		return 0, 0, 0, errors.New("openssl: can't retrieve OpenSSL version")
 	}
+	major, minor, patch = uint(imajor), uint(iminor), uint(ipatch)
 	var supported bool
 	if major == 1 {
 		supported = minor == 0 || minor == 1
@@ -43,7 +44,7 @@ func opensslInit(file string) (major, minor, patch int, err error) {
 
 	// Load the OpenSSL functions.
 	// See shims.go for the complete list of supported functions.
-	C.go_openssl_load_functions(handle, C.int(major), C.int(minor), C.int(patch))
+	C.go_openssl_load_functions(handle, C.uint(major), C.uint(minor), C.uint(patch))
 
 	// Initialize OpenSSL.
 	C.go_openssl_OPENSSL_init()
diff --git a/openssl.go b/openssl.go
index 224c9c29..991b1e32 100644
--- a/openssl.go
+++ b/openssl.go
@@ -19,7 +19,7 @@ import (
 var (
 	// vMajor and vMinor hold the major/minor OpenSSL version.
 	// It is only populated if Init has been called.
-	vMajor, vMinor, vPatch int
+	vMajor, vMinor, vPatch uint
 )
 
 var (
@@ -69,8 +69,12 @@ func Init(file string) error {
 	return initErr
 }
 
+func utoa(n uint) string {
+	return strconv.FormatUint(uint64(n), 10)
+}
+
 func errUnsupportedVersion() error {
-	return errors.New("openssl: OpenSSL version: " + strconv.Itoa(vMajor) + "." + strconv.Itoa(vMinor) + "." + strconv.Itoa(vPatch))
+	return errors.New("openssl: OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch))
 }
 
 type fail string
@@ -410,6 +414,6 @@ func CheckLeaks() {
 // versionAtOrAbove returns true when
 // (vMajor, vMinor, vPatch) >= (major, minor, patch),
 // compared lexicographically.
-func versionAtOrAbove(major, minor, patch int) bool {
+func versionAtOrAbove(major, minor, patch uint) bool {
 	return vMajor > major || (vMajor == major && vMinor >= minor) || (vMajor == major && vMinor == minor && vPatch >= patch)
 }