openssl: Improve compatibility to newer BoringSSL releases

Closes strongswan/strongswan#352

diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index a567f5f4f2a41eb13cc5dac1f1d08ffb1ebb72a9..bee56a4259122dfff144cdb3e4ff832a9b909b18 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -168,7 +168,8 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this)
        }
        if (params->exp_len != params->prime.len)
        {
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) && \
+       (!defined(BORINGSSL_API_VERSION) || BORINGSSL_API_VERSION < 11)
                this->dh->priv_length = params->exp_len * 8;
 #else
                if (!DH_set_length(this->dh, params->exp_len * 8))

diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 98dacc4f61041c135c928e1325437081215c2ec5..9fb334c0812bae85a4aa32c24eb2f5320f3756d3 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -21,7 +21,7 @@
 #include <openssl/ec.h>
 #include <openssl/objects.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
 #include <openssl/bn.h>
 #endif
 
@@ -67,7 +67,7 @@ struct private_openssl_ec_diffie_hellman_t {
        bool computed;
 };
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
 /**
  * Convert a chunk to an EC_POINT and set it on the given key. The x and y
  * coordinates of the point have to be concatenated in the chunk.
@@ -202,7 +202,7 @@ METHOD(diffie_hellman_t, set_other_public_value, bool,
                goto error;
        }
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
        if (!chunk2ecp(this->ec_group, value, pub))
        {
                DBG1(DBG_LIB, "ECDH public value is malformed");
@@ -235,7 +235,7 @@ error:
 METHOD(diffie_hellman_t, get_my_public_value, bool,
        private_openssl_ec_diffie_hellman_t *this, chunk_t *value)
 {
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
        return ecp2chunk(this->ec_group, this->key, value);
 #else
        chunk_t pub;

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 88450a67ae30de4f10ab2135a6977491324cd616..6cf20e247ab6291fa599c2fa5776e33581930275 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -279,7 +279,7 @@ METHOD(private_key_t, sign, bool,
                        return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3)
                case SIGN_RSA_EMSA_PKCS1_SHA3_224:
                        return build_emsa_pkcs1_signature(this, NID_sha3_224, data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA3_256:

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index db836f8e49f82e81d7be872acf42503d534dad3b..4cdb883cc035f3ca943d9351ea17e5750445eda3 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -280,7 +280,7 @@ METHOD(public_key_t, verify, bool,
                        return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3)
                case SIGN_RSA_EMSA_PKCS1_SHA3_224:
                        return verify_emsa_pkcs1_signature(this, NID_sha3_224, data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA3_256:

diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index f226fef0e44473f1a839bbd9ff5502f6adcd2f62..0b5562c4edf5ba4b00a131db3d7141089b261032 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -153,10 +153,15 @@ time_t openssl_asn1_to_time(const ASN1_TIME *time);
 /**
  * Compatibility macros
  */
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) && \
+       (!defined(BORINGSSL_API_VERSION) || BORINGSSL_API_VERSION < 10)
 #define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type)
 #endif
 
+#ifndef OPENSSL_INIT_ENGINE_ALL_BUILTIN
+#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0
+#endif
+
 /**
  * Macros to define fallback getters/setters to access keys (BIGNUM*) for types
  * that were made opaque with OpenSSL 1.1.0.