From: Timo Sirainen Date: Wed, 7 Aug 2013 15:00:32 +0000 (+0300) Subject: ssl: Fixed compiling with older OpenSSL libraries. X-Git-Tag: 2.2.6~145 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=385fd14a05d9bc74336bb93257480a36d99900e5;p=thirdparty%2Fdovecot%2Fcore.git ssl: Fixed compiling with older OpenSSL libraries. --- diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c index 512ee98763..4a469ec3e2 100644 --- a/src/lib-ssl-iostream/iostream-openssl-context.c +++ b/src/lib-ssl-iostream/iostream-openssl-context.c @@ -12,6 +12,10 @@ #include #include +#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L +# define HAVE_ECDH +#endif + struct ssl_iostream_password_context { const char *password; const char *error; @@ -406,7 +410,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx, return 0; } -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L +#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set, int *nid_r, const char **error_r) @@ -436,7 +440,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct ssl_iostream_settings *set ATTR_UNUSED, const char **error_r ATTR_UNUSED) { -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L +#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L EC_KEY *ecdh; int nid; const char *curve_name; @@ -444,17 +448,16 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); -#if !defined(OPENSSL_NO_ECDH) +#ifdef HAVE_ECDH /* In the non-recommended situation where ECDH cipher suites are being used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE); -#endif -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1); -#elif !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L +#else /* For OpenSSL < 1.0.2, ECDH temporary key parameter selection must be performed manually. Attempt to select the same curve as that used in the server's private EC key file. Otherwise fall back to the @@ -480,6 +483,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh); EC_KEY_free(ecdh); } +#endif #endif return 0; } diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c index 7939b918f3..508f171e4a 100644 --- a/src/login-common/ssl-proxy-openssl.c +++ b/src/login-common/ssl-proxy-openssl.c @@ -29,6 +29,10 @@ #include #include +#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L +# define HAVE_ECDH +#endif + /* Check every 30 minutes if parameters file has been updated */ #define SSL_PARAMFILE_CHECK_INTERVAL (60*30) @@ -121,7 +125,7 @@ static void ssl_server_context_deinit(struct ssl_server_context **_ctx); static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set); -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L +#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); #endif @@ -1017,7 +1021,7 @@ static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set ATTR_UNUSED) { -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L +#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L EC_KEY *ecdh; int nid; const char *curve_name; @@ -1025,17 +1029,16 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); -#if !defined(OPENSSL_NO_ECDH) +#ifdef HAVE_ECDH /* In the non-recommended situation where ECDH cipher suites are being used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE); -#endif -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1); -#elif !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L +#else /* For OpenSSL < 1.0.2, ECDH temporary key parameter selection must be performed manually. Attempt to select the same curve as that used in the server's private EC key file. Otherwise fall back to the @@ -1060,6 +1063,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, EC_KEY_free(ecdh); } #endif +#endif } static void @@ -1145,7 +1149,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx, EVP_PKEY_free(pkey); } -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L +#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set) {