From: Tobias Brunner Date: Tue, 22 Jun 2021 08:55:31 +0000 (+0200) Subject: openssl: Improve compatibility to newer BoringSSL releases X-Git-Tag: 5.9.4dr2~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57e68ab9c57f30a84c9e3022bbcd97278b18952a;p=thirdparty%2Fstrongswan.git openssl: Improve compatibility to newer BoringSSL releases Closes strongswan/strongswan#352 --- diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index a567f5f4f2..bee56a4259 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -168,7 +168,8 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this) } if (params->exp_len != params->prime.len) { -#ifdef OPENSSL_IS_BORINGSSL +#if defined(OPENSSL_IS_BORINGSSL) && \ + (!defined(BORINGSSL_API_VERSION) || BORINGSSL_API_VERSION < 11) this->dh->priv_length = params->exp_len * 8; #else if (!DH_set_length(this->dh, params->exp_len * 8)) diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 98dacc4f61..9fb334c081 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -21,7 +21,7 @@ #include #include -#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL) +#if OPENSSL_VERSION_NUMBER < 0x1010000fL #include #endif @@ -67,7 +67,7 @@ struct private_openssl_ec_diffie_hellman_t { bool computed; }; -#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL) +#if OPENSSL_VERSION_NUMBER < 0x1010000fL /** * Convert a chunk to an EC_POINT and set it on the given key. The x and y * coordinates of the point have to be concatenated in the chunk. @@ -202,7 +202,7 @@ METHOD(diffie_hellman_t, set_other_public_value, bool, goto error; } -#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL) +#if OPENSSL_VERSION_NUMBER < 0x1010000fL if (!chunk2ecp(this->ec_group, value, pub)) { DBG1(DBG_LIB, "ECDH public value is malformed"); @@ -235,7 +235,7 @@ error: METHOD(diffie_hellman_t, get_my_public_value, bool, private_openssl_ec_diffie_hellman_t *this, chunk_t *value) { -#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_BORINGSSL) +#if OPENSSL_VERSION_NUMBER < 0x1010000fL return ecp2chunk(this->ec_group, this->key, value); #else chunk_t pub; diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 88450a67ae..6cf20e247a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -279,7 +279,7 @@ METHOD(private_key_t, sign, bool, return build_emsa_pkcs1_signature(this, NID_sha384, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_512: return build_emsa_pkcs1_signature(this, NID_sha512, data, signature); -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL) +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) case SIGN_RSA_EMSA_PKCS1_SHA3_224: return build_emsa_pkcs1_signature(this, NID_sha3_224, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA3_256: diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index db836f8e49..4cdb883cc0 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -280,7 +280,7 @@ METHOD(public_key_t, verify, bool, return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature); -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(OPENSSL_IS_BORINGSSL) +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) case SIGN_RSA_EMSA_PKCS1_SHA3_224: return verify_emsa_pkcs1_signature(this, NID_sha3_224, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA3_256: diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index f226fef0e4..0b5562c4ed 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -153,10 +153,15 @@ time_t openssl_asn1_to_time(const ASN1_TIME *time); /** * Compatibility macros */ -#ifdef OPENSSL_IS_BORINGSSL +#if defined(OPENSSL_IS_BORINGSSL) && \ + (!defined(BORINGSSL_API_VERSION) || BORINGSSL_API_VERSION < 10) #define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) #endif +#ifndef OPENSSL_INIT_ENGINE_ALL_BUILTIN +#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0 +#endif + /** * Macros to define fallback getters/setters to access keys (BIGNUM*) for types * that were made opaque with OpenSSL 1.1.0.